Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/7eb293-8e76-470f-855f-b626d5746d13/1/oY_rug3vhC5eknL5eIlhjvPwuus.roa
File:                     oY_rug3vhC5eknL5eIlhjvPwuus.roa (raw, json)
Hash identifier:          /Yc3lmpcH6Y9XYrRjfPJcQhZBjOSXYmj46LcgxeC5Q0=
Subject key identifier:   A1:8F:EB:BA:0D:EF:84:2E:5E:92:72:F9:78:89:61:8E:F3:F0:BA:EB
Certificate issuer:       /CN=84106bfa023f17cf6d67eac9fdd2868a72f76680
Certificate serial:       018CC72587C31DA5EFBE6DAB7078190A3B65
Authority key identifier: 84:10:6B:FA:02:3F:17:CF:6D:67:EA:C9:FD:D2:86:8A:72:F7:66:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hBBr-gI_F89tZ-rJ_dKGinL3ZoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/7eb293-8e76-470f-855f-b626d5746d13/1/oY_rug3vhC5eknL5eIlhjvPwuus.roa
Signing time:             Mon 01 Jan 2024 22:29:34 +0000
ROA not before:           Mon 01 Jan 2024 22:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50370
IP address blocks:        195.114.24.0/23 maxlen: 24
                          2001:67c:6a4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/7eb293-8e76-470f-855f-b626d5746d13/1/hBBr-gI_F89tZ-rJ_dKGinL3ZoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/7eb293-8e76-470f-855f-b626d5746d13/1/hBBr-gI_F89tZ-rJ_dKGinL3ZoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hBBr-gI_F89tZ-rJ_dKGinL3ZoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:87:c3:1d:a5:ef:be:6d:ab:70:78:19:0a:3b:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84106bfa023f17cf6d67eac9fdd2868a72f76680
        Validity
            Not Before: Jan  1 22:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a18febba0def842e5e9272f97889618ef3f0baeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:cc:97:52:72:ec:13:6c:32:d0:d1:0d:7d:45:
                    dd:c4:f5:1c:21:63:55:84:ca:96:dc:de:97:de:09:
                    e0:f6:53:1e:2b:7f:5c:3e:7c:fb:67:ef:57:de:a7:
                    c5:35:bf:8b:6b:b1:19:5c:f4:bc:79:07:f5:72:ac:
                    4b:5c:79:5a:3f:cd:86:6f:e0:9c:08:79:6d:0f:58:
                    9d:a9:56:84:3f:8a:32:f7:0f:5f:c6:9e:02:5e:24:
                    f9:ad:62:5a:d7:e5:40:f4:f0:aa:aa:af:7f:95:7b:
                    3c:09:2c:f5:21:27:cb:ec:50:8f:95:be:8c:a4:a9:
                    e9:33:c5:63:8c:2b:ca:42:c0:c8:98:d3:eb:bf:0f:
                    e5:21:5c:ba:3d:7f:4c:4b:2c:99:3a:a6:3f:da:4d:
                    e0:d6:b8:42:80:40:e0:30:95:92:30:f9:5c:24:fc:
                    20:f3:fc:1d:d5:8b:e7:15:2b:e9:5e:70:a8:07:ee:
                    35:d8:84:02:50:92:17:a5:47:b4:e6:32:d1:12:34:
                    cc:eb:b7:eb:b2:f4:77:75:14:26:d7:5e:ea:41:65:
                    f4:01:40:dc:7c:04:a3:38:ea:01:87:4b:7f:f7:52:
                    fd:58:c2:bb:a3:45:42:74:41:d6:2b:34:a4:e1:ec:
                    7c:80:dd:d9:66:f7:f4:56:4c:c1:57:68:ed:a2:99:
                    69:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:8F:EB:BA:0D:EF:84:2E:5E:92:72:F9:78:89:61:8E:F3:F0:BA:EB
            X509v3 Authority Key Identifier:
                keyid:84:10:6B:FA:02:3F:17:CF:6D:67:EA:C9:FD:D2:86:8A:72:F7:66:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hBBr-gI_F89tZ-rJ_dKGinL3ZoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/7eb293-8e76-470f-855f-b626d5746d13/1/oY_rug3vhC5eknL5eIlhjvPwuus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/7eb293-8e76-470f-855f-b626d5746d13/1/hBBr-gI_F89tZ-rJ_dKGinL3ZoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.24.0/23
                IPv6:
                  2001:67c:6a4::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:7a:ec:c9:41:78:be:1b:08:55:62:ba:99:ea:7b:87:84:cf:
         be:7b:c4:c8:75:c7:30:54:20:11:10:40:7b:8f:7e:7d:10:36:
         15:e1:c7:e5:0a:0b:86:c1:f7:8f:37:4c:3e:9a:cc:f6:3d:cd:
         fe:f3:57:ae:14:2e:9d:47:bd:1b:f0:88:b7:77:80:be:f5:03:
         f8:f7:6e:f4:ae:1d:cc:71:37:f0:c2:21:5d:01:5d:9d:45:61:
         41:25:27:a7:8f:43:d9:94:b8:d6:e5:67:4d:bd:46:1a:88:cd:
         e5:bc:8f:0b:4e:c4:58:e4:45:ec:43:2a:6b:47:87:a5:46:5b:
         7f:1f:fc:11:2a:60:f9:a2:d9:b7:59:33:50:19:2e:57:3b:3f:
         bc:06:36:01:76:55:ba:57:88:2d:4f:f7:8a:62:93:04:e5:0c:
         16:4a:85:38:1a:78:4a:c1:63:e1:83:4a:7a:2c:a8:52:6d:2d:
         e0:07:07:67:2b:05:da:51:7b:46:a1:a4:48:1e:d0:c4:18:37:
         53:a0:5a:e5:9d:e7:60:ac:ef:54:24:4c:89:11:96:cc:d9:ef:
         45:45:71:d6:91:91:a9:aa:d3:2b:0d:84:f2:52:34:70:ce:9e:
         28:ae:4d:88:b0:88:57:60:16:77:1f:1d:47:8b:96:47:25:6d:
         63:69:9e:c1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJYfDHaXvvm2rcHgZCjtlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0MTA2YmZhMDIzZjE3Y2Y2ZDY3ZWFjOWZkZDI4NjhhNzJm
NzY2ODAwHhcNMjQwMTAxMjIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMThmZWJiYTBkZWY4NDJlNWU5MjcyZjk3ODg5NjE4ZWYzZjBiYWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsyXUnLsE2wy0NENfUXdxPUcIWNV
hMqW3N6X3gng9lMeK39cPnz7Z+9X3qfFNb+La7EZXPS8eQf1cqxLXHlaP82Gb+Cc
CHltD1idqVaEP4oy9w9fxp4CXiT5rWJa1+VA9PCqqq9/lXs8CSz1ISfL7FCPlb6M
pKnpM8VjjCvKQsDImNPrvw/lIVy6PX9MSyyZOqY/2k3g1rhCgEDgMJWSMPlcJPwg
8/wd1YvnFSvpXnCoB+412IQCUJIXpUe05jLREjTM67frsvR3dRQm117qQWX0AUDc
fASjOOoBh0t/91L9WMK7o0VCdEHWKzSk4ex8gN3ZZvf0VkzBV2jtoplpgQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKGP67oN74QuXpJy+XiJYY7z8LrrMB8GA1UdIwQY
MBaAFIQQa/oCPxfPbWfqyf3Shopy92aAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEJCci1nSV9GODl0Wi1ySl9kS0dpbkwzWm9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83ZWIyOTMtOGU3Ni00NzBmLTg1NWYt
YjYyNmQ1NzQ2ZDEzLzEvb1lfcnVnM3ZoQzVla25MNWVJbGhqdlB3dXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83ZWIyOTMtOGU3Ni00NzBmLTg1NWYtYjYyNmQ1NzQ2ZDEz
LzEvaEJCci1nSV9GODl0Wi1ySl9kS0dpbkwzWm9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw3IYMA8E
AgACMAkDBwAgAQZ8BqQwDQYJKoZIhvcNAQELBQADggEBAAV67MlBeL4bCFViupnq
e4eEz757xMh1xzBUIBEQQHuPfn0QNhXhx+UKC4bB9483TD6azPY9zf7zV64ULp1H
vRvwiLd3gL71A/j3bvSuHcxxN/DCIV0BXZ1FYUElJ6ePQ9mUuNblZ029RhqIzeW8
jwtOxFjkRexDKmtHh6VGW38f/BEqYPmi2bdZM1AZLlc7P7wGNgF2VbpXiC1P94pi
kwTlDBZKhTgaeErBY+GDSnosqFJtLeAHB2crBdpRe0ahpEge0MQYN1OgWuWd52Cs
71QkTIkRlszZ70VFcdaRkamq0ysNhPJSNHDOniiuTYiwiFdgFncfHUeLlkclbWNp
nsE=
-----END CERTIFICATE-----