Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/ea9d99-738b-4baa-b455-a6cb054ac97b/1/VpCuVE4Z70OI1yZHeD_zABjx7mo.roa
File:                     VpCuVE4Z70OI1yZHeD_zABjx7mo.roa (raw, json)
Hash identifier:          0b3D2ZxaYIzAMTTUiGidwXth2OnHGpmq/WCuG4OTTrM=
Subject key identifier:   56:90:AE:54:4E:19:EF:43:88:D7:26:47:78:3F:F3:00:18:F1:EE:6A
Certificate issuer:       /CN=0d3ff71151a45ed39fb1da5ffb4032ed74fa19c5
Certificate serial:       018CCA995F9987004E05325986425F990AFD
Authority key identifier: 0D:3F:F7:11:51:A4:5E:D3:9F:B1:DA:5F:FB:40:32:ED:74:FA:19:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DT_3EVGkXtOfsdpf-0Ay7XT6GcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/ea9d99-738b-4baa-b455-a6cb054ac97b/1/VpCuVE4Z70OI1yZHeD_zABjx7mo.roa
Signing time:             Tue 02 Jan 2024 14:34:58 +0000
ROA not before:           Tue 02 Jan 2024 14:34:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47108
IP address blocks:        195.190.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/ea9d99-738b-4baa-b455-a6cb054ac97b/1/DT_3EVGkXtOfsdpf-0Ay7XT6GcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/ea9d99-738b-4baa-b455-a6cb054ac97b/1/DT_3EVGkXtOfsdpf-0Ay7XT6GcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DT_3EVGkXtOfsdpf-0Ay7XT6GcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:5f:99:87:00:4e:05:32:59:86:42:5f:99:0a:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3ff71151a45ed39fb1da5ffb4032ed74fa19c5
        Validity
            Not Before: Jan  2 14:34:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5690ae544e19ef4388d72647783ff30018f1ee6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:04:bc:14:77:1f:32:9c:ff:e4:c8:90:5e:b9:
                    fa:6e:ac:6c:a6:10:5a:a3:46:be:b5:88:0a:51:ef:
                    b4:ee:61:d2:35:71:54:f6:47:c4:ee:51:39:e3:c3:
                    69:1e:5b:d0:fe:dd:dd:12:bb:1e:be:68:b5:01:bc:
                    d7:6f:5e:81:bc:78:c5:f6:26:f7:5c:00:51:35:fa:
                    85:e3:d3:bd:43:6e:d2:b4:23:6b:f9:84:13:4a:92:
                    c0:5c:fd:6a:87:e3:91:45:18:2e:35:66:79:10:1c:
                    3d:67:ad:30:0a:54:9c:64:c6:a5:89:02:82:ef:0b:
                    bf:4d:10:69:30:3f:e7:74:e0:ef:fd:a7:3b:96:43:
                    64:fe:d7:3e:11:84:bb:6e:48:12:76:5f:2f:2b:9a:
                    e0:ce:1a:52:50:c0:22:59:ee:65:f7:8d:a9:b7:98:
                    e2:fb:3a:16:82:0f:59:7f:5c:8b:b2:be:af:16:79:
                    ac:64:49:a2:8d:85:1d:d2:41:e8:f9:18:96:4c:89:
                    de:4c:3b:7b:76:9c:b7:17:59:fa:fa:64:b0:66:bc:
                    c3:bf:6a:61:a5:73:ef:7d:3f:f3:77:c3:41:b5:e6:
                    cd:b7:2d:77:dd:3c:2a:a6:46:12:28:1f:54:e5:22:
                    85:14:b8:32:5c:9c:e2:1c:0d:4e:f6:e2:f2:05:3b:
                    38:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:90:AE:54:4E:19:EF:43:88:D7:26:47:78:3F:F3:00:18:F1:EE:6A
            X509v3 Authority Key Identifier:
