Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/4upvuXSbW0hxxb9T-C8Mww97yL0.roa
File:                     4upvuXSbW0hxxb9T-C8Mww97yL0.roa (raw, json)
Hash identifier:          UGaxmrn3kNBWri7SbtHWINc4WPp+TD8DuyafIiSc73Y=
Subject key identifier:   E2:EA:6F:B9:74:9B:5B:48:71:C5:BF:53:F8:2F:0C:C3:0F:7B:C8:BD
Certificate issuer:       /CN=e7f881401abacc88c941fdf740f1ab1536f05dba
Certificate serial:       018CCA2BB2355292875D02DA11A01C39E69A
Authority key identifier: E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/4upvuXSbW0hxxb9T-C8Mww97yL0.roa
Signing time:             Tue 02 Jan 2024 12:35:10 +0000
ROA not before:           Tue 02 Jan 2024 12:35:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30898
IP address blocks:        195.168.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:b2:35:52:92:87:5d:02:da:11:a0:1c:39:e6:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7f881401abacc88c941fdf740f1ab1536f05dba
        Validity
            Not Before: Jan  2 12:35:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2ea6fb9749b5b4871c5bf53f82f0cc30f7bc8bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b3:e6:42:34:5b:ba:0e:d0:14:ae:2a:2c:10:
                    6e:69:c0:ea:bb:af:b8:ab:25:f5:b9:28:cf:32:37:
                    d4:a6:5b:0a:b9:23:49:6c:6e:c6:74:43:87:18:2c:
                    0d:16:73:61:d0:e7:f4:3d:59:83:a9:cd:f9:20:07:
                    2a:5d:96:f0:86:37:c2:7d:9f:16:b8:21:19:3e:f0:
                    07:9a:d5:d2:87:7f:99:99:db:41:2f:ba:e4:b7:a8:
                    4c:9c:0e:64:28:d4:59:7e:70:ba:05:3f:6f:78:96:
                    da:f6:25:cc:37:bd:d8:ab:2d:09:57:cd:fc:a4:8c:
                    db:6b:16:7e:c2:0d:2f:4f:78:a1:35:a0:5d:8c:bb:
                    aa:65:d9:a1:70:7c:ba:3a:c3:39:2d:cc:1b:c0:3d:
                    3b:00:30:d8:52:55:24:61:14:01:7a:4e:b1:da:32:
                    0b:ef:dc:77:ff:c7:7d:fa:7e:d7:b9:ae:4f:25:04:
                    dc:53:fc:de:a3:85:4b:18:63:58:30:d9:37:07:19:
                    91:62:46:ab:9b:21:6f:1d:78:0b:eb:1d:d3:17:c7:
                    a1:db:d4:c3:f4:c3:ce:1e:59:b0:0f:d8:ad:29:a7:
                    30:fe:3f:43:92:91:5e:a5:00:71:13:eb:be:fe:cd:
                    bb:a2:c2:14:1a:c8:de:cc:8d:50:6f:c4:11:1f:45:
                    90:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:EA:6F:B9:74:9B:5B:48:71:C5:BF:53:F8:2F:0C:C3:0F:7B:C8:BD
            X509v3 Authority Key Identifier:
                keyid:E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/4upvuXSbW0hxxb9T-C8Mww97yL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.168.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:d1:28:ba:b9:74:b7:a8:e9:36:26:76:86:48:97:5f:26:8c:
         80:f2:27:cc:0d:37:f2:03:d4:f9:16:ec:15:a9:3f:c1:78:27:
         85:20:03:5b:f1:bb:c7:1c:a2:c4:3f:fd:41:24:39:ed:7a:67:
         4e:1c:b7:2c:9f:b2:fc:4d:e7:45:57:d1:eb:01:09:67:a8:be:
         22:9d:bc:b3:96:ca:55:46:0d:a1:b7:e8:32:d8:0f:60:28:27:
         db:71:e3:7a:f3:37:22:94:fa:c2:81:5e:d0:22:11:dc:8b:db:
         a3:4f:b1:f8:e4:a1:a3:c1:02:e0:f2:e7:8b:a1:2f:b8:e9:d0:
         3f:56:e8:ba:97:b7:53:1d:4d:6e:7d:f3:fe:c5:0c:b8:0b:6d:
         af:bb:ae:70:fb:ab:ab:71:1f:ed:c2:8c:f6:a2:30:3b:96:74:
         81:59:da:94:8b:4f:ed:d9:39:28:6b:56:2e:7a:39:72:c8:03:
         2e:ae:a9:d6:5e:10:ae:de:7d:45:d9:5b:15:81:0c:c4:aa:fb:
         3c:b0:36:5f:ee:fc:44:35:d9:31:48:c6:8a:bf:b3:09:cc:dd:
         09:34:09:4e:35:b0:6b:c0:8a:e8:be:20:77:4c:50:fd:36:58:
         b3:86:16:1c:02:7a:c4:a9:d9:8b:58:bb:b3:be:a7:62:e3:b5:
         ad:3a:64:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK7I1UpKHXQLaEaAcOeaaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Zjg4MTQwMWFiYWNjODhjOTQxZmRmNzQwZjFhYjE1MzZm
MDVkYmEwHhcNMjQwMTAyMTIzNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmVhNmZiOTc0OWI1YjQ4NzFjNWJmNTNmODJmMGNjMzBmN2JjOGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7PmQjRbug7QFK4qLBBuacDqu6+4
qyX1uSjPMjfUplsKuSNJbG7GdEOHGCwNFnNh0Of0PVmDqc35IAcqXZbwhjfCfZ8W
uCEZPvAHmtXSh3+ZmdtBL7rkt6hMnA5kKNRZfnC6BT9veJba9iXMN73Yqy0JV838
pIzbaxZ+wg0vT3ihNaBdjLuqZdmhcHy6OsM5LcwbwD07ADDYUlUkYRQBek6x2jIL
79x3/8d9+n7Xua5PJQTcU/zeo4VLGGNYMNk3BxmRYkarmyFvHXgL6x3TF8eh29TD
9MPOHlmwD9itKacw/j9DkpFepQBxE+u+/s27osIUGsjezI1Qb8QRH0WQ3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOLqb7l0m1tIccW/U/gvDMMPe8i9MB8GA1UdIwQY
MBaAFOf4gUAausyIyUH990DxqxU28F26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmIt
ZTJmYmMzYTY4ODAwLzEvNHVwdnVYU2JXMGh4eGI5VC1DOE13dzk3eUwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmItZTJmYmMzYTY4ODAw
LzEvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw6jwMA0G
CSqGSIb3DQEBCwUAA4IBAQA10Si6uXS3qOk2JnaGSJdfJoyA8ifMDTfyA9T5FuwV
qT/BeCeFIANb8bvHHKLEP/1BJDntemdOHLcsn7L8TedFV9HrAQlnqL4inbyzlspV
Rg2ht+gy2A9gKCfbceN68zcilPrCgV7QIhHci9ujT7H45KGjwQLg8ueLoS+46dA/
Vui6l7dTHU1uffP+xQy4C22vu65w+6urcR/twoz2ojA7lnSBWdqUi0/t2Tkoa1Yu
ejlyyAMurqnWXhCu3n1F2VsVgQzEqvs8sDZf7vxENdkxSMaKv7MJzN0JNAlONbBr
wIroviB3TFD9NlizhhYcAnrEqdmLWLuzvqdi47WtOmSF
-----END CERTIFICATE-----