Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/c1fb46-8b47-4f91-8b9a-d7faa7e7e84d/1/f-lyAlfRJhEJz3Klz_HhwIkkkM8.roa
File:                     f-lyAlfRJhEJz3Klz_HhwIkkkM8.roa (raw, json)
Hash identifier:          NJy4koiRrunP6ZOIRXeB5v+pLWAKHwTVw40T//ydpbQ=
Subject key identifier:   7F:E9:72:02:57:D1:26:11:09:CF:72:A5:CF:F1:E1:C0:89:24:90:CF
Certificate issuer:       /CN=e887e5fcbcbf1ad03268dac9ee5d292025368090
Certificate serial:       018CC424D1DA9BDC03896A36D3C321C39A5E
Authority key identifier: E8:87:E5:FC:BC:BF:1A:D0:32:68:DA:C9:EE:5D:29:20:25:36:80:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Ifl_Ly_GtAyaNrJ7l0pICU2gJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/c1fb46-8b47-4f91-8b9a-d7faa7e7e84d/1/f-lyAlfRJhEJz3Klz_HhwIkkkM8.roa
Signing time:             Mon 01 Jan 2024 08:29:56 +0000
ROA not before:           Mon 01 Jan 2024 08:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31354
IP address blocks:        195.234.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/c1fb46-8b47-4f91-8b9a-d7faa7e7e84d/1/6Ifl_Ly_GtAyaNrJ7l0pICU2gJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/c1fb46-8b47-4f91-8b9a-d7faa7e7e84d/1/6Ifl_Ly_GtAyaNrJ7l0pICU2gJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6Ifl_Ly_GtAyaNrJ7l0pICU2gJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:d1:da:9b:dc:03:89:6a:36:d3:c3:21:c3:9a:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e887e5fcbcbf1ad03268dac9ee5d292025368090
        Validity
            Not Before: Jan  1 08:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fe9720257d1261109cf72a5cff1e1c0892490cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:24:16:fd:d4:3a:b2:78:16:6d:85:1c:b8:15:
                    01:23:02:ab:28:81:6b:ba:27:f4:bd:f0:81:85:b1:
                    62:25:21:d6:3c:5f:90:5f:bd:04:3d:6f:7f:bc:0b:
                    ad:d3:5d:82:83:5e:9e:a6:bb:29:e8:5f:21:0e:75:
                    03:e6:3a:8c:26:6c:bb:71:bc:a5:32:c0:61:fc:f1:
                    44:96:da:3d:4e:42:49:03:67:4e:18:4a:6d:97:da:
                    08:cb:cb:0c:a3:8e:38:16:64:46:f9:c1:a8:e9:f0:
                    cd:b0:65:7d:66:59:56:60:b8:6d:47:e0:4b:20:7f:
                    32:88:bb:ad:fe:bb:48:00:30:e7:a0:05:32:dc:56:
                    9d:95:04:3a:2f:db:cc:5f:9d:5d:71:e5:bf:f4:74:
                    e1:85:dc:fa:9c:0a:e6:96:0c:da:f5:15:ac:7b:c8:
                    08:01:5a:19:11:68:31:20:6c:7e:f4:5d:ea:81:cf:
                    64:4f:ad:d2:15:1f:46:5a:f5:dd:8a:8a:e3:12:54:
                    32:80:62:64:97:45:b4:9c:b1:d7:3e:58:47:0c:93:
                    97:a1:79:6d:e1:d7:8c:57:11:ed:d2:fe:32:89:4f:
                    eb:d9:1b:f4:6a:40:b0:82:dc:53:39:3c:85:3d:f3:
                    8c:78:b5:e5:9f:8c:1d:06:79:e7:17:00:d6:5d:dd:
                    2c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:E9:72:02:57:D1:26:11:09:CF:72:A5:CF:F1:E1:C0:89:24:90:CF
            X509v3 Authority Key Identifier:
