Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/7d0efe-709d-4d11-b692-0e230806b579/1/IFXNgHuEN8ycsfhuA4dEpX7GYeY.roa
File:                     IFXNgHuEN8ycsfhuA4dEpX7GYeY.roa (raw, json)
Hash identifier:          0NAgcHKOW4VLEuD8zIQn9OzSwjmjjTPr1tkjSBELdjk=
Subject key identifier:   20:55:CD:80:7B:84:37:CC:9C:B1:F8:6E:03:87:44:A5:7E:C6:61:E6
Certificate issuer:       /CN=9e57f843b17ffceaa9b8636581fe4d54e346ddcc
Certificate serial:       019420D634D73296F29AEB620CABBC11432E
Authority key identifier: 9E:57:F8:43:B1:7F:FC:EA:A9:B8:63:65:81:FE:4D:54:E3:46:DD:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nlf4Q7F__OqpuGNlgf5NVONG3cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/7d0efe-709d-4d11-b692-0e230806b579/1/IFXNgHuEN8ycsfhuA4dEpX7GYeY.roa
Signing time:             Wed 01 Jan 2025 07:48:16 +0000
ROA not before:           Wed 01 Jan 2025 07:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34399
IP address blocks:        195.114.120.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/7d0efe-709d-4d11-b692-0e230806b579/1/nlf4Q7F__OqpuGNlgf5NVONG3cw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/7d0efe-709d-4d11-b692-0e230806b579/1/nlf4Q7F__OqpuGNlgf5NVONG3cw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nlf4Q7F__OqpuGNlgf5NVONG3cw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:34:d7:32:96:f2:9a:eb:62:0c:ab:bc:11:43:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e57f843b17ffceaa9b8636581fe4d54e346ddcc
        Validity
            Not Before: Jan  1 07:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2055cd807b8437cc9cb1f86e038744a57ec661e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:34:6c:77:07:bb:4e:d9:9a:0b:77:21:35:dc:
                    92:16:c8:4c:0c:ab:e7:39:d4:4d:da:af:20:59:9f:
                    3f:d2:22:99:14:e6:a5:00:6e:c1:78:a2:25:b9:25:
                    d6:a8:f6:cf:44:ac:3c:45:c3:f5:b1:49:66:c9:25:
                    62:ed:58:51:63:54:bb:ea:9c:47:3c:2e:f2:bb:cd:
                    33:b3:76:b9:6a:c2:87:3c:c8:fa:e0:e9:ad:17:65:
                    7d:e1:68:c7:23:24:0b:6a:17:58:9a:a2:e7:a6:75:
                    44:c4:29:3d:31:85:36:5b:72:c7:d9:88:3d:ae:2d:
                    13:71:f8:59:5b:2e:ae:83:26:42:6d:fc:7a:ad:5f:
                    5b:35:3f:cb:a1:ea:3b:8b:ed:62:23:1a:f9:88:ec:
                    c9:72:34:cf:5a:0f:6b:a2:9a:51:08:af:ce:52:12:
                    ca:0d:2f:fd:65:70:77:02:70:8a:ff:f0:ea:fc:42:
                    54:db:e3:c5:ef:f1:59:25:02:72:43:e6:1e:37:51:
                    8f:4d:3b:61:48:52:85:47:4c:f8:38:9a:dc:8c:e2:
                    a0:27:5f:af:04:fc:87:a5:26:38:c0:0b:d3:84:db:
                    12:1d:aa:00:52:b1:92:c5:e0:bb:70:19:87:d7:fa:
                    da:0e:c2:6c:ce:2d:2e:f9:62:01:c2:4e:44:57:87:
                    14:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:55:CD:80:7B:84:37:CC:9C:B1:F8:6E:03:87:44:A5:7E:C6:61:E6
            X509v3 Authority Key Identifier:
                keyid:9E:57:F8:43:B1:7F:FC:EA:A9:B8:63:65:81:FE:4D:54:E3:46:DD:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nlf4Q7F__OqpuGNlgf5NVONG3cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/7d0efe-709d-4d11-b692-0e230806b579/1/IFXNgHuEN8ycsfhuA4dEpX7GYeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/7d0efe-709d-4d11-b692-0e230806b579/1/nlf4Q7F__OqpuGNlgf5NVONG3cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:18:4e:5a:72:d7:60:1c:12:20:f9:a9:58:b2:8c:90:fe:08:
         55:14:59:80:9d:8c:76:9e:df:35:80:b2:01:f2:bc:49:86:5d:
         2f:78:0a:88:e0:41:c9:04:c2:49:e4:4d:c6:ce:ad:14:32:1a:
         9a:a3:9a:da:21:8a:22:fb:fd:4a:e9:9b:43:19:65:6f:4b:2f:
         f2:0f:db:7a:a1:dd:bb:14:1e:af:98:5e:17:a7:12:fa:36:1a:
         f2:0f:8c:2a:98:1f:40:88:eb:0c:15:83:e5:9b:4a:68:63:34:
         8d:54:00:3f:7d:84:c9:f3:29:d0:1e:5e:00:8a:e8:0c:8f:54:
         46:ed:a3:c7:ac:f1:f1:9a:48:75:57:a5:34:34:4b:13:cd:4c:
         04:d9:cc:f3:6f:c9:53:d3:f2:8e:be:06:93:85:9e:b2:bc:df:
         fb:4d:b4:85:f5:98:b1:5e:ad:66:18:40:22:3a:0c:8e:75:1c:
         5e:75:78:21:e4:0d:92:ab:54:18:4b:aa:80:c0:58:f0:58:6a:
         57:4c:b3:96:91:1a:ef:0a:ee:d5:ff:af:5e:a4:b9:b4:10:92:
         65:a7:75:12:41:c4:74:fc:99:df:f4:18:56:7d:69:95:33:32:
         b3:1f:6f:3a:3f:1f:33:95:8f:bc:7d:d3:32:8d:88:a3:b8:71:
         fb:3d:d3:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1jTXMpbymutiDKu8EUMuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNTdmODQzYjE3ZmZjZWFhOWI4NjM2NTgxZmU0ZDU0ZTM0
NmRkY2MwHhcNMjUwMTAxMDc0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDU1Y2Q4MDdiODQzN2NjOWNiMWY4NmUwMzg3NDRhNTdlYzY2MWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTRsdwe7TtmaC3chNdySFshMDKvn
OdRN2q8gWZ8/0iKZFOalAG7BeKIluSXWqPbPRKw8RcP1sUlmySVi7VhRY1S76pxH
PC7yu80zs3a5asKHPMj64OmtF2V94WjHIyQLahdYmqLnpnVExCk9MYU2W3LH2Yg9
ri0TcfhZWy6ugyZCbfx6rV9bNT/Loeo7i+1iIxr5iOzJcjTPWg9roppRCK/OUhLK
DS/9ZXB3AnCK//Dq/EJU2+PF7/FZJQJyQ+YeN1GPTTthSFKFR0z4OJrcjOKgJ1+v
BPyHpSY4wAvThNsSHaoAUrGSxeC7cBmH1/raDsJszi0u+WIBwk5EV4cUoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCBVzYB7hDfMnLH4bgOHRKV+xmHmMB8GA1UdIwQY
MBaAFJ5X+EOxf/zqqbhjZYH+TVTjRt3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmxmNFE3Rl9fT3FwdUdObGdmNU5WT05HM2N3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC83ZDBlZmUtNzA5ZC00ZDExLWI2OTIt
MGUyMzA4MDZiNTc5LzEvSUZYTmdIdUVOOHljc2ZodUE0ZEVwWDdHWWVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC83ZDBlZmUtNzA5ZC00ZDExLWI2OTItMGUyMzA4MDZiNTc5
LzEvbmxmNFE3Rl9fT3FwdUdObGdmNU5WT05HM2N3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw3J4MA0G
CSqGSIb3DQEBCwUAA4IBAQAfGE5actdgHBIg+alYsoyQ/ghVFFmAnYx2nt81gLIB
8rxJhl0veAqI4EHJBMJJ5E3Gzq0UMhqao5raIYoi+/1K6ZtDGWVvSy/yD9t6od27
FB6vmF4XpxL6NhryD4wqmB9AiOsMFYPlm0poYzSNVAA/fYTJ8ynQHl4AiugMj1RG
7aPHrPHxmkh1V6U0NEsTzUwE2czzb8lT0/KOvgaThZ6yvN/7TbSF9ZixXq1mGEAi
OgyOdRxedXgh5A2Sq1QYS6qAwFjwWGpXTLOWkRrvCu7V/69epLm0EJJlp3USQcR0
/Jnf9BhWfWmVMzKzH286Px8zlY+8fdMyjYijuHH7PdOx
-----END CERTIFICATE-----