                keyid:0D:3F:F7:11:51:A4:5E:D3:9F:B1:DA:5F:FB:40:32:ED:74:FA:19:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DT_3EVGkXtOfsdpf-0Ay7XT6GcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/ea9d99-738b-4baa-b455-a6cb054ac97b/1/VpCuVE4Z70OI1yZHeD_zABjx7mo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/ea9d99-738b-4baa-b455-a6cb054ac97b/1/DT_3EVGkXtOfsdpf-0Ay7XT6GcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.190.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:5d:b3:14:34:6c:d7:64:3c:7b:55:29:2d:c5:eb:b3:88:66:
         b7:db:43:a8:4e:87:a8:71:b6:6e:a3:f4:6b:19:c7:39:5e:6c:
         50:b5:54:47:97:85:09:86:ff:40:35:b5:74:ab:9d:06:f2:fe:
         b8:b7:0e:e9:a8:47:dc:44:a3:10:c6:46:c9:44:96:46:08:98:
         ca:d2:a1:12:dc:2f:b1:c7:46:f2:c4:bf:47:31:86:10:19:db:
         6b:8b:53:b6:20:eb:25:0e:0c:12:2a:e6:81:bc:31:a0:1e:b4:
         49:91:b4:df:1c:00:3b:83:1a:80:42:20:49:a4:20:93:e1:06:
         21:9c:be:c9:be:8a:64:28:5d:6e:f4:b1:61:72:af:51:d4:9a:
         11:f9:08:08:e7:0c:68:b9:51:90:5f:f6:d5:8f:2d:ce:1f:15:
         cc:9d:27:a1:2c:d4:48:e0:67:65:69:ef:44:db:70:d0:e5:92:
         e0:76:12:91:ca:87:56:24:32:55:6f:bc:d2:eb:96:33:78:82:
         c2:47:01:11:7d:c8:29:33:d6:a8:6d:a9:e2:3f:05:d3:30:2b:
         7a:d1:db:86:9d:b7:68:0c:77:6a:1b:4c:26:01:8d:47:f7:12:
         c6:7c:7d:6e:47:f3:73:99:98:55:97:4b:98:5d:e8:13:35:08:
         19:49:36:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmV+ZhwBOBTJZhkJfmQr9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkM2ZmNzExNTFhNDVlZDM5ZmIxZGE1ZmZiNDAzMmVkNzRm
YTE5YzUwHhcNMjQwMTAyMTQzNDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjkwYWU1NDRlMTllZjQzODhkNzI2NDc3ODNmZjMwMDE4ZjFlZTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1AS8FHcfMpz/5MiQXrn6bqxsphBa
o0a+tYgKUe+07mHSNXFU9kfE7lE548NpHlvQ/t3dErsevmi1AbzXb16BvHjF9ib3
XABRNfqF49O9Q27StCNr+YQTSpLAXP1qh+ORRRguNWZ5EBw9Z60wClScZMaliQKC
7wu/TRBpMD/ndODv/ac7lkNk/tc+EYS7bkgSdl8vK5rgzhpSUMAiWe5l942pt5ji
+zoWgg9Zf1yLsr6vFnmsZEmijYUd0kHo+RiWTIneTDt7dpy3F1n6+mSwZrzDv2ph
pXPvfT/zd8NBtebNty133TwqpkYSKB9U5SKFFLgyXJziHA1O9uLyBTs4RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFaQrlROGe9DiNcmR3g/8wAY8e5qMB8GA1UdIwQY
MBaAFA0/9xFRpF7Tn7HaX/tAMu10+hnFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRfM0VWR2tYdE9mc2RwZi0wQXk3WFQ2R2NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9lYTlkOTktNzM4Yi00YmFhLWI0NTUt
YTZjYjA1NGFjOTdiLzEvVnBDdVZFNFo3ME9JMXlaSGVEX3pBQmp4N21vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9lYTlkOTktNzM4Yi00YmFhLWI0NTUtYTZjYjA1NGFjOTdi
LzEvRFRfM0VWR2tYdE9mc2RwZi0wQXk3WFQ2R2NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw74HMA0G
CSqGSIb3DQEBCwUAA4IBAQAIXbMUNGzXZDx7VSktxeuziGa320OoToeocbZuo/Rr
Gcc5XmxQtVRHl4UJhv9ANbV0q50G8v64tw7pqEfcRKMQxkbJRJZGCJjK0qES3C+x
x0byxL9HMYYQGdtri1O2IOslDgwSKuaBvDGgHrRJkbTfHAA7gxqAQiBJpCCT4QYh
nL7JvopkKF1u9LFhcq9R1JoR+QgI5wxouVGQX/bVjy3OHxXMnSehLNRI4Gdlae9E
23DQ5ZLgdhKRyodWJDJVb7zS65YzeILCRwERfcgpM9aobaniPwXTMCt60duGnbdo
DHdqG0wmAY1H9xLGfH1uR/NzmZhVl0uYXegTNQgZSTZm
-----END CERTIFICATE-----