Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/fxj67rPoiqhoYZ84aU0OJq8S6LE.roa
File:                     fxj67rPoiqhoYZ84aU0OJq8S6LE.roa (raw, json)
Hash identifier:          ENVq8/frI8pLPl1pahF4uMmsfulECDwyexhk2taPnIA=
Subject key identifier:   7F:18:FA:EE:B3:E8:8A:A8:68:61:9F:38:69:4D:0E:26:AF:12:E8:B1
Certificate issuer:       /CN=458b6759c1a0cf5ad82da5c393bcd0fff7c7e2f0
Certificate serial:       01926B909B058E4A648D4708920806A61379
Authority key identifier: 45:8B:67:59:C1:A0:CF:5A:D8:2D:A5:C3:93:BC:D0:FF:F7:C7:E2:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RYtnWcGgz1rYLaXDk7zQ__fH4vA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/fxj67rPoiqhoYZ84aU0OJq8S6LE.roa
Signing time:             Tue 08 Oct 2024 09:58:11 +0000
ROA not before:           Tue 08 Oct 2024 09:58:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25081
IP address blocks:        195.248.252.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/RYtnWcGgz1rYLaXDk7zQ__fH4vA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/RYtnWcGgz1rYLaXDk7zQ__fH4vA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RYtnWcGgz1rYLaXDk7zQ__fH4vA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6b:90:9b:05:8e:4a:64:8d:47:08:92:08:06:a6:13:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458b6759c1a0cf5ad82da5c393bcd0fff7c7e2f0
        Validity
            Not Before: Oct  8 09:58:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f18faeeb3e88aa868619f38694d0e26af12e8b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:20:92:be:2e:b5:52:1d:73:27:13:3a:5a:4f:
                    61:5c:cc:3a:c2:43:5d:c0:f8:05:63:5e:2c:fb:d2:
                    ca:8b:9f:df:13:18:07:45:ff:af:91:c9:32:9a:7b:
                    7a:04:c9:cc:df:d2:fa:fd:c4:9f:8e:91:0f:a7:e8:
                    39:37:20:97:aa:98:e5:39:2b:2e:41:0f:f6:a5:5d:
                    5a:0a:62:e6:a4:26:10:18:13:2b:70:7d:e0:55:37:
                    47:5b:bb:53:3b:ed:5b:18:70:43:a5:1c:f2:17:e6:
                    c3:61:44:74:f4:9a:90:87:44:bf:64:bc:a5:71:27:
                    14:d2:82:ff:36:18:e5:39:f1:7a:a9:bc:5b:36:e4:
                    85:09:92:9d:59:e5:e7:0c:90:a2:bb:74:cb:45:e3:
                    db:a9:69:8d:e5:a4:5d:0f:04:3d:9b:3b:0f:12:7e:
                    ec:63:ef:43:bc:89:05:dd:39:80:a1:c2:05:04:a4:
                    84:4b:64:9d:75:55:7b:e3:8e:20:ba:f0:ed:63:df:
                    9f:cd:66:01:cc:c6:ef:11:4b:b7:c0:67:1b:c1:4d:
                    4c:d7:b6:d2:22:b0:d7:7f:cc:bf:ff:17:8d:40:95:
                    9b:41:34:bd:69:2c:56:d6:a7:3f:9f:09:c6:07:7e:
                    79:c5:2e:02:54:d0:21:9d:84:d5:f5:a1:b1:92:00:
                    25:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:18:FA:EE:B3:E8:8A:A8:68:61:9F:38:69:4D:0E:26:AF:12:E8:B1
            X509v3 Authority Key Identifier:
                keyid:45:8B:67:59:C1:A0:CF:5A:D8:2D:A5:C3:93:BC:D0:FF:F7:C7:E2:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RYtnWcGgz1rYLaXDk7zQ__fH4vA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/fxj67rPoiqhoYZ84aU0OJq8S6LE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/RYtnWcGgz1rYLaXDk7zQ__fH4vA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.248.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:3b:47:e0:3d:3f:ad:8f:63:63:b2:d8:98:15:f4:9b:d8:ea:
         ac:b7:a4:e1:dd:42:70:93:f7:3c:0c:41:ba:e6:e6:f4:8c:e9:
         ee:04:c0:8a:3b:29:23:6f:e8:d4:9b:bc:7c:0e:06:b1:e4:0f:
         2e:97:64:a8:07:26:bd:36:da:49:57:29:6a:d0:c0:b0:f3:e5:
         86:3a:e0:f7:7e:7e:48:1b:03:b0:da:60:25:4e:96:6a:79:78:
         f0:cd:d5:6f:0c:7c:91:a9:80:74:57:67:e4:1f:5e:4f:95:32:
         5c:8b:09:43:eb:5c:ef:d3:f4:aa:cb:98:85:06:66:12:e8:e1:
         4b:a6:61:55:14:18:88:b9:69:62:ff:a5:80:39:fa:2e:0c:a7:
         a7:b5:3f:4d:36:0b:3b:c4:ac:e0:00:17:d7:18:29:4d:f3:56:
         a6:f5:44:4f:e4:63:65:41:2f:d8:09:87:cb:a6:b5:36:27:93:
         b3:8b:af:7c:02:31:9f:32:66:e4:df:24:56:40:59:7e:9e:c0:
         7a:d6:8e:9a:d3:ca:41:90:c9:e8:b6:cc:cf:ce:a6:d7:11:74:
         b7:aa:3d:b1:65:a1:2c:22:18:ee:d8:50:4a:68:1a:37:64:23:
         d0:a3:5a:0c:60:a9:10:f6:47:01:da:e7:a6:d0:c3:19:54:83:
         53:c0:3f:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJrkJsFjkpkjUcIkggGphN5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGI2NzU5YzFhMGNmNWFkODJkYTVjMzkzYmNkMGZmZjdj
N2UyZjAwHhcNMjQxMDA4MDk1ODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjE4ZmFlZWIzZTg4YWE4Njg2MTlmMzg2OTRkMGUyNmFmMTJlOGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyCSvi61Uh1zJxM6Wk9hXMw6wkNd
wPgFY14s+9LKi5/fExgHRf+vkckymnt6BMnM39L6/cSfjpEPp+g5NyCXqpjlOSsu
QQ/2pV1aCmLmpCYQGBMrcH3gVTdHW7tTO+1bGHBDpRzyF+bDYUR09JqQh0S/ZLyl
cScU0oL/NhjlOfF6qbxbNuSFCZKdWeXnDJCiu3TLRePbqWmN5aRdDwQ9mzsPEn7s
Y+9DvIkF3TmAocIFBKSES2SddVV7444guvDtY9+fzWYBzMbvEUu3wGcbwU1M17bS
IrDXf8y//xeNQJWbQTS9aSxW1qc/nwnGB355xS4CVNAhnYTV9aGxkgAlXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8Y+u6z6IqoaGGfOGlNDiavEuixMB8GA1UdIwQY
MBaAFEWLZ1nBoM9a2C2lw5O80P/3x+LwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUll0bldjR2d6MXJZTGFYRGs3elFfX2ZINHZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8wMWEyODUtZmM4MS00YjA2LTgwYjIt
MDBjOTEzY2IwNTU3LzEvZnhqNjdyUG9pcWhvWVo4NGFVME9KcThTNkxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8wMWEyODUtZmM4MS00YjA2LTgwYjItMDBjOTEzY2IwNTU3
LzEvUll0bldjR2d6MXJZTGFYRGs3elFfX2ZINHZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/j8MA0G
CSqGSIb3DQEBCwUAA4IBAQBzO0fgPT+tj2NjstiYFfSb2Oqst6Th3UJwk/c8DEG6
5ub0jOnuBMCKOykjb+jUm7x8Dgax5A8ul2SoBya9NtpJVylq0MCw8+WGOuD3fn5I
GwOw2mAlTpZqeXjwzdVvDHyRqYB0V2fkH15PlTJciwlD61zv0/Sqy5iFBmYS6OFL
pmFVFBiIuWli/6WAOfouDKentT9NNgs7xKzgABfXGClN81am9URP5GNlQS/YCYfL
prU2J5Ozi698AjGfMmbk3yRWQFl+nsB61o6a08pBkMnotszPzqbXEXS3qj2xZaEs
Ihju2FBKaBo3ZCPQo1oMYKkQ9kcB2uem0MMZVINTwD80
-----END CERTIFICATE-----