Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/393cbe-08a4-432e-97f6-e655439f6955/1/9C4azNGcGePgrGjcrPNsTkKfT2A.roa
File:                     9C4azNGcGePgrGjcrPNsTkKfT2A.roa (raw, json)
Hash identifier:          nfIbyaum1avHaTcy31VeNVb80QUTWFdV7bNE6Vriltg=
Subject key identifier:   F4:2E:1A:CC:D1:9C:19:E3:E0:AC:68:DC:AC:F3:6C:4E:42:9F:4F:60
Certificate issuer:       /CN=9e979548ab0a7e37f872766994613a149c509103
Certificate serial:       018ED7974D7200A9194709894A326725269D
Authority key identifier: 9E:97:95:48:AB:0A:7E:37:F8:72:76:69:94:61:3A:14:9C:50:91:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npeVSKsKfjf4cnZplGE6FJxQkQM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/393cbe-08a4-432e-97f6-e655439f6955/1/9C4azNGcGePgrGjcrPNsTkKfT2A.roa
Signing time:             Sat 13 Apr 2024 13:13:20 +0000
ROA not before:           Sat 13 Apr 2024 13:13:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20668
IP address blocks:        195.189.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/393cbe-08a4-432e-97f6-e655439f6955/1/npeVSKsKfjf4cnZplGE6FJxQkQM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/393cbe-08a4-432e-97f6-e655439f6955/1/npeVSKsKfjf4cnZplGE6FJxQkQM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npeVSKsKfjf4cnZplGE6FJxQkQM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d7:97:4d:72:00:a9:19:47:09:89:4a:32:67:25:26:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e979548ab0a7e37f872766994613a149c509103
        Validity
            Not Before: Apr 13 13:13:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f42e1accd19c19e3e0ac68dcacf36c4e429f4f60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:10:fc:b4:68:3e:93:18:7c:8d:bc:c9:3a:06:
                    04:2f:8b:58:07:82:61:0e:4f:58:ec:76:69:35:e1:
                    f8:48:c6:4e:d3:0a:5d:86:00:54:c0:3c:7e:22:be:
                    c9:3d:68:2b:3d:dc:77:60:3b:57:2e:32:ed:58:29:
                    b6:30:a7:6e:1f:70:95:ae:c4:ee:e4:39:f7:22:a8:
                    6c:08:11:e1:8e:45:f3:d8:d7:5b:aa:f3:42:0c:34:
                    99:c1:a9:b6:84:c5:f1:3f:3d:de:e3:f0:36:06:aa:
                    fd:fa:2a:33:2d:95:b7:f6:69:ed:b0:99:18:b1:67:
                    6e:72:21:b6:a9:1e:34:81:82:95:84:c2:54:45:94:
                    1d:fc:b4:35:38:d5:78:62:0b:bd:ca:53:2f:f5:57:
                    aa:2f:c5:08:6c:07:a1:a2:ec:da:82:fe:68:f7:95:
                    8d:9d:fb:b4:7e:0a:00:13:fd:c1:2f:69:f5:13:a2:
                    6b:59:85:9a:33:30:c8:3d:86:88:c0:a9:d7:41:5d:
                    bf:d9:9b:cb:34:90:55:2b:f7:09:41:c1:c7:2b:88:
                    01:1b:81:4f:00:41:8d:00:38:eb:74:3e:64:f0:1f:
                    01:7a:47:d1:09:42:1f:4c:55:35:9b:73:10:c7:65:
                    00:a8:c4:30:32:15:75:77:f9:4d:dc:e2:e7:9e:83:
                    32:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:2E:1A:CC:D1:9C:19:E3:E0:AC:68:DC:AC:F3:6C:4E:42:9F:4F:60
            X509v3 Authority Key Identifier:
                keyid:9E:97:95:48:AB:0A:7E:37:F8:72:76:69:94:61:3A:14:9C:50:91:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npeVSKsKfjf4cnZplGE6FJxQkQM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/393cbe-08a4-432e-97f6-e655439f6955/1/9C4azNGcGePgrGjcrPNsTkKfT2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/393cbe-08a4-432e-97f6-e655439f6955/1/npeVSKsKfjf4cnZplGE6FJxQkQM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.189.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:2c:2e:09:2d:14:03:18:f8:d1:e1:32:a4:62:ca:9b:f8:a0:
         7a:c2:4f:ae:6b:6c:ef:4b:3b:d0:50:79:26:0b:54:ed:15:27:
         dc:f1:1d:6f:48:57:e8:b7:26:5a:32:db:8b:cf:9d:54:7d:e9:
         fc:66:3e:1e:42:05:6d:93:e6:6a:ab:49:a7:ee:d7:4b:2b:b5:
         cf:f3:5a:1c:46:91:82:9e:88:38:8c:20:db:77:96:4a:a8:b2:
         1a:e0:ba:53:8c:c8:9a:6c:e9:27:1c:28:94:e1:c7:c9:31:62:
         0e:fc:cf:ca:31:a2:63:9b:c0:b1:6a:fe:43:02:73:d8:51:5d:
         8c:a7:9f:c1:4b:8d:90:2d:1b:0b:cf:98:6b:73:e2:db:42:e2:
         ce:21:8f:bb:2c:ec:b6:3f:29:92:85:cc:7f:85:43:83:56:c8:
         f4:5c:f8:ba:f4:da:8c:a4:b2:e2:16:72:75:c5:28:08:fe:50:
         1b:7d:ec:97:7d:77:93:9e:5f:09:ab:83:ad:1f:0e:48:0d:3c:
         3a:57:53:16:59:b6:91:5c:b1:fe:df:fc:0d:b2:c7:27:27:34:
         5d:fc:0e:1e:ef:cd:49:90:98:3b:df:ea:78:89:ec:12:39:5e:
         c0:fc:70:da:4d:03:56:ac:a5:a4:3a:13:a9:fc:2e:17:15:f0:
         7a:85:cb:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7Xl01yAKkZRwmJSjJnJSadMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTc5NTQ4YWIwYTdlMzdmODcyNzY2OTk0NjEzYTE0OWM1
MDkxMDMwHhcNMjQwNDEzMTMxMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDJlMWFjY2QxOWMxOWUzZTBhYzY4ZGNhY2YzNmM0ZTQyOWY0ZjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBD8tGg+kxh8jbzJOgYEL4tYB4Jh
Dk9Y7HZpNeH4SMZO0wpdhgBUwDx+Ir7JPWgrPdx3YDtXLjLtWCm2MKduH3CVrsTu
5Dn3IqhsCBHhjkXz2NdbqvNCDDSZwam2hMXxPz3e4/A2Bqr9+iozLZW39mntsJkY
sWduciG2qR40gYKVhMJURZQd/LQ1ONV4Ygu9ylMv9VeqL8UIbAehouzagv5o95WN
nfu0fgoAE/3BL2n1E6JrWYWaMzDIPYaIwKnXQV2/2ZvLNJBVK/cJQcHHK4gBG4FP
AEGNADjrdD5k8B8BekfRCUIfTFU1m3MQx2UAqMQwMhV1d/lN3OLnnoMy/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPQuGszRnBnj4Kxo3KzzbE5Cn09gMB8GA1UdIwQY
MBaAFJ6XlUirCn43+HJ2aZRhOhScUJEDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBlVlNLc0tmamY0Y25acGxHRTZGSnhRa1FNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8zOTNjYmUtMDhhNC00MzJlLTk3ZjYt
ZTY1NTQzOWY2OTU1LzEvOUM0YXpOR2NHZVBnckdqY3JQTnNUa0tmVDJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8zOTNjYmUtMDhhNC00MzJlLTk3ZjYtZTY1NTQzOWY2OTU1
LzEvbnBlVlNLc0tmamY0Y25acGxHRTZGSnhRa1FNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw730MA0G
CSqGSIb3DQEBCwUAA4IBAQA/LC4JLRQDGPjR4TKkYsqb+KB6wk+ua2zvSzvQUHkm
C1TtFSfc8R1vSFfotyZaMtuLz51Ufen8Zj4eQgVtk+Zqq0mn7tdLK7XP81ocRpGC
nog4jCDbd5ZKqLIa4LpTjMiabOknHCiU4cfJMWIO/M/KMaJjm8Cxav5DAnPYUV2M
p5/BS42QLRsLz5hrc+LbQuLOIY+7LOy2PymShcx/hUODVsj0XPi69NqMpLLiFnJ1
xSgI/lAbfeyXfXeTnl8Jq4OtHw5IDTw6V1MWWbaRXLH+3/wNsscnJzRd/A4e781J
kJg73+p4iewSOV7A/HDaTQNWrKWkOhOp/C4XFfB6hcuA
-----END CERTIFICATE-----