Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/fab918-8f4d-4ede-bad1-31b950270536/1/Iy7lkqpbyaSDL2grrU_SdETf7DQ.roa
File:                     Iy7lkqpbyaSDL2grrU_SdETf7DQ.roa (raw, json)
Hash identifier:          DorRUxYefmWL1rp1az3xVIzdxI7JSTisHh4gg2RZ6eo=
Subject key identifier:   23:2E:E5:92:AA:5B:C9:A4:83:2F:68:2B:AD:4F:D2:74:44:DF:EC:34
Certificate issuer:       /CN=0690913dbbeedadde95dce4704526284e7ae7cca
Certificate serial:       019421B229960D9017586A1552ECD27441B7
Authority key identifier: 06:90:91:3D:BB:EE:DA:DD:E9:5D:CE:47:04:52:62:84:E7:AE:7C:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BpCRPbvu2t3pXc5HBFJihOeufMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/fab918-8f4d-4ede-bad1-31b950270536/1/Iy7lkqpbyaSDL2grrU_SdETf7DQ.roa
Signing time:             Wed 01 Jan 2025 11:48:31 +0000
ROA not before:           Wed 01 Jan 2025 11:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12637
IP address blocks:        195.182.210.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/fab918-8f4d-4ede-bad1-31b950270536/1/BpCRPbvu2t3pXc5HBFJihOeufMo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/fab918-8f4d-4ede-bad1-31b950270536/1/BpCRPbvu2t3pXc5HBFJihOeufMo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BpCRPbvu2t3pXc5HBFJihOeufMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:29:96:0d:90:17:58:6a:15:52:ec:d2:74:41:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0690913dbbeedadde95dce4704526284e7ae7cca
        Validity
            Not Before: Jan  1 11:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=232ee592aa5bc9a4832f682bad4fd27444dfec34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:66:d7:44:e0:3c:56:02:76:10:e3:79:9c:3c:
                    3a:cd:7a:3e:2b:08:7c:8c:f2:43:4a:c1:58:ae:48:
                    d1:aa:05:69:1b:8c:ff:d8:11:5c:a9:5d:e6:b7:00:
                    33:f5:bf:e4:1e:ca:56:33:56:0d:7f:52:94:08:6e:
                    1b:b9:c8:b7:4d:c1:83:cb:b0:8c:09:a4:04:8d:5e:
                    e9:dc:d9:1f:93:60:cb:05:49:e4:1f:bb:9b:77:14:
                    98:3a:cf:9a:01:34:8b:78:a2:65:76:be:dc:23:50:
                    76:64:24:e0:4c:58:ae:1b:2f:7f:33:a5:3a:6f:60:
                    82:68:31:b3:a7:fb:b2:73:4c:84:4b:80:cf:d6:1d:
                    a1:46:24:d3:ae:4a:ed:20:16:b2:67:3b:b6:2c:d5:
                    2b:07:48:b8:1f:1d:28:1f:7f:6e:f4:cc:5e:b2:bb:
                    ca:1b:96:fa:a8:af:8e:99:7c:7d:fa:0b:18:4e:21:
                    16:50:ab:1d:73:54:19:3f:c6:ff:d0:11:3a:cf:05:
                    c2:be:d9:6a:71:55:32:ec:4f:85:7c:fd:23:1d:03:
                    bc:88:89:5d:9d:8e:8d:91:89:e3:d4:9d:4d:d7:24:
                    b1:92:ee:f5:5e:ae:08:c0:df:9c:d5:14:d6:23:e7:
                    10:50:fb:53:06:5c:94:8a:fe:e3:d5:03:82:cf:2c:
                    49:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:2E:E5:92:AA:5B:C9:A4:83:2F:68:2B:AD:4F:D2:74:44:DF:EC:34
            X509v3 Authority Key Identifier:
