Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/bQ4yuI7vtU_cGKfCBbHm04HjUtE.roa
File:                     bQ4yuI7vtU_cGKfCBbHm04HjUtE.roa (raw, json)
Hash identifier:          dx1yuo8puE3X8jciCd8HS1CIwakxb0t8G4XviWDqCOQ=
Subject key identifier:   6D:0E:32:B8:8E:EF:B5:4F:DC:18:A7:C2:05:B1:E6:D3:81:E3:52:D1
Certificate issuer:       /CN=0febfbfd6f937c5ae39e3e38e8ab8384107421a6
Certificate serial:       018CC94BE3AE1BE0C1E469742452A0835716
Authority key identifier: 0F:EB:FB:FD:6F:93:7C:5A:E3:9E:3E:38:E8:AB:83:84:10:74:21:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/bQ4yuI7vtU_cGKfCBbHm04HjUtE.roa
Signing time:             Tue 02 Jan 2024 08:30:43 +0000
ROA not before:           Tue 02 Jan 2024 08:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50098
IP address blocks:        195.211.220.0/24 maxlen: 24
                          195.211.221.0/24 maxlen: 24
                          195.211.222.0/24 maxlen: 24
                          195.211.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/D-v7_W-TfFrjnj446KuDhBB0IaY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/D-v7_W-TfFrjnj446KuDhBB0IaY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 15:21:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:e3:ae:1b:e0:c1:e4:69:74:24:52:a0:83:57:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0febfbfd6f937c5ae39e3e38e8ab8384107421a6
        Validity
            Not Before: Jan  2 08:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d0e32b88eefb54fdc18a7c205b1e6d381e352d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:3c:c3:46:52:2b:62:20:9b:e3:13:67:4e:a8:
                    84:b3:f7:a9:01:cd:02:86:b0:8a:77:ab:59:c5:62:
                    65:60:88:a5:be:5f:fa:2d:8f:7c:5d:4c:24:18:48:
                    de:9f:4a:a8:e9:cd:9a:10:e6:1e:1f:78:40:c9:85:
                    8e:6e:36:b0:7a:28:1f:26:37:e7:97:36:5c:69:61:
                    15:76:04:9a:0f:f5:44:ad:bc:81:94:f2:30:8b:54:
                    73:10:8c:3d:9c:3e:6a:74:ee:5f:bf:84:41:67:8b:
                    79:62:f1:f3:88:fa:b8:07:c1:88:96:62:97:59:66:
                    6d:f9:7b:01:91:cf:f7:c0:6d:52:33:ca:9e:cb:4f:
                    24:c0:20:07:58:fd:0b:c2:f6:2a:4d:6e:20:01:b6:
                    7a:93:39:47:f0:86:22:fb:90:1b:49:82:91:b7:fc:
                    38:9f:ed:43:71:de:5a:99:de:b4:d3:39:36:ad:09:
                    3a:a0:fa:3d:37:57:dd:ee:8c:bc:52:6e:ae:65:45:
                    68:45:14:43:e9:b6:81:b9:2d:13:39:6a:c1:8e:a2:
                    4c:75:8c:9c:3e:01:56:98:8b:71:7e:78:59:a4:2a:
                    e3:f5:e0:b5:58:95:dd:f6:41:f3:85:ad:4a:65:ed:
                    e1:94:fd:ed:df:bd:8f:c9:f3:25:2c:20:1f:20:8d:
                    1c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:0E:32:B8:8E:EF:B5:4F:DC:18:A7:C2:05:B1:E6:D3:81:E3:52:D1
            X509v3 Authority Key Identifier:
