Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/720843-adef-4338-8995-1c556b03b22c/1/RHGOdSgcoaK-6eU2dKjKlpRjaMo.roa
File:                     RHGOdSgcoaK-6eU2dKjKlpRjaMo.roa (raw, json)
Hash identifier:          NRVJAc4Gjyt0Wmb+WBhbiFKpJbnBkqjBbBZ7MMuCSS0=
Subject key identifier:   44:71:8E:75:28:1C:A1:A2:BE:E9:E5:36:74:A8:CA:96:94:63:68:CA
Certificate issuer:       /CN=87a98ae10d85478cec5c25563c73ebb56c9b1a46
Certificate serial:       019420684CCD00E22EB06D52F3EB406A761A
Authority key identifier: 87:A9:8A:E1:0D:85:47:8C:EC:5C:25:56:3C:73:EB:B5:6C:9B:1A:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h6mK4Q2FR4zsXCVWPHPrtWybGkY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/720843-adef-4338-8995-1c556b03b22c/1/RHGOdSgcoaK-6eU2dKjKlpRjaMo.roa
Signing time:             Wed 01 Jan 2025 05:48:13 +0000
ROA not before:           Wed 01 Jan 2025 05:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44127
IP address blocks:        195.93.210.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/720843-adef-4338-8995-1c556b03b22c/1/h6mK4Q2FR4zsXCVWPHPrtWybGkY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/720843-adef-4338-8995-1c556b03b22c/1/h6mK4Q2FR4zsXCVWPHPrtWybGkY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h6mK4Q2FR4zsXCVWPHPrtWybGkY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:4c:cd:00:e2:2e:b0:6d:52:f3:eb:40:6a:76:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87a98ae10d85478cec5c25563c73ebb56c9b1a46
        Validity
            Not Before: Jan  1 05:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44718e75281ca1a2bee9e53674a8ca96946368ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d4:a9:f4:82:1f:f1:02:6f:26:ee:8f:cd:25:
                    ee:84:1b:73:56:2a:bd:41:24:a6:89:a8:b6:db:ac:
                    f2:95:90:99:8b:ea:85:a1:4c:b9:aa:52:67:29:28:
                    71:92:98:b3:94:25:1f:d0:d1:60:80:a6:ab:86:46:
                    1c:d5:35:14:f3:1d:1d:45:c9:b3:39:fe:3a:b6:6a:
                    57:70:61:b3:f8:a2:f0:4b:a8:bc:1f:d7:48:87:f6:
                    a7:a3:bb:43:48:50:77:20:33:63:d8:9f:fd:2d:55:
                    4a:cc:bc:d9:3f:3c:ca:d3:f8:ff:6d:fe:18:be:79:
                    7a:0a:60:b5:96:c0:cb:ec:ed:28:06:51:14:43:eb:
                    cd:e1:c2:06:77:aa:20:45:3a:c2:15:00:55:ea:56:
                    72:e6:6e:15:82:7c:b5:3e:ee:07:de:65:0f:1f:c2:
                    b9:c3:16:4a:83:28:c0:15:29:b2:73:3f:ca:5a:0f:
                    69:1b:a3:3a:48:50:5e:ca:c2:c4:47:e9:f2:9d:9d:
                    01:df:53:a2:6f:16:0f:d3:a3:7c:66:b9:03:aa:a9:
                    cc:45:76:f3:5b:7f:68:ef:4a:1e:97:35:92:10:2c:
                    3a:f3:6d:42:71:2e:ba:d7:9a:3b:9f:88:db:d0:79:
                    c9:7a:4f:80:77:bb:59:a3:ea:26:1f:8a:80:50:d2:
                    44:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:71:8E:75:28:1C:A1:A2:BE:E9:E5:36:74:A8:CA:96:94:63:68:CA
            X509v3 Authority Key Identifier:
