Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/dF91LjnrDFR4gLZY7oQHScGf6OY.roa
File:                     dF91LjnrDFR4gLZY7oQHScGf6OY.roa (raw, json)
Hash identifier:          Wztyzkc50Y3J1UFNLTe43PrM4JOAp84pztKoBruFsfg=
Subject key identifier:   74:5F:75:2E:39:EB:0C:54:78:80:B6:58:EE:84:07:49:C1:9F:E8:E6
Certificate issuer:       /CN=490b21f79b9ea2f3d042374714867d12401995db
Certificate serial:       018EC8237BFC07E522E6A717649010F541B4
Authority key identifier: 49:0B:21:F7:9B:9E:A2:F3:D0:42:37:47:14:86:7D:12:40:19:95:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/dF91LjnrDFR4gLZY7oQHScGf6OY.roa
Signing time:             Wed 10 Apr 2024 13:12:32 +0000
ROA not before:           Wed 10 Apr 2024 13:12:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215742
IP address blocks:        195.184.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c8:23:7b:fc:07:e5:22:e6:a7:17:64:90:10:f5:41:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=490b21f79b9ea2f3d042374714867d12401995db
        Validity
            Not Before: Apr 10 13:12:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=745f752e39eb0c547880b658ee840749c19fe8e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ea:a9:8f:92:84:cc:9c:0b:87:74:bd:fd:d6:
                    cb:a8:9c:79:ad:9c:98:3b:01:93:7b:9e:d5:c2:32:
                    ef:79:ca:31:36:df:63:e7:56:80:6d:31:93:22:17:
                    ef:bd:12:9d:a0:43:a7:96:98:26:65:47:17:12:b6:
                    ac:e3:90:23:aa:ef:7d:d4:de:58:ef:de:58:69:51:
                    92:47:f2:fc:3a:26:61:23:66:23:ab:9a:b0:39:76:
                    ad:66:30:f7:fa:cd:f1:00:78:2a:85:86:1a:65:6c:
                    5e:25:27:b9:c4:ca:4d:e5:33:72:bb:9a:4c:e3:90:
                    d5:4c:0f:74:50:14:5e:fa:a4:c7:a2:69:a7:bd:54:
                    e7:21:2e:b2:c3:fb:d3:d3:fc:25:26:65:28:9f:da:
                    52:5a:82:40:9e:47:86:f4:f1:5c:fb:19:3b:25:af:
                    22:f4:4c:af:4e:12:8a:26:32:f2:b2:97:3c:2c:9b:
                    9e:6c:8a:ca:55:7e:eb:d9:24:02:0a:52:fd:3d:f1:
                    03:46:7e:a0:bf:29:66:e9:ae:b7:a7:47:04:4a:71:
                    33:72:06:93:cf:2e:be:b0:00:b8:fa:e3:fc:7a:7c:
                    4f:22:fa:ac:bd:c2:40:69:c5:ec:91:22:4b:28:56:
                    76:10:04:b2:c5:24:53:5f:2b:ea:fd:ba:81:91:e8:
                    9a:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:5F:75:2E:39:EB:0C:54:78:80:B6:58:EE:84:07:49:C1:9F:E8:E6
            X509v3 Authority Key Identifier:
                keyid:49:0B:21:F7:9B:9E:A2:F3:D0:42:37:47:14:86:7D:12:40:19:95:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/dF91LjnrDFR4gLZY7oQHScGf6OY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.184.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:0b:fe:f4:fd:3d:2d:a9:f1:ec:a9:9b:8d:80:2d:0c:fb:88:
         be:a7:07:55:20:0e:64:95:34:42:ce:2a:93:5b:1c:f8:4a:89:
         88:2a:fc:b2:3d:f6:fe:a8:3a:63:53:8c:02:9b:64:b4:10:65:
         78:6c:07:17:36:49:d6:49:4a:96:e2:43:9b:54:ab:08:70:65:
         84:6a:7d:f4:69:40:d7:ba:ce:5d:43:c5:7b:f2:48:9c:5e:cb:
         44:3c:c6:c9:71:8f:0d:54:45:7b:c8:1a:a8:2a:f0:c4:4e:e4:
         19:cb:5c:e1:02:03:2c:74:dc:ef:e2:c1:71:de:1c:cf:97:f8:
         be:80:56:9e:79:df:6a:ac:4f:fd:39:7e:d5:6e:14:4e:5b:8a:
         1f:00:31:40:c6:17:41:97:51:ba:40:4c:14:ac:2e:59:c9:44:
         02:90:1a:19:23:10:f1:6b:75:e4:9a:bf:a6:6c:c2:d0:cb:30:
         30:f0:ac:8e:d9:e7:0d:d6:77:6f:a8:a8:39:9b:c1:15:6b:5e:
         33:8b:68:1d:6c:af:2f:ea:c3:06:09:ac:55:bd:f0:00:68:7c:
         5d:23:0a:a8:16:ea:84:18:3e:82:53:21:04:35:a9:85:d0:31:
         55:f4:d7:f6:15:cd:87:b5:cc:35:78:1f:4a:43:80:09:d0:4f:
         0c:4c:c5:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7II3v8B+Ui5qcXZJAQ9UG0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MGIyMWY3OWI5ZWEyZjNkMDQyMzc0NzE0ODY3ZDEyNDAx
OTk1ZGIwHhcNMjQwNDEwMTMxMjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDVmNzUyZTM5ZWIwYzU0Nzg4MGI2NThlZTg0MDc0OWMxOWZlOGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluqpj5KEzJwLh3S9/dbLqJx5rZyY
OwGTe57VwjLvecoxNt9j51aAbTGTIhfvvRKdoEOnlpgmZUcXEras45Ajqu991N5Y
795YaVGSR/L8OiZhI2Yjq5qwOXatZjD3+s3xAHgqhYYaZWxeJSe5xMpN5TNyu5pM
45DVTA90UBRe+qTHommnvVTnIS6yw/vT0/wlJmUon9pSWoJAnkeG9PFc+xk7Ja8i
9EyvThKKJjLyspc8LJuebIrKVX7r2SQCClL9PfEDRn6gvylm6a63p0cESnEzcgaT
zy6+sAC4+uP8enxPIvqsvcJAacXskSJLKFZ2EASyxSRTXyvq/bqBkeiaSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHRfdS456wxUeIC2WO6EB0nBn+jmMB8GA1UdIwQY
MBaAFEkLIfebnqLz0EI3RxSGfRJAGZXbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1FzaDk1dWVvdlBRUWpkSEZJWjlFa0FabGRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9lMTAxNjUtYjRjZC00MzIxLWJmM2Mt
NDgwYzMyZjQwMGUxLzEvZEY5MUxqbnJERlI0Z0xaWTdvUUhTY0dmNk9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9lMTAxNjUtYjRjZC00MzIxLWJmM2MtNDgwYzMyZjQwMGUx
LzEvU1FzaDk1dWVvdlBRUWpkSEZJWjlFa0FabGRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7juMA0G
CSqGSIb3DQEBCwUAA4IBAQAcC/70/T0tqfHsqZuNgC0M+4i+pwdVIA5klTRCziqT
Wxz4SomIKvyyPfb+qDpjU4wCm2S0EGV4bAcXNknWSUqW4kObVKsIcGWEan30aUDX
us5dQ8V78kicXstEPMbJcY8NVEV7yBqoKvDETuQZy1zhAgMsdNzv4sFx3hzPl/i+
gFaeed9qrE/9OX7VbhROW4ofADFAxhdBl1G6QEwUrC5ZyUQCkBoZIxDxa3Xkmr+m
bMLQyzAw8KyO2ecN1ndvqKg5m8EVa14zi2gdbK8v6sMGCaxVvfAAaHxdIwqoFuqE
GD6CUyEENamF0DFV9Nf2Fc2Htcw1eB9KQ4AJ0E8MTMWq
-----END CERTIFICATE-----