Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/3deae4-720d-4eae-b3d9-b21dd3f68aba/1/9dFDT7ClzE37OwxKg4tYPIjGn-8.roa
File:                     9dFDT7ClzE37OwxKg4tYPIjGn-8.roa (raw, json)
Hash identifier:          UgWLRMJQoJEQJs71EY9MqTz24btrMXBm75L/GyTswkk=
Subject key identifier:   F5:D1:43:4F:B0:A5:CC:4D:FB:3B:0C:4A:83:8B:58:3C:88:C6:9F:EF
Certificate issuer:       /CN=6c4e7eafe2ffaa90cae9476803034db6da7c1219
Certificate serial:       018CC6B7816F6A2BCCACA5ACD2AA4FD59F5A
Authority key identifier: 6C:4E:7E:AF:E2:FF:AA:90:CA:E9:47:68:03:03:4D:B6:DA:7C:12:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bE5-r-L_qpDK6UdoAwNNttp8Ehk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/3deae4-720d-4eae-b3d9-b21dd3f68aba/1/9dFDT7ClzE37OwxKg4tYPIjGn-8.roa
Signing time:             Mon 01 Jan 2024 20:29:24 +0000
ROA not before:           Mon 01 Jan 2024 20:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8412
IP address blocks:        195.20.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/3deae4-720d-4eae-b3d9-b21dd3f68aba/1/bE5-r-L_qpDK6UdoAwNNttp8Ehk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/3deae4-720d-4eae-b3d9-b21dd3f68aba/1/bE5-r-L_qpDK6UdoAwNNttp8Ehk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bE5-r-L_qpDK6UdoAwNNttp8Ehk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:81:6f:6a:2b:cc:ac:a5:ac:d2:aa:4f:d5:9f:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c4e7eafe2ffaa90cae9476803034db6da7c1219
        Validity
            Not Before: Jan  1 20:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5d1434fb0a5cc4dfb3b0c4a838b583c88c69fef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:52:e9:7a:15:d7:3b:4f:af:28:31:d1:ee:a5:
                    fc:7f:84:70:70:02:ff:cf:ff:62:c5:c3:1a:b0:69:
                    ff:da:4c:ba:88:b1:de:9e:a5:5a:49:b5:0c:ca:69:
                    22:63:0d:c0:96:99:d7:c8:6e:36:ef:da:d5:98:81:
                    54:1b:db:95:63:e5:67:3c:97:a2:81:0c:f5:fd:ea:
                    3d:ff:fc:76:b5:c9:11:cd:06:9f:e0:e6:b5:73:11:
                    ab:54:82:c5:5b:cd:22:49:86:c7:43:14:e0:54:06:
                    4f:8c:01:bd:1b:33:7a:68:cc:d2:57:a4:eb:0f:0c:
                    ef:50:ba:fc:f8:6c:d8:45:c8:6d:ec:a2:8b:67:2b:
                    62:87:d9:87:40:6d:f2:21:fa:50:ae:f3:bb:ee:d7:
                    53:a5:30:37:e9:56:fc:41:75:85:00:c5:65:35:68:
                    80:d3:da:02:cb:03:78:c1:b7:7c:34:e1:18:7c:99:
                    5d:cc:43:3f:03:d0:d3:4f:d9:4d:2e:dd:4b:0c:c3:
                    ae:d2:79:da:4b:8a:4e:9f:6d:cc:21:4e:7b:38:24:
                    36:a1:62:6f:1c:20:ac:43:de:a3:80:c9:75:89:00:
                    35:a5:ec:b8:c3:17:b1:13:23:d6:11:a9:b4:0f:fd:
                    27:37:f9:bc:e8:79:2e:f7:1e:fd:2f:12:f3:5f:d3:
                    7f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:D1:43:4F:B0:A5:CC:4D:FB:3B:0C:4A:83:8B:58:3C:88:C6:9F:EF
            X509v3 Authority Key Identifier:
                keyid:6C:4E:7E:AF:E2:FF:AA:90:CA:E9:47:68:03:03:4D:B6:DA:7C:12:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bE5-r-L_qpDK6UdoAwNNttp8Ehk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/3deae4-720d-4eae-b3d9-b21dd3f68aba/1/9dFDT7ClzE37OwxKg4tYPIjGn-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/3deae4-720d-4eae-b3d9-b21dd3f68aba/1/bE5-r-L_qpDK6UdoAwNNttp8Ehk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:f0:09:eb:4e:1b:e8:19:bb:f0:c3:f5:1d:5c:f6:3e:21:53:
         2f:a9:c5:6f:e6:15:42:ef:7c:ad:e2:7a:a9:e7:28:65:d1:70:
         22:2c:b2:9b:8f:32:87:5d:56:3e:6d:00:24:1b:3f:85:d5:fb:
         27:4c:3c:8c:c0:59:2e:f9:a3:12:f1:95:d3:a6:a9:94:9e:ee:
         93:72:c0:75:83:5f:eb:7a:7e:9f:87:8c:42:06:86:47:8a:db:
         db:c4:14:8c:9b:64:83:ba:49:7b:78:73:c4:9e:e0:ef:47:b0:
         00:f5:78:64:2a:1a:6f:b6:c4:72:a0:80:e6:71:6d:f5:95:20:
         48:cc:3a:c3:2f:63:78:aa:45:37:50:a0:80:44:7c:a1:5a:c1:
         f6:90:b5:86:d0:c4:69:c9:56:ea:e0:77:42:e9:85:de:95:59:
         24:d3:b8:0d:eb:6e:14:d9:d6:6a:9f:8a:e5:bf:0b:9c:87:8a:
         4e:0b:48:46:3c:ef:a2:93:33:d3:4e:cf:4a:7c:68:5a:59:f4:
         bd:d5:77:d7:75:8f:ff:bf:56:38:2b:fc:ef:aa:87:64:32:03:
         86:78:df:13:81:52:45:36:9f:c1:0f:f8:4a:f3:29:6e:41:e6:
         4f:a3:45:a9:ce:cd:03:a0:0b:5c:54:20:a5:6a:9d:bf:43:c7:
         a5:78:58:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt4FvaivMrKWs0qpP1Z9aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjNGU3ZWFmZTJmZmFhOTBjYWU5NDc2ODAzMDM0ZGI2ZGE3
YzEyMTkwHhcNMjQwMTAxMjAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWQxNDM0ZmIwYTVjYzRkZmIzYjBjNGE4MzhiNTgzYzg4YzY5ZmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1LpehXXO0+vKDHR7qX8f4RwcAL/
z/9ixcMasGn/2ky6iLHenqVaSbUMymkiYw3AlpnXyG4279rVmIFUG9uVY+VnPJei
gQz1/eo9//x2tckRzQaf4Oa1cxGrVILFW80iSYbHQxTgVAZPjAG9GzN6aMzSV6Tr
DwzvULr8+GzYRcht7KKLZytih9mHQG3yIfpQrvO77tdTpTA36Vb8QXWFAMVlNWiA
09oCywN4wbd8NOEYfJldzEM/A9DTT9lNLt1LDMOu0nnaS4pOn23MIU57OCQ2oWJv
HCCsQ96jgMl1iQA1pey4wxexEyPWEam0D/0nN/m86Hku9x79LxLzX9N/TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPXRQ0+wpcxN+zsMSoOLWDyIxp/vMB8GA1UdIwQY
MBaAFGxOfq/i/6qQyulHaAMDTbbafBIZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkU1LXItTF9xcERLNlVkb0F3Tk50dHA4RWhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8zZGVhZTQtNzIwZC00ZWFlLWIzZDkt
YjIxZGQzZjY4YWJhLzEvOWRGRFQ3Q2x6RTM3T3d4S2c0dFlQSWpHbi04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8zZGVhZTQtNzIwZC00ZWFlLWIzZDktYjIxZGQzZjY4YWJh
LzEvYkU1LXItTF9xcERLNlVkb0F3Tk50dHA4RWhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxSEMA0G
CSqGSIb3DQEBCwUAA4IBAQCY8AnrThvoGbvww/UdXPY+IVMvqcVv5hVC73yt4nqp
5yhl0XAiLLKbjzKHXVY+bQAkGz+F1fsnTDyMwFku+aMS8ZXTpqmUnu6TcsB1g1/r
en6fh4xCBoZHitvbxBSMm2SDukl7eHPEnuDvR7AA9XhkKhpvtsRyoIDmcW31lSBI
zDrDL2N4qkU3UKCARHyhWsH2kLWG0MRpyVbq4HdC6YXelVkk07gN624U2dZqn4rl
vwuch4pOC0hGPO+ikzPTTs9KfGhaWfS91XfXdY//v1Y4K/zvqodkMgOGeN8TgVJF
Np/BD/hK8yluQeZPo0Wpzs0DoAtcVCClap2/Q8eleFjI
-----END CERTIFICATE-----