Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/74d7cd-04e1-49d8-aad9-82043b9e4f71/1/Ijb7ewZkl2hVFyH5GTkO4bvyVqY.roa
File:                     Ijb7ewZkl2hVFyH5GTkO4bvyVqY.roa (raw, json)
Hash identifier:          R1SDmgRI5uJrWBZPhkpQD77+gcgaPztsatuenvfxmEI=
Subject key identifier:   22:36:FB:7B:06:64:97:68:55:17:21:F9:19:39:0E:E1:BB:F2:56:A6
Certificate issuer:       /CN=710068d5bf1bffd79174e37501bfa17f917b313d
Certificate serial:       018CC725E690D5BA6DAFB5790DB6D05F0C1D
Authority key identifier: 71:00:68:D5:BF:1B:FF:D7:91:74:E3:75:01:BF:A1:7F:91:7B:31:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cQBo1b8b_9eRdON1Ab-hf5F7MT0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/74d7cd-04e1-49d8-aad9-82043b9e4f71/1/Ijb7ewZkl2hVFyH5GTkO4bvyVqY.roa
Signing time:             Mon 01 Jan 2024 22:29:58 +0000
ROA not before:           Mon 01 Jan 2024 22:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199116
IP address blocks:        195.14.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/74d7cd-04e1-49d8-aad9-82043b9e4f71/1/cQBo1b8b_9eRdON1Ab-hf5F7MT0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/74d7cd-04e1-49d8-aad9-82043b9e4f71/1/cQBo1b8b_9eRdON1Ab-hf5F7MT0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cQBo1b8b_9eRdON1Ab-hf5F7MT0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:e6:90:d5:ba:6d:af:b5:79:0d:b6:d0:5f:0c:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=710068d5bf1bffd79174e37501bfa17f917b313d
        Validity
            Not Before: Jan  1 22:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2236fb7b06649768551721f919390ee1bbf256a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c3:2c:2e:dc:b3:5e:99:09:7b:ca:ff:41:16:
                    52:d3:6f:2b:d6:d2:2b:05:a3:31:6a:56:61:e0:4c:
                    49:52:a4:98:77:59:0d:e9:4c:d8:66:29:fc:0c:f3:
                    c2:77:93:c0:23:7a:d0:54:71:f7:f1:d3:4e:97:b5:
                    c5:d5:fa:c7:87:e4:0f:91:93:92:39:f9:47:1c:bf:
                    8d:3a:61:d8:c4:27:ff:a2:07:99:c3:35:24:4a:d3:
                    c6:30:07:52:9b:ab:a6:e3:bc:cd:ed:73:1d:49:52:
                    9a:52:26:45:b6:95:f1:37:1c:62:5c:50:f4:a2:ac:
                    f3:7c:a6:09:63:10:27:82:e9:c4:24:cd:1b:de:03:
                    7e:90:2e:43:34:66:9f:54:2a:57:d6:c1:81:1d:ae:
                    7d:32:c4:c2:e9:4f:f2:96:21:b0:14:e7:ed:0e:33:
                    e0:5b:7e:5b:44:a2:8b:c8:16:6d:9f:18:f3:eb:b8:
                    bc:e0:9c:70:db:18:7b:d2:ce:ca:10:4b:a5:25:c9:
                    ca:8e:58:10:1b:2e:86:01:a9:f3:4b:1b:58:4a:05:
                    71:43:3b:de:a8:17:d1:72:93:5f:b3:a4:52:fc:d0:
                    38:fe:89:75:24:e8:f1:84:5b:19:fb:13:65:8f:12:
                    ff:6e:5c:00:f4:e4:56:4a:3b:c1:a2:08:8b:7d:aa:
                    98:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:36:FB:7B:06:64:97:68:55:17:21:F9:19:39:0E:E1:BB:F2:56:A6
            X509v3 Authority Key Identifier:
