Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/86d1aa-6475-4013-86ea-38c756aa4b50/1/MIERoqU1l9fdal5P1MqC5QWZMCE.roa
File:                     MIERoqU1l9fdal5P1MqC5QWZMCE.roa (raw, json)
Hash identifier:          F7SOWbbAEr/qmcXmEP2NjLScovNG2vUA8qrAAR9zTyA=
Subject key identifier:   30:81:11:A2:A5:35:97:D7:DD:6A:5E:4F:D4:CA:82:E5:05:99:30:21
Certificate issuer:       /CN=f3544e923d883bace4aa3f7ef70072afe3511f28
Certificate serial:       01920A856A6BAD1AC8194F2C3606B676EF6D
Authority key identifier: F3:54:4E:92:3D:88:3B:AC:E4:AA:3F:7E:F7:00:72:AF:E3:51:1F:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/81ROkj2IO6zkqj9-9wByr-NRHyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/86d1aa-6475-4013-86ea-38c756aa4b50/1/MIERoqU1l9fdal5P1MqC5QWZMCE.roa
Signing time:             Thu 19 Sep 2024 13:42:48 +0000
ROA not before:           Thu 19 Sep 2024 13:42:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41536
IP address blocks:        195.14.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/86d1aa-6475-4013-86ea-38c756aa4b50/1/81ROkj2IO6zkqj9-9wByr-NRHyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/86d1aa-6475-4013-86ea-38c756aa4b50/1/81ROkj2IO6zkqj9-9wByr-NRHyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/81ROkj2IO6zkqj9-9wByr-NRHyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:0a:85:6a:6b:ad:1a:c8:19:4f:2c:36:06:b6:76:ef:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3544e923d883bace4aa3f7ef70072afe3511f28
        Validity
            Not Before: Sep 19 13:42:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=308111a2a53597d7dd6a5e4fd4ca82e505993021
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:27:6a:5a:7e:62:37:b6:b5:58:b0:28:5a:b7:
                    5c:59:ae:be:3a:21:93:08:7c:57:3b:da:3e:5c:4c:
                    63:8d:60:81:6c:3c:af:fe:9a:62:64:d9:0d:7a:79:
                    bc:15:f9:17:30:72:51:ef:1b:52:eb:8e:9a:0e:1a:
                    eb:c9:c3:4e:45:fc:dd:6d:c0:fd:59:c5:1b:fd:5d:
                    91:f6:a3:07:d7:0b:88:f6:a9:0c:49:e0:50:6e:cd:
                    ac:e3:93:2f:cf:b1:17:18:f3:3d:c3:6a:78:05:37:
                    fd:f6:96:25:30:18:50:07:8a:95:f4:2d:92:b5:0c:
                    b7:17:23:bd:2f:66:c1:69:1c:11:c9:13:81:4f:3d:
                    ca:60:c3:42:b8:98:85:76:e1:17:bf:6b:10:d9:7d:
                    5b:dc:fe:db:f3:6c:8f:5e:cc:55:9b:58:a0:85:cd:
                    ec:80:b1:ad:a0:f2:d3:30:7d:5b:a3:b3:70:ea:23:
                    07:6c:2e:f6:51:6c:27:13:3e:07:b0:d3:b0:d7:50:
                    03:17:46:3e:83:16:2c:45:c8:e6:8a:14:80:fb:22:
                    12:5e:01:d5:07:74:b7:a8:7b:5b:48:71:09:50:f2:
                    34:a5:6c:63:f1:e0:ed:c0:ff:7a:16:15:ae:f5:fd:
                    a5:49:33:28:5a:f6:70:e6:9b:c1:08:09:d6:3a:e2:
                    d7:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:81:11:A2:A5:35:97:D7:DD:6A:5E:4F:D4:CA:82:E5:05:99:30:21
            X509v3 Authority Key Identifier:
