Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/B-RDSJVdZfnygsIUIJGwrnEgrbo.roa
File:                     B-RDSJVdZfnygsIUIJGwrnEgrbo.roa (raw, json)
Hash identifier:          DtHxJSa7vqRYWKAp4Jd0OvwvyPZfl3xTSOqO5dLByaA=
Subject key identifier:   07:E4:43:48:95:5D:65:F9:F2:82:C2:14:20:91:B0:AE:71:20:AD:BA
Certificate issuer:       /CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
Certificate serial:       018CC6B8FA884099FC4414D88C3248AD77D0
Authority key identifier: E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/B-RDSJVdZfnygsIUIJGwrnEgrbo.roa
Signing time:             Mon 01 Jan 2024 20:31:00 +0000
ROA not before:           Mon 01 Jan 2024 20:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28883
IP address blocks:        195.237.80.0/24 maxlen: 24
                          194.240.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:fa:88:40:99:fc:44:14:d8:8c:32:48:ad:77:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
        Validity
            Not Before: Jan  1 20:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07e44348955d65f9f282c2142091b0ae7120adba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:0e:61:ea:af:e5:aa:08:77:0e:50:bf:8e:bf:
                    b7:a7:38:a5:56:7e:53:29:05:1b:a2:d4:e3:05:3f:
                    1b:71:83:6f:51:d1:cf:6a:a0:96:0d:ad:8f:8f:66:
                    f2:31:70:57:d1:5f:a1:e7:43:7f:b7:82:40:ed:ea:
                    c3:8f:5b:a8:22:1e:54:e9:f5:6d:1b:41:aa:49:d7:
                    60:42:c8:9f:30:c8:53:75:73:99:b0:a8:a0:94:c2:
                    ff:2a:be:46:f2:5b:cb:a0:91:4f:b9:74:76:f4:6d:
                    a3:1a:2d:b7:fd:dd:8c:ae:5e:30:62:bc:9e:fd:07:
                    ee:fa:39:12:03:f2:1e:82:c1:e8:3b:89:f2:d2:62:
                    3a:c7:de:44:6d:cb:51:8e:98:9c:92:f4:c1:4d:55:
                    ac:91:f8:78:60:ec:d1:07:34:b2:eb:5e:70:dd:12:
                    0c:01:5c:4b:6b:89:86:75:09:b7:c7:36:aa:4d:78:
                    5f:8f:f0:4c:af:ab:d6:9f:c0:87:db:09:a6:09:5a:
                    ab:64:99:d4:25:d5:80:8b:2b:6b:60:77:96:8c:59:
                    0a:d2:4c:84:3c:c1:80:07:47:b1:63:2a:bd:50:29:
                    a9:5f:17:65:6b:3f:63:01:fe:e7:70:ae:b7:66:a6:
                    dd:67:a8:d8:29:ac:c5:34:26:ac:64:ca:a6:2b:9a:
                    13:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:E4:43:48:95:5D:65:F9:F2:82:C2:14:20:91:B0:AE:71:20:AD:BA
            X509v3 Authority Key Identifier:
                keyid:E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/B-RDSJVdZfnygsIUIJGwrnEgrbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.240.69.0/24
                  195.237.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:de:f9:cd:66:88:76:1b:ec:6a:c0:88:30:25:09:56:d5:8d:
         1d:ad:06:2a:e7:67:f4:c2:0e:7f:dd:50:e2:b0:78:d7:34:30:
         32:3b:a7:4c:1c:c4:b3:0b:c2:8c:19:d0:d5:17:a3:12:ab:0e:
         5b:97:74:b3:84:36:35:43:e8:d9:e8:d1:9c:62:9e:36:6e:ee:
         92:89:9a:38:13:d5:dd:6f:50:86:2a:c7:d6:b8:56:c0:d6:9c:
         3d:7a:55:57:2f:de:66:93:08:de:4e:9a:ec:6d:75:d5:be:72:
         c5:22:80:e7:94:ba:1e:a2:75:91:a4:fa:17:84:48:cc:01:0d:
         3b:c7:d2:22:11:a8:b0:b5:f7:e0:e7:89:22:4e:69:40:d8:6c:
         ea:7c:c8:79:1c:eb:2e:17:ce:4d:a6:dc:92:8d:cb:e0:f4:61:
         aa:cb:d3:f5:b7:e3:3c:70:81:45:02:6e:69:ac:af:1c:4a:ba:
         7b:7f:b7:d3:f0:a3:8f:9d:05:87:f7:db:84:e2:62:8a:4b:3d:
         00:92:0f:7d:d8:76:de:e2:b6:86:27:94:f7:72:d6:7d:03:8c:
         ee:a8:93:a7:96:7e:f3:58:dc:9f:d1:2a:96:6c:8c:8a:7f:66:
         93:a7:39:c8:e1:9a:bf:4c:52:92:0e:a1:3b:9a:e2:9c:ef:5e:
         2a:72:40:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuPqIQJn8RBTYjDJIrXfQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZGVlMWIwNmJhMjRhNjc2MjEzZjk3NmE0YjUwYzEyOWRj
YjJiNzMwHhcNMjQwMTAxMjAzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2U0NDM0ODk1NWQ2NWY5ZjI4MmMyMTQyMDkxYjBhZTcxMjBhZGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuw5h6q/lqgh3DlC/jr+3pzilVn5T
KQUbotTjBT8bcYNvUdHPaqCWDa2Pj2byMXBX0V+h50N/t4JA7erDj1uoIh5U6fVt
G0GqSddgQsifMMhTdXOZsKiglML/Kr5G8lvLoJFPuXR29G2jGi23/d2Mrl4wYrye
/Qfu+jkSA/IegsHoO4ny0mI6x95EbctRjpickvTBTVWskfh4YOzRBzSy615w3RIM
AVxLa4mGdQm3xzaqTXhfj/BMr6vWn8CH2wmmCVqrZJnUJdWAiytrYHeWjFkK0kyE
PMGAB0exYyq9UCmpXxdlaz9jAf7ncK63ZqbdZ6jYKazFNCasZMqmK5oTfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAfkQ0iVXWX58oLCFCCRsK5xIK26MB8GA1UdIwQY
MBaAFODe4bBrokpnYhP5dqS1DBKdyytzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMt
MTVlOTBiZjg3ZmFiLzEvQi1SRFNKVmRaZm55Z3NJVUlKR3dybkVncmJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMtMTVlOTBiZjg3ZmFi
LzEvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwvBFAwQA
w+1QMA0GCSqGSIb3DQEBCwUAA4IBAQBJ3vnNZoh2G+xqwIgwJQlW1Y0drQYq52f0
wg5/3VDisHjXNDAyO6dMHMSzC8KMGdDVF6MSqw5bl3SzhDY1Q+jZ6NGcYp42bu6S
iZo4E9Xdb1CGKsfWuFbA1pw9elVXL95mkwjeTprsbXXVvnLFIoDnlLoeonWRpPoX
hEjMAQ07x9IiEaiwtffg54kiTmlA2GzqfMh5HOsuF85NptySjcvg9GGqy9P1t+M8
cIFFAm5prK8cSrp7f7fT8KOPnQWH99uE4mKKSz0Akg992Hbe4raGJ5T3ctZ9A4zu
qJOnln7zWNyf0SqWbIyKf2aTpznI4Zq/TFKSDqE7muKc714qckDX
-----END CERTIFICATE-----