Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/1-fzk3OOSRMa-Mhpv96F8DbloqT0.roa
File:                     1-fzk3OOSRMa-Mhpv96F8DbloqT0.roa (raw, json)
Hash identifier:          02K8K5LpsyGnjKxi9UsKsffTXauN0jSN0QOjyrJTmNY=
Subject key identifier:   F9:FC:E4:DC:E3:92:44:C6:BE:32:1A:6F:F7:A1:7C:0D:B9:68:A9:3D
Certificate issuer:       /CN=eae2653179cafe5ff6651c6058b67ad2d2c8485e
Certificate serial:       018CC501485638793A3CEF6A4AA6F9144F9C
Authority key identifier: EA:E2:65:31:79:CA:FE:5F:F6:65:1C:60:58:B6:7A:D2:D2:C8:48:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6uJlMXnK_l_2ZRxgWLZ60tLISF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/1-fzk3OOSRMa-Mhpv96F8DbloqT0.roa
Signing time:             Mon 01 Jan 2024 12:30:44 +0000
ROA not before:           Mon 01 Jan 2024 12:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200632
IP address blocks:        195.242.0.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/6uJlMXnK_l_2ZRxgWLZ60tLISF4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/6uJlMXnK_l_2ZRxgWLZ60tLISF4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6uJlMXnK_l_2ZRxgWLZ60tLISF4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:48:56:38:79:3a:3c:ef:6a:4a:a6:f9:14:4f:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eae2653179cafe5ff6651c6058b67ad2d2c8485e
        Validity
            Not Before: Jan  1 12:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9fce4dce39244c6be321a6ff7a17c0db968a93d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d1:3e:b5:f9:52:d9:1b:06:64:d6:9b:5a:8c:
                    47:2c:fb:74:1e:b1:5d:0e:1f:7c:ce:52:72:34:19:
                    04:f4:19:c5:46:75:8e:21:41:aa:bc:88:d9:ca:f6:
                    d0:34:8b:2d:14:d2:2b:8e:10:db:7f:53:8f:31:31:
                    3e:75:4a:d7:77:b5:26:07:e5:a7:0a:e7:78:70:6a:
                    c6:00:d0:50:ef:84:b6:c7:52:34:eb:54:7f:9f:9d:
                    dd:d3:77:79:22:e7:63:3e:13:2f:b4:d3:4f:cf:ba:
                    7e:9a:e2:d3:f5:3e:62:49:27:89:96:07:a3:a4:a5:
                    73:69:83:1d:b5:91:c9:6e:c0:9b:89:db:78:40:13:
                    dc:09:3f:b4:6e:11:9e:16:f3:b2:c7:72:6e:75:e5:
                    ef:5e:1f:d3:0e:e0:0a:65:4f:16:c9:8f:4b:db:ba:
                    29:8f:62:bf:12:aa:6b:05:6c:23:1d:c1:35:9f:6d:
                    1b:f1:02:9b:91:8d:0e:f0:d2:44:c8:0f:5b:80:8b:
                    2a:cc:1b:99:8b:5d:09:5d:39:1e:ce:05:5b:41:47:
                    33:8b:ae:84:27:0b:27:eb:5a:6c:a0:9f:e9:36:ce:
                    b4:a8:44:a9:20:4c:68:4f:b1:a5:4a:1c:f4:5d:3a:
                    ef:e1:86:76:79:97:1c:2d:76:de:00:ab:95:b4:f8:
                    f6:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:FC:E4:DC:E3:92:44:C6:BE:32:1A:6F:F7:A1:7C:0D:B9:68:A9:3D
            X509v3 Authority Key Identifier:
                keyid:EA:E2:65:31:79:CA:FE:5F:F6:65:1C:60:58:B6:7A:D2:D2:C8:48:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6uJlMXnK_l_2ZRxgWLZ60tLISF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/1-fzk3OOSRMa-Mhpv96F8DbloqT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/6uJlMXnK_l_2ZRxgWLZ60tLISF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.242.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:57:7f:02:95:f1:20:35:a2:9d:d1:b9:e2:30:de:4a:f0:bb:
         c3:a7:14:fa:ea:8c:c7:2b:5e:45:d2:9d:01:e9:ca:fd:69:58:
         9b:a3:ce:cb:99:d9:24:c3:84:88:8c:fb:1e:dd:7c:e9:32:ca:
         17:9f:91:39:74:92:5f:7b:8c:c1:6f:24:d3:ed:f5:94:ab:18:
         70:ef:7b:cd:ce:7e:70:11:a7:50:14:45:36:f6:09:a0:94:f0:
         a7:12:0b:e0:19:e0:82:84:7c:c8:47:64:33:74:e6:1c:e9:ea:
         98:41:50:de:30:f0:18:b9:07:73:e5:c8:7b:d0:73:b5:68:a4:
         f5:72:e5:01:5b:af:b3:42:5a:95:b6:9f:17:23:84:a7:1a:85:
         d9:f9:06:48:76:b2:b3:4b:d9:f4:73:13:be:f9:99:76:16:d6:
         38:af:a2:2c:8e:d0:37:db:f2:e0:a6:b7:45:da:c6:cc:3d:16:
         a0:4a:e7:51:a4:d1:a9:f1:73:eb:e0:b8:04:f2:c0:0d:bf:5d:
         18:b0:cf:ec:15:d6:f1:95:eb:94:d7:03:e1:26:9a:61:2e:73:
         f1:e8:80:77:1d:93:52:66:b1:76:76:8e:9f:d9:61:ff:ce:e2:
         93:95:c9:67:6c:0c:e4:e3:6d:30:0c:ba:1c:d0:b1:eb:78:70:
         ca:5e:6c:71
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAUhWOHk6PO9qSqb5FE+cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhZTI2NTMxNzljYWZlNWZmNjY1MWM2MDU4YjY3YWQyZDJj
ODQ4NWUwHhcNMjQwMTAxMTIzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWZjZTRkY2UzOTI0NGM2YmUzMjFhNmZmN2ExN2MwZGI5NjhhOTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9E+tflS2RsGZNabWoxHLPt0HrFd
Dh98zlJyNBkE9BnFRnWOIUGqvIjZyvbQNIstFNIrjhDbf1OPMTE+dUrXd7UmB+Wn
Cud4cGrGANBQ74S2x1I061R/n53d03d5IudjPhMvtNNPz7p+muLT9T5iSSeJlgej
pKVzaYMdtZHJbsCbidt4QBPcCT+0bhGeFvOyx3JudeXvXh/TDuAKZU8WyY9L27op
j2K/EqprBWwjHcE1n20b8QKbkY0O8NJEyA9bgIsqzBuZi10JXTkezgVbQUczi66E
Jwsn61psoJ/pNs60qESpIExoT7GlShz0XTrv4YZ2eZccLXbeAKuVtPj2mQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPn85NzjkkTGvjIab/ehfA25aKk9MB8GA1UdIwQY
MBaAFOriZTF5yv5f9mUcYFi2etLSyEheMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnVKbE1YbktfbF8yWlJ4Z1dMWjYwdExJU0Y0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8xOWU5YzUtODJlMi00MzhiLWEwZTkt
OTkyZDc5N2Y0YmJiLzEvMS1memszT09TUk1hLU1ocHY5NkY4RGJsb3FUMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTQvMTllOWM1LTgyZTItNDM4Yi1hMGU5LTk5MmQ3OTdmNGJi
Yi8xLzZ1SmxNWG5LX2xfMlpSeGdXTFo2MHRMSVNGNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcPyADAN
BgkqhkiG9w0BAQsFAAOCAQEAXld/ApXxIDWindG54jDeSvC7w6cU+uqMxyteRdKd
AenK/WlYm6POy5nZJMOEiIz7Ht186TLKF5+ROXSSX3uMwW8k0+31lKsYcO97zc5+
cBGnUBRFNvYJoJTwpxIL4BnggoR8yEdkM3TmHOnqmEFQ3jDwGLkHc+XIe9BztWik
9XLlAVuvs0JalbafFyOEpxqF2fkGSHays0vZ9HMTvvmZdhbWOK+iLI7QN9vy4Ka3
RdrGzD0WoErnUaTRqfFz6+C4BPLADb9dGLDP7BXW8ZXrlNcD4SaaYS5z8eiAdx2T
UmaxdnaOn9lh/87ik5XJZ2wM5ONtMAy6HNCx63hwyl5scQ==
-----END CERTIFICATE-----