Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/6ec943-70e2-4335-84fe-c79d4eeb5ad6/1/K7SH4zYCXr-cp1q6N2Mp-Gdj1PU.roa
File:                     K7SH4zYCXr-cp1q6N2Mp-Gdj1PU.roa (raw, json)
Hash identifier:          fOTEXpl4gYkXzMjvkhlooQdp3U8U0Z9lMps20TcryK0=
Subject key identifier:   2B:B4:87:E3:36:02:5E:BF:9C:A7:5A:BA:37:63:29:F8:67:63:D4:F5
Certificate issuer:       /CN=e240a025e0e61a44d93e4a801e3888b26e7bd241
Certificate serial:       019420D60A638F9EFFE305820DCA4523E2A4
Authority key identifier: E2:40:A0:25:E0:E6:1A:44:D9:3E:4A:80:1E:38:88:B2:6E:7B:D2:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4kCgJeDmGkTZPkqAHjiIsm570kE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/6ec943-70e2-4335-84fe-c79d4eeb5ad6/1/K7SH4zYCXr-cp1q6N2Mp-Gdj1PU.roa
Signing time:             Wed 01 Jan 2025 07:48:05 +0000
ROA not before:           Wed 01 Jan 2025 07:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3308
IP address blocks:        195.110.16.0/24 maxlen: 24
                          195.110.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/6ec943-70e2-4335-84fe-c79d4eeb5ad6/1/4kCgJeDmGkTZPkqAHjiIsm570kE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/6ec943-70e2-4335-84fe-c79d4eeb5ad6/1/4kCgJeDmGkTZPkqAHjiIsm570kE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4kCgJeDmGkTZPkqAHjiIsm570kE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:0a:63:8f:9e:ff:e3:05:82:0d:ca:45:23:e2:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e240a025e0e61a44d93e4a801e3888b26e7bd241
        Validity
            Not Before: Jan  1 07:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2bb487e336025ebf9ca75aba376329f86763d4f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c3:cf:a5:f7:78:be:48:50:00:64:f7:f9:a5:
                    3c:11:b6:a7:db:e4:41:b7:9f:58:6f:dc:f1:69:69:
                    70:40:6e:3f:85:50:3d:61:8d:54:84:05:60:8c:60:
                    3d:61:45:cf:ee:77:84:9e:ca:1e:98:b0:f4:7e:ef:
                    5d:76:50:63:bd:a2:55:43:6c:c5:7a:00:f5:d5:61:
                    a3:51:f4:86:41:0a:99:3b:89:ff:80:2f:93:be:5c:
                    c9:08:93:20:c7:7f:3b:7b:a5:50:b5:d8:3a:99:ce:
                    f2:f7:bc:9d:86:ab:30:fb:21:6f:24:82:92:55:30:
                    5e:25:ba:1c:32:60:7e:96:b5:2c:73:74:99:ae:94:
                    4d:78:ca:64:f0:d5:a9:e0:ad:05:3f:b6:58:48:34:
                    4e:f8:f6:9b:b3:04:bd:3b:70:cb:53:40:be:56:8c:
                    11:62:f1:c7:f8:19:07:54:ae:bc:cc:a4:0b:0c:a0:
                    6d:62:d3:4b:bf:73:ab:5a:73:c7:93:1a:c9:4b:d4:
                    a9:77:b6:43:38:d6:98:ff:15:4d:8d:9c:a1:73:01:
                    8d:7a:33:b8:6c:bd:e5:e4:c7:51:77:3d:85:3c:d3:
                    90:14:71:14:00:c2:63:2d:6b:8c:82:ff:bf:85:e4:
                    a0:f7:3c:81:3e:4f:b7:0c:dc:2e:7c:f5:8b:8d:7b:
                    27:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:B4:87:E3:36:02:5E:BF:9C:A7:5A:BA:37:63:29:F8:67:63:D4:F5
            X509v3 Authority Key Identifier:
