Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/8808bc-976d-4212-ad2f-1a8f23e2cebb/1/sGy9ZWPRwpAGMXSBdZ0QdvYMg-c.roa
File:                     sGy9ZWPRwpAGMXSBdZ0QdvYMg-c.roa (raw, json)
Hash identifier:          ZFRo77imGJkpwXcY2RDAhhQ6L77htHkFo1Qmg6xzvlo=
Subject key identifier:   B0:6C:BD:65:63:D1:C2:90:06:31:74:81:75:9D:10:76:F6:0C:83:E7
Certificate issuer:       /CN=edd13d3741e4b3f3a3a3e34721f1246e4b27c7a6
Certificate serial:       018CC4256283A56900F15817790AB3CF726E
Authority key identifier: ED:D1:3D:37:41:E4:B3:F3:A3:A3:E3:47:21:F1:24:6E:4B:27:C7:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7dE9N0Hks_Ojo-NHIfEkbksnx6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/8808bc-976d-4212-ad2f-1a8f23e2cebb/1/sGy9ZWPRwpAGMXSBdZ0QdvYMg-c.roa
Signing time:             Mon 01 Jan 2024 08:30:33 +0000
ROA not before:           Mon 01 Jan 2024 08:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35268
IP address blocks:        195.60.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/8808bc-976d-4212-ad2f-1a8f23e2cebb/1/7dE9N0Hks_Ojo-NHIfEkbksnx6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/8808bc-976d-4212-ad2f-1a8f23e2cebb/1/7dE9N0Hks_Ojo-NHIfEkbksnx6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7dE9N0Hks_Ojo-NHIfEkbksnx6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:62:83:a5:69:00:f1:58:17:79:0a:b3:cf:72:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edd13d3741e4b3f3a3a3e34721f1246e4b27c7a6
        Validity
            Not Before: Jan  1 08:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b06cbd6563d1c29006317481759d1076f60c83e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8a:30:95:80:62:24:04:00:2b:92:65:f7:25:
                    2f:65:6a:01:7f:30:02:d7:8d:21:0e:f5:0a:d2:93:
                    e8:e0:ed:cd:e6:a8:ab:bd:80:d8:7f:77:23:00:42:
                    53:2f:d4:9a:97:26:9d:a4:3a:a4:31:c3:d9:95:5b:
                    53:99:10:8c:ed:b0:af:eb:34:3d:a4:dd:05:67:e2:
                    43:e3:ac:12:c3:fc:e3:4a:4e:8f:84:e1:1b:8c:13:
                    3c:7e:27:f5:f1:9f:95:25:5b:5f:3b:e4:e8:54:6f:
                    d1:66:7c:0c:1a:e5:fe:1a:b9:0c:2f:e6:de:8b:b5:
                    05:00:be:d8:b0:e5:18:9c:99:25:9c:dd:34:ed:84:
                    9b:f0:d3:b3:7b:d0:fd:63:e6:a7:70:ea:b4:da:e5:
                    9f:02:31:5b:d8:70:e2:f5:9c:a3:92:4d:3e:fe:e5:
                    a5:86:a6:b8:f6:b7:0e:90:17:1c:9f:94:b4:cc:ee:
                    49:7e:97:53:d9:a7:55:bf:e0:bb:f9:b2:e9:fa:9e:
                    43:41:9e:75:84:bd:2a:d9:f4:15:66:5d:42:51:40:
                    1d:8a:19:dd:81:38:86:be:25:42:d4:82:ae:7b:b6:
                    2f:98:c4:d8:2e:98:30:c7:5b:f4:45:63:34:eb:72:
                    fd:d9:df:7f:d6:c5:e0:5d:de:0f:e9:9e:56:46:a2:
                    a8:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:6C:BD:65:63:D1:C2:90:06:31:74:81:75:9D:10:76:F6:0C:83:E7
            X509v3 Authority Key Identifier:
