Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/ea9d99-738b-4baa-b455-a6cb054ac97b/1/NFCcevKMkgTCf5f4hrVVsI9FuSg.roa
File:                     NFCcevKMkgTCf5f4hrVVsI9FuSg.roa (raw, json)
Hash identifier:          HRbmiXexD/sABa0ReC0SJBq0Ut+RQPjQkLMM4naPSD4=
Subject key identifier:   34:50:9C:7A:F2:8C:92:04:C2:7F:97:F8:86:B5:55:B0:8F:45:B9:28
Certificate issuer:       /CN=0d3ff71151a45ed39fb1da5ffb4032ed74fa19c5
Certificate serial:       018CCA99607AE977E5A351282FB9514BD92C
Authority key identifier: 0D:3F:F7:11:51:A4:5E:D3:9F:B1:DA:5F:FB:40:32:ED:74:FA:19:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DT_3EVGkXtOfsdpf-0Ay7XT6GcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/ea9d99-738b-4baa-b455-a6cb054ac97b/1/NFCcevKMkgTCf5f4hrVVsI9FuSg.roa
Signing time:             Tue 02 Jan 2024 14:34:58 +0000
ROA not before:           Tue 02 Jan 2024 14:34:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59741
IP address blocks:        195.190.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/ea9d99-738b-4baa-b455-a6cb054ac97b/1/DT_3EVGkXtOfsdpf-0Ay7XT6GcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/ea9d99-738b-4baa-b455-a6cb054ac97b/1/DT_3EVGkXtOfsdpf-0Ay7XT6GcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DT_3EVGkXtOfsdpf-0Ay7XT6GcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:60:7a:e9:77:e5:a3:51:28:2f:b9:51:4b:d9:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3ff71151a45ed39fb1da5ffb4032ed74fa19c5
        Validity
            Not Before: Jan  2 14:34:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34509c7af28c9204c27f97f886b555b08f45b928
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e0:6e:e0:2d:31:6b:7c:ce:29:d8:ce:79:71:
                    c6:22:e5:2e:ec:e6:92:d0:9c:65:8c:c5:c0:ba:2e:
                    7f:38:ff:b3:dd:6f:f6:cd:78:ab:0d:44:b7:1a:52:
                    f6:fd:71:48:66:70:60:07:86:a1:8f:e7:04:c6:45:
                    51:13:68:e5:c8:08:c8:b4:20:1d:be:59:e4:c9:07:
                    bf:f2:fe:a5:fe:4f:8b:dc:54:0a:73:f6:5c:17:c4:
                    18:9d:24:69:1d:05:b2:06:9f:6c:aa:6d:96:e4:8a:
                    00:a6:bc:92:6e:1c:57:86:67:f4:58:31:f7:ce:dc:
                    07:b7:1a:a7:e0:dc:96:a2:36:ee:44:29:ed:cf:cf:
                    82:b7:6f:ea:a3:20:72:94:b7:35:05:6a:86:01:a3:
                    47:13:e5:fe:29:83:80:17:ea:d3:6d:a2:e4:56:bf:
                    5f:57:b6:12:18:34:18:d5:2d:36:aa:c9:1b:e9:89:
                    d2:0c:1c:dd:92:64:e1:74:78:a8:15:59:7d:fd:82:
                    fc:c0:f8:6d:75:06:c0:b9:6a:68:56:58:45:d4:88:
                    8e:95:8b:02:5e:9f:6f:37:bd:06:bf:89:10:15:8f:
                    20:3b:78:25:a4:10:28:4c:34:54:18:f6:e9:cc:18:
                    2b:f0:58:73:e9:fe:da:6f:c2:b2:d7:85:e7:ab:2a:
                    cc:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:50:9C:7A:F2:8C:92:04:C2:7F:97:F8:86:B5:55:B0:8F:45:B9:28
            X509v3 Authority Key Identifier:
                keyid:0D:3F:F7:11:51:A4:5E:D3:9F:B1:DA:5F:FB:40:32:ED:74:FA:19:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DT_3EVGkXtOfsdpf-0Ay7XT6GcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/ea9d99-738b-4baa-b455-a6cb054ac97b/1/NFCcevKMkgTCf5f4hrVVsI9FuSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/ea9d99-738b-4baa-b455-a6cb054ac97b/1/DT_3EVGkXtOfsdpf-0Ay7XT6GcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.190.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:a9:de:fb:c5:48:17:64:d9:ac:62:de:81:c7:89:44:00:3e:
         6c:4b:3b:d0:66:9d:0e:11:08:1a:8e:a3:06:0a:2f:15:e5:17:
         2c:e2:e6:30:f9:74:2a:67:ec:2c:d4:25:50:0d:8f:69:59:a9:
         09:1a:89:b1:81:c0:34:18:a4:3e:0b:c3:59:bc:b9:c6:38:4f:
         b3:e1:a0:7b:2c:79:ae:00:7d:f1:f2:8e:d1:bd:ed:e8:3c:e9:
         64:6b:07:47:61:85:fd:a3:95:2a:26:39:3f:12:0b:11:8c:d1:
         da:c8:77:bc:9f:ee:ab:98:ac:ec:b3:1e:99:25:25:f8:fd:23:
         2a:4d:56:3a:bd:1c:39:03:d8:89:b9:4d:35:2e:54:0f:f0:82:
         a2:a1:52:c7:e3:be:20:04:a9:0f:98:55:19:d2:ad:4d:52:83:
         05:3b:07:a5:f8:42:42:1d:1b:4c:f5:c1:ad:89:f0:41:97:28:
         90:cf:4d:04:8c:54:06:6d:99:04:09:67:58:94:f2:d6:3c:05:
         d2:17:97:99:f3:b6:35:bb:8d:15:7e:70:d1:8f:ad:8b:4b:dd:
         e9:74:2e:0f:fa:0e:18:1c:fd:c7:9f:2a:f0:63:78:9f:50:8c:
         6f:1b:fc:28:58:6e:1a:31:d6:58:df:c2:7b:05:a5:82:73:05:
         22:b1:4e:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmWB66Xflo1EoL7lRS9ksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkM2ZmNzExNTFhNDVlZDM5ZmIxZGE1ZmZiNDAzMmVkNzRm
YTE5YzUwHhcNMjQwMTAyMTQzNDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDUwOWM3YWYyOGM5MjA0YzI3Zjk3Zjg4NmI1NTViMDhmNDViOTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOBu4C0xa3zOKdjOeXHGIuUu7OaS
0JxljMXAui5/OP+z3W/2zXirDUS3GlL2/XFIZnBgB4ahj+cExkVRE2jlyAjItCAd
vlnkyQe/8v6l/k+L3FQKc/ZcF8QYnSRpHQWyBp9sqm2W5IoAprySbhxXhmf0WDH3
ztwHtxqn4NyWojbuRCntz8+Ct2/qoyBylLc1BWqGAaNHE+X+KYOAF+rTbaLkVr9f
V7YSGDQY1S02qskb6YnSDBzdkmThdHioFVl9/YL8wPhtdQbAuWpoVlhF1IiOlYsC
Xp9vN70Gv4kQFY8gO3glpBAoTDRUGPbpzBgr8Fhz6f7ab8Ky14XnqyrMPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDRQnHryjJIEwn+X+Ia1VbCPRbkoMB8GA1UdIwQY
MBaAFA0/9xFRpF7Tn7HaX/tAMu10+hnFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRfM0VWR2tYdE9mc2RwZi0wQXk3WFQ2R2NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9lYTlkOTktNzM4Yi00YmFhLWI0NTUt
YTZjYjA1NGFjOTdiLzEvTkZDY2V2S01rZ1RDZjVmNGhyVlZzSTlGdVNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9lYTlkOTktNzM4Yi00YmFhLWI0NTUtYTZjYjA1NGFjOTdi
LzEvRFRfM0VWR2tYdE9mc2RwZi0wQXk3WFQ2R2NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw74HMA0G
CSqGSIb3DQEBCwUAA4IBAQBBqd77xUgXZNmsYt6Bx4lEAD5sSzvQZp0OEQgajqMG
Ci8V5Rcs4uYw+XQqZ+ws1CVQDY9pWakJGomxgcA0GKQ+C8NZvLnGOE+z4aB7LHmu
AH3x8o7Rve3oPOlkawdHYYX9o5UqJjk/EgsRjNHayHe8n+6rmKzssx6ZJSX4/SMq
TVY6vRw5A9iJuU01LlQP8IKioVLH474gBKkPmFUZ0q1NUoMFOwel+EJCHRtM9cGt
ifBBlyiQz00EjFQGbZkECWdYlPLWPAXSF5eZ87Y1u40VfnDRj62LS93pdC4P+g4Y
HP3HnyrwY3ifUIxvG/woWG4aMdZY38J7BaWCcwUisU5S
-----END CERTIFICATE-----