Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/4qc6RkwAyMzCprp4RuixBzJ2fNg.roa
File:                     4qc6RkwAyMzCprp4RuixBzJ2fNg.roa (raw, json)
Hash identifier:          TQ4EYimZ1Odfv/f0AqqhAbA2+6ChlMgT9GUee/ojNhI=
Subject key identifier:   E2:A7:3A:46:4C:00:C8:CC:C2:A6:BA:78:46:E8:B1:07:32:76:7C:D8
Certificate issuer:       /CN=ad80679b96ca322bfa85500cab206c6d47412edf
Certificate serial:       018CC26D747F71C92C9027A8B4963BDF7C30
Authority key identifier: AD:80:67:9B:96:CA:32:2B:FA:85:50:0C:AB:20:6C:6D:47:41:2E:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rYBnm5bKMiv6hVAMqyBsbUdBLt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/4qc6RkwAyMzCprp4RuixBzJ2fNg.roa
Signing time:             Mon 01 Jan 2024 00:30:02 +0000
ROA not before:           Mon 01 Jan 2024 00:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        195.42.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/rYBnm5bKMiv6hVAMqyBsbUdBLt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/rYBnm5bKMiv6hVAMqyBsbUdBLt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rYBnm5bKMiv6hVAMqyBsbUdBLt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:74:7f:71:c9:2c:90:27:a8:b4:96:3b:df:7c:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad80679b96ca322bfa85500cab206c6d47412edf
        Validity
            Not Before: Jan  1 00:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2a73a464c00c8ccc2a6ba7846e8b10732767cd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:17:32:ba:a9:a5:8e:ef:ae:46:87:46:82:b9:
                    51:58:5a:aa:b1:17:8b:45:ad:fe:bb:09:d3:80:30:
                    ce:54:a2:8e:de:cb:a9:c1:c5:04:f4:73:c8:eb:85:
                    3b:54:6f:9d:f7:78:29:42:7a:a8:9c:6c:08:61:8d:
                    86:35:ef:f3:1c:46:ef:5f:b6:c5:94:a7:06:25:2a:
                    12:87:ec:56:51:e4:e1:44:a7:80:e7:89:b2:33:68:
                    bb:8e:5e:bf:b8:d9:65:de:e7:f5:10:81:7a:74:b9:
                    c4:42:54:d7:ac:fb:cc:6a:74:5d:11:1e:58:19:df:
                    c4:c5:98:03:9b:1d:9c:cc:20:88:34:de:4e:48:82:
                    1e:06:c2:be:ef:de:50:aa:b2:db:24:b5:0e:2f:06:
                    4a:c2:53:bc:69:24:7b:ae:32:2c:aa:9d:bb:ab:da:
                    68:26:b3:b7:5f:4c:9f:d1:f2:2b:c4:7e:35:92:77:
                    63:bf:b9:ad:8a:f4:7e:43:fc:5e:84:b3:cb:2a:f3:
                    c0:04:90:75:9d:2b:ad:00:66:46:f3:73:16:f8:96:
                    7f:1b:c9:bf:7f:d3:7a:9d:e5:81:15:de:a2:32:3d:
                    c3:c6:57:3e:c8:b9:d4:9b:49:46:41:5e:61:32:8a:
                    e8:82:ba:50:54:30:09:e1:8c:b8:dc:01:95:cd:7d:
                    1a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:A7:3A:46:4C:00:C8:CC:C2:A6:BA:78:46:E8:B1:07:32:76:7C:D8
            X509v3 Authority Key Identifier:
