Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/07e9aa-a980-46a6-9e84-8a0102ae7a9f/1/1-RKNfvfWy-2XjISmvzoXgVTiXws.roa
File:                     1-RKNfvfWy-2XjISmvzoXgVTiXws.roa (raw, json)
Hash identifier:          LZ8xqHX/rrba8NpaVkZ8Fd6UIo9+BUvoBCsUvIu4R/I=
Subject key identifier:   F9:12:8D:7E:F7:D6:CB:ED:97:8C:84:A6:BF:3A:17:81:54:E2:5F:0B
Certificate issuer:       /CN=b7850a9e5e7be3b4d2b642265f825b850c072366
Certificate serial:       0191E1DBDF92441EE12F35DA2B8848F6AC8C
Authority key identifier: B7:85:0A:9E:5E:7B:E3:B4:D2:B6:42:26:5F:82:5B:85:0C:07:23:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t4UKnl5747TStkImX4JbhQwHI2Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/07e9aa-a980-46a6-9e84-8a0102ae7a9f/1/1-RKNfvfWy-2XjISmvzoXgVTiXws.roa
Signing time:             Wed 11 Sep 2024 16:12:48 +0000
ROA not before:           Wed 11 Sep 2024 16:12:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        195.14.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/07e9aa-a980-46a6-9e84-8a0102ae7a9f/1/t4UKnl5747TStkImX4JbhQwHI2Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/07e9aa-a980-46a6-9e84-8a0102ae7a9f/1/t4UKnl5747TStkImX4JbhQwHI2Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t4UKnl5747TStkImX4JbhQwHI2Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:02:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e1:db:df:92:44:1e:e1:2f:35:da:2b:88:48:f6:ac:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7850a9e5e7be3b4d2b642265f825b850c072366
        Validity
            Not Before: Sep 11 16:12:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9128d7ef7d6cbed978c84a6bf3a178154e25f0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:84:1b:ff:a1:9d:f1:e7:af:84:5c:76:2a:84:
                    a0:78:a2:bf:f0:9f:00:b5:87:c6:c4:0d:28:61:43:
                    3c:2f:c9:c5:13:97:4d:1c:b0:59:31:59:00:48:f6:
                    bf:9b:ea:2e:41:82:26:c0:cb:8d:d3:b9:52:9c:17:
                    4e:93:13:3a:77:89:86:d6:d3:4b:f9:86:39:24:1e:
                    4b:23:d3:25:59:9e:09:58:80:2a:07:2a:ba:13:78:
                    55:76:66:5a:78:c0:24:19:86:1a:64:eb:90:19:0b:
                    32:c5:79:73:99:21:20:af:2a:93:79:a7:54:48:93:
                    1f:9e:51:e4:d0:38:10:d8:95:64:b1:df:29:02:1b:
                    7d:5e:c8:11:3a:22:f1:2c:86:c6:6f:5e:1e:34:90:
                    a7:6e:8b:d6:58:e0:80:13:47:6b:5c:b5:ba:36:8f:
                    54:f8:4c:4c:8f:4c:64:39:60:26:16:aa:0a:84:b6:
                    b2:fc:0d:ce:b7:ed:aa:2b:d5:18:6b:45:e4:20:b1:
                    f3:ff:26:9f:47:2e:3e:35:af:a0:e8:92:9f:e1:12:
                    60:7e:43:56:9c:88:cf:38:23:ee:af:34:ce:38:9d:
                    23:6a:ba:eb:b4:8d:d9:cd:8e:38:35:f6:69:30:64:
                    e9:ed:29:f2:9f:9f:96:51:96:54:b4:4d:7e:ab:cf:
                    9c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:12:8D:7E:F7:D6:CB:ED:97:8C:84:A6:BF:3A:17:81:54:E2:5F:0B
            X509v3 Authority Key Identifier:
                keyid:B7:85:0A:9E:5E:7B:E3:B4:D2:B6:42:26:5F:82:5B:85:0C:07:23:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t4UKnl5747TStkImX4JbhQwHI2Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/07e9aa-a980-46a6-9e84-8a0102ae7a9f/1/1-RKNfvfWy-2XjISmvzoXgVTiXws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/07e9aa-a980-46a6-9e84-8a0102ae7a9f/1/t4UKnl5747TStkImX4JbhQwHI2Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.14.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:9c:3d:a2:2d:a2:98:1a:13:34:f1:e8:d1:25:96:5f:bc:2e:
         09:e5:0d:9e:83:7f:73:91:cc:a9:26:f1:ac:08:26:cb:c1:d6:
         c2:4b:28:ed:fd:22:61:d7:c0:df:b2:0b:09:ce:b8:10:2b:73:
         1e:07:d8:5f:e9:68:9b:90:4e:2e:65:8b:26:13:04:53:ef:79:
         fa:65:01:b8:a3:89:55:50:4a:10:19:94:80:4b:68:33:e3:e4:
         cc:86:05:4c:55:44:c4:37:3c:91:c4:eb:8c:58:7f:8f:e7:91:
         81:91:d8:92:a7:43:26:c2:5c:95:39:a3:d5:ae:be:9f:b8:32:
         eb:c0:4e:67:c6:dd:79:62:9e:2c:89:76:21:c3:0a:97:22:a2:
         12:14:bc:a3:aa:9a:4a:9e:4a:88:c0:20:52:6e:d0:4c:58:13:
         5b:c6:99:54:04:48:78:58:6f:b6:5c:34:8a:e9:c2:53:85:49:
         e9:74:0f:35:75:19:bd:43:5d:6e:b5:45:2d:9e:c1:c2:38:99:
         c9:29:10:f4:e8:7f:1f:e2:5d:e7:a7:df:e5:6f:16:75:1c:26:
         b7:4b:da:42:0a:6e:65:23:75:56:37:8f:e5:ec:04:fa:21:53:
         b0:36:6a:bc:23:42:89:a8:3f:9d:16:ba:a8:46:a0:60:b5:5d:
         71:35:9b:82
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZHh29+SRB7hLzXaK4hI9qyMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3ODUwYTllNWU3YmUzYjRkMmI2NDIyNjVmODI1Yjg1MGMw
NzIzNjYwHhcNMjQwOTExMTYxMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTEyOGQ3ZWY3ZDZjYmVkOTc4Yzg0YTZiZjNhMTc4MTU0ZTI1ZjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54Qb/6Gd8eevhFx2KoSgeKK/8J8A
tYfGxA0oYUM8L8nFE5dNHLBZMVkASPa/m+ouQYImwMuN07lSnBdOkxM6d4mG1tNL
+YY5JB5LI9MlWZ4JWIAqByq6E3hVdmZaeMAkGYYaZOuQGQsyxXlzmSEgryqTeadU
SJMfnlHk0DgQ2JVksd8pAht9XsgROiLxLIbGb14eNJCnbovWWOCAE0drXLW6No9U
+ExMj0xkOWAmFqoKhLay/A3Ot+2qK9UYa0XkILHz/yafRy4+Na+g6JKf4RJgfkNW
nIjPOCPurzTOOJ0jarrrtI3ZzY44NfZpMGTp7Snyn5+WUZZUtE1+q8+cMQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPkSjX731svtl4yEpr86F4FU4l8LMB8GA1UdIwQY
MBaAFLeFCp5ee+O00rZCJl+CW4UMByNmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDRVS25sNTc0N1RTdGtJbVg0SmJoUXdISTJZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8wN2U5YWEtYTk4MC00NmE2LTllODQt
OGEwMTAyYWU3YTlmLzEvMS1SS05mdmZXeS0yWGpJU212em9YZ1ZUaVh3cy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTYvMDdlOWFhLWE5ODAtNDZhNi05ZTg0LThhMDEwMmFlN2E5
Zi8xL3Q0VUtubDU3NDdUU3RrSW1YNEpiaFF3SEkyWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMMOCTAN
BgkqhkiG9w0BAQsFAAOCAQEABZw9oi2imBoTNPHo0SWWX7wuCeUNnoN/c5HMqSbx
rAgmy8HWwkso7f0iYdfA37ILCc64ECtzHgfYX+lom5BOLmWLJhMEU+95+mUBuKOJ
VVBKEBmUgEtoM+PkzIYFTFVExDc8kcTrjFh/j+eRgZHYkqdDJsJclTmj1a6+n7gy
68BOZ8bdeWKeLIl2IcMKlyKiEhS8o6qaSp5KiMAgUm7QTFgTW8aZVARIeFhvtlw0
iunCU4VJ6XQPNXUZvUNdbrVFLZ7BwjiZySkQ9Oh/H+Jd56ff5W8WdRwmt0vaQgpu
ZSN1VjeP5ewE+iFTsDZqvCNCiag/nRa6qEagYLVdcTWbgg==
-----END CERTIFICATE-----