                keyid:F3:54:4E:92:3D:88:3B:AC:E4:AA:3F:7E:F7:00:72:AF:E3:51:1F:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/81ROkj2IO6zkqj9-9wByr-NRHyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/86d1aa-6475-4013-86ea-38c756aa4b50/1/MIERoqU1l9fdal5P1MqC5QWZMCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/86d1aa-6475-4013-86ea-38c756aa4b50/1/81ROkj2IO6zkqj9-9wByr-NRHyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.14.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:13:bd:6e:08:88:bd:d1:2a:b4:0e:1e:4b:1f:cf:1c:17:66:
         cd:28:6b:52:00:6a:6f:43:8d:be:55:d6:7f:04:7d:43:fb:2f:
         5a:5b:d8:37:44:61:64:2b:04:a4:f0:a7:06:8c:c4:b1:13:87:
         7e:8c:f1:20:39:9a:fc:75:15:a6:ee:e9:c1:5d:b3:ed:eb:1e:
         36:49:f8:e4:1d:e7:df:b5:4b:f7:9e:0b:5b:08:a8:0f:84:24:
         3e:ed:6a:d5:90:cc:13:5e:fd:a4:9b:2e:14:9c:4b:ee:ed:7f:
         1d:53:d5:a3:a0:5c:2d:1f:15:b2:e6:b9:c1:0a:fa:92:7d:f9:
         b6:b6:56:7e:ea:a9:a9:9b:1a:b8:d0:56:d5:f3:4c:29:a4:04:
         42:5d:25:31:61:42:f5:26:e2:4a:62:aa:04:05:99:b4:70:dc:
         71:16:73:e6:92:7d:78:2a:10:24:75:43:40:c7:c8:2c:a0:77:
         32:1e:7d:ab:af:7e:c6:6f:81:fe:8e:5a:da:a2:09:bd:c0:13:
         63:e9:a6:4b:27:fe:9e:9b:73:71:32:6e:24:90:b7:40:4f:99:
         75:dd:3f:ba:05:6f:8d:c3:98:42:04:57:d0:8e:d1:75:23:f5:
         f5:9b:4a:fb:5b:f9:3a:e2:d9:9e:4a:67:f0:4d:3b:e2:81:d7:
         1e:35:88:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIKhWprrRrIGU8sNga2du9tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNTQ0ZTkyM2Q4ODNiYWNlNGFhM2Y3ZWY3MDA3MmFmZTM1
MTFmMjgwHhcNMjQwOTE5MTM0MjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDgxMTFhMmE1MzU5N2Q3ZGQ2YTVlNGZkNGNhODJlNTA1OTkzMDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2idqWn5iN7a1WLAoWrdcWa6+OiGT
CHxXO9o+XExjjWCBbDyv/ppiZNkNenm8FfkXMHJR7xtS646aDhrrycNORfzdbcD9
WcUb/V2R9qMH1wuI9qkMSeBQbs2s45Mvz7EXGPM9w2p4BTf99pYlMBhQB4qV9C2S
tQy3FyO9L2bBaRwRyROBTz3KYMNCuJiFduEXv2sQ2X1b3P7b82yPXsxVm1ighc3s
gLGtoPLTMH1bo7Nw6iMHbC72UWwnEz4HsNOw11ADF0Y+gxYsRcjmihSA+yISXgHV
B3S3qHtbSHEJUPI0pWxj8eDtwP96FhWu9f2lSTMoWvZw5pvBCAnWOuLXfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCBEaKlNZfX3WpeT9TKguUFmTAhMB8GA1UdIwQY
MBaAFPNUTpI9iDus5Ko/fvcAcq/jUR8oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODFST2tqMklPNnprcWo5LTl3QnlyLU5SSHlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC84NmQxYWEtNjQ3NS00MDEzLTg2ZWEt
MzhjNzU2YWE0YjUwLzEvTUlFUm9xVTFsOWZkYWw1UDFNcUM1UVdaTUNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC84NmQxYWEtNjQ3NS00MDEzLTg2ZWEtMzhjNzU2YWE0YjUw
LzEvODFST2tqMklPNnprcWo5LTl3QnlyLU5SSHlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAww4GMA0G
CSqGSIb3DQEBCwUAA4IBAQAgE71uCIi90Sq0Dh5LH88cF2bNKGtSAGpvQ42+VdZ/
BH1D+y9aW9g3RGFkKwSk8KcGjMSxE4d+jPEgOZr8dRWm7unBXbPt6x42SfjkHeff
tUv3ngtbCKgPhCQ+7WrVkMwTXv2kmy4UnEvu7X8dU9WjoFwtHxWy5rnBCvqSffm2
tlZ+6qmpmxq40FbV80wppARCXSUxYUL1JuJKYqoEBZm0cNxxFnPmkn14KhAkdUNA
x8gsoHcyHn2rr37Gb4H+jlraogm9wBNj6aZLJ/6em3NxMm4kkLdAT5l13T+6BW+N
w5hCBFfQjtF1I/X1m0r7W/k64tmeSmfwTTvigdceNYjg
-----END CERTIFICATE-----