Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/7fdfea-be70-42a3-8a47-d5a0b098df34/1/h2PKVziHgjbPzvExGjakfQE76A8.roa
File:                     h2PKVziHgjbPzvExGjakfQE76A8.roa (raw, json)
Hash identifier:          jdQ4IFNE4ICdVJAkwBK7pSN43833tJMcRY9MVnppBd8=
Subject key identifier:   87:63:CA:57:38:87:82:36:CF:CE:F1:31:1A:36:A4:7D:01:3B:E8:0F
Certificate issuer:       /CN=6eb93dbc01bcec3a4b988e8f8d5330a5a2fc4a68
Certificate serial:       018CC8714D26B431C67B86579A48369D5DBF
Authority key identifier: 6E:B9:3D:BC:01:BC:EC:3A:4B:98:8E:8F:8D:53:30:A5:A2:FC:4A:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/brk9vAG87DpLmI6PjVMwpaL8Smg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/7fdfea-be70-42a3-8a47-d5a0b098df34/1/h2PKVziHgjbPzvExGjakfQE76A8.roa
Signing time:             Tue 02 Jan 2024 04:31:57 +0000
ROA not before:           Tue 02 Jan 2024 04:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199132
IP address blocks:        195.234.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/7fdfea-be70-42a3-8a47-d5a0b098df34/1/brk9vAG87DpLmI6PjVMwpaL8Smg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/7fdfea-be70-42a3-8a47-d5a0b098df34/1/brk9vAG87DpLmI6PjVMwpaL8Smg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/brk9vAG87DpLmI6PjVMwpaL8Smg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:4d:26:b4:31:c6:7b:86:57:9a:48:36:9d:5d:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6eb93dbc01bcec3a4b988e8f8d5330a5a2fc4a68
        Validity
            Not Before: Jan  2 04:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8763ca5738878236cfcef1311a36a47d013be80f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:cb:ff:40:00:2e:aa:89:65:d8:5f:1b:18:79:
                    30:60:31:f0:62:c6:be:62:65:91:5f:ae:b0:f3:fb:
                    e5:d1:e8:c9:56:1d:03:bf:7c:8b:77:93:a4:f8:46:
                    05:91:c9:61:1b:b1:7c:1e:bd:64:60:d7:23:42:46:
                    89:9c:16:40:91:7d:30:7b:fb:c6:dd:8e:29:19:fb:
                    ff:56:c3:3d:3b:a0:84:8e:c2:09:8c:e3:ea:fa:ec:
                    09:b4:1f:ec:7c:01:a0:c4:63:6e:4a:67:97:bc:c5:
                    7d:7f:d5:66:1a:bf:bb:86:41:d0:6f:42:9b:a3:5c:
                    6b:64:69:d9:88:91:de:6d:41:91:34:01:a3:a3:7d:
                    f2:d7:4c:ec:10:9c:49:5f:43:3c:01:f4:21:02:e7:
                    06:f7:25:9b:78:3a:4c:06:e8:72:07:c2:c9:a9:4d:
                    fb:8f:9e:80:3a:62:a7:86:08:75:5c:54:4c:c3:f7:
                    a3:0d:bb:63:de:3a:60:12:84:23:87:bc:4f:fb:6a:
                    dd:00:ba:3c:e1:54:ec:b5:74:12:11:d3:95:ed:05:
                    96:7e:d9:1e:2f:01:7a:ff:41:89:53:9e:a4:45:f6:
                    4b:af:5b:62:bc:ac:b6:30:4f:6f:52:94:44:da:b5:
                    11:e1:5f:88:50:95:76:3f:c6:e9:e0:a9:5c:22:48:
                    bd:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:63:CA:57:38:87:82:36:CF:CE:F1:31:1A:36:A4:7D:01:3B:E8:0F
            X509v3 Authority Key Identifier:
