Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/n7q6o5aK8tmVuKe0eknz0TtkW2g.roa
File:                     n7q6o5aK8tmVuKe0eknz0TtkW2g.roa (raw, json)
Hash identifier:          ai/JjOwgEjNhzcFvy6XRWy+jCa/PuAfOPjbSRMpuXxQ=
Subject key identifier:   9F:BA:BA:A3:96:8A:F2:D9:95:B8:A7:B4:7A:49:F3:D1:3B:64:5B:68
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       018CC56E9150712104A59DE30857C251441D
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/n7q6o5aK8tmVuKe0eknz0TtkW2g.roa
Signing time:             Mon 01 Jan 2024 14:30:06 +0000
ROA not before:           Mon 01 Jan 2024 14:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209637
IP address blocks:        195.74.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:91:50:71:21:04:a5:9d:e3:08:57:c2:51:44:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  1 14:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fbabaa3968af2d995b8a7b47a49f3d13b645b68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:33:72:2e:bd:c9:29:78:c3:a4:df:b5:61:26:
                    98:e0:04:ca:34:fa:b5:23:32:f3:00:bf:02:15:07:
                    ba:5e:1e:d3:2e:34:a4:09:99:dc:c6:fd:9c:3f:ae:
                    ad:df:55:39:bf:15:d2:98:da:9c:eb:d9:14:29:1a:
                    45:c3:7d:ae:0d:2b:8e:34:8c:eb:8f:05:ed:f6:a8:
                    c1:a6:5d:c4:45:2b:37:6a:01:ab:83:d0:08:b1:1d:
                    94:77:94:5b:89:1b:00:7b:37:d2:ca:b2:75:0e:f7:
                    ab:3c:5e:35:ab:a3:2e:9f:97:1e:7f:52:3d:30:0b:
                    77:03:95:3d:cd:08:df:ee:c6:51:dc:95:3e:60:e5:
                    2d:1e:9c:12:96:2b:d2:7d:62:6a:c6:c8:56:8f:04:
                    3a:97:e8:de:d3:26:18:82:9a:59:29:97:26:4f:82:
                    e8:4d:0c:3f:81:57:d4:80:48:2e:6a:db:8d:6b:fd:
                    f0:42:c2:e4:1e:8c:3d:ee:1a:db:4f:23:1e:61:de:
                    f1:e5:b8:ab:bb:0a:b2:32:22:84:50:f0:e5:49:b7:
                    eb:de:af:a0:08:63:eb:52:21:92:c7:99:c6:e5:98:
                    84:ee:c5:ee:64:3c:97:9a:2a:a5:39:8b:f7:04:7a:
                    05:dd:ac:38:74:3f:fa:6b:6c:ae:9b:17:f6:92:a5:
                    c7:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:BA:BA:A3:96:8A:F2:D9:95:B8:A7:B4:7A:49:F3:D1:3B:64:5B:68
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/n7q6o5aK8tmVuKe0eknz0TtkW2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.74.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:a7:de:1d:86:38:78:20:4b:a4:db:fd:3e:99:bc:b8:5d:b2:
         8c:8d:d2:3e:19:92:8c:b9:65:91:ea:57:f5:e0:9f:45:87:da:
         f2:02:13:10:ba:af:44:f2:1a:b2:e1:4c:7a:63:1d:6b:9b:f9:
         76:f9:4d:52:e0:3c:43:69:5d:2a:7d:2a:cd:b2:f5:0b:e4:16:
         e4:4b:a7:5c:22:19:bf:94:22:f6:c3:30:ef:e4:dd:11:eb:c6:
         d3:04:a6:5e:5e:cb:67:43:c8:74:2c:2b:27:ca:06:08:25:be:
         28:3b:a9:75:6a:d0:82:4f:ac:5e:15:58:38:af:e0:10:a3:3c:
         c3:ae:3b:90:13:cc:89:0e:c4:2f:3d:e6:21:49:0c:91:d4:41:
         54:3a:48:89:dd:96:37:db:36:5d:ff:a2:9e:f2:ac:3f:e9:9c:
         d9:c6:84:83:9f:6b:51:24:8c:b6:6d:ea:19:80:79:22:21:5d:
         af:b0:36:69:16:7d:9a:0a:23:44:15:9a:85:1c:3f:f1:57:6f:
         00:e5:0d:1a:38:f2:ec:e5:d8:7e:2b:a6:98:a1:27:a1:06:62:
         26:4f:33:6b:0a:b2:41:72:1e:d6:3d:00:c9:05:6e:42:ff:3c:
         d1:7e:55:c0:c4:bd:09:62:da:67:11:7a:dc:d2:3f:28:80:43:
         1b:b5:33:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbpFQcSEEpZ3jCFfCUUQdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjQwMTAxMTQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmJhYmFhMzk2OGFmMmQ5OTViOGE3YjQ3YTQ5ZjNkMTNiNjQ1YjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTNyLr3JKXjDpN+1YSaY4ATKNPq1
IzLzAL8CFQe6Xh7TLjSkCZncxv2cP66t31U5vxXSmNqc69kUKRpFw32uDSuONIzr
jwXt9qjBpl3ERSs3agGrg9AIsR2Ud5RbiRsAezfSyrJ1DverPF41q6Mun5cef1I9
MAt3A5U9zQjf7sZR3JU+YOUtHpwSlivSfWJqxshWjwQ6l+je0yYYgppZKZcmT4Lo
TQw/gVfUgEguatuNa/3wQsLkHow97hrbTyMeYd7x5biruwqyMiKEUPDlSbfr3q+g
CGPrUiGSx5nG5ZiE7sXuZDyXmiqlOYv3BHoF3aw4dD/6a2yumxf2kqXH4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ+6uqOWivLZlbintHpJ89E7ZFtoMB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvbjdxNm81YUs4dG1WdUtlMGVrbnowVHRrVzJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0pBMA0G
CSqGSIb3DQEBCwUAA4IBAQBmp94dhjh4IEuk2/0+mby4XbKMjdI+GZKMuWWR6lf1
4J9Fh9ryAhMQuq9E8hqy4Ux6Yx1rm/l2+U1S4DxDaV0qfSrNsvUL5BbkS6dcIhm/
lCL2wzDv5N0R68bTBKZeXstnQ8h0LCsnygYIJb4oO6l1atCCT6xeFVg4r+AQozzD
rjuQE8yJDsQvPeYhSQyR1EFUOkiJ3ZY32zZd/6Ke8qw/6ZzZxoSDn2tRJIy2beoZ
gHkiIV2vsDZpFn2aCiNEFZqFHD/xV28A5Q0aOPLs5dh+K6aYoSehBmImTzNrCrJB
ch7WPQDJBW5C/zzRflXAxL0JYtpnEXrc0j8ogEMbtTMJ
-----END CERTIFICATE-----