Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/R6UYr8ValvSwW0Q_5SmyqpFKpk8.roa
File:                     R6UYr8ValvSwW0Q_5SmyqpFKpk8.roa (raw, json)
Hash identifier:          OI8qNJplZcdxgfaitAqrMgMI/mav2il7TS8Bn4g9TMc=
Subject key identifier:   47:A5:18:AF:C5:5A:96:F4:B0:5B:44:3F:E5:29:B2:AA:91:4A:A6:4F
Certificate issuer:       /CN=321ec194107843848cd36330232b5f6a43791db4
Certificate serial:       018CC4251394F486591C061241BA5118590D
Authority key identifier: 32:1E:C1:94:10:78:43:84:8C:D3:63:30:23:2B:5F:6A:43:79:1D:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mh7BlBB4Q4SM02MwIytfakN5HbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/R6UYr8ValvSwW0Q_5SmyqpFKpk8.roa
Signing time:             Mon 01 Jan 2024 08:30:13 +0000
ROA not before:           Mon 01 Jan 2024 08:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        195.105.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/Mh7BlBB4Q4SM02MwIytfakN5HbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/Mh7BlBB4Q4SM02MwIytfakN5HbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mh7BlBB4Q4SM02MwIytfakN5HbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:13:94:f4:86:59:1c:06:12:41:ba:51:18:59:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=321ec194107843848cd36330232b5f6a43791db4
        Validity
            Not Before: Jan  1 08:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47a518afc55a96f4b05b443fe529b2aa914aa64f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:3e:5b:e2:f7:2a:0f:fb:5c:69:41:77:a2:98:
                    f5:f2:71:df:0d:bf:dd:d7:b4:be:b0:c6:80:6f:51:
                    9a:7a:b8:ae:e1:80:5a:d4:9b:92:26:17:3a:36:90:
                    c4:33:5e:52:1b:e8:e9:c1:b5:a6:c2:3d:f4:db:35:
                    96:d2:0e:be:6d:4d:de:0a:fa:24:f7:65:9b:d0:7d:
                    20:94:b2:f8:ea:3d:dd:f3:fa:31:57:b0:96:61:74:
                    fc:f5:ce:9d:e8:ec:2f:af:d2:19:0d:82:98:af:56:
                    cc:c0:66:b3:79:0b:39:ba:b7:72:23:ca:11:d7:1f:
                    bb:09:7c:f1:3b:40:9b:3e:79:e4:7f:3d:d4:9d:57:
                    49:57:55:2b:23:ab:0a:4d:75:db:5e:88:1f:d1:70:
                    e6:3c:81:f7:07:26:36:24:1e:9f:29:d7:82:e1:9b:
                    cd:7a:f2:ec:76:fc:07:a8:b0:7e:8a:36:18:4f:05:
                    4c:54:9e:89:97:bd:02:cb:1a:a6:d0:7f:b7:bb:01:
                    aa:9a:80:1b:2d:61:e3:5d:7f:b9:bb:80:59:89:e2:
                    b5:ec:4a:20:85:f3:56:de:8d:3b:79:72:5e:8c:ec:
                    3e:b1:db:47:a4:51:d5:23:f0:ed:b0:0c:e4:c1:31:
                    5b:e8:78:14:80:2a:25:61:58:28:e4:2c:87:96:00:
                    3d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:A5:18:AF:C5:5A:96:F4:B0:5B:44:3F:E5:29:B2:AA:91:4A:A6:4F
            X509v3 Authority Key Identifier:
