Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/e25OHTlFYBDQr3tLqfCHzXXCLtw.roa
File:                     e25OHTlFYBDQr3tLqfCHzXXCLtw.roa (raw, json)
Hash identifier:          MbbObHSe4RRnRuUjtDYoGAVAGwzwkHUk163eIIa+sK4=
Subject key identifier:   7B:6E:4E:1D:39:45:60:10:D0:AF:7B:4B:A9:F0:87:CD:75:C2:2E:DC
Certificate issuer:       /CN=60325c21d2fafe743398dc1e5574433280110469
Certificate serial:       018CC3B670DC59D46DC69405A48352BA5306
Authority key identifier: 60:32:5C:21:D2:FA:FE:74:33:98:DC:1E:55:74:43:32:80:11:04:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/e25OHTlFYBDQr3tLqfCHzXXCLtw.roa
Signing time:             Mon 01 Jan 2024 06:29:22 +0000
ROA not before:           Mon 01 Jan 2024 06:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        195.10.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 03:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:70:dc:59:d4:6d:c6:94:05:a4:83:52:ba:53:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60325c21d2fafe743398dc1e5574433280110469
        Validity
            Not Before: Jan  1 06:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b6e4e1d39456010d0af7b4ba9f087cd75c22edc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:41:15:6b:45:4f:cf:b6:c2:f2:71:83:b4:6a:
                    75:15:36:21:f3:a6:a9:ea:87:41:e2:02:b5:48:25:
                    46:62:f0:c1:d0:0b:aa:17:1c:78:d9:de:89:17:2f:
                    2a:6a:28:e3:60:82:de:4f:2f:39:d2:cc:ab:03:44:
                    b7:5e:f2:db:d6:e2:90:61:2a:8f:99:9d:63:2a:5c:
                    dc:21:70:28:b0:7d:ac:52:f0:21:79:24:72:ee:fa:
                    07:bd:f3:b0:55:28:f1:02:dc:0d:89:a4:35:54:82:
                    5a:a6:22:00:6c:a4:76:88:72:04:00:a0:ad:ef:3e:
                    4e:fa:d3:05:0d:ee:94:90:8c:0c:6d:d4:87:28:dd:
                    88:15:7d:94:fa:72:f0:90:23:75:a3:2b:b3:c7:0d:
                    59:f7:7b:da:8a:fe:8c:df:25:e5:5f:91:52:28:ca:
                    f4:cd:b0:5b:c7:03:fb:77:0a:f3:6b:82:e5:b9:58:
                    3d:ae:57:78:ea:c0:24:c8:ff:31:a7:d6:04:b4:4e:
                    37:b3:3c:37:7d:76:57:6c:fa:6b:55:7f:11:9a:38:
                    03:aa:8f:32:3a:5b:1d:5d:03:bf:1e:35:1d:78:e9:
                    29:77:0f:6a:d1:8b:8d:44:bf:bc:f2:ac:b8:e9:40:
                    dc:99:fc:85:a7:7f:67:93:1e:92:43:09:47:e2:06:
                    ab:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:6E:4E:1D:39:45:60:10:D0:AF:7B:4B:A9:F0:87:CD:75:C2:2E:DC
            X509v3 Authority Key Identifier:
                keyid:60:32:5C:21:D2:FA:FE:74:33:98:DC:1E:55:74:43:32:80:11:04:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/e25OHTlFYBDQr3tLqfCHzXXCLtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:59:95:a0:56:17:44:62:cd:93:b7:47:e0:8d:a5:6b:98:f4:
         20:94:5f:2a:39:49:f8:69:84:6c:b0:56:e3:d5:17:a8:96:74:
         c1:da:d8:7b:35:b9:80:9d:39:85:a1:bb:a2:20:71:96:45:8c:
         b8:d1:6d:b9:98:73:71:70:fb:d1:0d:45:3b:9b:62:22:1b:25:
         70:3d:c7:9f:4b:d3:f5:92:6d:47:33:0f:0a:ca:ff:ec:13:85:
         61:10:72:f5:36:10:70:32:3f:bc:4a:90:99:ae:00:3e:63:d3:
         dd:f0:7e:ea:a3:2b:5b:d0:20:c3:b3:b6:f7:ec:e2:59:cc:85:
         da:1f:f3:17:73:b8:05:49:5d:18:89:f3:73:ca:b7:0b:6d:d1:
         5d:16:83:f6:71:08:3a:4a:bf:3b:e0:a0:1e:9a:b9:44:46:aa:
         ef:11:2e:ea:3c:d6:21:06:2a:ae:25:0d:af:9c:40:87:5f:89:
         0f:b6:85:e0:27:af:ad:c0:6c:95:20:2f:72:8d:7c:d6:10:10:
         28:96:cb:98:e4:be:a6:fe:7c:dd:6c:22:a6:4b:af:47:2b:30:
         e9:c4:58:82:a6:e6:14:c6:0d:a4:a8:9c:cb:0c:c2:33:67:d8:
         46:cf:27:63:5f:dd:ea:cc:cf:40:45:43:30:af:fa:83:a5:8a:
         51:74:ea:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtnDcWdRtxpQFpINSulMGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMzI1YzIxZDJmYWZlNzQzMzk4ZGMxZTU1NzQ0MzMyODAx
MTA0NjkwHhcNMjQwMTAxMDYyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjZlNGUxZDM5NDU2MDEwZDBhZjdiNGJhOWYwODdjZDc1YzIyZWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEEVa0VPz7bC8nGDtGp1FTYh86ap
6odB4gK1SCVGYvDB0AuqFxx42d6JFy8qaijjYILeTy850syrA0S3XvLb1uKQYSqP
mZ1jKlzcIXAosH2sUvAheSRy7voHvfOwVSjxAtwNiaQ1VIJapiIAbKR2iHIEAKCt
7z5O+tMFDe6UkIwMbdSHKN2IFX2U+nLwkCN1oyuzxw1Z93vaiv6M3yXlX5FSKMr0
zbBbxwP7dwrza4LluVg9rld46sAkyP8xp9YEtE43szw3fXZXbPprVX8RmjgDqo8y
OlsdXQO/HjUdeOkpdw9q0YuNRL+88qy46UDcmfyFp39nkx6SQwlH4garFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHtuTh05RWAQ0K97S6nwh811wi7cMB8GA1UdIwQY
MBaAFGAyXCHS+v50M5jcHlV0QzKAEQRpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWURKY0lkTDZfblF6bU53ZVZYUkRNb0FSQkdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mMjc3MGItZGExOS00NzkwLWE0OTQt
YzU4ZTk1Y2Q0Mjc3LzEvZTI1T0hUbEZZQkRRcjN0THFmQ0h6WFhDTHR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mMjc3MGItZGExOS00NzkwLWE0OTQtYzU4ZTk1Y2Q0Mjc3
LzEvWURKY0lkTDZfblF6bU53ZVZYUkRNb0FSQkdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwrZMA0G
CSqGSIb3DQEBCwUAA4IBAQCqWZWgVhdEYs2Tt0fgjaVrmPQglF8qOUn4aYRssFbj
1ReolnTB2th7NbmAnTmFobuiIHGWRYy40W25mHNxcPvRDUU7m2IiGyVwPcefS9P1
km1HMw8Kyv/sE4VhEHL1NhBwMj+8SpCZrgA+Y9Pd8H7qoytb0CDDs7b37OJZzIXa
H/MXc7gFSV0YifNzyrcLbdFdFoP2cQg6Sr874KAemrlERqrvES7qPNYhBiquJQ2v
nECHX4kPtoXgJ6+twGyVIC9yjXzWEBAolsuY5L6m/nzdbCKmS69HKzDpxFiCpuYU
xg2kqJzLDMIzZ9hGzydjX93qzM9ARUMwr/qDpYpRdOoh
-----END CERTIFICATE-----