                keyid:87:A9:8A:E1:0D:85:47:8C:EC:5C:25:56:3C:73:EB:B5:6C:9B:1A:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h6mK4Q2FR4zsXCVWPHPrtWybGkY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/720843-adef-4338-8995-1c556b03b22c/1/RHGOdSgcoaK-6eU2dKjKlpRjaMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/720843-adef-4338-8995-1c556b03b22c/1/h6mK4Q2FR4zsXCVWPHPrtWybGkY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.93.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:aa:fd:24:17:98:09:eb:ee:e0:3d:8c:38:3c:98:1c:68:a9:
         52:64:0f:6a:24:58:11:be:02:84:d5:d4:26:bf:5a:a7:01:c8:
         30:e4:a6:62:37:59:bd:11:fc:8f:7e:0f:43:c6:f2:70:ef:e6:
         da:7e:bb:2a:3f:86:47:d2:97:ff:13:d0:a6:05:56:29:25:8f:
         b8:a4:e1:29:de:4c:d3:16:0f:a7:6a:27:0f:a1:14:1f:06:e6:
         79:28:3e:4e:06:82:f5:76:2b:b8:a6:cd:a5:e7:84:4d:c1:f6:
         43:69:72:e7:4f:a7:25:4f:49:30:16:06:f4:e6:f1:04:df:f4:
         93:ae:04:99:e3:5b:05:6f:9a:5f:4f:dd:c0:fa:6d:2a:ee:aa:
         0e:76:d7:e2:20:eb:95:73:60:ae:22:bc:14:9b:55:b3:e0:00:
         93:63:ea:30:f6:61:24:e1:64:38:bf:2f:56:4b:69:6a:56:a8:
         ab:ab:32:8a:97:f4:8f:18:06:d7:1e:ca:a6:5b:79:8e:52:c9:
         bb:a7:6d:3a:f4:fd:82:a9:ca:9b:b9:f8:72:de:6f:56:40:5d:
         1c:e4:b3:5e:db:6f:9d:e0:6d:3c:d8:6a:5c:57:ff:36:2b:0e:
         5a:84:b6:a8:ff:47:90:28:14:6a:2f:c0:44:52:b1:64:f8:4b:
         04:43:e4:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaEzNAOIusG1S8+tAanYaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YTk4YWUxMGQ4NTQ3OGNlYzVjMjU1NjNjNzNlYmI1NmM5
YjFhNDYwHhcNMjUwMTAxMDU0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDcxOGU3NTI4MWNhMWEyYmVlOWU1MzY3NGE4Y2E5Njk0NjM2OGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9Sp9IIf8QJvJu6PzSXuhBtzViq9
QSSmiai226zylZCZi+qFoUy5qlJnKShxkpizlCUf0NFggKarhkYc1TUU8x0dRcmz
Of46tmpXcGGz+KLwS6i8H9dIh/ano7tDSFB3IDNj2J/9LVVKzLzZPzzK0/j/bf4Y
vnl6CmC1lsDL7O0oBlEUQ+vN4cIGd6ogRTrCFQBV6lZy5m4Vgny1Pu4H3mUPH8K5
wxZKgyjAFSmycz/KWg9pG6M6SFBeysLER+nynZ0B31OibxYP06N8ZrkDqqnMRXbz
W39o70oelzWSECw6821CcS6615o7n4jb0HnJek+Ad7tZo+omH4qAUNJEIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFERxjnUoHKGivunlNnSoypaUY2jKMB8GA1UdIwQY
MBaAFIepiuENhUeM7FwlVjxz67VsmxpGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDZtSzRRMkZSNHpzWENWV1BIUHJ0V3liR2tZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy83MjA4NDMtYWRlZi00MzM4LTg5OTUt
MWM1NTZiMDNiMjJjLzEvUkhHT2RTZ2NvYUstNmVVMmRLaktscFJqYU1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy83MjA4NDMtYWRlZi00MzM4LTg5OTUtMWM1NTZiMDNiMjJj
LzEvaDZtSzRRMkZSNHpzWENWV1BIUHJ0V3liR2tZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw13SMA0G
CSqGSIb3DQEBCwUAA4IBAQAhqv0kF5gJ6+7gPYw4PJgcaKlSZA9qJFgRvgKE1dQm
v1qnAcgw5KZiN1m9EfyPfg9DxvJw7+bafrsqP4ZH0pf/E9CmBVYpJY+4pOEp3kzT
Fg+naicPoRQfBuZ5KD5OBoL1diu4ps2l54RNwfZDaXLnT6clT0kwFgb05vEE3/ST
rgSZ41sFb5pfT93A+m0q7qoOdtfiIOuVc2CuIrwUm1Wz4ACTY+ow9mEk4WQ4vy9W
S2lqVqirqzKKl/SPGAbXHsqmW3mOUsm7p2069P2Cqcqbufhy3m9WQF0c5LNe22+d
4G082GpcV/82Kw5ahLao/0eQKBRqL8BEUrFk+EsEQ+RB
-----END CERTIFICATE-----