Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/ac0694-1e22-436d-82c9-17ce620e74f1/1/1srYH8Osh-RP_71MbwSfIzbM-ZY.roa
File:                     1srYH8Osh-RP_71MbwSfIzbM-ZY.roa (raw, json)
Hash identifier:          j3oFf9wPBHjhJIZYrnm/15tSmF325ETmu17GUrAlZ50=
Subject key identifier:   D6:CA:D8:1F:C3:AC:87:E4:4F:FF:BD:4C:6F:04:9F:23:36:CC:F9:96
Certificate issuer:       /CN=204d7d8652a99fc17fff2d7decc49e556aa0eb80
Certificate serial:       01927A721E98F995A305790606CF96962E29
Authority key identifier: 20:4D:7D:86:52:A9:9F:C1:7F:FF:2D:7D:EC:C4:9E:55:6A:A0:EB:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IE19hlKpn8F__y197MSeVWqg64A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/ac0694-1e22-436d-82c9-17ce620e74f1/1/1srYH8Osh-RP_71MbwSfIzbM-ZY.roa
Signing time:             Fri 11 Oct 2024 07:19:12 +0000
ROA not before:           Fri 11 Oct 2024 07:19:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        195.242.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/ac0694-1e22-436d-82c9-17ce620e74f1/1/IE19hlKpn8F__y197MSeVWqg64A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/ac0694-1e22-436d-82c9-17ce620e74f1/1/IE19hlKpn8F__y197MSeVWqg64A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IE19hlKpn8F__y197MSeVWqg64A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7a:72:1e:98:f9:95:a3:05:79:06:06:cf:96:96:2e:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=204d7d8652a99fc17fff2d7decc49e556aa0eb80
        Validity
            Not Before: Oct 11 07:19:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6cad81fc3ac87e44fffbd4c6f049f2336ccf996
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:5a:6a:c8:4c:e7:8d:a2:79:d9:0f:20:2d:b8:
                    15:50:02:bf:18:2b:b0:76:2c:f3:89:2a:16:66:40:
                    d5:78:b7:80:ab:0d:c2:cb:90:7f:3b:67:f4:cb:65:
                    26:b2:f9:06:0a:66:1d:31:3c:47:fb:54:27:e6:88:
                    92:50:ba:85:be:26:7f:07:9a:7d:7f:cf:17:04:d1:
                    8e:6b:1a:74:fb:ec:67:f1:9d:89:bc:70:db:d2:d1:
                    58:1c:74:59:30:1c:56:03:bc:90:33:d5:2e:2a:05:
                    a7:55:7f:42:98:29:b4:c6:73:83:e0:f4:cc:52:71:
                    cd:94:5c:d9:13:96:cb:3f:05:14:ef:72:37:4c:49:
                    9b:89:71:32:f3:df:5c:08:00:fd:ec:e8:10:06:8c:
                    41:fc:cf:09:41:85:e1:ee:c6:81:03:a9:6c:d7:b6:
                    e4:41:c2:52:83:17:7b:23:07:11:ea:aa:f1:ee:a3:
                    a3:ef:9e:16:9a:b9:f1:f1:e0:b8:0a:98:21:14:62:
                    8d:29:d2:88:b0:73:36:91:fe:14:f0:cc:c1:71:b5:
                    ac:6e:7b:db:5a:08:eb:22:33:2f:f9:90:63:4f:75:
                    be:a9:5a:40:ea:ba:94:a4:ea:88:63:76:05:6c:f3:
                    ae:0d:5d:f9:72:ad:2d:a6:86:bc:b9:27:67:9f:87:
                    41:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:CA:D8:1F:C3:AC:87:E4:4F:FF:BD:4C:6F:04:9F:23:36:CC:F9:96
            X509v3 Authority Key Identifier:
                keyid:20:4D:7D:86:52:A9:9F:C1:7F:FF:2D:7D:EC:C4:9E:55:6A:A0:EB:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IE19hlKpn8F__y197MSeVWqg64A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ac0694-1e22-436d-82c9-17ce620e74f1/1/1srYH8Osh-RP_71MbwSfIzbM-ZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ac0694-1e22-436d-82c9-17ce620e74f1/1/IE19hlKpn8F__y197MSeVWqg64A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.242.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:9c:2a:35:fb:25:b8:bf:ff:86:83:d5:c5:57:ec:c4:c2:bc:
         d7:1c:bc:21:4b:ca:f9:ea:f5:d6:23:1e:9e:07:37:1e:a3:ea:
         46:aa:a7:7f:87:78:f4:9e:3b:0a:06:70:9e:e6:e1:4e:f6:2e:
         a2:7a:53:5e:7f:27:78:c4:aa:fc:1f:30:c8:3b:8b:ab:9b:10:
         8b:9c:43:ae:94:ad:3d:96:76:94:34:6f:13:c3:d5:58:18:72:
         c2:91:10:14:2e:96:af:6c:93:b0:22:2e:03:3a:e3:43:c5:0a:
         41:d2:e4:52:5f:3c:11:b4:04:cf:56:5c:d2:59:31:06:85:bc:
         ee:49:3d:b3:34:8a:50:f7:91:2b:8d:28:2d:47:f6:a0:3d:ac:
         15:2b:03:27:0e:1a:67:6f:d0:de:8a:db:28:7b:0b:7b:b7:08:
         51:f5:26:6f:e6:38:fa:98:62:85:58:94:a7:88:27:48:73:9d:
         b7:79:b7:bb:51:64:2c:27:40:7a:56:b7:b0:c1:ee:b1:df:c0:
         95:54:3e:35:76:a3:70:45:5c:05:ac:a7:21:85:a2:0c:e1:40:
         61:94:53:c7:77:4d:31:a4:b9:92:8b:ff:56:ec:86:f7:d4:72:
         25:68:3c:f7:f4:8c:96:cd:eb:23:63:ca:99:f9:5e:d7:d0:ae:
         cd:47:76:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ6ch6Y+ZWjBXkGBs+Wli4pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNGQ3ZDg2NTJhOTlmYzE3ZmZmMmQ3ZGVjYzQ5ZTU1NmFh
MGViODAwHhcNMjQxMDExMDcxOTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmNhZDgxZmMzYWM4N2U0NGZmZmJkNGM2ZjA0OWYyMzM2Y2NmOTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFpqyEznjaJ52Q8gLbgVUAK/GCuw
dizziSoWZkDVeLeAqw3Cy5B/O2f0y2UmsvkGCmYdMTxH+1Qn5oiSULqFviZ/B5p9
f88XBNGOaxp0++xn8Z2JvHDb0tFYHHRZMBxWA7yQM9UuKgWnVX9CmCm0xnOD4PTM
UnHNlFzZE5bLPwUU73I3TEmbiXEy899cCAD97OgQBoxB/M8JQYXh7saBA6ls17bk
QcJSgxd7IwcR6qrx7qOj754Wmrnx8eC4CpghFGKNKdKIsHM2kf4U8MzBcbWsbnvb
WgjrIjMv+ZBjT3W+qVpA6rqUpOqIY3YFbPOuDV35cq0tpoa8uSdnn4dBUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbK2B/DrIfkT/+9TG8EnyM2zPmWMB8GA1UdIwQY
MBaAFCBNfYZSqZ/Bf/8tfezEnlVqoOuAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUUxOWhsS3BuOEZfX3kxOTdNU2VWV3FnNjRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9hYzA2OTQtMWUyMi00MzZkLTgyYzkt
MTdjZTYyMGU3NGYxLzEvMXNyWUg4T3NoLVJQXzcxTWJ3U2ZJemJNLVpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9hYzA2OTQtMWUyMi00MzZkLTgyYzktMTdjZTYyMGU3NGYx
LzEvSUUxOWhsS3BuOEZfX3kxOTdNU2VWV3FnNjRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/KqMA0G
CSqGSIb3DQEBCwUAA4IBAQBunCo1+yW4v/+Gg9XFV+zEwrzXHLwhS8r56vXWIx6e
Bzceo+pGqqd/h3j0njsKBnCe5uFO9i6ielNefyd4xKr8HzDIO4urmxCLnEOulK09
lnaUNG8Tw9VYGHLCkRAULpavbJOwIi4DOuNDxQpB0uRSXzwRtATPVlzSWTEGhbzu
ST2zNIpQ95ErjSgtR/agPawVKwMnDhpnb9Deitsoewt7twhR9SZv5jj6mGKFWJSn
iCdIc523ebe7UWQsJ0B6Vrewwe6x38CVVD41dqNwRVwFrKchhaIM4UBhlFPHd00x
pLmSi/9W7Ib31HIlaDz39IyWzesjY8qZ+V7X0K7NR3Zj
-----END CERTIFICATE-----