Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/68707f-f2a8-4f53-ba5c-31dfbbb914ed/1/0FQ4nhXCO6FrC8xorIDM3ZQ43Jc.roa
File:                     0FQ4nhXCO6FrC8xorIDM3ZQ43Jc.roa (raw, json)
Hash identifier:          +2CfTUWCshQVdZeMHyz/lCejPq05lTk7woT9R85f05Y=
Subject key identifier:   D0:54:38:9E:15:C2:3B:A1:6B:0B:CC:68:AC:80:CC:DD:94:38:DC:97
Certificate issuer:       /CN=ed77ba4f32f2426170afc9e25914c13490ff5db6
Certificate serial:       018CC5000AE6232AEC2394685E6815E29052
Authority key identifier: ED:77:BA:4F:32:F2:42:61:70:AF:C9:E2:59:14:C1:34:90:FF:5D:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7Xe6TzLyQmFwr8niWRTBNJD_XbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/68707f-f2a8-4f53-ba5c-31dfbbb914ed/1/0FQ4nhXCO6FrC8xorIDM3ZQ43Jc.roa
Signing time:             Mon 01 Jan 2024 12:29:23 +0000
ROA not before:           Mon 01 Jan 2024 12:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398464
IP address blocks:        195.64.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/68707f-f2a8-4f53-ba5c-31dfbbb914ed/1/7Xe6TzLyQmFwr8niWRTBNJD_XbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/68707f-f2a8-4f53-ba5c-31dfbbb914ed/1/7Xe6TzLyQmFwr8niWRTBNJD_XbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7Xe6TzLyQmFwr8niWRTBNJD_XbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 23:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0a:e6:23:2a:ec:23:94:68:5e:68:15:e2:90:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed77ba4f32f2426170afc9e25914c13490ff5db6
        Validity
            Not Before: Jan  1 12:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d054389e15c23ba16b0bcc68ac80ccdd9438dc97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c1:83:21:0f:95:f2:61:d9:7b:9a:a5:42:15:
                    62:7d:e5:53:de:c1:d0:a2:c4:76:32:bb:37:e8:f7:
                    49:02:07:6b:f0:6a:10:c3:33:96:18:c6:c2:4b:a2:
                    1a:cf:9d:59:1c:dd:76:4d:2b:15:1d:ce:c6:40:8d:
                    8e:95:81:fd:09:01:5a:72:27:e9:22:7e:7b:07:cc:
                    a9:74:ee:68:f2:95:e4:e5:59:b5:70:db:c5:fd:8c:
                    16:10:db:d7:08:1e:50:2d:d5:62:92:6d:08:7f:a2:
                    2d:b5:23:02:51:42:00:64:24:a5:ee:a6:f7:07:e1:
                    a0:ff:61:cd:3f:74:d5:a5:f8:9f:b0:a4:a0:81:96:
                    7a:13:fc:b9:02:da:d8:28:5f:34:fe:d8:a5:af:ce:
                    17:61:37:dd:0b:ed:49:53:eb:6e:90:b1:f1:78:a6:
                    b8:4a:fd:7f:a4:aa:7f:79:5c:4d:f6:16:30:ae:80:
                    1a:7a:c1:6f:e2:83:36:0f:30:52:6f:00:b6:72:9f:
                    87:d5:f6:58:4a:d3:90:d3:16:f6:45:eb:2c:e0:e4:
                    05:12:0d:84:3c:d0:47:b3:42:ea:f1:ce:3f:5b:66:
                    c6:8a:df:7d:a7:90:da:5e:08:11:4e:a2:da:91:cb:
                    42:e9:c2:57:fe:05:8d:c0:78:15:f8:46:87:38:10:
                    63:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:54:38:9E:15:C2:3B:A1:6B:0B:CC:68:AC:80:CC:DD:94:38:DC:97
            X509v3 Authority Key Identifier:
