Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/30b2aa-2467-4a62-b123-23fffae2cfc5/1/i73HZ1CAlKJPuQnm9gipHXuvjew.roa
File:                     i73HZ1CAlKJPuQnm9gipHXuvjew.roa (raw, json)
Hash identifier:          mMzTlZqVqUitWxd9ITfdPvbirOA0F5VCf6bIW9IfVec=
Subject key identifier:   8B:BD:C7:67:50:80:94:A2:4F:B9:09:E6:F6:08:A9:1D:7B:AF:8D:EC
Certificate issuer:       /CN=7dbccd4a9b22e2995f6fca554cfd494e421e565e
Certificate serial:       018CC64B3D85124621A1EDE3020DA1188888
Authority key identifier: 7D:BC:CD:4A:9B:22:E2:99:5F:6F:CA:55:4C:FD:49:4E:42:1E:56:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fbzNSpsi4plfb8pVTP1JTkIeVl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/30b2aa-2467-4a62-b123-23fffae2cfc5/1/i73HZ1CAlKJPuQnm9gipHXuvjew.roa
Signing time:             Mon 01 Jan 2024 18:31:08 +0000
ROA not before:           Mon 01 Jan 2024 18:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24940
IP address blocks:        195.96.156.0/24 maxlen: 24
                          2a12:e00::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/30b2aa-2467-4a62-b123-23fffae2cfc5/1/fbzNSpsi4plfb8pVTP1JTkIeVl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/30b2aa-2467-4a62-b123-23fffae2cfc5/1/fbzNSpsi4plfb8pVTP1JTkIeVl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fbzNSpsi4plfb8pVTP1JTkIeVl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 10:03:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:3d:85:12:46:21:a1:ed:e3:02:0d:a1:18:88:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dbccd4a9b22e2995f6fca554cfd494e421e565e
        Validity
            Not Before: Jan  1 18:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bbdc767508094a24fb909e6f608a91d7baf8dec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:8d:9f:08:0a:6f:12:4a:18:6c:8b:3c:58:1f:
                    ba:3c:96:0d:80:4e:e1:ce:64:66:63:ca:45:bf:93:
                    24:ac:8a:54:1e:55:7c:f4:7c:fc:5a:ee:b8:0a:f2:
                    4f:28:e0:d0:fa:b8:18:f6:e9:ce:01:16:f8:78:33:
                    92:6d:1e:c9:2f:c2:f9:3d:8f:ee:b4:b4:46:ac:bf:
                    77:2a:06:b3:33:05:b4:5e:21:dc:e3:f3:39:09:86:
                    e4:20:97:36:28:1f:95:9a:5d:ba:13:74:f8:98:5e:
                    05:10:85:a2:42:10:7e:15:6e:ad:32:e0:3c:c1:f5:
                    a3:cc:a5:88:fa:6c:a5:c9:34:61:8a:ea:51:a1:ce:
                    bc:42:eb:14:d6:30:8c:ff:fd:29:53:ac:d5:ea:b2:
                    a1:20:8d:65:f9:70:da:61:14:25:17:e8:b4:73:52:
                    52:6b:43:7b:ea:cf:e9:ea:67:48:3d:9d:66:3e:86:
                    b8:76:93:78:6d:1e:43:5f:c6:03:2c:8a:e5:0f:a6:
                    be:c6:63:8b:3f:66:63:cd:15:35:95:83:14:a3:c3:
                    f8:0e:3d:e3:ee:26:5a:fb:cd:dc:0b:ae:5b:eb:12:
                    16:12:a5:40:bd:c4:7b:b7:78:33:b1:69:ac:04:b5:
                    65:6a:01:dd:3d:1b:24:67:e0:1f:b6:e2:ee:e8:e5:
                    4c:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:BD:C7:67:50:80:94:A2:4F:B9:09:E6:F6:08:A9:1D:7B:AF:8D:EC
            X509v3 Authority Key Identifier:
                keyid:7D:BC:CD:4A:9B:22:E2:99:5F:6F:CA:55:4C:FD:49:4E:42:1E:56:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fbzNSpsi4plfb8pVTP1JTkIeVl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/30b2aa-2467-4a62-b123-23fffae2cfc5/1/i73HZ1CAlKJPuQnm9gipHXuvjew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/30b2aa-2467-4a62-b123-23fffae2cfc5/1/fbzNSpsi4plfb8pVTP1JTkIeVl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.156.0/24
                IPv6:
                  2a12:e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:36:6e:22:84:c9:03:4e:2b:58:79:de:6b:01:06:f8:aa:2b:
         a9:4b:45:a5:4d:da:16:7a:42:02:08:ec:a1:3a:30:19:7f:78:
         13:97:fa:63:61:b6:4e:51:40:a9:37:f1:63:d5:e4:21:d0:3a:
         5c:32:cb:ad:eb:48:82:f4:43:23:d8:2b:74:bc:ec:e6:b6:c9:
         7a:0f:03:14:87:cd:f4:fd:5c:e5:27:8a:e6:8a:45:c6:1f:f1:
         90:79:e0:37:c2:0d:c4:b4:97:3f:19:88:39:35:32:d9:e3:76:
         4c:2b:d7:17:ed:a1:81:fe:d6:24:f6:51:61:a9:eb:dd:5c:4b:
         9e:42:28:5c:8c:a5:cb:95:21:64:70:43:52:da:b9:d9:da:12:
         5e:b7:36:5a:aa:c8:8a:33:3e:a1:29:16:5c:02:9c:3f:cb:37:
         56:38:14:5c:a8:06:61:29:69:1e:67:a9:9d:df:72:c6:78:61:
         c9:dd:43:59:3d:5a:46:72:e1:3f:32:b8:2f:ec:6c:43:7a:25:
         d7:77:20:e2:dd:86:09:fb:68:af:30:49:e7:1f:fb:34:6d:49:
         94:c4:98:a5:1a:06:98:5d:06:54:45:64:5e:f4:c5:bb:dc:89:
         17:44:26:cc:13:d7:ff:9c:c5:f4:bd:e4:b6:f6:c6:78:ce:40:
         77:e0:1e:7b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSz2FEkYhoe3jAg2hGIiIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYmNjZDRhOWIyMmUyOTk1ZjZmY2E1NTRjZmQ0OTRlNDIx
ZTU2NWUwHhcNMjQwMTAxMTgzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmJkYzc2NzUwODA5NGEyNGZiOTA5ZTZmNjA4YTkxZDdiYWY4ZGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk42fCApvEkoYbIs8WB+6PJYNgE7h
zmRmY8pFv5MkrIpUHlV89Hz8Wu64CvJPKODQ+rgY9unOARb4eDOSbR7JL8L5PY/u
tLRGrL93KgazMwW0XiHc4/M5CYbkIJc2KB+Vml26E3T4mF4FEIWiQhB+FW6tMuA8
wfWjzKWI+mylyTRhiupRoc68QusU1jCM//0pU6zV6rKhII1l+XDaYRQlF+i0c1JS
a0N76s/p6mdIPZ1mPoa4dpN4bR5DX8YDLIrlD6a+xmOLP2ZjzRU1lYMUo8P4Dj3j
7iZa+83cC65b6xIWEqVAvcR7t3gzsWmsBLVlagHdPRskZ+AftuLu6OVMXQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIu9x2dQgJSiT7kJ5vYIqR17r43sMB8GA1UdIwQY
MBaAFH28zUqbIuKZX2/KVUz9SU5CHlZeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmJ6TlNwc2k0cGxmYjhwVlRQMUpUa0llVmw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zMGIyYWEtMjQ2Ny00YTYyLWIxMjMt
MjNmZmZhZTJjZmM1LzEvaTczSFoxQ0FsS0pQdVFubTlnaXBIWHV2amV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zMGIyYWEtMjQ2Ny00YTYyLWIxMjMtMjNmZmZhZTJjZmM1
LzEvZmJ6TlNwc2k0cGxmYjhwVlRQMUpUa0llVmw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw2CcMA0E
AgACMAcDBQMqEg4AMA0GCSqGSIb3DQEBCwUAA4IBAQA7Nm4ihMkDTitYed5rAQb4
qiupS0WlTdoWekICCOyhOjAZf3gTl/pjYbZOUUCpN/Fj1eQh0DpcMsut60iC9EMj
2Ct0vOzmtsl6DwMUh830/VzlJ4rmikXGH/GQeeA3wg3EtJc/GYg5NTLZ43ZMK9cX
7aGB/tYk9lFhqevdXEueQihcjKXLlSFkcENS2rnZ2hJetzZaqsiKMz6hKRZcApw/
yzdWOBRcqAZhKWkeZ6md33LGeGHJ3UNZPVpGcuE/Mrgv7GxDeiXXdyDi3YYJ+2iv
MEnnH/s0bUmUxJilGgaYXQZURWRe9MW73IkXRCbME9f/nMX0veS29sZ4zkB34B57
-----END CERTIFICATE-----