Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/8b5f7c-b3ae-4b58-81bb-25a40c075f12/1/y7ZH1XVjRs2Rgq1O8yMlacnz8BE.roa
File:                     y7ZH1XVjRs2Rgq1O8yMlacnz8BE.roa (raw, json)
Hash identifier:          +oOpg1Z/oNugqjmC+r7hef/qC7u4oU15b/W+o84IjAI=
Subject key identifier:   CB:B6:47:D5:75:63:46:CD:91:82:AD:4E:F3:23:25:69:C9:F3:F0:11
Certificate issuer:       /CN=463f917077f8f3d0e338c742ea21d64358d19d52
Certificate serial:       019059BF29AFEF0C40A7D244AA9768107D90
Authority key identifier: 46:3F:91:70:77:F8:F3:D0:E3:38:C7:42:EA:21:D6:43:58:D1:9D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rj-RcHf489DjOMdC6iHWQ1jRnVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/8b5f7c-b3ae-4b58-81bb-25a40c075f12/1/y7ZH1XVjRs2Rgq1O8yMlacnz8BE.roa
Signing time:             Thu 27 Jun 2024 12:50:18 +0000
ROA not before:           Thu 27 Jun 2024 12:50:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        195.2.202.0/23 maxlen: 24
                          195.93.132.0/24 maxlen: 24
                          195.93.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/8b5f7c-b3ae-4b58-81bb-25a40c075f12/1/Rj-RcHf489DjOMdC6iHWQ1jRnVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/8b5f7c-b3ae-4b58-81bb-25a40c075f12/1/Rj-RcHf489DjOMdC6iHWQ1jRnVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rj-RcHf489DjOMdC6iHWQ1jRnVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:59:bf:29:af:ef:0c:40:a7:d2:44:aa:97:68:10:7d:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=463f917077f8f3d0e338c742ea21d64358d19d52
        Validity
            Not Before: Jun 27 12:50:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbb647d5756346cd9182ad4ef3232569c9f3f011
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:a6:41:fe:e3:d3:e1:62:51:f2:f3:58:fd:e3:
                    25:90:e3:e5:1b:36:46:2e:dc:f3:18:03:6d:b0:7d:
                    89:fc:e1:e6:4a:77:f7:be:17:8e:a9:69:2c:df:39:
                    94:39:97:d3:0a:c2:69:cf:50:6f:b7:a8:5c:cc:70:
                    87:19:bd:7e:cc:9a:40:8b:ce:d5:cc:8a:b4:53:70:
                    bf:d0:6e:5e:68:b7:22:1b:5d:cf:62:92:af:65:8f:
                    71:8b:f0:7e:8d:ea:9b:85:82:fe:6d:fe:03:41:b6:
                    0a:10:83:dd:85:da:f2:68:72:71:03:cf:29:e6:43:
                    d5:0f:ce:48:e1:a7:0f:87:99:88:dc:be:15:91:05:
                    ee:9e:d1:57:f1:6a:08:7b:b6:c7:f2:4d:71:20:f5:
                    29:f3:22:56:43:a8:86:1a:ca:c6:87:0a:1e:ed:b5:
                    bb:53:26:a3:d0:a0:50:da:69:6d:cc:3d:74:67:70:
                    9b:1d:4c:d7:8b:e7:d9:73:ec:9c:9d:47:4b:e7:0f:
                    86:96:8e:9d:31:5d:12:c7:c1:7f:45:cc:bc:70:c3:
                    1e:36:ff:aa:9b:8f:74:10:14:ab:5f:fe:c0:e8:ee:
                    f3:cc:f5:1c:aa:53:dd:93:c5:0e:a6:90:66:f1:c4:
                    dd:62:fc:03:c4:df:c0:0b:06:ae:8a:5c:e9:90:eb:
                    53:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:B6:47:D5:75:63:46:CD:91:82:AD:4E:F3:23:25:69:C9:F3:F0:11
            X509v3 Authority Key Identifier:
                keyid:46:3F:91:70:77:F8:F3:D0:E3:38:C7:42:EA:21:D6:43:58:D1:9D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rj-RcHf489DjOMdC6iHWQ1jRnVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8b5f7c-b3ae-4b58-81bb-25a40c075f12/1/y7ZH1XVjRs2Rgq1O8yMlacnz8BE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8b5f7c-b3ae-4b58-81bb-25a40c075f12/1/Rj-RcHf489DjOMdC6iHWQ1jRnVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.2.202.0/23
                  195.93.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:40:d5:d7:63:c5:2b:69:fe:53:24:ef:13:6e:a9:ab:53:ad:
         71:40:0a:59:c3:84:27:1c:e9:c2:22:75:cb:a0:a1:6a:41:4c:
         75:23:1d:50:19:c1:1e:8e:2f:ec:34:8a:6e:1c:4f:29:a3:75:
         ac:cf:4d:e5:0e:4c:7d:cf:0c:0c:8b:cb:9b:63:8a:26:77:26:
         50:f6:f5:b5:70:a6:64:2a:99:e6:e6:55:55:f3:8f:0c:d2:88:
         33:cc:71:c2:66:5a:f7:f8:01:20:c6:55:e1:90:b1:72:d6:5c:
         f9:91:aa:fe:5b:ab:0b:f5:22:b8:8e:9e:de:38:f1:66:13:6f:
         41:9f:bc:fd:7f:56:89:96:ca:f2:30:26:42:fd:02:5d:68:44:
         36:1c:d0:13:dc:c0:c8:9c:8f:29:81:f2:71:b7:58:b6:c4:90:
         b5:bc:fe:52:ce:b6:66:00:df:f0:7f:27:61:5d:cd:13:34:26:
         fe:fd:cf:dc:eb:c4:4a:76:5b:aa:8f:9e:f6:5b:64:76:61:4b:
         be:3e:28:cd:59:b8:17:93:0f:79:2d:94:c3:12:21:d1:3e:a8:
         7f:fb:c2:d0:94:58:3c:e2:7e:f1:c4:02:0d:5b:9d:80:44:f4:
         2b:26:ae:d9:72:dd:6b:ee:75:e3:81:94:3c:66:62:70:81:c0:
         7a:1f:89:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBZvymv7wxAp9JEqpdoEH2QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2M2Y5MTcwNzdmOGYzZDBlMzM4Yzc0MmVhMjFkNjQzNThk
MTlkNTIwHhcNMjQwNjI3MTI1MDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmI2NDdkNTc1NjM0NmNkOTE4MmFkNGVmMzIzMjU2OWM5ZjNmMDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qZB/uPT4WJR8vNY/eMlkOPlGzZG
LtzzGANtsH2J/OHmSnf3vheOqWks3zmUOZfTCsJpz1Bvt6hczHCHGb1+zJpAi87V
zIq0U3C/0G5eaLciG13PYpKvZY9xi/B+jeqbhYL+bf4DQbYKEIPdhdryaHJxA88p
5kPVD85I4acPh5mI3L4VkQXuntFX8WoIe7bH8k1xIPUp8yJWQ6iGGsrGhwoe7bW7
Uyaj0KBQ2mltzD10Z3CbHUzXi+fZc+ycnUdL5w+Glo6dMV0Sx8F/Rcy8cMMeNv+q
m490EBSrX/7A6O7zzPUcqlPdk8UOppBm8cTdYvwDxN/ACwauilzpkOtTewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMu2R9V1Y0bNkYKtTvMjJWnJ8/ARMB8GA1UdIwQY
MBaAFEY/kXB3+PPQ4zjHQuoh1kNY0Z1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmotUmNIZjQ4OURqT01kQzZpSFdRMWpSblZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84YjVmN2MtYjNhZS00YjU4LTgxYmIt
MjVhNDBjMDc1ZjEyLzEveTdaSDFYVmpSczJSZ3ExTzh5TWxhY256OEJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84YjVmN2MtYjNhZS00YjU4LTgxYmItMjVhNDBjMDc1ZjEy
LzEvUmotUmNIZjQ4OURqT01kQzZpSFdRMWpSblZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwwLKAwQB
w12EMA0GCSqGSIb3DQEBCwUAA4IBAQA+QNXXY8Uraf5TJO8TbqmrU61xQApZw4Qn
HOnCInXLoKFqQUx1Ix1QGcEeji/sNIpuHE8po3Wsz03lDkx9zwwMi8ubY4omdyZQ
9vW1cKZkKpnm5lVV848M0ogzzHHCZlr3+AEgxlXhkLFy1lz5kar+W6sL9SK4jp7e
OPFmE29Bn7z9f1aJlsryMCZC/QJdaEQ2HNAT3MDInI8pgfJxt1i2xJC1vP5SzrZm
AN/wfydhXc0TNCb+/c/c68RKdluqj572W2R2YUu+PijNWbgXkw95LZTDEiHRPqh/
+8LQlFg84n7xxAINW52ARPQrJq7Zct1r7nXjgZQ8ZmJwgcB6H4mb
-----END CERTIFICATE-----