Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/9a72e0-fb9c-4e72-af34-dc48cecd1545/1/Fy9SuUzYZU7MaDvs0nH00Ox__bI.roa
File:                     Fy9SuUzYZU7MaDvs0nH00Ox__bI.roa (raw, json)
Hash identifier:          qSyCvNxke6VSbyNL0a0BfGttuKsChRrijCw/8GYzRsc=
Subject key identifier:   17:2F:52:B9:4C:D8:65:4E:CC:68:3B:EC:D2:71:F4:D0:EC:7F:FD:B2
Certificate issuer:       /CN=b3a4714a695c63cf2e9c4adea6171827d866e298
Certificate serial:       018CC86FA311EBB36D1BC8AF4402F36DE8C3
Authority key identifier: B3:A4:71:4A:69:5C:63:CF:2E:9C:4A:DE:A6:17:18:27:D8:66:E2:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s6RxSmlcY88unErephcYJ9hm4pg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/9a72e0-fb9c-4e72-af34-dc48cecd1545/1/Fy9SuUzYZU7MaDvs0nH00Ox__bI.roa
Signing time:             Tue 02 Jan 2024 04:30:08 +0000
ROA not before:           Tue 02 Jan 2024 04:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212818
IP address blocks:        195.177.215.0/24 maxlen: 24
                          195.177.214.0/24 maxlen: 24
                          195.177.214.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/9a72e0-fb9c-4e72-af34-dc48cecd1545/1/s6RxSmlcY88unErephcYJ9hm4pg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/9a72e0-fb9c-4e72-af34-dc48cecd1545/1/s6RxSmlcY88unErephcYJ9hm4pg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s6RxSmlcY88unErephcYJ9hm4pg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Nov 2024 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:a3:11:eb:b3:6d:1b:c8:af:44:02:f3:6d:e8:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3a4714a695c63cf2e9c4adea6171827d866e298
        Validity
            Not Before: Jan  2 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=172f52b94cd8654ecc683becd271f4d0ec7ffdb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a7:6c:38:40:dd:7b:08:51:4d:2e:69:20:87:
                    8a:fa:fa:11:d8:b7:2c:1c:2a:43:6d:d5:e0:93:7b:
                    8e:94:c0:31:61:86:28:bc:a0:e9:51:be:5f:1a:0e:
                    87:9d:79:3e:73:f4:d0:00:4e:3b:3c:53:1e:d1:24:
                    b2:6a:b7:76:f5:b6:99:9d:74:14:10:8c:77:51:f3:
                    2d:f2:3d:69:e4:44:a7:a4:ff:7b:16:cc:31:8b:78:
                    a5:68:78:08:d8:9a:f7:ea:e0:30:40:20:f1:3d:13:
                    08:ba:ba:37:2a:ab:c7:35:b7:61:e0:37:f2:84:62:
                    55:fd:93:06:6e:e3:f4:ef:ae:19:59:53:ca:3f:91:
                    0d:41:3f:06:44:2d:88:35:7e:ed:f9:f9:cd:0c:2e:
                    41:c0:d1:a8:29:8d:af:0c:41:7e:1b:da:9a:ee:ce:
                    09:83:db:74:0e:b7:59:69:eb:c0:bf:fd:c5:0b:96:
                    c2:e4:34:ac:28:d1:d6:1b:ff:fa:b6:ee:7b:7d:10:
                    90:98:24:e1:9f:c0:6a:90:1a:35:3f:af:4a:6e:85:
                    b8:4a:58:03:e4:ed:81:02:8a:36:01:94:0c:a7:ed:
                    04:8f:1a:8a:25:8b:c3:9f:ef:1f:43:1e:03:ac:0d:
                    9b:f0:34:bc:06:ea:70:a0:96:49:8b:37:8e:53:e8:
                    aa:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:2F:52:B9:4C:D8:65:4E:CC:68:3B:EC:D2:71:F4:D0:EC:7F:FD:B2
