Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/Ev7J1skRttFcJ8IRy-HPPiyVtFk.roa
File:                     Ev7J1skRttFcJ8IRy-HPPiyVtFk.roa (raw, json)
Hash identifier:          UvH5R+zSkpY4/3hm6aApKU8hh6CIxf+bWBFwJ67tWKk=
Subject key identifier:   12:FE:C9:D6:C9:11:B6:D1:5C:27:C2:11:CB:E1:CF:3E:2C:95:B4:59
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       018CC9BCC2372793E113BCEACE75BB2FD87B
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/Ev7J1skRttFcJ8IRy-HPPiyVtFk.roa
Signing time:             Tue 02 Jan 2024 10:33:59 +0000
ROA not before:           Tue 02 Jan 2024 10:33:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210995
IP address blocks:        195.53.239.0/24 maxlen: 24
                          195.76.62.0/24 maxlen: 24
                          195.76.62.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 24 Sep 2024 13:35:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c2:37:27:93:e1:13:bc:ea:ce:75:bb:2f:d8:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan  2 10:33:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12fec9d6c911b6d15c27c211cbe1cf3e2c95b459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d3:7b:4d:1c:e6:93:78:3c:a9:c2:cd:82:d6:
                    c4:52:6e:fc:ce:66:13:f0:20:95:e8:b3:db:6c:ed:
                    7f:4a:fb:99:77:3f:51:7a:8b:c0:00:31:80:5a:e4:
                    03:fe:4c:bb:22:f7:52:a4:cf:e1:38:ab:d9:0f:96:
                    5b:80:5f:95:6a:20:e1:dc:90:35:c3:a9:3e:b5:f9:
                    90:b7:bd:78:02:88:9e:eb:5d:90:6a:55:58:b4:40:
                    32:60:4c:bd:cb:a5:47:24:bf:30:6e:97:2e:b3:72:
                    a6:f2:3f:b4:b1:98:80:fb:0c:2d:72:74:3a:a8:c7:
                    0b:dd:6f:cb:5d:ec:fc:6d:89:d9:33:53:d8:69:b4:
                    98:2b:f7:51:ff:2f:30:f1:87:7f:a4:72:15:f4:8e:
                    4b:ef:2a:a9:b2:22:26:48:05:58:e3:b0:dc:4b:02:
                    c0:c3:38:7c:b2:f1:d2:d0:bd:24:8b:9f:92:00:ca:
                    15:6c:d9:22:cc:3e:1c:42:c1:0f:42:c5:e7:97:2f:
                    df:d1:20:f7:f1:a4:d8:3e:87:2e:51:1f:c3:49:2d:
                    32:4e:b2:83:7a:f2:47:2a:da:64:fe:73:70:42:7f:
                    ff:9c:d3:2e:83:14:f7:bd:05:9c:8b:b8:13:3f:69:
                    bb:02:8b:37:22:96:9e:7e:8c:e8:a0:6c:0c:8f:84:
                    c9:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:FE:C9:D6:C9:11:B6:D1:5C:27:C2:11:CB:E1:CF:3E:2C:95:B4:59
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/Ev7J1skRttFcJ8IRy-HPPiyVtFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.53.239.0/24
                  195.76.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:fd:5d:de:0f:ea:dd:e3:dd:47:ef:fd:08:b2:6c:e5:e2:f3:
         d6:07:44:50:ad:df:0d:13:63:9e:0e:8b:49:7e:ab:44:c5:84:
         24:30:19:fc:27:e4:06:c1:02:5b:13:b4:49:97:c2:11:0c:10:
         95:8d:a0:96:13:f3:ee:79:4d:e7:e2:8c:6a:87:84:97:6a:f9:
         ab:6b:e1:14:23:7b:54:1c:6f:d3:24:41:06:5a:70:95:31:dd:
         a0:4e:6c:af:7a:1c:e7:86:5d:71:ad:29:83:55:11:d7:73:f5:
         6d:9e:57:7b:69:05:41:ab:0f:b3:93:0a:63:b3:c7:ec:1a:b2:
         ba:6c:b9:48:fc:3f:06:fe:1a:89:65:a8:c8:4f:18:8d:c9:07:
         1d:10:3c:75:c8:aa:0f:07:0c:1c:b1:d4:fa:d7:9d:6d:66:fc:
         72:36:d2:5f:eb:5f:e6:13:17:02:a5:39:3d:98:cc:fa:11:20:
         2a:8f:88:df:cc:b4:8e:96:11:98:fa:47:40:cf:7d:b8:51:f6:
         a2:dd:39:e8:e0:04:cc:b6:14:17:6a:82:07:76:8a:97:06:e4:
         ed:d0:f2:a2:c7:3d:42:0b:fe:a3:5a:46:bc:47:c8:04:e3:c0:
         f7:8d:a7:63:0a:b8:1c:7e:21:d8:a5:69:9d:f6:a5:4f:d2:b7:
         5c:2b:57:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvMI3J5PhE7zqznW7L9h7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjQwMTAyMTAzMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmZlYzlkNmM5MTFiNmQxNWMyN2MyMTFjYmUxY2YzZTJjOTViNDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtN7TRzmk3g8qcLNgtbEUm78zmYT
8CCV6LPbbO1/SvuZdz9ReovAADGAWuQD/ky7IvdSpM/hOKvZD5ZbgF+VaiDh3JA1
w6k+tfmQt714Aoie612QalVYtEAyYEy9y6VHJL8wbpcus3Km8j+0sZiA+wwtcnQ6
qMcL3W/LXez8bYnZM1PYabSYK/dR/y8w8Yd/pHIV9I5L7yqpsiImSAVY47DcSwLA
wzh8svHS0L0ki5+SAMoVbNkizD4cQsEPQsXnly/f0SD38aTYPocuUR/DSS0yTrKD
evJHKtpk/nNwQn//nNMugxT3vQWci7gTP2m7Aos3IpaefozooGwMj4TJuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBL+ydbJEbbRXCfCEcvhzz4slbRZMB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvRXY3SjFza1J0dEZjSjhJUnktSFBQaXlWdEZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwzXvAwQB
w0w+MA0GCSqGSIb3DQEBCwUAA4IBAQAG/V3eD+rd491H7/0Ismzl4vPWB0RQrd8N
E2OeDotJfqtExYQkMBn8J+QGwQJbE7RJl8IRDBCVjaCWE/PueU3n4oxqh4SXavmr
a+EUI3tUHG/TJEEGWnCVMd2gTmyvehznhl1xrSmDVRHXc/Vtnld7aQVBqw+zkwpj
s8fsGrK6bLlI/D8G/hqJZajITxiNyQcdEDx1yKoPBwwcsdT6151tZvxyNtJf61/m
ExcCpTk9mMz6ESAqj4jfzLSOlhGY+kdAz324Ufai3Tno4ATMthQXaoIHdoqXBuTt
0PKixz1CC/6jWka8R8gE48D3jadjCrgcfiHYpWmd9qVP0rdcK1ez
-----END CERTIFICATE-----