Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/beb29d-f0ee-407a-9702-6e13ccbf4906/1/1-cISFCJjrOXOH13uOfejSN0t07U.roa
File:                     1-cISFCJjrOXOH13uOfejSN0t07U.roa (raw, json)
Hash identifier:          CsZ+l20+WvDp7ZAvLuoQUu3eyz/VH/hBFp+Sltnj4u8=
Subject key identifier:   F9:C2:12:14:22:63:AC:E5:CE:1F:5D:EE:39:F7:A3:48:DD:2D:D3:B5
Certificate issuer:       /CN=87e64170f9d82c51670b9a44f329b20613a8082d
Certificate serial:       0194236A3B1FC7EAFBE9F23FF555A61F43ED
Authority key identifier: 87:E6:41:70:F9:D8:2C:51:67:0B:9A:44:F3:29:B2:06:13:A8:08:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h-ZBcPnYLFFnC5pE8ymyBhOoCC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/beb29d-f0ee-407a-9702-6e13ccbf4906/1/1-cISFCJjrOXOH13uOfejSN0t07U.roa
Signing time:             Wed 01 Jan 2025 19:49:11 +0000
ROA not before:           Wed 01 Jan 2025 19:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41887
IP address blocks:        195.72.120.0/23 maxlen: 24
                          2001:678:56c::/48 maxlen: 49
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/beb29d-f0ee-407a-9702-6e13ccbf4906/1/h-ZBcPnYLFFnC5pE8ymyBhOoCC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/beb29d-f0ee-407a-9702-6e13ccbf4906/1/h-ZBcPnYLFFnC5pE8ymyBhOoCC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h-ZBcPnYLFFnC5pE8ymyBhOoCC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:3b:1f:c7:ea:fb:e9:f2:3f:f5:55:a6:1f:43:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87e64170f9d82c51670b9a44f329b20613a8082d
        Validity
            Not Before: Jan  1 19:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9c212142263ace5ce1f5dee39f7a348dd2dd3b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:87:4b:66:1d:87:25:b6:07:a9:c2:f5:ec:fc:
                    74:f7:93:b1:a0:83:27:4b:62:0a:78:4a:b3:ec:05:
                    74:d0:97:8a:5a:c0:d0:f9:06:66:27:e2:a9:99:ae:
                    85:46:4d:c3:81:0e:3c:67:46:69:db:a0:ec:f5:d7:
                    c3:61:b2:9f:73:f1:f6:e9:f7:1b:31:d4:67:1e:63:
                    fe:0d:fd:bb:c6:24:92:e8:44:11:f3:0e:aa:51:b5:
                    bc:ac:50:25:93:ec:05:a2:f0:46:90:31:ae:9c:a8:
                    fc:89:3f:98:f4:89:7a:a0:22:56:62:c0:cf:8c:88:
                    5a:ca:bf:e0:2a:60:4c:e9:35:5e:b5:d9:2d:9e:9a:
                    66:91:25:d3:6d:8b:2b:28:0b:95:b9:70:03:35:21:
                    d7:87:c6:c0:84:d6:bd:14:35:0f:c1:97:8c:1c:04:
                    a9:08:b4:55:d4:5a:e3:a1:36:61:52:dd:ca:a5:ec:
                    43:00:c6:59:fa:36:16:49:31:90:a2:fb:1b:b5:c3:
                    61:16:02:2c:9a:6c:95:8d:2c:50:6e:9a:78:2a:56:
                    fc:fd:f7:da:81:eb:9b:fe:af:dd:c5:3c:56:9d:12:
                    3c:26:88:91:53:ab:fd:25:b3:61:3b:d1:3d:27:32:
                    d1:a4:09:37:7c:a8:a6:c4:ec:14:4f:24:60:d3:f8:
                    3a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:C2:12:14:22:63:AC:E5:CE:1F:5D:EE:39:F7:A3:48:DD:2D:D3:B5
            X509v3 Authority Key Identifier:
