Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/9ee202-b9b3-47f0-8c9a-9fdf4c15f9a6/1/Pow6TPWD3zqliKq6ckEQAmm5H1w.roa
File:                     Pow6TPWD3zqliKq6ckEQAmm5H1w.roa (raw, json)
Hash identifier:          ZamBKWqvnU46n+0N7hZxIeSAqeQJ5RO0CVFvTIezi7M=
Subject key identifier:   3E:8C:3A:4C:F5:83:DF:3A:A5:88:AA:BA:72:41:10:02:69:B9:1F:5C
Certificate issuer:       /CN=0241ef4436142506f2659383c16ebda1e29b4f86
Certificate serial:       018CC8DE5E776EC56721EE87B52513828D73
Authority key identifier: 02:41:EF:44:36:14:25:06:F2:65:93:83:C1:6E:BD:A1:E2:9B:4F:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AkHvRDYUJQbyZZODwW69oeKbT4Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/9ee202-b9b3-47f0-8c9a-9fdf4c15f9a6/1/Pow6TPWD3zqliKq6ckEQAmm5H1w.roa
Signing time:             Tue 02 Jan 2024 06:31:05 +0000
ROA not before:           Tue 02 Jan 2024 06:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        195.47.207.0/24 maxlen: 24
                          193.164.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/9ee202-b9b3-47f0-8c9a-9fdf4c15f9a6/1/AkHvRDYUJQbyZZODwW69oeKbT4Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/9ee202-b9b3-47f0-8c9a-9fdf4c15f9a6/1/AkHvRDYUJQbyZZODwW69oeKbT4Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AkHvRDYUJQbyZZODwW69oeKbT4Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:5e:77:6e:c5:67:21:ee:87:b5:25:13:82:8d:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0241ef4436142506f2659383c16ebda1e29b4f86
        Validity
            Not Before: Jan  2 06:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e8c3a4cf583df3aa588aaba7241100269b91f5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:58:b8:84:c4:c1:c4:db:e1:ce:65:02:3b:9c:
                    0e:3f:65:41:9e:f8:25:cc:74:0f:d2:15:de:24:30:
                    5c:91:de:ca:a3:2f:5a:02:18:2f:d4:c5:d7:35:1b:
                    16:90:70:ff:45:8a:a9:a6:ed:d0:7c:5a:93:49:eb:
                    ac:95:34:b3:d4:e5:0b:3f:20:de:0a:69:6c:05:f9:
                    85:dc:e9:63:36:da:09:b0:da:36:f6:2a:69:d9:67:
                    8d:ce:1e:12:cf:d8:16:5c:db:5c:28:2a:91:3c:78:
                    24:21:36:8c:6f:41:e4:4c:3e:11:f6:9b:97:12:a9:
                    3c:95:36:2c:09:3a:62:ec:38:db:e9:f2:26:b7:c9:
                    7d:af:a1:3a:f2:99:ea:3b:d6:86:8f:35:1d:66:5c:
                    aa:bc:50:6d:2c:2d:fb:c3:c7:bb:21:54:b1:ca:e9:
                    5f:93:8a:a8:41:23:ff:8a:3a:82:f5:49:49:ec:eb:
                    82:69:4b:b2:6d:44:4d:a0:32:fd:14:2d:78:89:63:
                    e5:b2:4e:7f:1f:ed:7a:0e:17:b1:e0:4e:f5:bc:e3:
                    c8:a1:dc:d8:18:31:fd:b8:e4:7c:2c:cd:b8:b1:2a:
                    42:a1:d9:df:3f:e5:a6:d9:01:b1:9f:5e:7d:56:b4:
                    17:9f:64:4f:10:e7:8d:f0:76:37:ce:8b:ae:3d:5d:
                    42:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:8C:3A:4C:F5:83:DF:3A:A5:88:AA:BA:72:41:10:02:69:B9:1F:5C
            X509v3 Authority Key Identifier:
                keyid:02:41:EF:44:36:14:25:06:F2:65:93:83:C1:6E:BD:A1:E2:9B:4F:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AkHvRDYUJQbyZZODwW69oeKbT4Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9ee202-b9b3-47f0-8c9a-9fdf4c15f9a6/1/Pow6TPWD3zqliKq6ckEQAmm5H1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9ee202-b9b3-47f0-8c9a-9fdf4c15f9a6/1/AkHvRDYUJQbyZZODwW69oeKbT4Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.14.0/24
                  195.47.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:af:25:f8:d3:6e:1b:9c:ac:ad:a8:3c:91:d3:b0:1b:d3:4c:
         0e:70:e6:a5:aa:4c:9e:4b:f2:73:15:e6:8f:30:36:03:50:6c:
         38:52:dc:f0:e1:0a:bf:6d:0f:ae:5e:07:70:03:7d:5d:38:94:
         9a:9b:25:46:19:0d:29:34:62:ef:44:12:05:f9:50:ef:07:c3:
         f1:31:df:37:fd:88:f7:df:55:4c:99:75:b4:d8:96:d0:ae:2a:
         18:92:10:26:8b:b6:5b:56:d1:a5:bb:75:2a:ec:ce:c3:fe:55:
         4e:8a:1d:0c:06:78:26:ec:e7:b8:b8:34:c7:d2:07:7e:de:bb:
         65:7c:3d:a2:95:45:e2:a8:09:24:79:cf:40:76:ef:76:79:be:
         31:ab:0a:eb:f1:75:84:60:a1:0b:28:6e:fc:28:37:6f:8b:f3:
         d2:7b:f3:11:cf:25:df:03:89:17:87:84:4d:1f:97:de:7c:4b:
         1b:70:84:cf:0e:25:c1:0e:98:c4:6e:c1:a5:17:a7:9e:a5:7d:
         9d:ec:bb:e7:7c:97:2f:e3:0a:12:ee:5e:c0:a8:a2:f5:bd:20:
         90:46:99:bb:8c:aa:8f:f7:a2:e0:e6:de:93:bf:7d:0c:33:5d:
         40:c9:30:c4:06:b8:5d:32:b5:0b:61:a9:f7:16:19:8e:a8:5f:
         e6:28:75:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3l53bsVnIe6HtSUTgo1zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyNDFlZjQ0MzYxNDI1MDZmMjY1OTM4M2MxNmViZGExZTI5
YjRmODYwHhcNMjQwMTAyMDYzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZThjM2E0Y2Y1ODNkZjNhYTU4OGFhYmE3MjQxMTAwMjY5YjkxZjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1i4hMTBxNvhzmUCO5wOP2VBnvgl
zHQP0hXeJDBckd7Koy9aAhgv1MXXNRsWkHD/RYqppu3QfFqTSeuslTSz1OULPyDe
CmlsBfmF3OljNtoJsNo29ipp2WeNzh4Sz9gWXNtcKCqRPHgkITaMb0HkTD4R9puX
Eqk8lTYsCTpi7Djb6fImt8l9r6E68pnqO9aGjzUdZlyqvFBtLC37w8e7IVSxyulf
k4qoQSP/ijqC9UlJ7OuCaUuybURNoDL9FC14iWPlsk5/H+16Dhex4E71vOPIodzY
GDH9uOR8LM24sSpCodnfP+Wm2QGxn159VrQXn2RPEOeN8HY3zouuPV1C5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD6MOkz1g986pYiqunJBEAJpuR9cMB8GA1UdIwQY
MBaAFAJB70Q2FCUG8mWTg8FuvaHim0+GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWtIdlJEWVVKUWJ5WlpPRHdXNjlvZUtiVDRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85ZWUyMDItYjliMy00N2YwLThjOWEt
OWZkZjRjMTVmOWE2LzEvUG93NlRQV0QzenFsaUtxNmNrRVFBbW01SDF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85ZWUyMDItYjliMy00N2YwLThjOWEtOWZkZjRjMTVmOWE2
LzEvQWtIdlJEWVVKUWJ5WlpPRHdXNjlvZUtiVDRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwaQOAwQA
wy/PMA0GCSqGSIb3DQEBCwUAA4IBAQB+ryX4024bnKytqDyR07Ab00wOcOalqkye
S/JzFeaPMDYDUGw4Utzw4Qq/bQ+uXgdwA31dOJSamyVGGQ0pNGLvRBIF+VDvB8Px
Md83/Yj331VMmXW02JbQrioYkhAmi7ZbVtGlu3Uq7M7D/lVOih0MBngm7Oe4uDTH
0gd+3rtlfD2ilUXiqAkkec9Adu92eb4xqwrr8XWEYKELKG78KDdvi/PSe/MRzyXf
A4kXh4RNH5fefEsbcITPDiXBDpjEbsGlF6eepX2d7LvnfJcv4woS7l7AqKL1vSCQ
Rpm7jKqP96Lg5t6Tv30MM11AyTDEBrhdMrULYan3FhmOqF/mKHWt
-----END CERTIFICATE-----