                keyid:E8:87:E5:FC:BC:BF:1A:D0:32:68:DA:C9:EE:5D:29:20:25:36:80:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Ifl_Ly_GtAyaNrJ7l0pICU2gJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/c1fb46-8b47-4f91-8b9a-d7faa7e7e84d/1/f-lyAlfRJhEJz3Klz_HhwIkkkM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/c1fb46-8b47-4f91-8b9a-d7faa7e7e84d/1/6Ifl_Ly_GtAyaNrJ7l0pICU2gJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:70:8e:26:c0:dd:2c:95:5b:af:c8:5a:3c:d8:56:82:70:6c:
         bc:fb:5a:f1:d3:81:4d:e9:53:33:d5:92:c8:b3:a7:9e:d6:57:
         ea:b2:d3:09:60:0d:04:60:34:a2:6f:2a:1b:49:91:24:fa:7e:
         15:4d:eb:ab:3d:0d:9a:6d:92:35:06:b6:74:10:80:dc:6d:d7:
         c1:26:25:69:b5:d0:67:29:7a:68:4e:5a:09:a9:41:8b:bb:7f:
         77:35:b8:14:2b:16:84:b1:e4:c7:51:47:2e:48:f5:1e:c0:64:
         ad:94:2c:7b:f6:ec:cf:1a:da:d4:86:ba:1b:59:3d:2e:e9:c8:
         c3:f6:4c:9d:91:e9:7b:f3:98:90:6a:34:db:a2:50:be:e8:82:
         b9:f9:2f:15:bf:49:18:42:8a:7e:7f:b4:2f:73:56:ff:22:53:
         6c:a1:b9:e0:5a:a0:62:fb:5a:82:fc:d2:6f:1b:cc:de:9a:84:
         55:cf:cb:8a:1a:26:e6:1c:b4:6e:8b:7c:0a:22:73:1d:51:83:
         52:11:93:5d:58:52:f8:8a:4d:68:de:12:07:d9:69:8b:94:9e:
         9b:37:b1:e8:7b:7c:ec:eb:fe:3a:1d:cb:12:9a:4d:e9:9b:f4:
         23:6f:37:17:e5:f4:37:86:01:95:98:c2:b3:40:ed:0b:d7:a7:
         75:ff:8b:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJNHam9wDiWo208Mhw5peMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4ODdlNWZjYmNiZjFhZDAzMjY4ZGFjOWVlNWQyOTIwMjUz
NjgwOTAwHhcNMjQwMTAxMDgyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmU5NzIwMjU3ZDEyNjExMDljZjcyYTVjZmYxZTFjMDg5MjQ5MGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgyQW/dQ6sngWbYUcuBUBIwKrKIFr
uif0vfCBhbFiJSHWPF+QX70EPW9/vAut012Cg16eprsp6F8hDnUD5jqMJmy7cbyl
MsBh/PFElto9TkJJA2dOGEptl9oIy8sMo444FmRG+cGo6fDNsGV9ZllWYLhtR+BL
IH8yiLut/rtIADDnoAUy3FadlQQ6L9vMX51dceW/9HThhdz6nArmlgza9RWse8gI
AVoZEWgxIGx+9F3qgc9kT63SFR9GWvXdiorjElQygGJkl0W0nLHXPlhHDJOXoXlt
4deMVxHt0v4yiU/r2Rv0akCwgtxTOTyFPfOMeLXln4wdBnnnFwDWXd0s9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH/pcgJX0SYRCc9ypc/x4cCJJJDPMB8GA1UdIwQY
MBaAFOiH5fy8vxrQMmjaye5dKSAlNoCQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNklmbF9MeV9HdEF5YU5ySjdsMHBJQ1UyZ0pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9jMWZiNDYtOGI0Ny00ZjkxLThiOWEt
ZDdmYWE3ZTdlODRkLzEvZi1seUFsZlJKaEVKejNLbHpfSGh3SWtra004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9jMWZiNDYtOGI0Ny00ZjkxLThiOWEtZDdmYWE3ZTdlODRk
LzEvNklmbF9MeV9HdEF5YU5ySjdsMHBJQ1UyZ0pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+q2MA0G
CSqGSIb3DQEBCwUAA4IBAQCmcI4mwN0slVuvyFo82FaCcGy8+1rx04FN6VMz1ZLI
s6ee1lfqstMJYA0EYDSibyobSZEk+n4VTeurPQ2abZI1BrZ0EIDcbdfBJiVptdBn
KXpoTloJqUGLu393NbgUKxaEseTHUUcuSPUewGStlCx79uzPGtrUhrobWT0u6cjD
9kydkel785iQajTbolC+6IK5+S8Vv0kYQop+f7Qvc1b/IlNsobngWqBi+1qC/NJv
G8zemoRVz8uKGibmHLRui3wKInMdUYNSEZNdWFL4ik1o3hIH2WmLlJ6bN7Hoe3zs
6/46HcsSmk3pm/QjbzcX5fQ3hgGVmMKzQO0L16d1/4st
-----END CERTIFICATE-----