Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/_gbgVcIsHmh25TNQbRO3ROY8GWM.roa
File:                     _gbgVcIsHmh25TNQbRO3ROY8GWM.roa (raw, json)
Hash identifier:          DivawMRPt81D0x8oT4o/9NjK17dDIBLxtAP3BQSbOEI=
Subject key identifier:   FE:06:E0:55:C2:2C:1E:68:76:E5:33:50:6D:13:B7:44:E6:3C:19:63
Certificate issuer:       /CN=13f8496b79d1c04d082af83f1be6a5eab0c66089
Certificate serial:       018CC87159F1656168DF2FED63CA34A4E939
Authority key identifier: 13:F8:49:6B:79:D1:C0:4D:08:2A:F8:3F:1B:E6:A5:EA:B0:C6:60:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E_hJa3nRwE0IKvg_G-al6rDGYIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/_gbgVcIsHmh25TNQbRO3ROY8GWM.roa
Signing time:             Tue 02 Jan 2024 04:32:00 +0000
ROA not before:           Tue 02 Jan 2024 04:32:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        195.242.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/E_hJa3nRwE0IKvg_G-al6rDGYIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/E_hJa3nRwE0IKvg_G-al6rDGYIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E_hJa3nRwE0IKvg_G-al6rDGYIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 07:03:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:59:f1:65:61:68:df:2f:ed:63:ca:34:a4:e9:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13f8496b79d1c04d082af83f1be6a5eab0c66089
        Validity
            Not Before: Jan  2 04:32:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe06e055c22c1e6876e533506d13b744e63c1963
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b3:9e:f3:c0:29:3c:d3:33:cd:bf:7d:3d:d9:
                    52:3c:4c:7a:24:b2:85:24:c9:ea:e8:84:7d:8c:3c:
                    19:04:27:a8:8f:a0:b8:bb:eb:66:ae:80:94:6c:8e:
                    7b:d8:bf:66:3c:32:1d:b6:e1:7f:a1:df:21:f8:e6:
                    02:ce:52:a7:b2:a5:8b:be:c5:5f:fd:76:88:93:53:
                    ac:ed:0e:95:29:28:6d:fe:b9:85:9b:18:ae:c4:25:
                    df:e0:7c:40:29:55:3c:22:a2:61:28:18:4b:7b:86:
                    03:17:23:60:14:29:2e:99:f7:27:06:d2:66:df:c5:
                    ec:c9:db:cb:fc:47:97:bd:18:23:75:da:ba:25:6f:
                    47:06:f8:83:8d:99:a7:fc:a1:a0:25:a4:03:ad:39:
                    f1:a8:c0:71:4f:f4:37:23:df:b2:21:1b:a0:64:e8:
                    9c:e8:e5:f9:97:57:3a:9b:d0:cf:4c:da:56:58:5c:
                    1f:72:3d:99:94:fc:8a:06:b3:bf:8a:34:64:f6:bd:
                    7d:d4:2c:32:81:ca:6b:2d:47:15:a5:3b:f7:cf:84:
                    70:d8:bd:90:52:90:f7:36:02:41:b7:40:4b:9b:1e:
                    79:9e:f6:89:46:eb:e7:3e:1c:2f:6c:c7:6c:09:dd:
                    e3:f7:7e:6d:84:d6:8a:e0:51:52:4b:62:91:51:bc:
                    f1:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:06:E0:55:C2:2C:1E:68:76:E5:33:50:6D:13:B7:44:E6:3C:19:63
            X509v3 Authority Key Identifier:
                keyid:13:F8:49:6B:79:D1:C0:4D:08:2A:F8:3F:1B:E6:A5:EA:B0:C6:60:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E_hJa3nRwE0IKvg_G-al6rDGYIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/_gbgVcIsHmh25TNQbRO3ROY8GWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/E_hJa3nRwE0IKvg_G-al6rDGYIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.242.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:4f:b2:3e:00:f2:a9:41:79:b1:df:2e:cc:25:ed:8d:5a:d3:
         29:d1:cb:ac:ab:65:d6:27:c2:0c:66:9a:99:85:1e:ff:3d:60:
         31:1f:0d:cf:81:be:43:3c:db:db:a1:74:0d:60:01:23:b1:ca:
         b4:74:56:11:3e:c3:62:68:4e:99:0b:f3:e6:63:5b:69:3b:f6:
         ac:90:60:9f:8a:c3:b8:38:6a:75:85:60:dc:c3:aa:4f:cb:15:
         34:8f:b5:3c:46:f7:ae:19:53:e6:2a:8d:8b:07:58:18:ec:fa:
         20:ff:ff:11:f3:65:ae:4d:4b:55:ce:01:f3:1b:af:32:cd:18:
         93:1b:fb:3f:1b:df:95:83:8d:18:36:0f:e8:d6:01:a2:1a:74:
         12:ce:7a:93:b1:9f:ed:e6:05:b6:5d:7f:0c:ff:99:d7:c5:18:
         59:1b:e4:09:bf:33:37:eb:6c:fe:d0:bd:fd:bf:1f:b4:66:2a:
         b1:3b:60:39:af:32:cf:42:36:e7:6c:86:65:0e:dc:88:ce:ef:
         f6:89:b9:b2:93:6b:7b:97:6b:e7:f2:e1:1f:7c:7f:7d:8d:9c:
         ac:25:33:97:22:72:5a:7d:51:2b:99:f5:16:7b:c2:66:42:05:
         44:0e:86:32:93:f5:23:89:c7:8f:9c:de:7d:02:82:7e:bd:d6:
         1a:9b:65:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcVnxZWFo3y/tY8o0pOk5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZjg0OTZiNzlkMWMwNGQwODJhZjgzZjFiZTZhNWVhYjBj
NjYwODkwHhcNMjQwMTAyMDQzMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTA2ZTA1NWMyMmMxZTY4NzZlNTMzNTA2ZDEzYjc0NGU2M2MxOTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrOe88ApPNMzzb99PdlSPEx6JLKF
JMnq6IR9jDwZBCeoj6C4u+tmroCUbI572L9mPDIdtuF/od8h+OYCzlKnsqWLvsVf
/XaIk1Os7Q6VKSht/rmFmxiuxCXf4HxAKVU8IqJhKBhLe4YDFyNgFCkumfcnBtJm
38XsydvL/EeXvRgjddq6JW9HBviDjZmn/KGgJaQDrTnxqMBxT/Q3I9+yIRugZOic
6OX5l1c6m9DPTNpWWFwfcj2ZlPyKBrO/ijRk9r191CwygcprLUcVpTv3z4Rw2L2Q
UpD3NgJBt0BLmx55nvaJRuvnPhwvbMdsCd3j935thNaK4FFSS2KRUbzxDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP4G4FXCLB5oduUzUG0Tt0TmPBljMB8GA1UdIwQY
MBaAFBP4SWt50cBNCCr4PxvmpeqwxmCJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRV9oSmEzblJ3RTBJS3ZnX0ctYWw2ckRHWUlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9lZWIyNmYtNjc5MC00MmNlLThjY2Mt
NTRhMjVlMmNkYWE5LzEvX2diZ1ZjSXNIbWgyNVROUWJSTzNST1k4R1dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9lZWIyNmYtNjc5MC00MmNlLThjY2MtNTRhMjVlMmNkYWE5
LzEvRV9oSmEzblJ3RTBJS3ZnX0ctYWw2ckRHWUlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/LtMA0G
CSqGSIb3DQEBCwUAA4IBAQBqT7I+APKpQXmx3y7MJe2NWtMp0cusq2XWJ8IMZpqZ
hR7/PWAxHw3Pgb5DPNvboXQNYAEjscq0dFYRPsNiaE6ZC/PmY1tpO/askGCfisO4
OGp1hWDcw6pPyxU0j7U8RveuGVPmKo2LB1gY7Pog//8R82WuTUtVzgHzG68yzRiT
G/s/G9+Vg40YNg/o1gGiGnQSznqTsZ/t5gW2XX8M/5nXxRhZG+QJvzM362z+0L39
vx+0ZiqxO2A5rzLPQjbnbIZlDtyIzu/2ibmyk2t7l2vn8uEffH99jZysJTOXInJa
fVErmfUWe8JmQgVEDoYyk/UjicePnN59AoJ+vdYam2WV
-----END CERTIFICATE-----