Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/heZqx25pmuYnncr4U5jhTNAGJYQ.roa
File:                     heZqx25pmuYnncr4U5jhTNAGJYQ.roa (raw, json)
Hash identifier:          oIwDUmLL+1hYzGTj3DCjOQPML9ojnY8ou9rPnGEhvHI=
Subject key identifier:   85:E6:6A:C7:6E:69:9A:E6:27:9D:CA:F8:53:98:E1:4C:D0:06:25:84
Certificate issuer:       /CN=9da140e8028e6d537600e0888a9af5a971c5db46
Certificate serial:       018CC56EF6A34D8B1D181B21501843BE9FC8
Authority key identifier: 9D:A1:40:E8:02:8E:6D:53:76:00:E0:88:8A:9A:F5:A9:71:C5:DB:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/heZqx25pmuYnncr4U5jhTNAGJYQ.roa
Signing time:             Mon 01 Jan 2024 14:30:32 +0000
ROA not before:           Mon 01 Jan 2024 14:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48156
IP address blocks:        194.137.237.0/24 maxlen: 24
                          195.165.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/naFA6AKObVN2AOCIipr1qXHF20Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/naFA6AKObVN2AOCIipr1qXHF20Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f6:a3:4d:8b:1d:18:1b:21:50:18:43:be:9f:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9da140e8028e6d537600e0888a9af5a971c5db46
        Validity
            Not Before: Jan  1 14:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85e66ac76e699ae6279dcaf85398e14cd0062584
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:1b:7a:87:c9:a3:33:46:ac:a5:67:f8:01:eb:
                    97:34:6a:cd:b3:76:14:f0:54:3b:8a:1d:b9:f2:d1:
                    16:c0:fc:9d:59:0c:4b:5c:e2:cc:33:da:65:f2:53:
                    d6:69:80:97:43:b2:6a:c1:19:c1:53:c8:97:e5:ee:
                    e0:fe:76:db:55:da:a5:dc:9d:b0:2b:1a:78:d1:f1:
                    7a:a2:33:50:78:45:23:ce:7e:6c:a0:12:7f:09:d6:
                    3f:7a:d7:84:92:fe:f3:23:c1:a8:ea:be:e5:67:8d:
                    0c:ad:6a:f1:30:3e:5c:95:8b:bd:c4:fd:9e:77:23:
                    ba:8b:03:a3:a6:39:21:e4:68:e2:53:86:dc:b8:18:
                    b6:c6:f0:45:a5:b5:bb:0a:df:4a:e6:7d:83:97:c3:
                    9a:c0:93:e7:3b:18:3b:7e:63:ab:34:21:df:04:de:
                    a4:f3:8e:9a:c8:8a:b9:9c:57:93:15:95:59:1f:65:
                    63:2f:f4:2e:3f:a1:51:98:ff:26:73:cd:f9:b0:69:
                    a7:a8:a2:50:9c:99:ca:e6:cb:4d:3f:79:0c:72:d8:
                    cb:a4:aa:20:d6:58:51:e3:c0:ae:c6:be:8c:eb:db:
                    26:c2:13:45:09:50:42:9f:f7:5e:d4:5e:0c:79:84:
                    14:f4:b4:14:0d:ec:19:e5:b1:0a:51:03:ff:f4:a5:
                    55:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:E6:6A:C7:6E:69:9A:E6:27:9D:CA:F8:53:98:E1:4C:D0:06:25:84
            X509v3 Authority Key Identifier:
                keyid:9D:A1:40:E8:02:8E:6D:53:76:00:E0:88:8A:9A:F5:A9:71:C5:DB:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/heZqx25pmuYnncr4U5jhTNAGJYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/naFA6AKObVN2AOCIipr1qXHF20Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.137.237.0/24
                  195.165.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:21:21:b5:6c:d2:c2:46:45:56:bb:78:9c:35:01:03:5e:f6:
         c0:75:c2:a3:4c:04:87:13:6c:83:4c:53:99:78:2d:79:47:a6:
         0f:23:1d:39:16:e3:9b:ff:f3:6a:fb:7d:78:ea:3b:d3:e9:3d:
         53:a9:6e:29:bd:f3:74:0e:1c:95:b2:48:3e:04:eb:3a:e3:7a:
         6f:c6:1b:82:38:fe:41:a3:1e:74:7f:0c:2a:a3:e9:d8:9b:e8:
         ea:31:ed:85:8c:01:ed:26:31:a1:e3:1d:be:e2:13:17:6e:72:
         e0:4a:0f:ef:7b:32:7c:02:9b:42:a6:1a:4d:68:ca:7a:42:a1:
         18:cd:a4:c8:18:10:80:95:1c:48:43:83:e5:fa:50:1e:52:64:
         48:71:f0:4c:f1:e9:51:b6:eb:54:37:49:79:66:8e:6a:0a:2d:
         e4:f8:1f:39:e1:7c:8f:69:57:d3:4c:9d:4b:6c:fe:8c:3f:0e:
         2d:6b:93:d5:fe:db:26:ff:9c:2c:a1:c3:8b:a8:e3:16:e5:ca:
         53:47:cc:05:81:50:0c:ed:b7:ce:42:26:22:e5:a2:7a:9a:4f:
         7c:9b:ef:fa:f6:f8:6e:8a:06:37:fa:63:9b:b8:e2:53:fc:14:
         41:10:65:65:02:0d:48:f6:ca:cc:1e:9a:3c:ca:c2:a5:fb:b4:
         e1:6e:80:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbvajTYsdGBshUBhDvp/IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYTE0MGU4MDI4ZTZkNTM3NjAwZTA4ODhhOWFmNWE5NzFj
NWRiNDYwHhcNMjQwMTAxMTQzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWU2NmFjNzZlNjk5YWU2Mjc5ZGNhZjg1Mzk4ZTE0Y2QwMDYyNTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBt6h8mjM0aspWf4AeuXNGrNs3YU
8FQ7ih258tEWwPydWQxLXOLMM9pl8lPWaYCXQ7JqwRnBU8iX5e7g/nbbVdql3J2w
Kxp40fF6ojNQeEUjzn5soBJ/CdY/eteEkv7zI8Go6r7lZ40MrWrxMD5clYu9xP2e
dyO6iwOjpjkh5GjiU4bcuBi2xvBFpbW7Ct9K5n2Dl8OawJPnOxg7fmOrNCHfBN6k
846ayIq5nFeTFZVZH2VjL/QuP6FRmP8mc835sGmnqKJQnJnK5stNP3kMctjLpKog
1lhR48Cuxr6M69smwhNFCVBCn/de1F4MeYQU9LQUDewZ5bEKUQP/9KVVzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIXmasduaZrmJ53K+FOY4UzQBiWEMB8GA1UdIwQY
MBaAFJ2hQOgCjm1TdgDgiIqa9alxxdtGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmFGQTZBS09iVk4yQU9DSWlwcjFxWEhGMjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8xMjY3NTUtZWVkZC00MGIxLTk1ZTgt
YTRjYThiOWMyMDViLzEvaGVacXgyNXBtdVlubmNyNFU1amhUTkFHSllRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8xMjY3NTUtZWVkZC00MGIxLTk1ZTgtYTRjYThiOWMyMDVi
LzEvbmFGQTZBS09iVk4yQU9DSWlwcjFxWEhGMjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwontAwQA
w6VNMA0GCSqGSIb3DQEBCwUAA4IBAQBAISG1bNLCRkVWu3icNQEDXvbAdcKjTASH
E2yDTFOZeC15R6YPIx05FuOb//Nq+3146jvT6T1TqW4pvfN0DhyVskg+BOs643pv
xhuCOP5Box50fwwqo+nYm+jqMe2FjAHtJjGh4x2+4hMXbnLgSg/vezJ8AptCphpN
aMp6QqEYzaTIGBCAlRxIQ4Pl+lAeUmRIcfBM8elRtutUN0l5Zo5qCi3k+B854XyP
aVfTTJ1LbP6MPw4ta5PV/tsm/5wsocOLqOMW5cpTR8wFgVAM7bfOQiYi5aJ6mk98
m+/69vhuigY3+mObuOJT/BRBEGVlAg1I9srMHpo8ysKl+7ThboDf
-----END CERTIFICATE-----