                keyid:0F:EB:FB:FD:6F:93:7C:5A:E3:9E:3E:38:E8:AB:83:84:10:74:21:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/bQ4yuI7vtU_cGKfCBbHm04HjUtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/D-v7_W-TfFrjnj446KuDhBB0IaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:f9:0c:e7:6e:76:b4:50:2d:16:9d:fd:c1:8b:cb:26:65:3b:
         54:12:56:33:75:4a:97:86:02:4f:54:b0:5d:63:24:23:e9:58:
         f0:f5:d1:9f:1a:3b:cb:7d:d5:9c:b5:77:fc:8e:35:76:98:a1:
         28:e6:5b:91:0c:74:b2:47:a7:fd:fd:d5:38:98:25:98:78:cb:
         9e:2d:91:ca:06:5e:9f:a8:a6:48:a0:73:c8:51:2c:8a:ee:d6:
         73:f5:60:04:47:14:76:9f:0c:7e:c2:2f:4d:e4:9a:ff:c0:31:
         a9:bc:c1:a9:1a:7b:af:0a:73:34:05:0d:f4:1f:75:c7:6f:23:
         56:24:8d:c4:db:72:6c:4c:f2:ee:77:f9:d8:c8:9c:5a:19:c1:
         3d:66:33:a6:c2:83:4a:e9:17:ff:2a:0c:05:4e:ec:80:e8:0b:
         6f:c4:5b:25:0d:e8:92:fa:94:12:8b:58:36:ca:63:0c:d4:30:
         37:36:fb:d7:57:25:06:43:e0:39:8c:22:ca:f5:01:0e:8c:a3:
         25:87:4f:32:16:56:55:9f:86:5b:35:f0:3a:21:df:e8:03:b3:
         26:2a:81:c0:e1:d6:82:93:b1:5b:13:0c:a6:2d:5e:3f:bd:9b:
         4f:e4:5f:b0:ff:cd:4c:9d:84:dc:48:2d:84:9d:b7:6a:92:fe:
         75:ba:ae:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJS+OuG+DB5Gl0JFKgg1cWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZWJmYmZkNmY5MzdjNWFlMzllM2UzOGU4YWI4Mzg0MTA3
NDIxYTYwHhcNMjQwMTAyMDgzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDBlMzJiODhlZWZiNTRmZGMxOGE3YzIwNWIxZTZkMzgxZTM1MmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTzDRlIrYiCb4xNnTqiEs/epAc0C
hrCKd6tZxWJlYIilvl/6LY98XUwkGEjen0qo6c2aEOYeH3hAyYWObjaweigfJjfn
lzZcaWEVdgSaD/VErbyBlPIwi1RzEIw9nD5qdO5fv4RBZ4t5YvHziPq4B8GIlmKX
WWZt+XsBkc/3wG1SM8qey08kwCAHWP0LwvYqTW4gAbZ6kzlH8IYi+5AbSYKRt/w4
n+1Dcd5amd600zk2rQk6oPo9N1fd7oy8Um6uZUVoRRRD6baBuS0TOWrBjqJMdYyc
PgFWmItxfnhZpCrj9eC1WJXd9kHzha1KZe3hlP3t372PyfMlLCAfII0chQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0OMriO77VP3BinwgWx5tOB41LRMB8GA1UdIwQY
MBaAFA/r+/1vk3xa454+OOirg4QQdCGmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRC12N19XLVRmRnJqbmo0NDZLdURoQkIwSWFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82N2Q4MzQtMjYxMi00NzM5LTlmNGIt
N2Q3MDM3NGQ3NmQyLzEvYlE0eXVJN3Z0VV9jR0tmQ0JiSG0wNEhqVXRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82N2Q4MzQtMjYxMi00NzM5LTlmNGItN2Q3MDM3NGQ3NmQy
LzEvRC12N19XLVRmRnJqbmo0NDZLdURoQkIwSWFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw9PcMA0G
CSqGSIb3DQEBCwUAA4IBAQBi+Qznbna0UC0Wnf3Bi8smZTtUElYzdUqXhgJPVLBd
YyQj6Vjw9dGfGjvLfdWctXf8jjV2mKEo5luRDHSyR6f9/dU4mCWYeMueLZHKBl6f
qKZIoHPIUSyK7tZz9WAERxR2nwx+wi9N5Jr/wDGpvMGpGnuvCnM0BQ30H3XHbyNW
JI3E23JsTPLud/nYyJxaGcE9ZjOmwoNK6Rf/KgwFTuyA6AtvxFslDeiS+pQSi1g2
ymMM1DA3NvvXVyUGQ+A5jCLK9QEOjKMlh08yFlZVn4ZbNfA6Id/oA7MmKoHA4daC
k7FbEwymLV4/vZtP5F+w/81MnYTcSC2Enbdqkv51uq6o
-----END CERTIFICATE-----