                keyid:ED:77:BA:4F:32:F2:42:61:70:AF:C9:E2:59:14:C1:34:90:FF:5D:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7Xe6TzLyQmFwr8niWRTBNJD_XbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/68707f-f2a8-4f53-ba5c-31dfbbb914ed/1/0FQ4nhXCO6FrC8xorIDM3ZQ43Jc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/68707f-f2a8-4f53-ba5c-31dfbbb914ed/1/7Xe6TzLyQmFwr8niWRTBNJD_XbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:40:74:c0:96:7d:e1:e9:de:22:60:14:05:c7:2f:62:93:a6:
         85:53:ae:95:85:16:fd:fd:ff:6f:10:b0:57:81:cd:db:83:5b:
         04:78:9d:89:f4:42:10:db:cd:e9:40:f1:91:2a:3d:99:a0:39:
         6b:2c:bb:05:03:96:c1:8c:38:1f:60:73:99:e3:99:3d:28:57:
         f0:67:a5:93:03:5b:1a:b9:a3:0c:f5:5b:83:ee:b4:c9:fc:33:
         f3:e9:ce:32:1d:7e:2a:0d:05:e0:c4:17:c0:52:e6:46:d5:6f:
         99:a4:2c:ac:61:99:76:f2:e8:06:8b:a5:f5:5f:c8:28:d8:e9:
         c6:fe:0d:5e:19:62:cd:b1:f7:55:9d:7f:4f:00:b0:c9:f5:1c:
         f4:f2:5f:94:84:ea:89:85:9e:c7:4c:00:c4:a9:74:90:07:af:
         b0:0e:a7:74:f6:a2:f0:71:39:52:d7:25:b5:cb:b9:d0:f1:cc:
         1d:34:3e:12:14:ae:fb:d6:ab:78:33:fd:cf:e6:06:84:86:70:
         07:6d:04:34:62:7a:9a:a5:e8:7d:e6:3a:09:6f:74:66:88:04:
         16:30:12:2d:e9:c4:db:51:28:10:04:9e:e7:88:7d:58:41:a9:
         70:f1:6a:97:e6:50:0a:a4:8e:c4:f1:84:24:d7:fd:4b:ac:8f:
         bd:fe:cf:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAArmIyrsI5RoXmgV4pBSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNzdiYTRmMzJmMjQyNjE3MGFmYzllMjU5MTRjMTM0OTBm
ZjVkYjYwHhcNMjQwMTAxMTIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDU0Mzg5ZTE1YzIzYmExNmIwYmNjNjhhYzgwY2NkZDk0MzhkYzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8GDIQ+V8mHZe5qlQhVifeVT3sHQ
osR2Mrs36PdJAgdr8GoQwzOWGMbCS6Iaz51ZHN12TSsVHc7GQI2OlYH9CQFacifp
In57B8ypdO5o8pXk5Vm1cNvF/YwWENvXCB5QLdVikm0If6IttSMCUUIAZCSl7qb3
B+Gg/2HNP3TVpfifsKSggZZ6E/y5AtrYKF80/tilr84XYTfdC+1JU+tukLHxeKa4
Sv1/pKp/eVxN9hYwroAaesFv4oM2DzBSbwC2cp+H1fZYStOQ0xb2Ress4OQFEg2E
PNBHs0Lq8c4/W2bGit99p5DaXggRTqLakctC6cJX/gWNwHgV+EaHOBBjzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBUOJ4VwjuhawvMaKyAzN2UONyXMB8GA1UdIwQY
MBaAFO13uk8y8kJhcK/J4lkUwTSQ/122MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1hlNlR6THlRbUZ3cjhuaVdSVEJOSkRfWGJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82ODcwN2YtZjJhOC00ZjUzLWJhNWMt
MzFkZmJiYjkxNGVkLzEvMEZRNG5oWENPNkZyQzh4b3JJRE0zWlE0M0pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82ODcwN2YtZjJhOC00ZjUzLWJhNWMtMzFkZmJiYjkxNGVk
LzEvN1hlNlR6THlRbUZ3cjhuaVdSVEJOSkRfWGJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0B8MA0G
CSqGSIb3DQEBCwUAA4IBAQBPQHTAln3h6d4iYBQFxy9ik6aFU66VhRb9/f9vELBX
gc3bg1sEeJ2J9EIQ283pQPGRKj2ZoDlrLLsFA5bBjDgfYHOZ45k9KFfwZ6WTA1sa
uaMM9VuD7rTJ/DPz6c4yHX4qDQXgxBfAUuZG1W+ZpCysYZl28ugGi6X1X8go2OnG
/g1eGWLNsfdVnX9PALDJ9Rz08l+UhOqJhZ7HTADEqXSQB6+wDqd09qLwcTlS1yW1
y7nQ8cwdND4SFK771qt4M/3P5gaEhnAHbQQ0Ynqapeh95joJb3RmiAQWMBIt6cTb
USgQBJ7niH1YQalw8WqX5lAKpI7E8YQk1/1LrI+9/s+t
-----END CERTIFICATE-----