Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/cUfpv5-AAffzxD9fcxzlAlyBCJ4.roa
File:                     cUfpv5-AAffzxD9fcxzlAlyBCJ4.roa (raw, json)
Hash identifier:          xpWzwpf+CMwbZhPneV1IeCxiayddwXs6mMP85+eMFG8=
Subject key identifier:   71:47:E9:BF:9F:80:01:F7:F3:C4:3F:5F:73:1C:E5:02:5C:81:08:9E
Certificate issuer:       /CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
Certificate serial:       019421442C841EB9014DCC78BFE7BB5EBEB1
Authority key identifier: 1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/cUfpv5-AAffzxD9fcxzlAlyBCJ4.roa
Signing time:             Wed 01 Jan 2025 09:48:23 +0000
ROA not before:           Wed 01 Jan 2025 09:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204501
IP address blocks:        195.72.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:2c:84:1e:b9:01:4d:cc:78:bf:e7:bb:5e:be:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
        Validity
            Not Before: Jan  1 09:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7147e9bf9f8001f7f3c43f5f731ce5025c81089e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:3c:e2:d4:e7:d4:37:33:e7:24:be:9c:c1:cb:
                    2d:10:74:46:f9:5b:0f:35:b0:6b:0a:9a:b6:73:2a:
                    d1:63:ce:c6:2f:d4:3e:a8:07:c5:69:51:ac:1f:b0:
                    f4:a1:6a:20:ee:cf:02:e7:ee:6c:38:05:a8:46:c8:
                    6a:d4:d9:ef:1f:f3:a4:04:dc:f9:07:af:9e:f8:83:
                    9a:5c:8d:fb:70:1f:17:cd:6b:00:ba:d2:d5:0e:13:
                    57:ca:c9:2a:b5:da:1b:4f:03:7d:66:89:67:5e:e6:
                    0c:19:d6:f7:96:b4:8e:3e:65:b2:a8:58:57:f1:94:
                    c0:7b:cb:45:9d:31:fa:89:51:e6:27:65:8f:de:0f:
                    12:81:ae:d3:81:c2:c7:ab:db:d1:e8:fa:cb:90:a7:
                    87:1d:2a:03:94:ed:1d:31:62:3f:aa:12:bc:a1:e7:
                    9b:3f:c0:51:cf:1f:05:6c:0f:7f:3c:b1:c3:ed:85:
                    f2:04:8a:a1:f2:20:59:e7:3d:fe:23:45:e0:f9:2f:
                    5c:70:53:21:53:d8:e1:90:b0:6f:08:27:51:c7:7a:
                    ac:04:9f:ed:4c:f4:89:47:cc:f2:77:11:42:ab:5c:
                    74:72:ea:2a:81:5f:29:69:8f:7f:9a:9d:bf:9e:97:
                    dd:31:3b:46:99:7c:7a:55:4b:ed:ac:ac:5a:02:f9:
                    c2:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:47:E9:BF:9F:80:01:F7:F3:C4:3F:5F:73:1C:E5:02:5C:81:08:9E
            X509v3 Authority Key Identifier:
                keyid:1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/cUfpv5-AAffzxD9fcxzlAlyBCJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.72.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:58:6e:3c:80:be:37:06:7a:99:7c:8d:d1:5a:63:2e:e1:cb:
         45:9b:be:45:11:fd:f4:78:f3:e0:30:f3:10:0c:25:5f:a1:56:
         56:d8:64:f9:f3:5c:f3:ba:78:00:04:cf:22:e6:f3:3c:df:f5:
         4b:9b:f5:e7:07:e4:8b:90:8a:bc:80:92:a3:16:30:c2:b6:2c:
         3f:e5:a8:de:7f:45:9e:64:0b:5c:e5:fb:c2:74:71:65:cd:c0:
         69:f8:be:02:80:a5:53:96:7d:fe:60:2c:a9:71:a5:e7:a3:a8:
         c2:3a:66:b0:77:4a:83:5b:7b:b5:8c:73:f3:a3:d2:cf:12:78:
         0a:de:6b:f3:cf:19:d0:55:0b:99:ad:df:58:60:7f:a1:6c:3d:
         2f:f8:e5:f9:1c:b6:41:d5:19:8e:20:9f:62:1e:c9:ad:f4:2a:
         f2:43:fe:bc:3d:13:71:49:35:ae:e3:fa:19:42:26:40:12:55:
         3f:07:d2:f6:70:7f:66:2a:9e:50:f5:1f:44:ec:99:0c:a6:64:
         46:7b:a5:c1:34:9a:20:52:1a:b4:e8:fa:f9:50:7d:eb:07:0a:
         97:ea:05:d1:6c:ce:d3:8c:94:2f:93:fd:d5:2e:21:c8:89:8e:
         48:b5:fc:3a:ae:8a:f2:d2:26:46:80:71:b4:55:e8:6e:42:e8:
         64:d7:27:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCyEHrkBTcx4v+e7Xr6xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2IwNmJmNDEzMDBkYzRkMzBmM2QwZTE4MGM5Yjk1ZDJi
Y2RkZmYwHhcNMjUwMTAxMDk0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTQ3ZTliZjlmODAwMWY3ZjNjNDNmNWY3MzFjZTUwMjVjODEwODllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjzi1OfUNzPnJL6cwcstEHRG+VsP
NbBrCpq2cyrRY87GL9Q+qAfFaVGsH7D0oWog7s8C5+5sOAWoRshq1NnvH/OkBNz5
B6+e+IOaXI37cB8XzWsAutLVDhNXyskqtdobTwN9ZolnXuYMGdb3lrSOPmWyqFhX
8ZTAe8tFnTH6iVHmJ2WP3g8Sga7TgcLHq9vR6PrLkKeHHSoDlO0dMWI/qhK8oeeb
P8BRzx8FbA9/PLHD7YXyBIqh8iBZ5z3+I0Xg+S9ccFMhU9jhkLBvCCdRx3qsBJ/t
TPSJR8zydxFCq1x0cuoqgV8paY9/mp2/npfdMTtGmXx6VUvtrKxaAvnCxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFH6b+fgAH388Q/X3Mc5QJcgQieMB8GA1UdIwQY
MBaAFBx7Br9BMA3E0w89DhgMm5XSvN3/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAt
MjRmZGRjNmQxNDdiLzEvY1VmcHY1LUFBZmZ6eEQ5ZmN4emxBbHlCQ0o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAtMjRmZGRjNmQxNDdi
LzEvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0h2MA0G
CSqGSIb3DQEBCwUAA4IBAQCkWG48gL43BnqZfI3RWmMu4ctFm75FEf30ePPgMPMQ
DCVfoVZW2GT581zzungABM8i5vM83/VLm/XnB+SLkIq8gJKjFjDCtiw/5ajef0We
ZAtc5fvCdHFlzcBp+L4CgKVTln3+YCypcaXno6jCOmawd0qDW3u1jHPzo9LPEngK
3mvzzxnQVQuZrd9YYH+hbD0v+OX5HLZB1RmOIJ9iHsmt9CryQ/68PRNxSTWu4/oZ
QiZAElU/B9L2cH9mKp5Q9R9E7JkMpmRGe6XBNJogUhq06Pr5UH3rBwqX6gXRbM7T
jJQvk/3VLiHIiY5Itfw6rory0iZGgHG0VehuQuhk1ydo
-----END CERTIFICATE-----