                keyid:6E:B9:3D:BC:01:BC:EC:3A:4B:98:8E:8F:8D:53:30:A5:A2:FC:4A:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/brk9vAG87DpLmI6PjVMwpaL8Smg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/7fdfea-be70-42a3-8a47-d5a0b098df34/1/h2PKVziHgjbPzvExGjakfQE76A8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/7fdfea-be70-42a3-8a47-d5a0b098df34/1/brk9vAG87DpLmI6PjVMwpaL8Smg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:c6:b7:57:fa:a0:2c:2e:e7:21:2c:ed:2a:02:3d:55:f0:9a:
         42:43:20:0f:4e:14:72:ee:5f:b0:5a:86:e0:d6:ee:26:56:b0:
         a1:8a:3d:da:26:d1:e5:1e:9c:b0:7e:37:b3:76:85:e0:ff:04:
         fe:4e:0f:b6:b0:cc:85:42:84:a1:0a:f3:54:15:c7:0e:fd:b0:
         1a:f0:b5:fd:2f:7a:b0:16:2f:03:43:f3:80:43:a0:b2:f4:44:
         9f:e9:13:51:8d:c0:7f:b0:ec:7f:60:40:ac:c0:01:c0:1d:98:
         b0:85:84:7d:ff:64:bd:e5:f6:1f:12:ce:df:27:32:71:67:e9:
         71:a0:bf:18:f3:12:e4:1e:f5:79:e2:fd:9f:02:f5:79:1d:72:
         70:a9:10:23:b4:72:9b:52:1f:cc:66:e2:a2:48:84:2b:2f:9c:
         39:e5:0e:6c:2b:37:de:50:69:b5:e2:ad:46:7b:2b:30:47:90:
         59:e1:0b:f1:58:56:6f:7c:85:a3:83:d2:76:74:d8:07:28:0b:
         82:4b:f2:d9:a1:ed:35:71:e7:e3:b6:4c:27:0b:99:e3:f4:53:
         73:26:74:44:9e:0d:0e:a1:e2:f8:bf:32:e3:12:d1:b6:e0:6f:
         40:1a:fa:ea:c2:71:dc:a8:89:74:d3:f2:49:58:21:35:c8:1f:
         5f:25:9e:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcU0mtDHGe4ZXmkg2nV2/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYjkzZGJjMDFiY2VjM2E0Yjk4OGU4ZjhkNTMzMGE1YTJm
YzRhNjgwHhcNMjQwMTAyMDQzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzYzY2E1NzM4ODc4MjM2Y2ZjZWYxMzExYTM2YTQ3ZDAxM2JlODBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMv/QAAuqoll2F8bGHkwYDHwYsa+
YmWRX66w8/vl0ejJVh0Dv3yLd5Ok+EYFkclhG7F8Hr1kYNcjQkaJnBZAkX0we/vG
3Y4pGfv/VsM9O6CEjsIJjOPq+uwJtB/sfAGgxGNuSmeXvMV9f9VmGr+7hkHQb0Kb
o1xrZGnZiJHebUGRNAGjo33y10zsEJxJX0M8AfQhAucG9yWbeDpMBuhyB8LJqU37
j56AOmKnhgh1XFRMw/ejDbtj3jpgEoQjh7xP+2rdALo84VTstXQSEdOV7QWWftke
LwF6/0GJU56kRfZLr1tivKy2ME9vUpRE2rUR4V+IUJV2P8bp4KlcIki97QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIdjylc4h4I2z87xMRo2pH0BO+gPMB8GA1UdIwQY
MBaAFG65PbwBvOw6S5iOj41TMKWi/EpoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnJrOXZBRzg3RHBMbUk2UGpWTXdwYUw4U21nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC83ZmRmZWEtYmU3MC00MmEzLThhNDct
ZDVhMGIwOThkZjM0LzEvaDJQS1Z6aUhnamJQenZFeEdqYWtmUUU3NkE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC83ZmRmZWEtYmU3MC00MmEzLThhNDctZDVhMGIwOThkZjM0
LzEvYnJrOXZBRzg3RHBMbUk2UGpWTXdwYUw4U21nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+qKMA0G
CSqGSIb3DQEBCwUAA4IBAQCQxrdX+qAsLuchLO0qAj1V8JpCQyAPThRy7l+wWobg
1u4mVrChij3aJtHlHpywfjezdoXg/wT+Tg+2sMyFQoShCvNUFccO/bAa8LX9L3qw
Fi8DQ/OAQ6Cy9ESf6RNRjcB/sOx/YECswAHAHZiwhYR9/2S95fYfEs7fJzJxZ+lx
oL8Y8xLkHvV54v2fAvV5HXJwqRAjtHKbUh/MZuKiSIQrL5w55Q5sKzfeUGm14q1G
eyswR5BZ4QvxWFZvfIWjg9J2dNgHKAuCS/LZoe01cefjtkwnC5nj9FNzJnREng0O
oeL4vzLjEtG24G9AGvrqwnHcqIl00/JJWCE1yB9fJZ42
-----END CERTIFICATE-----