            X509v3 Authority Key Identifier:
                keyid:B3:A4:71:4A:69:5C:63:CF:2E:9C:4A:DE:A6:17:18:27:D8:66:E2:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s6RxSmlcY88unErephcYJ9hm4pg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/9a72e0-fb9c-4e72-af34-dc48cecd1545/1/Fy9SuUzYZU7MaDvs0nH00Ox__bI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/9a72e0-fb9c-4e72-af34-dc48cecd1545/1/s6RxSmlcY88unErephcYJ9hm4pg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.177.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:b6:ca:01:77:89:49:2f:5e:3e:c9:d4:f5:d4:84:21:24:b4:
         23:02:28:31:01:a1:a8:78:5b:75:6c:2c:a5:4b:36:57:ac:2e:
         e2:e8:11:dc:a2:e0:be:d9:a7:fd:57:d3:0d:9e:30:60:12:a8:
         8d:ed:e5:5c:2b:9f:96:2f:24:75:ca:71:f7:43:69:06:27:f1:
         d9:fc:ad:36:d3:ac:95:e3:8e:d6:2c:b0:e7:a6:79:27:6f:51:
         58:5a:fe:68:73:76:23:75:44:15:8e:dc:88:43:8b:ef:dc:ac:
         b6:4b:fc:f1:dd:fb:97:c5:68:e7:b8:12:ce:d0:f7:ec:26:7e:
         95:62:ed:fd:cb:3a:43:a5:34:4e:6f:2a:43:f8:9f:0a:b2:62:
         26:59:4a:1e:06:82:34:d0:fc:10:e8:91:9b:06:d8:ef:91:5c:
         04:0e:87:c2:29:36:6d:2e:e5:c8:68:ca:4f:0b:ac:f6:4c:bd:
         4a:32:c5:20:63:8f:2b:b9:b3:2c:24:f1:10:53:e5:22:1f:4b:
         1a:83:a1:ef:79:af:26:3f:86:2a:26:0f:cf:24:b4:4b:d7:4c:
         d6:c4:35:e4:7c:c8:93:93:a2:02:07:06:6a:32:4c:8c:a4:70:
         87:86:ae:a4:18:57:b0:f2:13:dd:27:e1:a0:d6:ea:4e:ac:e5:
         3d:d7:e9:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb6MR67NtG8ivRALzbejDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYTQ3MTRhNjk1YzYzY2YyZTljNGFkZWE2MTcxODI3ZDg2
NmUyOTgwHhcNMjQwMTAyMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzJmNTJiOTRjZDg2NTRlY2M2ODNiZWNkMjcxZjRkMGVjN2ZmZGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqdsOEDdewhRTS5pIIeK+voR2Lcs
HCpDbdXgk3uOlMAxYYYovKDpUb5fGg6HnXk+c/TQAE47PFMe0SSyard29baZnXQU
EIx3UfMt8j1p5ESnpP97Fswxi3ilaHgI2Jr36uAwQCDxPRMIuro3KqvHNbdh4Dfy
hGJV/ZMGbuP0764ZWVPKP5ENQT8GRC2INX7t+fnNDC5BwNGoKY2vDEF+G9qa7s4J
g9t0DrdZaevAv/3FC5bC5DSsKNHWG//6tu57fRCQmCThn8BqkBo1P69KboW4SlgD
5O2BAoo2AZQMp+0EjxqKJYvDn+8fQx4DrA2b8DS8BupwoJZJizeOU+iqnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcvUrlM2GVOzGg77NJx9NDsf/2yMB8GA1UdIwQY
MBaAFLOkcUppXGPPLpxK3qYXGCfYZuKYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczZSeFNtbGNZODh1bkVyZXBoY1lKOWhtNHBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy85YTcyZTAtZmI5Yy00ZTcyLWFmMzQt
ZGM0OGNlY2QxNTQ1LzEvRnk5U3VVellaVTdNYUR2czBuSDAwT3hfX2JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy85YTcyZTAtZmI5Yy00ZTcyLWFmMzQtZGM0OGNlY2QxNTQ1
LzEvczZSeFNtbGNZODh1bkVyZXBoY1lKOWhtNHBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7HWMA0G
CSqGSIb3DQEBCwUAA4IBAQAwtsoBd4lJL14+ydT11IQhJLQjAigxAaGoeFt1bCyl
SzZXrC7i6BHcouC+2af9V9MNnjBgEqiN7eVcK5+WLyR1ynH3Q2kGJ/HZ/K0206yV
447WLLDnpnknb1FYWv5oc3YjdUQVjtyIQ4vv3Ky2S/zx3fuXxWjnuBLO0PfsJn6V
Yu39yzpDpTRObypD+J8KsmImWUoeBoI00PwQ6JGbBtjvkVwEDofCKTZtLuXIaMpP
C6z2TL1KMsUgY48rubMsJPEQU+UiH0sag6Hvea8mP4YqJg/PJLRL10zWxDXkfMiT
k6ICBwZqMkyMpHCHhq6kGFew8hPdJ+Gg1upOrOU91+le
-----END CERTIFICATE-----