Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/b0c875-24e1-444d-b01d-5408f8d9dfb1/1/P7Stq8axPaCJnPn9Iw7gt7fT8D0.roa
File:                     P7Stq8axPaCJnPn9Iw7gt7fT8D0.roa (raw, json)
Hash identifier:          201uvW25zFb5pa+ncKr3m83sc87fazP73y7ZBlJ6V9U=
Subject key identifier:   3F:B4:AD:AB:C6:B1:3D:A0:89:9C:F9:FD:23:0E:E0:B7:B7:D3:F0:3D
Certificate issuer:       /CN=6cff3d899e26fc84fb4379fb325f174b5075ce0d
Certificate serial:       018CC80156B8FC49D933726F25A2CC8511E3
Authority key identifier: 6C:FF:3D:89:9E:26:FC:84:FB:43:79:FB:32:5F:17:4B:50:75:CE:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bP89iZ4m_IT7Q3n7Ml8XS1B1zg0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/b0c875-24e1-444d-b01d-5408f8d9dfb1/1/P7Stq8axPaCJnPn9Iw7gt7fT8D0.roa
Signing time:             Tue 02 Jan 2024 02:29:40 +0000
ROA not before:           Tue 02 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29317
IP address blocks:        195.137.210.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/b0c875-24e1-444d-b01d-5408f8d9dfb1/1/bP89iZ4m_IT7Q3n7Ml8XS1B1zg0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/b0c875-24e1-444d-b01d-5408f8d9dfb1/1/bP89iZ4m_IT7Q3n7Ml8XS1B1zg0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bP89iZ4m_IT7Q3n7Ml8XS1B1zg0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:56:b8:fc:49:d9:33:72:6f:25:a2:cc:85:11:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cff3d899e26fc84fb4379fb325f174b5075ce0d
        Validity
            Not Before: Jan  2 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fb4adabc6b13da0899cf9fd230ee0b7b7d3f03d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:1b:c6:5a:d6:42:26:69:72:87:ff:c0:7d:f1:
                    a4:12:59:b0:9a:30:ea:f3:3e:39:ff:c4:a3:97:c7:
                    96:a1:3b:a0:4e:f8:6e:f6:80:e5:67:d9:65:11:a9:
                    3d:c4:f0:74:46:53:2b:5a:42:4c:38:8c:71:a6:89:
                    b6:26:6e:14:30:36:fe:f3:f4:ba:dd:f7:f5:29:4f:
                    a9:72:83:33:ae:2d:30:58:4b:a5:56:07:34:d4:ea:
                    95:00:78:a2:52:39:b9:a2:41:52:63:d5:83:77:47:
                    2c:d0:16:44:96:91:76:0c:82:bf:9b:b4:28:93:29:
                    d5:82:6c:f7:53:de:ea:0a:b2:72:a9:cb:94:75:4d:
                    77:f2:93:be:26:af:a5:d4:e9:1d:ee:a9:d3:19:a5:
                    c4:0f:6e:d7:f6:17:4d:50:b2:43:e0:47:4f:a2:7d:
                    78:b1:b5:3c:ec:fe:6e:dd:3c:ba:78:e8:53:52:12:
                    fd:83:0d:b1:7b:c9:6e:7d:cc:82:b5:b1:67:04:1f:
                    60:fa:b8:82:da:d0:84:c9:de:d7:bf:98:d3:b5:43:
                    17:bd:22:ab:2e:b8:5c:fc:6e:03:f4:1e:de:92:81:
                    b3:57:b6:0f:26:8e:07:e1:fc:b5:21:a7:17:02:8b:
                    6a:3b:56:dd:3d:aa:98:ac:7e:4c:f0:fd:92:3f:ec:
                    69:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:B4:AD:AB:C6:B1:3D:A0:89:9C:F9:FD:23:0E:E0:B7:B7:D3:F0:3D
            X509v3 Authority Key Identifier:
                keyid:6C:FF:3D:89:9E:26:FC:84:FB:43:79:FB:32:5F:17:4B:50:75:CE:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bP89iZ4m_IT7Q3n7Ml8XS1B1zg0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/b0c875-24e1-444d-b01d-5408f8d9dfb1/1/P7Stq8axPaCJnPn9Iw7gt7fT8D0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/b0c875-24e1-444d-b01d-5408f8d9dfb1/1/bP89iZ4m_IT7Q3n7Ml8XS1B1zg0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:91:a2:4d:ae:97:e0:7e:2c:24:98:31:f7:3b:93:c0:6f:da:
         18:bd:bc:9c:85:70:14:4f:1c:d2:ad:ae:45:48:48:26:8c:47:
         dc:e4:51:06:e3:39:be:10:97:61:b5:97:73:23:39:8b:a1:e9:
         a6:16:4f:e2:97:d5:52:37:1e:38:29:0e:9f:7a:21:54:67:40:
         a9:29:a6:b3:5a:f6:a5:2e:6d:61:c2:77:f2:09:94:cd:44:d3:
         b8:52:f0:8b:3b:73:50:5a:70:a3:56:c8:66:ce:f0:b2:95:ae:
         87:93:5f:9f:3c:4c:c1:06:26:5f:c1:e6:97:8b:a7:30:83:bf:
         94:e2:7a:20:9a:c3:e2:d2:9d:8b:28:28:07:db:9f:99:34:61:
         90:24:13:84:90:72:70:aa:35:f7:84:bf:89:50:a7:fe:15:c8:
         76:2f:7d:82:7a:fd:42:aa:ae:1e:a8:c9:90:65:d7:68:65:ee:
         c5:d5:8f:8a:45:a4:5c:07:87:a7:4b:e8:70:0d:c3:55:bb:45:
         0f:b0:18:9c:bc:a3:99:4c:00:ae:22:53:4b:3f:72:dd:a1:98:
         5b:17:b2:48:8c:7e:13:d8:67:9e:96:40:05:88:1b:14:f3:2f:
         12:e6:3c:43:9c:00:ca:42:15:91:32:9d:6b:e6:eb:34:25:14:
         7f:72:47:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVa4/EnZM3JvJaLMhRHjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZmYzZDg5OWUyNmZjODRmYjQzNzlmYjMyNWYxNzRiNTA3
NWNlMGQwHhcNMjQwMTAyMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmI0YWRhYmM2YjEzZGEwODk5Y2Y5ZmQyMzBlZTBiN2I3ZDNmMDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBvGWtZCJmlyh//AffGkElmwmjDq
8z45/8Sjl8eWoTugTvhu9oDlZ9llEak9xPB0RlMrWkJMOIxxpom2Jm4UMDb+8/S6
3ff1KU+pcoMzri0wWEulVgc01OqVAHiiUjm5okFSY9WDd0cs0BZElpF2DIK/m7Qo
kynVgmz3U97qCrJyqcuUdU138pO+Jq+l1Okd7qnTGaXED27X9hdNULJD4EdPon14
sbU87P5u3Ty6eOhTUhL9gw2xe8lufcyCtbFnBB9g+riC2tCEyd7Xv5jTtUMXvSKr
Lrhc/G4D9B7ekoGzV7YPJo4H4fy1IacXAotqO1bdPaqYrH5M8P2SP+xpuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+0ravGsT2giZz5/SMO4Le30/A9MB8GA1UdIwQY
MBaAFGz/PYmeJvyE+0N5+zJfF0tQdc4NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlA4OWlaNG1fSVQ3UTNuN01sOFhTMUIxemcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9iMGM4NzUtMjRlMS00NDRkLWIwMWQt
NTQwOGY4ZDlkZmIxLzEvUDdTdHE4YXhQYUNKblBuOUl3N2d0N2ZUOEQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9iMGM4NzUtMjRlMS00NDRkLWIwMWQtNTQwOGY4ZDlkZmIx
LzEvYlA4OWlaNG1fSVQ3UTNuN01sOFhTMUIxemcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw4nSMA0G
CSqGSIb3DQEBCwUAA4IBAQB2kaJNrpfgfiwkmDH3O5PAb9oYvbychXAUTxzSra5F
SEgmjEfc5FEG4zm+EJdhtZdzIzmLoemmFk/il9VSNx44KQ6feiFUZ0CpKaazWval
Lm1hwnfyCZTNRNO4UvCLO3NQWnCjVshmzvCyla6Hk1+fPEzBBiZfweaXi6cwg7+U
4nogmsPi0p2LKCgH25+ZNGGQJBOEkHJwqjX3hL+JUKf+Fch2L32Cev1Cqq4eqMmQ
ZddoZe7F1Y+KRaRcB4enS+hwDcNVu0UPsBicvKOZTACuIlNLP3LdoZhbF7JIjH4T
2GeelkAFiBsU8y8S5jxDnADKQhWRMp1r5us0JRR/ckeR
-----END CERTIFICATE-----