Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/9dfd11-aa51-47af-a1c8-fac904a4aab5/1/UMxWZSn3OY95xUbXnPzBNy-Ggho.roa
File:                     UMxWZSn3OY95xUbXnPzBNy-Ggho.roa (raw, json)
Hash identifier:          n+gwc/mKuCvQZFCDuAK8gMzAjCLO9fA+GBLecA8z+Ek=
Subject key identifier:   50:CC:56:65:29:F7:39:8F:79:C5:46:D7:9C:FC:C1:37:2F:86:82:1A
Certificate issuer:       /CN=f3a19407eda6db0863cdc9f18573482d6ad12098
Certificate serial:       018FECD4EADE64E5A5C83A364C77525FA402
Authority key identifier: F3:A1:94:07:ED:A6:DB:08:63:CD:C9:F1:85:73:48:2D:6A:D1:20:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/86GUB-2m2whjzcnxhXNILWrRIJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/9dfd11-aa51-47af-a1c8-fac904a4aab5/1/UMxWZSn3OY95xUbXnPzBNy-Ggho.roa
Signing time:             Thu 06 Jun 2024 09:15:27 +0000
ROA not before:           Thu 06 Jun 2024 09:15:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29019
IP address blocks:        195.47.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/9dfd11-aa51-47af-a1c8-fac904a4aab5/1/86GUB-2m2whjzcnxhXNILWrRIJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/9dfd11-aa51-47af-a1c8-fac904a4aab5/1/86GUB-2m2whjzcnxhXNILWrRIJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/86GUB-2m2whjzcnxhXNILWrRIJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ec:d4:ea:de:64:e5:a5:c8:3a:36:4c:77:52:5f:a4:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3a19407eda6db0863cdc9f18573482d6ad12098
        Validity
            Not Before: Jun  6 09:15:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50cc566529f7398f79c546d79cfcc1372f86821a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:ce:1f:d3:7b:20:73:98:ce:67:24:13:35:70:
                    cc:0d:cb:25:1a:b5:1a:62:da:b2:bf:69:27:ba:54:
                    b4:a7:5c:e8:72:d9:ed:98:bd:48:33:d9:f9:89:f5:
                    6a:38:a0:2d:4e:65:9d:ff:fb:49:cc:3d:5a:9e:3d:
                    94:e3:72:b4:00:17:2d:9b:a6:c0:80:7d:04:9c:c3:
                    e0:4b:7c:bb:d5:12:7e:a0:d9:bc:fe:45:f2:40:17:
                    da:0d:c7:d7:22:11:e0:a7:4b:21:2f:01:a1:b0:e5:
                    d3:2a:aa:29:81:40:23:13:44:c4:49:57:dd:92:bb:
                    1c:25:3d:c7:75:6c:14:b0:89:ad:c8:cd:4b:ff:b8:
                    e0:0f:36:6b:81:f4:7b:fc:a3:69:11:3e:47:41:96:
                    d2:03:ca:a0:48:24:40:47:06:74:6b:4c:a4:01:43:
                    cd:c8:ca:26:02:79:83:09:c7:62:87:b7:50:27:51:
                    9c:67:04:ad:2e:78:98:a8:59:2b:9c:35:65:80:31:
                    f6:66:86:44:36:2b:a0:4f:4a:15:2a:4d:cc:76:1f:
                    d9:e2:a6:03:96:4b:4f:57:0d:17:dd:78:b4:3d:ab:
                    bd:da:51:6d:ae:94:43:d8:2c:00:57:8e:72:f0:35:
                    e4:17:1e:61:90:ad:b3:03:a9:5d:1e:10:58:55:86:
                    34:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:CC:56:65:29:F7:39:8F:79:C5:46:D7:9C:FC:C1:37:2F:86:82:1A
            X509v3 Authority Key Identifier:
                keyid:F3:A1:94:07:ED:A6:DB:08:63:CD:C9:F1:85:73:48:2D:6A:D1:20:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/86GUB-2m2whjzcnxhXNILWrRIJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/9dfd11-aa51-47af-a1c8-fac904a4aab5/1/UMxWZSn3OY95xUbXnPzBNy-Ggho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/9dfd11-aa51-47af-a1c8-fac904a4aab5/1/86GUB-2m2whjzcnxhXNILWrRIJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.47.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:63:b6:0f:19:93:a5:93:56:d7:bf:7f:0f:4d:9c:23:05:ac:
         18:6e:3d:f0:80:0c:be:4b:43:b6:83:62:e5:37:b9:e5:ea:ea:
         3f:25:93:0e:5e:10:0b:3f:c4:75:d7:a2:ab:85:d7:06:54:a4:
         72:39:18:c8:bf:54:8a:5a:5f:b1:f4:c5:f7:47:98:90:a2:46:
         77:d6:fa:08:9a:05:bf:65:c0:6b:ed:be:f8:0e:f2:64:62:a2:
         55:9b:0d:8b:f6:f0:e8:ae:13:43:19:5c:96:d4:50:30:ed:93:
         7c:96:5e:ad:67:79:59:18:83:bc:a0:18:b7:a1:1d:fc:d0:2b:
         f5:c8:f5:32:e5:fc:de:3b:4f:ce:cd:43:7e:ee:74:9d:2a:06:
         ff:23:9f:40:b9:7c:85:2c:87:35:2c:32:80:df:87:5d:02:07:
         06:50:0e:30:b7:fa:fe:c7:b3:36:bf:ee:8d:12:a8:b2:7d:98:
         c2:c8:6e:c5:c9:19:2d:0a:4e:c8:05:78:27:4d:c8:98:18:8b:
         06:a9:6c:5d:f2:c1:90:ea:c1:48:4b:ad:16:72:a5:e7:a0:7c:
         fe:72:62:88:93:8d:d3:f3:d4:37:71:9b:4b:29:6a:67:60:b3:
         c7:fa:0d:ea:62:c3:f3:ba:44:d1:d7:59:cb:60:e4:43:52:3b:
         17:c1:d6:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/s1OreZOWlyDo2THdSX6QCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYTE5NDA3ZWRhNmRiMDg2M2NkYzlmMTg1NzM0ODJkNmFk
MTIwOTgwHhcNMjQwNjA2MDkxNTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGNjNTY2NTI5ZjczOThmNzljNTQ2ZDc5Y2ZjYzEzNzJmODY4MjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1s4f03sgc5jOZyQTNXDMDcslGrUa
Ytqyv2knulS0p1zoctntmL1IM9n5ifVqOKAtTmWd//tJzD1anj2U43K0ABctm6bA
gH0EnMPgS3y71RJ+oNm8/kXyQBfaDcfXIhHgp0shLwGhsOXTKqopgUAjE0TESVfd
krscJT3HdWwUsImtyM1L/7jgDzZrgfR7/KNpET5HQZbSA8qgSCRARwZ0a0ykAUPN
yMomAnmDCcdih7dQJ1GcZwStLniYqFkrnDVlgDH2ZoZENiugT0oVKk3Mdh/Z4qYD
lktPVw0X3Xi0Pau92lFtrpRD2CwAV45y8DXkFx5hkK2zA6ldHhBYVYY0nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDMVmUp9zmPecVG15z8wTcvhoIaMB8GA1UdIwQY
MBaAFPOhlAftptsIY83J8YVzSC1q0SCYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODZHVUItMm0yd2hqemNueGhYTklMV3JSSUpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi85ZGZkMTEtYWE1MS00N2FmLWExYzgt
ZmFjOTA0YTRhYWI1LzEvVU14V1pTbjNPWTk1eFViWG5QekJOeS1HZ2hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi85ZGZkMTEtYWE1MS00N2FmLWExYzgtZmFjOTA0YTRhYWI1
LzEvODZHVUItMm0yd2hqemNueGhYTklMV3JSSUpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwy/tMA0G
CSqGSIb3DQEBCwUAA4IBAQBBY7YPGZOlk1bXv38PTZwjBawYbj3wgAy+S0O2g2Ll
N7nl6uo/JZMOXhALP8R116KrhdcGVKRyORjIv1SKWl+x9MX3R5iQokZ31voImgW/
ZcBr7b74DvJkYqJVmw2L9vDorhNDGVyW1FAw7ZN8ll6tZ3lZGIO8oBi3oR380Cv1
yPUy5fzeO0/OzUN+7nSdKgb/I59AuXyFLIc1LDKA34ddAgcGUA4wt/r+x7M2v+6N
EqiyfZjCyG7FyRktCk7IBXgnTciYGIsGqWxd8sGQ6sFIS60WcqXnoHz+cmKIk43T
89Q3cZtLKWpnYLPH+g3qYsPzukTR11nLYORDUjsXwdYE
-----END CERTIFICATE-----