                keyid:71:00:68:D5:BF:1B:FF:D7:91:74:E3:75:01:BF:A1:7F:91:7B:31:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cQBo1b8b_9eRdON1Ab-hf5F7MT0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/74d7cd-04e1-49d8-aad9-82043b9e4f71/1/Ijb7ewZkl2hVFyH5GTkO4bvyVqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/74d7cd-04e1-49d8-aad9-82043b9e4f71/1/cQBo1b8b_9eRdON1Ab-hf5F7MT0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.14.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:7b:04:e8:c3:c2:ac:16:8a:7c:c9:09:0b:8d:5a:89:ab:d7:
         09:29:1e:b5:60:7b:11:1b:b2:14:1e:94:ad:82:ce:21:ef:80:
         7b:c4:b6:ff:95:6d:40:3c:7b:88:44:27:3b:27:aa:96:10:8e:
         ba:8e:89:89:1d:ae:1d:0a:c2:57:dc:02:cd:9c:2f:59:c6:aa:
         8f:26:bf:81:9d:d5:c7:d3:14:72:f4:96:35:8a:44:b8:3d:50:
         31:db:3a:e2:39:4d:28:c7:29:3d:4e:24:e8:d0:96:39:99:43:
         04:d3:e0:45:3c:29:3f:60:66:ca:c2:25:86:59:8f:9e:d2:a3:
         8e:fb:37:4b:bf:96:c8:51:d8:fc:19:3e:ae:60:19:a4:af:2d:
         2b:7f:0f:03:84:11:37:9b:eb:ed:44:51:7d:9e:92:97:53:1a:
         fd:a7:74:9b:cf:78:b9:2f:49:7c:26:9a:ca:c1:ff:4b:ca:09:
         cd:ed:48:2a:9c:85:04:f4:5a:57:81:95:ab:bc:28:7e:df:e6:
         07:9e:b3:3d:a5:4f:d0:6e:35:b9:1b:3c:92:b3:b9:70:01:45:
         a3:bb:74:95:50:0a:c0:8e:9b:f7:2d:97:06:aa:04:19:28:9e:
         ad:14:a1:1c:70:e1:a2:99:d7:3f:50:f4:89:26:44:ff:4f:9e:
         3b:e3:54:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJeaQ1bptr7V5DbbQXwwdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxMDA2OGQ1YmYxYmZmZDc5MTc0ZTM3NTAxYmZhMTdmOTE3
YjMxM2QwHhcNMjQwMTAxMjIyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjM2ZmI3YjA2NjQ5NzY4NTUxNzIxZjkxOTM5MGVlMWJiZjI1NmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosMsLtyzXpkJe8r/QRZS028r1tIr
BaMxalZh4ExJUqSYd1kN6UzYZin8DPPCd5PAI3rQVHH38dNOl7XF1frHh+QPkZOS
OflHHL+NOmHYxCf/ogeZwzUkStPGMAdSm6um47zN7XMdSVKaUiZFtpXxNxxiXFD0
oqzzfKYJYxAngunEJM0b3gN+kC5DNGafVCpX1sGBHa59MsTC6U/yliGwFOftDjPg
W35bRKKLyBZtnxjz67i84Jxw2xh70s7KEEulJcnKjlgQGy6GAanzSxtYSgVxQzve
qBfRcpNfs6RS/NA4/ol1JOjxhFsZ+xNljxL/blwA9ORWSjvBogiLfaqYfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCI2+3sGZJdoVRch+Rk5DuG78lamMB8GA1UdIwQY
MBaAFHEAaNW/G//XkXTjdQG/oX+RezE9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1FCbzFiOGJfOWVSZE9OMUFiLWhmNUY3TVQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny83NGQ3Y2QtMDRlMS00OWQ4LWFhZDkt
ODIwNDNiOWU0ZjcxLzEvSWpiN2V3WmtsMmhWRnlINUdUa080YnZ5VnFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny83NGQ3Y2QtMDRlMS00OWQ4LWFhZDktODIwNDNiOWU0Zjcx
LzEvY1FCbzFiOGJfOWVSZE9OMUFiLWhmNUY3TVQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAww4cMA0G
CSqGSIb3DQEBCwUAA4IBAQAqewTow8KsFop8yQkLjVqJq9cJKR61YHsRG7IUHpSt
gs4h74B7xLb/lW1APHuIRCc7J6qWEI66jomJHa4dCsJX3ALNnC9ZxqqPJr+BndXH
0xRy9JY1ikS4PVAx2zriOU0oxyk9TiTo0JY5mUME0+BFPCk/YGbKwiWGWY+e0qOO
+zdLv5bIUdj8GT6uYBmkry0rfw8DhBE3m+vtRFF9npKXUxr9p3Sbz3i5L0l8JprK
wf9LygnN7UgqnIUE9FpXgZWrvCh+3+YHnrM9pU/QbjW5GzySs7lwAUWju3SVUArA
jpv3LZcGqgQZKJ6tFKEccOGimdc/UPSJJkT/T54741Q1
-----END CERTIFICATE-----