                keyid:AD:80:67:9B:96:CA:32:2B:FA:85:50:0C:AB:20:6C:6D:47:41:2E:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rYBnm5bKMiv6hVAMqyBsbUdBLt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/4qc6RkwAyMzCprp4RuixBzJ2fNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/rYBnm5bKMiv6hVAMqyBsbUdBLt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.42.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:00:16:4b:1a:ca:ab:ac:f7:af:21:9b:da:d5:19:0a:03:f4:
         16:2c:a5:0d:0f:eb:91:7e:38:43:61:1d:2f:28:71:71:f4:5c:
         17:47:ce:50:df:00:d6:52:4e:12:8a:d3:db:e9:2a:0a:ce:ea:
         ef:ba:48:f5:ee:3b:6a:8a:d7:36:ed:8b:c1:d2:50:dc:b1:d3:
         68:55:b0:b5:f5:ad:17:f1:09:a3:ed:46:b8:b7:a3:c4:7c:83:
         e4:07:55:41:3b:d3:e2:b9:0e:8a:fc:e4:3f:79:4c:6c:f0:54:
         7b:dc:bb:dd:c6:e6:14:ec:01:fd:9a:d1:5e:37:b2:82:e1:52:
         05:7c:5c:f0:73:07:21:5a:8f:a3:ce:9e:2e:9c:36:46:b0:53:
         ff:2e:98:07:56:b7:20:1f:2d:a4:99:f3:41:c7:90:01:54:2f:
         0d:c2:61:a0:70:f2:23:aa:c4:5b:0c:48:e6:fb:89:fe:dc:65:
         ec:b2:54:16:fa:9a:12:ac:9e:51:cd:f7:ef:8d:b1:f6:7f:0b:
         5f:96:13:15:25:71:4a:bc:d5:22:9f:a5:ef:b3:ef:24:9b:26:
         c0:a1:e1:02:b5:f8:2a:60:e0:06:1c:7e:79:bc:d2:2d:eb:06:
         d1:5f:b0:08:bc:7a:26:68:fa:bb:63:39:20:1a:07:22:8f:6f:
         8f:f5:c0:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXR/cckskCeotJY733wwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkODA2NzliOTZjYTMyMmJmYTg1NTAwY2FiMjA2YzZkNDc0
MTJlZGYwHhcNMjQwMTAxMDAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmE3M2E0NjRjMDBjOGNjYzJhNmJhNzg0NmU4YjEwNzMyNzY3Y2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAghcyuqmlju+uRodGgrlRWFqqsReL
Ra3+uwnTgDDOVKKO3supwcUE9HPI64U7VG+d93gpQnqonGwIYY2GNe/zHEbvX7bF
lKcGJSoSh+xWUeThRKeA54myM2i7jl6/uNll3uf1EIF6dLnEQlTXrPvManRdER5Y
Gd/ExZgDmx2czCCINN5OSIIeBsK+795QqrLbJLUOLwZKwlO8aSR7rjIsqp27q9po
JrO3X0yf0fIrxH41kndjv7mtivR+Q/xehLPLKvPABJB1nSutAGZG83MW+JZ/G8m/
f9N6neWBFd6iMj3Dxlc+yLnUm0lGQV5hMorogrpQVDAJ4Yy43AGVzX0a/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOKnOkZMAMjMwqa6eEbosQcydnzYMB8GA1UdIwQY
MBaAFK2AZ5uWyjIr+oVQDKsgbG1HQS7fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcllCbm01YktNaXY2aFZBTXF5QnNiVWRCTHQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9hMTM5OWEtZWE2Yi00YTA5LThiNDAt
OTBjMGJkZTA5ODY5LzEvNHFjNlJrd0F5TXpDcHJwNFJ1aXhCekoyZk5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9hMTM5OWEtZWE2Yi00YTA5LThiNDAtOTBjMGJkZTA5ODY5
LzEvcllCbm01YktNaXY2aFZBTXF5QnNiVWRCTHQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyrwMA0G
CSqGSIb3DQEBCwUAA4IBAQBjABZLGsqrrPevIZva1RkKA/QWLKUND+uRfjhDYR0v
KHFx9FwXR85Q3wDWUk4SitPb6SoKzurvukj17jtqitc27YvB0lDcsdNoVbC19a0X
8Qmj7Ua4t6PEfIPkB1VBO9PiuQ6K/OQ/eUxs8FR73LvdxuYU7AH9mtFeN7KC4VIF
fFzwcwchWo+jzp4unDZGsFP/LpgHVrcgHy2kmfNBx5ABVC8NwmGgcPIjqsRbDEjm
+4n+3GXsslQW+poSrJ5RzffvjbH2fwtflhMVJXFKvNUin6Xvs+8kmybAoeECtfgq
YOAGHH55vNIt6wbRX7AIvHomaPq7YzkgGgcij2+P9cAk
-----END CERTIFICATE-----