Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/fELT9iZJ2sFix0sq_AAIGTCrUaA.roa
File:                     fELT9iZJ2sFix0sq_AAIGTCrUaA.roa (raw, json)
Hash identifier:          WAxoEQryZAeRir7tCuCMQqb0g0/qbwm+tMByKEmXSu0=
Subject key identifier:   7C:42:D3:F6:26:49:DA:C1:62:C7:4B:2A:FC:00:08:19:30:AB:51:A0
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       018CC9BBCF56DBF0CBD0B464863E45D133E5
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/fELT9iZJ2sFix0sq_AAIGTCrUaA.roa
Signing time:             Tue 02 Jan 2024 10:32:57 +0000
ROA not before:           Tue 02 Jan 2024 10:32:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43711
IP address blocks:        195.56.170.0/24 maxlen: 24
                          195.56.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:cf:56:db:f0:cb:d0:b4:64:86:3e:45:d1:33:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  2 10:32:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c42d3f62649dac162c74b2afc00081930ab51a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:b9:b0:1d:3b:67:b9:51:c9:54:cb:73:8d:46:
                    0b:bd:45:05:fa:45:9c:aa:87:7c:9c:70:6c:d9:dd:
                    11:0f:1d:ff:e7:82:96:e3:f2:b6:ae:f1:b6:1e:29:
                    17:51:4f:1a:f1:16:7c:f8:ef:c6:18:c8:b2:e0:6e:
                    9e:7f:43:10:1d:33:87:81:ff:c0:65:e4:ad:e6:5d:
                    c7:46:74:48:8c:cf:a8:10:8c:dd:a5:4a:e9:1b:eb:
                    19:9e:b6:70:3f:73:66:4d:23:d8:ed:e8:c8:f8:24:
                    49:b6:a2:c1:68:d4:a0:ae:2d:6c:1b:5d:db:45:bf:
                    d9:78:86:41:c3:67:c8:80:37:00:d2:e3:15:00:9d:
                    41:68:d6:19:5e:4d:a8:ed:a3:a8:77:f6:ed:b8:70:
                    7b:e9:88:e2:40:38:58:8c:0a:58:04:9c:8b:9f:42:
                    5a:7c:fe:04:7c:d0:d8:3a:06:66:22:59:34:39:75:
                    47:1a:6f:8b:a6:0d:c6:04:10:81:09:1c:ac:94:05:
                    5b:06:0a:96:8b:8f:be:2d:9c:05:90:2f:b7:53:ef:
                    f5:f1:a0:bd:f8:cb:f3:3e:27:bd:00:fe:96:bd:6c:
                    be:83:ba:3e:a6:28:47:ee:ee:58:5a:24:4c:17:7c:
                    fd:e6:43:84:e9:e1:45:11:34:e1:b2:36:af:2b:2d:
                    9e:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:42:D3:F6:26:49:DA:C1:62:C7:4B:2A:FC:00:08:19:30:AB:51:A0
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/fELT9iZJ2sFix0sq_AAIGTCrUaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.56.170.0/24
                  195.56.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:71:a5:e7:49:4d:f2:2c:31:09:55:0c:26:b3:7d:ef:b0:22:
         7d:dd:4a:93:a6:05:cc:9e:e6:89:3e:5b:16:7e:64:7f:a5:04:
         52:6d:08:ed:1c:73:47:65:df:b0:df:2d:ff:8a:66:2e:62:8a:
         81:05:de:3c:69:f5:6b:98:bd:22:7d:80:47:5d:6c:71:2d:d2:
         1c:20:34:58:55:d4:c3:e7:87:65:cb:10:c4:e6:29:24:b2:9f:
         1f:b3:11:dd:a1:d0:99:00:37:2b:36:9a:30:0b:a0:c3:bb:ce:
         ae:e1:3e:32:e4:f5:d7:f1:91:95:3d:4a:74:b4:9f:db:c8:ef:
         5b:66:e8:a0:bd:dd:7b:4e:1b:68:33:8e:46:56:b5:ef:5d:a6:
         73:ff:35:78:c5:fb:b3:9e:4c:2d:a4:6c:69:3f:b3:3c:79:22:
         26:f8:02:e8:b4:4b:78:3e:03:c1:01:cb:31:83:10:eb:96:e9:
         08:d0:de:ef:fb:aa:0f:fa:9b:83:7e:63:19:5c:c8:6d:f9:86:
         14:56:37:22:97:b5:65:93:e5:94:18:93:20:6d:e6:13:1a:84:
         8b:32:28:bd:fe:a8:59:8e:aa:03:d4:09:b2:22:05:70:84:2e:
         38:b8:f4:ab:4b:a2:64:10:d1:6f:59:be:9c:db:33:a5:e9:8d:
         ae:bd:7f:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJu89W2/DL0LRkhj5F0TPlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjQwMTAyMTAzMjU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzQyZDNmNjI2NDlkYWMxNjJjNzRiMmFmYzAwMDgxOTMwYWI1MWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLmwHTtnuVHJVMtzjUYLvUUF+kWc
qod8nHBs2d0RDx3/54KW4/K2rvG2HikXUU8a8RZ8+O/GGMiy4G6ef0MQHTOHgf/A
ZeSt5l3HRnRIjM+oEIzdpUrpG+sZnrZwP3NmTSPY7ejI+CRJtqLBaNSgri1sG13b
Rb/ZeIZBw2fIgDcA0uMVAJ1BaNYZXk2o7aOod/btuHB76YjiQDhYjApYBJyLn0Ja
fP4EfNDYOgZmIlk0OXVHGm+Lpg3GBBCBCRyslAVbBgqWi4++LZwFkC+3U+/18aC9
+MvzPie9AP6WvWy+g7o+pihH7u5YWiRMF3z95kOE6eFFETThsjavKy2eVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHxC0/YmSdrBYsdLKvwACBkwq1GgMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvZkVMVDlpWkoyc0ZpeDBzcV9BQUlHVENyVWFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwziqAwQA
wzisMA0GCSqGSIb3DQEBCwUAA4IBAQBEcaXnSU3yLDEJVQwms33vsCJ93UqTpgXM
nuaJPlsWfmR/pQRSbQjtHHNHZd+w3y3/imYuYoqBBd48afVrmL0ifYBHXWxxLdIc
IDRYVdTD54dlyxDE5ikksp8fsxHdodCZADcrNpowC6DDu86u4T4y5PXX8ZGVPUp0
tJ/byO9bZuigvd17ThtoM45GVrXvXaZz/zV4xfuznkwtpGxpP7M8eSIm+ALotEt4
PgPBAcsxgxDrlukI0N7v+6oP+puDfmMZXMht+YYUVjcil7Vlk+WUGJMgbeYTGoSL
Mii9/qhZjqoD1AmyIgVwhC44uPSrS6JkENFvWb6c2zOl6Y2uvX/9
-----END CERTIFICATE-----