                keyid:ED:D1:3D:37:41:E4:B3:F3:A3:A3:E3:47:21:F1:24:6E:4B:27:C7:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7dE9N0Hks_Ojo-NHIfEkbksnx6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/8808bc-976d-4212-ad2f-1a8f23e2cebb/1/sGy9ZWPRwpAGMXSBdZ0QdvYMg-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/8808bc-976d-4212-ad2f-1a8f23e2cebb/1/7dE9N0Hks_Ojo-NHIfEkbksnx6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:6f:2f:fd:07:f6:4c:52:7a:c1:63:b4:14:68:a8:3f:2d:66:
         7d:57:4a:08:45:c3:2a:7f:db:44:72:6f:5f:75:60:24:71:9b:
         5b:5d:ad:f5:72:53:90:c4:82:e3:90:98:a6:1e:96:b0:76:fe:
         5e:dd:ab:10:f8:9d:29:d2:1e:82:38:b1:83:02:48:db:8e:f4:
         7f:4a:22:d9:f2:0e:8c:d3:6f:43:81:31:01:6c:76:dd:1a:2d:
         40:0d:93:bf:e9:22:b8:bc:5c:db:cd:4d:56:ee:87:c9:06:68:
         09:23:d5:61:7c:01:44:54:c9:aa:82:a2:f8:16:27:bf:9b:b6:
         66:41:16:61:56:11:90:b0:7c:2e:51:78:e1:ad:c8:29:7e:c6:
         4d:62:78:e9:72:2a:3a:80:a5:a7:db:46:be:d6:79:bd:78:f0:
         26:30:7e:9a:b8:36:22:20:fb:41:d0:c2:81:44:bd:22:d5:ba:
         89:62:8d:e5:5a:59:1a:6e:bc:06:c2:74:c1:f8:ec:80:1c:ef:
         83:36:df:ac:1e:9d:ee:35:e9:70:58:9d:24:11:8d:e8:4f:b9:
         65:d7:85:99:86:42:c3:99:80:14:f1:f1:50:f9:1c:47:45:3d:
         ac:b8:e2:59:8f:e4:77:3e:04:38:15:ae:d9:d9:b1:bb:47:62:
         41:e0:31:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWKDpWkA8VgXeQqzz3JuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkZDEzZDM3NDFlNGIzZjNhM2EzZTM0NzIxZjEyNDZlNGIy
N2M3YTYwHhcNMjQwMTAxMDgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDZjYmQ2NTYzZDFjMjkwMDYzMTc0ODE3NTlkMTA3NmY2MGM4M2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYowlYBiJAQAK5Jl9yUvZWoBfzAC
140hDvUK0pPo4O3N5qirvYDYf3cjAEJTL9SalyadpDqkMcPZlVtTmRCM7bCv6zQ9
pN0FZ+JD46wSw/zjSk6PhOEbjBM8fif18Z+VJVtfO+ToVG/RZnwMGuX+GrkML+be
i7UFAL7YsOUYnJklnN007YSb8NOze9D9Y+ancOq02uWfAjFb2HDi9Zyjkk0+/uWl
hqa49rcOkBccn5S0zO5JfpdT2adVv+C7+bLp+p5DQZ51hL0q2fQVZl1CUUAdihnd
gTiGviVC1IKue7YvmMTYLpgwx1v0RWM063L92d9/1sXgXd4P6Z5WRqKoUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBsvWVj0cKQBjF0gXWdEHb2DIPnMB8GA1UdIwQY
MBaAFO3RPTdB5LPzo6PjRyHxJG5LJ8emMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2RFOU4wSGtzX09qby1OSElmRWtia3NueDZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS84ODA4YmMtOTc2ZC00MjEyLWFkMmYt
MWE4ZjIzZTJjZWJiLzEvc0d5OVpXUFJ3cEFHTVhTQmRaMFFkdllNZy1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS84ODA4YmMtOTc2ZC00MjEyLWFkMmYtMWE4ZjIzZTJjZWJi
LzEvN2RFOU4wSGtzX09qby1OSElmRWtia3NueDZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzxKMA0G
CSqGSIb3DQEBCwUAA4IBAQAUby/9B/ZMUnrBY7QUaKg/LWZ9V0oIRcMqf9tEcm9f
dWAkcZtbXa31clOQxILjkJimHpawdv5e3asQ+J0p0h6COLGDAkjbjvR/SiLZ8g6M
029DgTEBbHbdGi1ADZO/6SK4vFzbzU1W7ofJBmgJI9VhfAFEVMmqgqL4Fie/m7Zm
QRZhVhGQsHwuUXjhrcgpfsZNYnjpcio6gKWn20a+1nm9ePAmMH6auDYiIPtB0MKB
RL0i1bqJYo3lWlkabrwGwnTB+OyAHO+DNt+sHp3uNelwWJ0kEY3oT7ll14WZhkLD
mYAU8fFQ+RxHRT2suOJZj+R3PgQ4Fa7Z2bG7R2JB4DF+
-----END CERTIFICATE-----