                keyid:06:90:91:3D:BB:EE:DA:DD:E9:5D:CE:47:04:52:62:84:E7:AE:7C:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BpCRPbvu2t3pXc5HBFJihOeufMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/fab918-8f4d-4ede-bad1-31b950270536/1/Iy7lkqpbyaSDL2grrU_SdETf7DQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/fab918-8f4d-4ede-bad1-31b950270536/1/BpCRPbvu2t3pXc5HBFJihOeufMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:1c:b9:3f:c0:b5:0a:9c:e7:9b:3d:81:0d:6a:89:2d:ea:90:
         e3:94:b4:17:15:5f:c2:e4:24:6e:c4:13:7c:c8:10:07:6c:ce:
         d8:ab:0b:de:e9:b7:2a:41:96:c4:ce:9a:39:ed:0b:7e:18:37:
         8b:f3:f7:43:14:11:d8:40:02:ec:16:4c:91:f3:83:85:2b:d8:
         8d:7c:81:c9:1c:19:5b:7f:b3:93:a9:65:ae:ae:51:9a:d1:06:
         b5:d2:63:42:7f:e8:04:e5:14:ac:ef:e1:ff:4e:1b:8b:c2:4e:
         6f:62:4f:4e:28:14:b3:37:6a:9e:b4:45:ee:e4:cf:47:7b:7a:
         8f:f4:2b:33:5a:c5:c1:0a:86:d2:35:9f:35:78:dc:02:7c:ff:
         b4:c2:a5:9f:b6:85:2d:a8:f5:d7:f4:5a:e2:32:90:8b:e2:69:
         1d:51:df:a5:a3:76:f4:e2:c6:a7:26:61:54:ee:ca:30:54:b4:
         17:81:1c:39:92:21:5a:b0:34:6d:92:f5:51:bf:b3:f1:98:4e:
         c6:92:6a:ab:a9:dc:ac:33:90:b8:26:de:4b:c1:a6:ea:83:2c:
         19:1d:fb:fe:58:eb:2f:9a:10:38:64:b6:7f:73:ab:8a:27:3c:
         ca:79:67:ab:45:43:c5:f8:7e:b3:0f:bf:bf:d7:80:03:75:b6:
         a9:54:8c:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsimWDZAXWGoVUuzSdEG3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OTA5MTNkYmJlZWRhZGRlOTVkY2U0NzA0NTI2Mjg0ZTdh
ZTdjY2EwHhcNMjUwMTAxMTE0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzJlZTU5MmFhNWJjOWE0ODMyZjY4MmJhZDRmZDI3NDQ0ZGZlYzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWbXROA8VgJ2EON5nDw6zXo+Kwh8
jPJDSsFYrkjRqgVpG4z/2BFcqV3mtwAz9b/kHspWM1YNf1KUCG4buci3TcGDy7CM
CaQEjV7p3Nkfk2DLBUnkH7ubdxSYOs+aATSLeKJldr7cI1B2ZCTgTFiuGy9/M6U6
b2CCaDGzp/uyc0yES4DP1h2hRiTTrkrtIBayZzu2LNUrB0i4Hx0oH39u9MxesrvK
G5b6qK+OmXx9+gsYTiEWUKsdc1QZP8b/0BE6zwXCvtlqcVUy7E+FfP0jHQO8iIld
nY6NkYnj1J1N1ySxku71Xq4IwN+c1RTWI+cQUPtTBlyUiv7j1QOCzyxJqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMu5ZKqW8mkgy9oK61P0nRE3+w0MB8GA1UdIwQY
MBaAFAaQkT277trd6V3ORwRSYoTnrnzKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnBDUlBidnUydDNwWGM1SEJGSmloT2V1Zk1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mYWI5MTgtOGY0ZC00ZWRlLWJhZDEt
MzFiOTUwMjcwNTM2LzEvSXk3bGtxcGJ5YVNETDJncnJVX1NkRVRmN0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mYWI5MTgtOGY0ZC00ZWRlLWJhZDEtMzFiOTUwMjcwNTM2
LzEvQnBDUlBidnUydDNwWGM1SEJGSmloT2V1Zk1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7bSMA0G
CSqGSIb3DQEBCwUAA4IBAQBPHLk/wLUKnOebPYENaokt6pDjlLQXFV/C5CRuxBN8
yBAHbM7Yqwve6bcqQZbEzpo57Qt+GDeL8/dDFBHYQALsFkyR84OFK9iNfIHJHBlb
f7OTqWWurlGa0Qa10mNCf+gE5RSs7+H/ThuLwk5vYk9OKBSzN2qetEXu5M9He3qP
9CszWsXBCobSNZ81eNwCfP+0wqWftoUtqPXX9FriMpCL4mkdUd+lo3b04sanJmFU
7sowVLQXgRw5kiFasDRtkvVRv7PxmE7GkmqrqdysM5C4Jt5LwabqgywZHfv+WOsv
mhA4ZLZ/c6uKJzzKeWerRUPF+H6zD7+/14ADdbapVIzr
-----END CERTIFICATE-----