                keyid:32:1E:C1:94:10:78:43:84:8C:D3:63:30:23:2B:5F:6A:43:79:1D:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mh7BlBB4Q4SM02MwIytfakN5HbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/R6UYr8ValvSwW0Q_5SmyqpFKpk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/Mh7BlBB4Q4SM02MwIytfakN5HbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.105.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:ad:33:93:c4:28:21:79:ad:03:61:1f:66:9a:30:6f:c2:6e:
         b2:87:a8:2f:40:03:1b:cd:4f:c7:cf:e3:dd:54:77:64:fb:e2:
         35:8c:b8:f9:d6:8f:80:33:1e:64:f7:d2:11:95:0f:e7:06:95:
         fe:81:75:89:41:92:4c:c4:aa:19:73:27:50:a2:51:ed:03:6c:
         89:95:c4:f6:fe:5f:6a:b7:13:f1:f5:cb:30:39:bf:ac:d9:52:
         df:05:74:cc:96:09:26:a4:f7:83:e6:69:66:d0:4f:3a:01:4c:
         f8:d4:1f:bb:2d:89:08:8d:2e:6f:b9:87:90:ac:49:94:06:b6:
         38:66:39:e7:21:4b:85:83:40:ae:c4:47:42:39:1d:08:e0:00:
         53:df:16:64:1d:22:10:31:14:ef:80:bb:8e:33:e9:a2:8e:96:
         f2:c3:c3:4c:93:e8:13:17:0d:b3:66:e7:86:bf:78:aa:8a:34:
         3d:3b:c8:3e:9d:e0:e8:8a:9a:7b:0d:66:5b:74:69:1c:35:ba:
         93:79:d9:57:bc:37:48:15:aa:c7:16:dc:7f:e6:25:47:bd:e2:
         ba:11:03:bc:54:c8:cf:84:79:18:8c:ea:3b:d8:41:7d:a2:26:
         6c:7e:4f:6d:f9:10:e4:d5:86:aa:5f:a5:bd:48:2e:74:35:fd:
         1d:30:e6:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJROU9IZZHAYSQbpRGFkNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMWVjMTk0MTA3ODQzODQ4Y2QzNjMzMDIzMmI1ZjZhNDM3
OTFkYjQwHhcNMjQwMTAxMDgzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2E1MThhZmM1NWE5NmY0YjA1YjQ0M2ZlNTI5YjJhYTkxNGFhNjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlT5b4vcqD/tcaUF3opj18nHfDb/d
17S+sMaAb1Gaeriu4YBa1JuSJhc6NpDEM15SG+jpwbWmwj302zWW0g6+bU3eCvok
92Wb0H0glLL46j3d8/oxV7CWYXT89c6d6Owvr9IZDYKYr1bMwGazeQs5urdyI8oR
1x+7CXzxO0CbPnnkfz3UnVdJV1UrI6sKTXXbXogf0XDmPIH3ByY2JB6fKdeC4ZvN
evLsdvwHqLB+ijYYTwVMVJ6Jl70Cyxqm0H+3uwGqmoAbLWHjXX+5u4BZieK17Eog
hfNW3o07eXJejOw+sdtHpFHVI/DtsAzkwTFb6HgUgColYVgo5CyHlgA9hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEelGK/FWpb0sFtEP+UpsqqRSqZPMB8GA1UdIwQY
MBaAFDIewZQQeEOEjNNjMCMrX2pDeR20MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWg3QmxCQjRRNFNNMDJNd0l5dGZha041SGJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9mMTQ1OGYtYmRjMy00ZTRiLTlmNjgt
M2E2MTFjMDkzYTJjLzEvUjZVWXI4VmFsdlN3VzBRXzVTbXlxcEZLcGs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9mMTQ1OGYtYmRjMy00ZTRiLTlmNjgtM2E2MTFjMDkzYTJj
LzEvTWg3QmxCQjRRNFNNMDJNd0l5dGZha041SGJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw2kaMA0G
CSqGSIb3DQEBCwUAA4IBAQA/rTOTxCghea0DYR9mmjBvwm6yh6gvQAMbzU/Hz+Pd
VHdk++I1jLj51o+AMx5k99IRlQ/nBpX+gXWJQZJMxKoZcydQolHtA2yJlcT2/l9q
txPx9cswOb+s2VLfBXTMlgkmpPeD5mlm0E86AUz41B+7LYkIjS5vuYeQrEmUBrY4
ZjnnIUuFg0CuxEdCOR0I4ABT3xZkHSIQMRTvgLuOM+mijpbyw8NMk+gTFw2zZueG
v3iqijQ9O8g+neDoipp7DWZbdGkcNbqTedlXvDdIFarHFtx/5iVHveK6EQO8VMjP
hHkYjOo72EF9oiZsfk9t+RDk1YaqX6W9SC50Nf0dMOa+
-----END CERTIFICATE-----