Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/f503d7-1fb6-4370-b44f-44a41a93113e/1/a5sndIa6q1MWjCv6c0Hx0qw5SH4.roa
File:                     a5sndIa6q1MWjCv6c0Hx0qw5SH4.roa (raw, json)
Hash identifier:          RH61QgBl/yDVDS1E1Gs5fg/X4mgGQP8802e2+m+iEKY=
Subject key identifier:   6B:9B:27:74:86:BA:AB:53:16:8C:2B:FA:73:41:F1:D2:AC:39:48:7E
Certificate issuer:       /CN=237d97f1508e7a447899f59a55fb8aa6241ef510
Certificate serial:       018F871E0C62A05CCBBB534A0140C69E7947
Authority key identifier: 23:7D:97:F1:50:8E:7A:44:78:99:F5:9A:55:FB:8A:A6:24:1E:F5:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I32X8VCOekR4mfWaVfuKpiQe9RA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/f503d7-1fb6-4370-b44f-44a41a93113e/1/a5sndIa6q1MWjCv6c0Hx0qw5SH4.roa
Signing time:             Fri 17 May 2024 15:14:04 +0000
ROA not before:           Fri 17 May 2024 15:14:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48347
IP address blocks:        195.47.196.0/24 maxlen: 24
                          195.85.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/f503d7-1fb6-4370-b44f-44a41a93113e/1/I32X8VCOekR4mfWaVfuKpiQe9RA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/f503d7-1fb6-4370-b44f-44a41a93113e/1/I32X8VCOekR4mfWaVfuKpiQe9RA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I32X8VCOekR4mfWaVfuKpiQe9RA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 06:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:87:1e:0c:62:a0:5c:cb:bb:53:4a:01:40:c6:9e:79:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=237d97f1508e7a447899f59a55fb8aa6241ef510
        Validity
            Not Before: May 17 15:14:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b9b277486baab53168c2bfa7341f1d2ac39487e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d4:25:b6:b0:e5:8c:7d:54:78:2c:d2:67:c5:
                    1c:24:aa:61:02:d3:b0:a0:62:a2:11:74:b3:22:34:
                    f3:3d:01:38:a8:70:4b:f4:44:e4:ad:9a:37:02:bd:
                    08:12:77:6f:2d:f4:35:d4:5b:34:93:c1:9f:b0:a9:
                    72:71:b1:28:01:d1:2a:54:73:5c:80:fb:b7:7a:b4:
                    a5:94:f4:66:0b:c4:77:a3:7e:54:13:8e:00:1c:fa:
                    b6:1f:72:32:60:4f:da:73:d8:ca:b2:5d:4b:6f:63:
                    d5:6f:19:ae:cf:ed:94:ea:ea:41:f4:2b:d8:11:01:
                    59:59:6b:ac:3a:d5:45:e8:10:c0:49:f9:52:d3:b0:
                    51:44:05:af:ff:84:d8:55:9f:5b:69:fd:fd:59:28:
                    05:4a:8b:10:59:40:ed:1b:8f:8f:1e:d6:8c:91:61:
                    f3:a4:75:32:9d:f3:02:01:4d:d8:f6:68:cb:b0:51:
                    4a:c2:36:03:ab:3e:fd:d1:8b:62:ae:fb:3b:8a:8b:
                    b2:c4:cf:32:68:98:82:0b:1e:c9:0c:19:a4:87:aa:
                    7f:2f:13:12:6a:82:29:6b:66:dd:43:1d:6d:08:81:
                    f8:af:b7:30:3e:95:7f:0d:68:8d:11:b0:48:75:5d:
                    e4:16:f2:a1:f0:5e:ee:58:60:c5:59:6e:b3:6b:b6:
                    b5:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:9B:27:74:86:BA:AB:53:16:8C:2B:FA:73:41:F1:D2:AC:39:48:7E
            X509v3 Authority Key Identifier:
                keyid:23:7D:97:F1:50:8E:7A:44:78:99:F5:9A:55:FB:8A:A6:24:1E:F5:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I32X8VCOekR4mfWaVfuKpiQe9RA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/f503d7-1fb6-4370-b44f-44a41a93113e/1/a5sndIa6q1MWjCv6c0Hx0qw5SH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/f503d7-1fb6-4370-b44f-44a41a93113e/1/I32X8VCOekR4mfWaVfuKpiQe9RA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.47.196.0/24
                  195.85.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:20:01:df:2e:ef:e1:90:49:45:af:20:ef:12:cc:62:bf:b4:
         3d:b5:58:48:01:f0:bd:bc:20:7e:b7:fa:25:4d:5b:b5:99:1b:
         b7:2b:64:4d:c9:b2:70:21:fc:65:bc:81:2e:22:63:99:d2:23:
         da:9a:5a:ca:c9:be:c0:a0:f1:ec:e2:29:a3:26:75:f5:98:07:
         62:92:4e:13:4c:30:6f:77:f2:67:a2:b7:ff:4d:fc:ea:fe:4c:
         70:8d:14:88:70:a6:f7:49:6f:a8:8f:38:cc:b2:a8:6e:b0:32:
         6c:e9:43:76:0f:1f:85:b9:0b:26:cc:9e:28:d4:ec:90:14:4d:
         93:a6:45:01:ba:95:68:ae:d6:11:a8:7e:cc:f4:5c:c3:70:a9:
         a8:1c:bc:3e:d6:1a:49:5b:b9:75:b3:a9:81:e3:76:09:06:05:
         4d:71:da:cc:a7:57:89:fc:46:6f:08:f2:52:91:cf:f3:cd:18:
         82:8c:ca:fe:d1:52:1f:11:e9:6b:da:7f:bf:5c:81:9b:63:0e:
         f5:fd:5c:37:35:54:13:cf:6e:78:4f:99:e2:ad:03:c3:0a:3c:
         dd:61:fc:ce:63:c9:dd:d9:55:df:3f:a2:93:7a:ec:60:7c:36:
         80:7b:1d:1b:32:41:2c:60:68:f5:c1:42:17:46:9e:a3:84:f6:
         6d:ee:2b:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+HHgxioFzLu1NKAUDGnnlHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzN2Q5N2YxNTA4ZTdhNDQ3ODk5ZjU5YTU1ZmI4YWE2MjQx
ZWY1MTAwHhcNMjQwNTE3MTUxNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjliMjc3NDg2YmFhYjUzMTY4YzJiZmE3MzQxZjFkMmFjMzk0ODdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNQltrDljH1UeCzSZ8UcJKphAtOw
oGKiEXSzIjTzPQE4qHBL9ETkrZo3Ar0IEndvLfQ11Fs0k8GfsKlycbEoAdEqVHNc
gPu3erSllPRmC8R3o35UE44AHPq2H3IyYE/ac9jKsl1Lb2PVbxmuz+2U6upB9CvY
EQFZWWusOtVF6BDASflS07BRRAWv/4TYVZ9baf39WSgFSosQWUDtG4+PHtaMkWHz
pHUynfMCAU3Y9mjLsFFKwjYDqz790Ytirvs7iouyxM8yaJiCCx7JDBmkh6p/LxMS
aoIpa2bdQx1tCIH4r7cwPpV/DWiNEbBIdV3kFvKh8F7uWGDFWW6za7a1IwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGubJ3SGuqtTFowr+nNB8dKsOUh+MB8GA1UdIwQY
MBaAFCN9l/FQjnpEeJn1mlX7iqYkHvUQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTMyWDhWQ09la1I0bWZXYVZmdUtwaVFlOVJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9mNTAzZDctMWZiNi00MzcwLWI0NGYt
NDRhNDFhOTMxMTNlLzEvYTVzbmRJYTZxMU1XakN2NmMwSHgwcXc1U0g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9mNTAzZDctMWZiNi00MzcwLWI0NGYtNDRhNDFhOTMxMTNl
LzEvSTMyWDhWQ09la1I0bWZXYVZmdUtwaVFlOVJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwy/EAwQA
w1XnMA0GCSqGSIb3DQEBCwUAA4IBAQCxIAHfLu/hkElFryDvEsxiv7Q9tVhIAfC9
vCB+t/olTVu1mRu3K2RNybJwIfxlvIEuImOZ0iPamlrKyb7AoPHs4imjJnX1mAdi
kk4TTDBvd/Jnorf/Tfzq/kxwjRSIcKb3SW+ojzjMsqhusDJs6UN2Dx+FuQsmzJ4o
1OyQFE2TpkUBupVortYRqH7M9FzDcKmoHLw+1hpJW7l1s6mB43YJBgVNcdrMp1eJ
/EZvCPJSkc/zzRiCjMr+0VIfEelr2n+/XIGbYw71/Vw3NVQTz254T5nirQPDCjzd
YfzOY8nd2VXfP6KTeuxgfDaAex0bMkEsYGj1wUIXRp6jhPZt7itr
-----END CERTIFICATE-----