                keyid:87:E6:41:70:F9:D8:2C:51:67:0B:9A:44:F3:29:B2:06:13:A8:08:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h-ZBcPnYLFFnC5pE8ymyBhOoCC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/beb29d-f0ee-407a-9702-6e13ccbf4906/1/1-cISFCJjrOXOH13uOfejSN0t07U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/beb29d-f0ee-407a-9702-6e13ccbf4906/1/h-ZBcPnYLFFnC5pE8ymyBhOoCC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.72.120.0/23
                IPv6:
                  2001:678:56c::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:cd:0b:85:5b:8b:25:6b:78:5a:c0:11:e3:a2:c5:5c:30:20:
         c5:62:01:3c:17:79:d0:66:7a:37:bf:bc:c5:35:11:5a:c3:ba:
         bf:1e:df:a3:2d:f0:06:e7:2b:f1:24:0b:b8:56:ff:c9:49:44:
         6f:25:df:2a:ef:dd:fc:18:51:40:0c:ee:fd:0f:fc:9c:e5:c8:
         99:21:88:6c:aa:0a:42:88:ab:de:1b:4c:d1:76:c9:af:d6:16:
         48:83:37:1f:2b:79:e6:54:6c:8a:97:1e:cb:ac:0d:bd:4b:7c:
         7a:d4:05:fb:58:0c:ca:8a:2f:bf:5a:2c:4b:0f:a1:88:97:16:
         0f:c6:59:9d:db:19:a6:86:ac:56:a3:9f:e6:94:15:39:d4:50:
         85:cd:cb:32:69:62:32:da:96:48:82:a2:c4:7e:4f:51:3f:e4:
         60:f1:e4:fa:41:aa:92:84:d2:c4:cd:12:51:6f:34:18:b7:59:
         f3:8f:97:8b:1e:d4:c2:46:dd:93:1c:17:f4:48:1c:bb:0f:0c:
         f6:58:25:1e:e8:28:3f:9b:67:70:e3:0c:4a:f6:63:94:02:d8:
         0c:b7:b6:a1:94:89:5b:c3:73:bf:3b:b8:f8:e6:dd:9c:da:db:
         72:b2:9f:61:c4:47:3f:23:61:50:4d:48:96:a9:f7:2e:85:64:
         96:66:2c:58
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQjajsfx+r76fI/9VWmH0PtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZTY0MTcwZjlkODJjNTE2NzBiOWE0NGYzMjliMjA2MTNh
ODA4MmQwHhcNMjUwMTAxMTk0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWMyMTIxNDIyNjNhY2U1Y2UxZjVkZWUzOWY3YTM0OGRkMmRkM2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYdLZh2HJbYHqcL17Px095OxoIMn
S2IKeEqz7AV00JeKWsDQ+QZmJ+Kpma6FRk3DgQ48Z0Zp26Ds9dfDYbKfc/H26fcb
MdRnHmP+Df27xiSS6EQR8w6qUbW8rFAlk+wFovBGkDGunKj8iT+Y9Il6oCJWYsDP
jIhayr/gKmBM6TVetdktnppmkSXTbYsrKAuVuXADNSHXh8bAhNa9FDUPwZeMHASp
CLRV1FrjoTZhUt3KpexDAMZZ+jYWSTGQovsbtcNhFgIsmmyVjSxQbpp4Klb8/ffa
geub/q/dxTxWnRI8JoiRU6v9JbNhO9E9JzLRpAk3fKimxOwUTyRg0/g6eQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPnCEhQiY6zlzh9d7jn3o0jdLdO1MB8GA1UdIwQY
MBaAFIfmQXD52CxRZwuaRPMpsgYTqAgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaC1aQmNQbllMRkZuQzVwRTh5bXlCaE9vQ0MwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9iZWIyOWQtZjBlZS00MDdhLTk3MDIt
NmUxM2NjYmY0OTA2LzEvMS1jSVNGQ0pqck9YT0gxM3VPZmVqU04wdDA3VS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzcvYmViMjlkLWYwZWUtNDA3YS05NzAyLTZlMTNjY2JmNDkw
Ni8xL2gtWkJjUG5ZTEZGbkM1cEU4eW15QmhPb0NDMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEAcNIeDAP
BAIAAjAJAwcAIAEGeAVsMA0GCSqGSIb3DQEBCwUAA4IBAQBizQuFW4sla3hawBHj
osVcMCDFYgE8F3nQZno3v7zFNRFaw7q/Ht+jLfAG5yvxJAu4Vv/JSURvJd8q7938
GFFADO79D/yc5ciZIYhsqgpCiKveG0zRdsmv1hZIgzcfK3nmVGyKlx7LrA29S3x6
1AX7WAzKii+/WixLD6GIlxYPxlmd2xmmhqxWo5/mlBU51FCFzcsyaWIy2pZIgqLE
fk9RP+Rg8eT6QaqShNLEzRJRbzQYt1nzj5eLHtTCRt2THBf0SBy7Dwz2WCUe6Cg/
m2dw4wxK9mOUAtgMt7ahlIlbw3O/O7j45t2c2ttysp9hxEc/I2FQTUiWqfcuhWSW
ZixY
-----END CERTIFICATE-----