Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/aXBVswBpF7zSqap544CHqTvteR8.roa
File:                     aXBVswBpF7zSqap544CHqTvteR8.roa (raw, json)
Hash identifier:          i44qHZf3whzinsSR1KFq0ylUC1idAG1GpE6O61uehXU=
Subject key identifier:   69:70:55:B3:00:69:17:BC:D2:A9:AA:79:E3:80:87:A9:3B:ED:79:1F
Certificate issuer:       /CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
Certificate serial:       018DF9DEDB691BE3984910775F90C56CDE17
Authority key identifier: 71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/aXBVswBpF7zSqap544CHqTvteR8.roa
Signing time:             Fri 01 Mar 2024 11:55:48 +0000
ROA not before:           Fri 01 Mar 2024 11:55:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200174
IP address blocks:        194.40.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f9:de:db:69:1b:e3:98:49:10:77:5f:90:c5:6c:de:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
        Validity
            Not Before: Mar  1 11:55:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=697055b3006917bcd2a9aa79e38087a93bed791f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:c3:81:c9:a0:a7:ef:48:9c:45:e6:b5:95:e7:
                    9e:3c:31:3e:10:d7:a1:7c:b2:68:4c:59:8f:30:cb:
                    74:8c:c1:79:c8:15:19:39:5e:cf:6f:c9:68:d5:9c:
                    89:e0:ec:70:7a:64:e8:d4:75:62:19:4c:94:57:40:
                    b6:54:0d:ae:a2:66:60:15:db:09:99:77:d8:2d:cd:
                    84:f1:4e:7c:81:d8:19:de:03:5c:a9:15:7d:9f:c7:
                    f4:68:7d:b0:9f:9c:07:e5:f4:3d:82:94:3b:74:f0:
                    21:99:15:b8:5c:06:05:68:af:4c:b7:44:a2:f1:17:
                    e5:04:84:b0:61:7c:b8:2c:f0:f1:6a:03:ba:3b:8e:
                    a4:79:64:6a:ae:d7:4c:f7:fc:e0:47:6c:2d:d0:cb:
                    cb:8a:20:e1:13:bf:ca:1c:f5:3e:70:16:72:ba:42:
                    62:db:af:2f:23:05:03:95:89:48:1c:b7:59:17:42:
                    d4:b3:10:ad:68:46:1b:ec:81:92:13:fe:5c:1b:88:
                    6a:d9:be:df:9b:11:77:95:02:11:23:85:ae:82:aa:
                    c3:a6:39:f7:1f:6f:99:33:b7:de:d8:51:e2:95:f5:
                    55:f5:4c:72:35:ba:43:d3:9e:84:b9:a3:d9:ba:5c:
                    3a:b8:5c:e5:1f:57:93:4f:e0:e0:04:1f:f8:d8:1e:
                    e7:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:70:55:B3:00:69:17:BC:D2:A9:AA:79:E3:80:87:A9:3B:ED:79:1F
            X509v3 Authority Key Identifier:
                keyid:71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/aXBVswBpF7zSqap544CHqTvteR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.40.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:fb:59:6a:80:32:8e:62:9b:cc:32:1a:0a:2f:34:44:5a:71:
         8b:74:b0:19:b5:75:99:ae:45:77:4a:a8:ce:64:cd:f3:fd:09:
         fc:bb:5f:d6:9b:52:74:2e:d5:e0:2f:48:05:5c:ed:ed:6c:e7:
         fe:dd:1b:35:d5:43:09:c1:75:5b:cb:f1:23:d9:27:33:f1:55:
         dd:64:e7:f2:28:58:97:d1:42:5b:9b:da:e7:61:a2:d8:76:eb:
         9a:ee:aa:17:d1:3a:d1:e7:99:5b:6f:05:c6:05:99:7f:38:36:
         b2:8c:2f:e9:13:0f:09:7f:2e:25:48:3d:ba:83:17:ca:96:fc:
         04:46:1d:8d:1c:61:2b:8c:79:82:aa:8e:f2:bb:14:89:cf:2b:
         32:92:d7:00:98:10:ad:4f:bb:10:bd:5f:09:b0:47:c0:6d:60:
         89:34:a7:db:6e:7b:ca:66:e3:97:b5:1d:f5:ab:41:10:6c:de:
         b9:72:66:b7:3d:d1:d2:5b:9c:19:81:f3:e8:5e:08:ac:e5:c4:
         1d:4a:81:7b:fe:90:cd:b9:a9:49:f9:cf:9a:65:c3:68:33:4c:
         36:0c:48:06:ba:64:4e:90:04:0e:b3:97:98:86:6d:dd:b5:56:
         bb:ae:34:61:3a:3c:8d:66:03:7e:02:86:25:58:76:f2:39:f5:
         fa:e0:29:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY353ttpG+OYSRB3X5DFbN4XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYmRkZWFmMGYzMGZiZGFmOWU3NWI5MmFjN2Q1YmQxM2Yy
ODVkZTcwHhcNMjQwMzAxMTE1NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTcwNTViMzAwNjkxN2JjZDJhOWFhNzllMzgwODdhOTNiZWQ3OTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMOByaCn70icRea1leeePDE+ENeh
fLJoTFmPMMt0jMF5yBUZOV7Pb8lo1ZyJ4OxwemTo1HViGUyUV0C2VA2uomZgFdsJ
mXfYLc2E8U58gdgZ3gNcqRV9n8f0aH2wn5wH5fQ9gpQ7dPAhmRW4XAYFaK9Mt0Si
8RflBISwYXy4LPDxagO6O46keWRqrtdM9/zgR2wt0MvLiiDhE7/KHPU+cBZyukJi
268vIwUDlYlIHLdZF0LUsxCtaEYb7IGSE/5cG4hq2b7fmxF3lQIRI4WugqrDpjn3
H2+ZM7fe2FHilfVV9UxyNbpD056EuaPZulw6uFzlH1eTT+DgBB/42B7n9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGlwVbMAaRe80qmqeeOAh6k77XkfMB8GA1UdIwQY
MBaAFHG93q8PMPva+edbkqx9W9E/KF3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUt
NDc3MjMxMTkxYTM1LzEvYVhCVnN3QnBGN3pTcWFwNTQ0Q0hxVHZ0ZVI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUtNDc3MjMxMTkxYTM1
LzEvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwijyMA0G
CSqGSIb3DQEBCwUAA4IBAQBw+1lqgDKOYpvMMhoKLzREWnGLdLAZtXWZrkV3SqjO
ZM3z/Qn8u1/Wm1J0LtXgL0gFXO3tbOf+3Rs11UMJwXVby/Ej2Scz8VXdZOfyKFiX
0UJbm9rnYaLYduua7qoX0TrR55lbbwXGBZl/ODayjC/pEw8Jfy4lSD26gxfKlvwE
Rh2NHGErjHmCqo7yuxSJzysyktcAmBCtT7sQvV8JsEfAbWCJNKfbbnvKZuOXtR31
q0EQbN65cma3PdHSW5wZgfPoXgis5cQdSoF7/pDNualJ+c+aZcNoM0w2DEgGumRO
kAQOs5eYhm3dtVa7rjRhOjyNZgN+AoYlWHbyOfX64Cmy
-----END CERTIFICATE-----