                keyid:E2:40:A0:25:E0:E6:1A:44:D9:3E:4A:80:1E:38:88:B2:6E:7B:D2:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4kCgJeDmGkTZPkqAHjiIsm570kE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/6ec943-70e2-4335-84fe-c79d4eeb5ad6/1/K7SH4zYCXr-cp1q6N2Mp-Gdj1PU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/6ec943-70e2-4335-84fe-c79d4eeb5ad6/1/4kCgJeDmGkTZPkqAHjiIsm570kE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.110.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:9a:f0:9e:47:c6:5b:e7:8f:73:72:cb:68:61:ef:e0:c0:06:
         8b:09:7a:58:83:d9:2c:52:a5:2b:3a:5d:de:4d:a7:b7:97:e5:
         eb:bd:0e:5b:55:b5:42:47:11:f5:60:99:76:82:8d:9a:1e:8f:
         f3:cb:85:8c:a0:a8:cf:cc:bf:49:49:e3:70:f1:43:b2:a3:99:
         f9:16:42:36:22:99:c3:56:b1:fa:e8:d8:f5:b2:0f:55:e6:23:
         90:ac:94:a5:77:1e:cc:e9:7b:ae:80:3f:b6:8e:54:e2:a3:23:
         d3:1b:08:86:2c:a3:44:68:3c:a3:32:c4:04:a0:6f:cd:3a:a9:
         b5:9c:a2:e5:2e:f7:0e:fc:82:89:f8:95:c2:f1:78:7b:22:45:
         5f:17:81:69:30:8b:92:a9:9c:b7:ae:66:b7:58:dd:89:9a:05:
         db:51:ff:89:95:4c:4d:41:e6:b9:10:bf:8e:9e:b8:30:b7:d6:
         b6:df:99:ae:e8:79:dd:7b:4e:2d:4c:50:7d:ff:26:38:58:26:
         73:46:c2:eb:46:f0:8d:0c:a5:7e:bf:c7:8e:9b:e4:68:5d:6f:
         36:78:45:c8:16:23:cc:22:83:96:19:eb:83:4a:89:85:75:8b:
         26:29:1d:93:73:2a:b9:be:bc:d2:c1:e6:ed:e1:7f:24:99:24:
         a0:8f:4f:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1gpjj57/4wWCDcpFI+KkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyNDBhMDI1ZTBlNjFhNDRkOTNlNGE4MDFlMzg4OGIyNmU3
YmQyNDEwHhcNMjUwMTAxMDc0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmI0ODdlMzM2MDI1ZWJmOWNhNzVhYmEzNzYzMjlmODY3NjNkNGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8PPpfd4vkhQAGT3+aU8Eban2+RB
t59Yb9zxaWlwQG4/hVA9YY1UhAVgjGA9YUXP7neEnsoemLD0fu9ddlBjvaJVQ2zF
egD11WGjUfSGQQqZO4n/gC+TvlzJCJMgx387e6VQtdg6mc7y97ydhqsw+yFvJIKS
VTBeJbocMmB+lrUsc3SZrpRNeMpk8NWp4K0FP7ZYSDRO+PabswS9O3DLU0C+VowR
YvHH+BkHVK68zKQLDKBtYtNLv3OrWnPHkxrJS9Spd7ZDONaY/xVNjZyhcwGNejO4
bL3l5MdRdz2FPNOQFHEUAMJjLWuMgv+/heSg9zyBPk+3DNwufPWLjXsnGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCu0h+M2Al6/nKdaujdjKfhnY9T1MB8GA1UdIwQY
MBaAFOJAoCXg5hpE2T5KgB44iLJue9JBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGtDZ0plRG1Ha1RaUGtxQUhqaUlzbTU3MGtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS82ZWM5NDMtNzBlMi00MzM1LTg0ZmUt
Yzc5ZDRlZWI1YWQ2LzEvSzdTSDR6WUNYci1jcDFxNk4yTXAtR2RqMVBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS82ZWM5NDMtNzBlMi00MzM1LTg0ZmUtYzc5ZDRlZWI1YWQ2
LzEvNGtDZ0plRG1Ha1RaUGtxQUhqaUlzbTU3MGtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw24QMA0G
CSqGSIb3DQEBCwUAA4IBAQB1mvCeR8Zb549zcstoYe/gwAaLCXpYg9ksUqUrOl3e
Tae3l+XrvQ5bVbVCRxH1YJl2go2aHo/zy4WMoKjPzL9JSeNw8UOyo5n5FkI2IpnD
VrH66Nj1sg9V5iOQrJSldx7M6XuugD+2jlTioyPTGwiGLKNEaDyjMsQEoG/NOqm1
nKLlLvcO/IKJ+JXC8Xh7IkVfF4FpMIuSqZy3rma3WN2JmgXbUf+JlUxNQea5EL+O
nrgwt9a235mu6Hnde04tTFB9/yY4WCZzRsLrRvCNDKV+v8eOm+RoXW82eEXIFiPM
IoOWGeuDSomFdYsmKR2Tcyq5vrzSwebt4X8kmSSgj09l
-----END CERTIFICATE-----