Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/f81eab-bc36-42a6-822a-cdb1d38556bb/1/E_VL3YjT2X3pnFtf8LzWHDI6X9E.roa
File:                     E_VL3YjT2X3pnFtf8LzWHDI6X9E.roa (raw, json)
Hash identifier:          /nK+Si10TmCBzXjvOVW/Tk9b1HdRxrMMtk/4Lk2igHE=
Subject key identifier:   13:F5:4B:DD:88:D3:D9:7D:E9:9C:5B:5F:F0:BC:D6:1C:32:3A:5F:D1
Certificate issuer:       /CN=847d1bebe4c23c4217b84f7fd8192ab2555415a8
Certificate serial:       018CC94CC81CADDBFF66F0CF8B847020E887
Authority key identifier: 84:7D:1B:EB:E4:C2:3C:42:17:B8:4F:7F:D8:19:2A:B2:55:54:15:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hH0b6-TCPEIXuE9_2BkqslVUFag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/f81eab-bc36-42a6-822a-cdb1d38556bb/1/E_VL3YjT2X3pnFtf8LzWHDI6X9E.roa
Signing time:             Tue 02 Jan 2024 08:31:41 +0000
ROA not before:           Tue 02 Jan 2024 08:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198228
IP address blocks:        195.250.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/f81eab-bc36-42a6-822a-cdb1d38556bb/1/hH0b6-TCPEIXuE9_2BkqslVUFag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/f81eab-bc36-42a6-822a-cdb1d38556bb/1/hH0b6-TCPEIXuE9_2BkqslVUFag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hH0b6-TCPEIXuE9_2BkqslVUFag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:c8:1c:ad:db:ff:66:f0:cf:8b:84:70:20:e8:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=847d1bebe4c23c4217b84f7fd8192ab2555415a8
        Validity
            Not Before: Jan  2 08:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13f54bdd88d3d97de99c5b5ff0bcd61c323a5fd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:c1:bc:04:f5:1d:b9:86:62:84:68:b5:fe:ce:
                    92:52:c6:ce:e8:e6:6a:1c:e7:e7:e8:b8:f2:af:c0:
                    cd:47:dc:4c:41:0e:cb:ee:c9:47:f9:67:54:b6:c3:
                    68:ca:3d:a7:7f:f0:dc:5b:16:6c:51:7f:61:d5:e3:
                    72:ce:6b:19:36:be:db:18:56:df:0c:fd:5a:d3:ec:
                    76:62:4b:43:f3:8d:e2:a1:8d:20:8b:2f:a0:68:b5:
                    1e:31:1d:97:cb:a6:8f:27:b1:3b:69:e3:2a:be:46:
                    bf:0f:ae:b5:6f:38:24:f6:3b:d5:0c:43:f9:d7:9e:
                    cc:db:bf:a2:6d:23:0a:53:7e:92:f0:8a:fd:72:0d:
                    55:33:73:ce:d5:6a:d5:a8:e6:fd:78:8b:1b:df:4a:
                    92:cf:a6:97:cf:67:eb:4e:fd:25:68:cc:f6:51:47:
                    fd:bf:9f:53:0a:87:8d:a2:f9:e6:7a:2e:74:53:4f:
                    e0:4d:d4:33:53:22:5c:bb:0b:f5:bd:8f:de:ef:55:
                    f9:56:da:c9:44:8e:7b:d3:3c:79:db:a4:2f:9c:42:
                    55:d3:e9:98:d5:83:27:63:82:39:da:ca:5e:fc:ae:
                    26:c2:c8:2f:2f:0a:14:cb:85:c5:55:98:32:9e:50:
                    d4:9d:bc:b3:b8:eb:23:05:48:5d:44:9f:3f:7a:4c:
                    36:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:F5:4B:DD:88:D3:D9:7D:E9:9C:5B:5F:F0:BC:D6:1C:32:3A:5F:D1
            X509v3 Authority Key Identifier:
                keyid:84:7D:1B:EB:E4:C2:3C:42:17:B8:4F:7F:D8:19:2A:B2:55:54:15:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hH0b6-TCPEIXuE9_2BkqslVUFag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/f81eab-bc36-42a6-822a-cdb1d38556bb/1/E_VL3YjT2X3pnFtf8LzWHDI6X9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/f81eab-bc36-42a6-822a-cdb1d38556bb/1/hH0b6-TCPEIXuE9_2BkqslVUFag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.250.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:04:b7:ac:70:b6:65:90:5e:27:9e:7d:53:3f:11:0d:e5:6a:
         13:0f:44:d9:7f:16:27:04:cd:24:f0:d6:67:18:36:34:6f:0f:
         14:44:b7:76:c8:4b:d7:3d:88:67:34:01:41:93:cf:36:46:ef:
         a7:a9:df:89:90:93:3c:52:a0:4e:fe:e3:18:25:6c:2b:0e:0a:
         b7:cb:65:15:30:f0:c3:14:28:5e:2b:b6:36:35:48:7d:bf:3f:
         42:b1:bf:4c:e0:41:db:40:a9:66:39:82:57:9d:82:65:e3:ee:
         63:7d:63:9d:d0:d5:db:1c:93:19:18:24:b0:71:28:b6:2d:4f:
         88:bf:36:c6:bd:36:cb:c0:f0:05:8d:52:3b:99:9f:89:46:ee:
         df:9c:ab:c4:cb:6c:c3:88:b4:88:b7:6e:91:7f:52:20:08:2e:
         f4:31:f8:47:29:a3:5b:4a:55:d4:fc:ae:ff:e0:b7:67:3a:ec:
         f8:39:5c:02:d8:8d:a3:bb:49:f9:c5:7f:4f:bb:5b:8e:f2:82:
         28:6b:fd:7e:b2:e5:d2:07:b9:28:e1:3a:be:c0:a1:2f:cf:e7:
         bc:25:1d:77:16:02:57:42:67:95:23:47:9a:dc:e6:79:5c:15:
         ca:be:e5:c5:b2:ae:73:cd:fa:cf:f9:a0:67:3e:a5:50:cc:84:
         ab:c3:3a:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTMgcrdv/ZvDPi4RwIOiHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0N2QxYmViZTRjMjNjNDIxN2I4NGY3ZmQ4MTkyYWIyNTU1
NDE1YTgwHhcNMjQwMTAyMDgzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2Y1NGJkZDg4ZDNkOTdkZTk5YzViNWZmMGJjZDYxYzMyM2E1ZmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAicG8BPUduYZihGi1/s6SUsbO6OZq
HOfn6Ljyr8DNR9xMQQ7L7slH+WdUtsNoyj2nf/DcWxZsUX9h1eNyzmsZNr7bGFbf
DP1a0+x2YktD843ioY0giy+gaLUeMR2Xy6aPJ7E7aeMqvka/D661bzgk9jvVDEP5
157M27+ibSMKU36S8Ir9cg1VM3PO1WrVqOb9eIsb30qSz6aXz2frTv0laMz2UUf9
v59TCoeNovnmei50U0/gTdQzUyJcuwv1vY/e71X5VtrJRI570zx526QvnEJV0+mY
1YMnY4I52spe/K4mwsgvLwoUy4XFVZgynlDUnbyzuOsjBUhdRJ8/ekw2qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBP1S92I09l96ZxbX/C81hwyOl/RMB8GA1UdIwQY
MBaAFIR9G+vkwjxCF7hPf9gZKrJVVBWoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEgwYjYtVENQRUlYdUU5XzJCa3FzbFZVRmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9mODFlYWItYmMzNi00MmE2LTgyMmEt
Y2RiMWQzODU1NmJiLzEvRV9WTDNZalQyWDNwbkZ0ZjhMeldIREk2WDlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9mODFlYWItYmMzNi00MmE2LTgyMmEtY2RiMWQzODU1NmJi
LzEvaEgwYjYtVENQRUlYdUU5XzJCa3FzbFZVRmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/o8MA0G
CSqGSIb3DQEBCwUAA4IBAQAuBLescLZlkF4nnn1TPxEN5WoTD0TZfxYnBM0k8NZn
GDY0bw8URLd2yEvXPYhnNAFBk882Ru+nqd+JkJM8UqBO/uMYJWwrDgq3y2UVMPDD
FCheK7Y2NUh9vz9Csb9M4EHbQKlmOYJXnYJl4+5jfWOd0NXbHJMZGCSwcSi2LU+I
vzbGvTbLwPAFjVI7mZ+JRu7fnKvEy2zDiLSIt26Rf1IgCC70MfhHKaNbSlXU/K7/
4LdnOuz4OVwC2I2ju0n5xX9Pu1uO8oIoa/1+suXSB7ko4Tq+wKEvz+e8JR13FgJX
QmeVI0ea3OZ5XBXKvuXFsq5zzfrP+aBnPqVQzISrwzoR
-----END CERTIFICATE-----