Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/4f0ec5-54d2-40fb-9498-742f8691beaa/1/f3wSuZwduJ6mfI6b_jM_lxKDtf0.roa
File:                     f3wSuZwduJ6mfI6b_jM_lxKDtf0.roa (raw, json)
Hash identifier:          mWEl5JiJqdZ9+S/I63GjLESAXigcL+EC2YyI5z/18Rc=
Subject key identifier:   7F:7C:12:B9:9C:1D:B8:9E:A6:7C:8E:9B:FE:33:3F:97:12:83:B5:FD
Certificate issuer:       /CN=608011ea51a9fbcf8bae0df1ed499a3407d63053
Certificate serial:       01901D7487FB2DB26ED3BB3B8399D5A7E66B
Authority key identifier: 60:80:11:EA:51:A9:FB:CF:8B:AE:0D:F1:ED:49:9A:34:07:D6:30:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YIAR6lGp-8-Lrg3x7UmaNAfWMFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/4f0ec5-54d2-40fb-9498-742f8691beaa/1/f3wSuZwduJ6mfI6b_jM_lxKDtf0.roa
Signing time:             Sat 15 Jun 2024 19:51:34 +0000
ROA not before:           Sat 15 Jun 2024 19:51:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8245
IP address blocks:        195.242.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/4f0ec5-54d2-40fb-9498-742f8691beaa/1/YIAR6lGp-8-Lrg3x7UmaNAfWMFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/4f0ec5-54d2-40fb-9498-742f8691beaa/1/YIAR6lGp-8-Lrg3x7UmaNAfWMFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YIAR6lGp-8-Lrg3x7UmaNAfWMFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:1d:74:87:fb:2d:b2:6e:d3:bb:3b:83:99:d5:a7:e6:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=608011ea51a9fbcf8bae0df1ed499a3407d63053
        Validity
            Not Before: Jun 15 19:51:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f7c12b99c1db89ea67c8e9bfe333f971283b5fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a9:ff:3c:51:0b:52:cd:ff:83:17:28:10:02:
                    00:5b:92:fa:61:da:be:e7:37:27:fd:b7:0f:e4:b3:
                    82:cc:f1:82:1d:6f:4e:69:78:3e:4d:2a:12:39:f0:
                    ea:8d:7c:3d:ea:ef:7a:56:f8:fd:aa:25:30:58:21:
                    75:ae:7f:b3:f6:dd:fe:85:7d:2a:e6:c3:18:d6:f7:
                    96:61:89:b1:92:1c:c5:ad:6c:70:03:5e:03:b4:29:
                    0b:b5:4c:ee:38:a0:f1:d0:bf:60:10:2d:08:a4:64:
                    f5:7d:93:14:5b:45:c0:3c:58:d1:52:4e:da:26:ef:
                    80:d4:32:39:a5:4e:dd:ba:7a:9e:64:db:80:0c:e6:
                    ce:0f:a5:ee:6e:dc:d5:d3:d1:5f:e9:17:85:24:dc:
                    a5:17:86:46:2a:d7:dc:2a:d4:98:ba:13:cf:f9:c0:
                    9f:b8:bc:46:e4:df:10:57:2d:36:f2:6c:aa:21:04:
                    20:88:3d:2e:11:25:36:16:b6:04:fc:b0:86:44:9f:
                    ac:34:d8:d3:d4:13:38:04:eb:5f:1c:ce:3b:86:bd:
                    7d:2c:5e:89:e5:40:d1:f1:24:67:e3:5b:39:1a:b1:
                    a0:fb:d7:ee:05:dc:ac:8a:36:4d:0e:36:2e:56:f0:
                    fc:36:6b:17:4e:eb:ff:5c:6b:5f:83:f8:04:2e:69:
                    3f:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:7C:12:B9:9C:1D:B8:9E:A6:7C:8E:9B:FE:33:3F:97:12:83:B5:FD
            X509v3 Authority Key Identifier:
                keyid:60:80:11:EA:51:A9:FB:CF:8B:AE:0D:F1:ED:49:9A:34:07:D6:30:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YIAR6lGp-8-Lrg3x7UmaNAfWMFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/4f0ec5-54d2-40fb-9498-742f8691beaa/1/f3wSuZwduJ6mfI6b_jM_lxKDtf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/4f0ec5-54d2-40fb-9498-742f8691beaa/1/YIAR6lGp-8-Lrg3x7UmaNAfWMFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.242.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:f0:61:62:5f:50:af:73:79:b2:80:19:c9:78:4a:c1:b7:9b:
         54:9d:86:0c:2f:f5:96:2a:8c:dd:f2:cf:10:a1:05:1a:29:e8:
         92:d4:2e:9a:15:3f:59:35:9f:1d:be:17:5f:ae:34:ed:a0:99:
         7c:93:29:88:d6:9b:e4:aa:44:b9:c2:43:ab:b9:b4:21:ab:0b:
         6c:81:83:83:14:13:ca:58:99:f5:8d:4e:82:93:5e:27:1a:7c:
         13:f2:b7:79:73:55:0c:0f:80:0b:19:4a:04:fd:d0:29:dd:95:
         6a:8a:9c:f3:af:96:bb:bc:03:64:ac:97:ef:65:2b:4a:ba:52:
         f3:58:8f:40:00:de:df:c4:86:c5:dd:80:11:39:08:7a:4b:f8:
         53:04:7e:27:38:aa:4e:47:44:82:1f:b9:d3:03:e3:60:84:d5:
         ac:04:e0:69:ad:df:dc:26:46:5b:72:0c:1a:9e:58:a4:de:df:
         74:8f:bc:e7:b5:eb:7f:bc:43:11:47:50:4d:54:9a:5c:91:d5:
         1f:30:e4:58:c4:de:51:57:0f:49:0c:94:db:54:90:8a:41:e0:
         5c:9f:04:b2:5c:62:a4:40:b5:5b:05:52:f7:5a:2c:d0:d4:cf:
         48:94:cf:26:39:83:96:e7:ea:c4:24:a1:47:af:c5:0f:9f:75:
         2e:be:c3:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAddIf7LbJu07s7g5nVp+ZrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwODAxMWVhNTFhOWZiY2Y4YmFlMGRmMWVkNDk5YTM0MDdk
NjMwNTMwHhcNMjQwNjE1MTk1MTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjdjMTJiOTljMWRiODllYTY3YzhlOWJmZTMzM2Y5NzEyODNiNWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqn/PFELUs3/gxcoEAIAW5L6Ydq+
5zcn/bcP5LOCzPGCHW9OaXg+TSoSOfDqjXw96u96Vvj9qiUwWCF1rn+z9t3+hX0q
5sMY1veWYYmxkhzFrWxwA14DtCkLtUzuOKDx0L9gEC0IpGT1fZMUW0XAPFjRUk7a
Ju+A1DI5pU7dunqeZNuADObOD6XubtzV09Ff6ReFJNylF4ZGKtfcKtSYuhPP+cCf
uLxG5N8QVy028myqIQQgiD0uESU2FrYE/LCGRJ+sNNjT1BM4BOtfHM47hr19LF6J
5UDR8SRn41s5GrGg+9fuBdysijZNDjYuVvD8NmsXTuv/XGtfg/gELmk/AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH98ErmcHbiepnyOm/4zP5cSg7X9MB8GA1UdIwQY
MBaAFGCAEepRqfvPi64N8e1JmjQH1jBTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUlBUjZsR3AtOC1McmczeDdVbWFOQWZXTUZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80ZjBlYzUtNTRkMi00MGZiLTk0OTgt
NzQyZjg2OTFiZWFhLzEvZjN3U3Vad2R1SjZtZkk2Yl9qTV9seEtEdGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80ZjBlYzUtNTRkMi00MGZiLTk0OTgtNzQyZjg2OTFiZWFh
LzEvWUlBUjZsR3AtOC1McmczeDdVbWFOQWZXTUZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/K4MA0G
CSqGSIb3DQEBCwUAA4IBAQA68GFiX1Cvc3mygBnJeErBt5tUnYYML/WWKozd8s8Q
oQUaKeiS1C6aFT9ZNZ8dvhdfrjTtoJl8kymI1pvkqkS5wkOrubQhqwtsgYODFBPK
WJn1jU6Ck14nGnwT8rd5c1UMD4ALGUoE/dAp3ZVqipzzr5a7vANkrJfvZStKulLz
WI9AAN7fxIbF3YAROQh6S/hTBH4nOKpOR0SCH7nTA+NghNWsBOBprd/cJkZbcgwa
nlik3t90j7zntet/vEMRR1BNVJpckdUfMORYxN5RVw9JDJTbVJCKQeBcnwSyXGKk
QLVbBVL3WizQ1M9IlM8mOYOW5+rEJKFHr8UPn3UuvsNv
-----END CERTIFICATE-----