Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/fr9Mf0IApBMsenI6NHo4up-nFvU.roa
File:                     fr9Mf0IApBMsenI6NHo4up-nFvU.roa (raw, json)
Hash identifier:          i3HrismmcNL1Jf0FhPT8zfNES2Hc2oG2jqcakKfVpRI=
Subject key identifier:   7E:BF:4C:7F:42:00:A4:13:2C:7A:72:3A:34:7A:38:BA:9F:A7:16:F5
Certificate issuer:       /CN=7a938a935f8baf9cd933906416590d782e7287c7
Certificate serial:       01903AF1F79F695CCAA320A1D3396890C3D1
Authority key identifier: 7A:93:8A:93:5F:8B:AF:9C:D9:33:90:64:16:59:0D:78:2E:72:87:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/epOKk1-Lr5zZM5BkFlkNeC5yh8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/fr9Mf0IApBMsenI6NHo4up-nFvU.roa
Signing time:             Fri 21 Jun 2024 13:17:34 +0000
ROA not before:           Fri 21 Jun 2024 13:17:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        192.195.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/epOKk1-Lr5zZM5BkFlkNeC5yh8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/epOKk1-Lr5zZM5BkFlkNeC5yh8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/epOKk1-Lr5zZM5BkFlkNeC5yh8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 15 Nov 2024 00:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3a:f1:f7:9f:69:5c:ca:a3:20:a1:d3:39:68:90:c3:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a938a935f8baf9cd933906416590d782e7287c7
        Validity
            Not Before: Jun 21 13:17:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ebf4c7f4200a4132c7a723a347a38ba9fa716f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:50:8d:21:2e:24:91:93:80:ee:14:db:26:f7:
                    e9:56:00:ff:b3:30:e9:81:b7:3d:45:1a:9f:4a:10:
                    62:2e:68:08:c2:76:2d:8b:ee:17:5e:ad:14:27:bc:
                    c6:14:6f:1a:ab:74:e1:0b:9a:89:78:2f:92:c3:7a:
                    b0:43:4f:26:6c:fc:03:af:f5:c7:47:0f:e4:17:e4:
                    42:b7:96:87:bb:59:98:07:81:9f:15:37:18:10:58:
                    ba:8c:f7:e9:e4:cf:0f:1c:13:e8:2a:13:60:62:f1:
                    8a:e7:68:38:3e:61:c4:47:35:4f:f3:b0:0b:70:88:
                    ad:d7:7b:09:85:ae:cb:43:55:26:27:a6:2f:d1:92:
                    29:67:57:c5:2b:bc:98:47:f5:83:e4:7d:cb:5d:be:
                    45:39:33:9a:c3:a6:25:b7:de:88:48:5c:9f:41:53:
                    53:95:ce:46:97:e3:ce:01:92:f6:20:d8:95:45:d8:
                    d6:ef:9d:49:e4:d5:f2:04:02:f5:87:5c:45:3d:38:
                    ca:fd:02:0b:b9:ca:93:4c:f2:ae:4a:15:0d:b4:51:
                    55:b8:48:87:f9:90:8d:20:af:ed:e3:b8:fa:39:71:
                    7c:4e:c4:5c:1e:96:72:22:13:e5:2f:ef:65:97:f8:
                    1b:b2:92:e9:b9:15:b1:8a:4b:0e:f9:2e:03:58:09:
                    6b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:BF:4C:7F:42:00:A4:13:2C:7A:72:3A:34:7A:38:BA:9F:A7:16:F5
            X509v3 Authority Key Identifier:
                keyid:7A:93:8A:93:5F:8B:AF:9C:D9:33:90:64:16:59:0D:78:2E:72:87:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/epOKk1-Lr5zZM5BkFlkNeC5yh8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/fr9Mf0IApBMsenI6NHo4up-nFvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/epOKk1-Lr5zZM5BkFlkNeC5yh8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.195.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:f7:3e:12:30:05:7b:57:a2:9c:59:4f:39:8c:f0:1b:33:5f:
         ca:dd:cf:b6:14:be:07:8d:a8:00:18:37:34:f6:2e:66:d4:aa:
         43:b3:e5:35:80:d3:83:a6:8e:46:f2:40:d4:d4:70:95:2b:37:
         ae:62:66:2a:22:3c:a9:24:d9:96:57:e2:1f:10:79:ec:88:c2:
         1f:de:d3:5b:55:b1:ed:c8:fc:69:48:cd:ce:40:ca:c7:86:33:
         db:ff:7a:a1:7b:16:5e:42:4a:f5:76:d2:ff:4b:0e:0c:b3:a0:
         c4:e2:b4:f8:79:a5:51:f5:d4:54:ec:7f:91:d3:9e:9e:bd:78:
         d7:2f:b5:5e:75:df:89:f4:41:ea:cd:96:71:de:ab:42:f5:9f:
         67:a5:db:85:dc:b5:7c:3e:37:8b:2a:07:51:f7:de:46:ee:60:
         9a:f5:d8:ac:e6:20:a5:c0:e7:69:28:a2:c6:16:51:fa:d0:3f:
         ff:f1:c3:33:95:00:56:61:2c:bb:0f:c8:72:a8:ee:64:d6:1a:
         ca:f3:7a:b9:10:74:72:08:55:cf:72:e7:30:a1:c8:59:f5:9c:
         9b:a9:64:d0:3c:57:ba:c7:ab:b2:e2:48:77:fa:be:33:90:de:
         94:03:b6:23:59:aa:4c:a4:e1:6c:43:36:4e:e1:ff:c5:bf:b6:
         44:c3:ec:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZA68fefaVzKoyCh0zlokMPRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhOTM4YTkzNWY4YmFmOWNkOTMzOTA2NDE2NTkwZDc4MmU3
Mjg3YzcwHhcNMjQwNjIxMTMxNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWJmNGM3ZjQyMDBhNDEzMmM3YTcyM2EzNDdhMzhiYTlmYTcxNmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFCNIS4kkZOA7hTbJvfpVgD/szDp
gbc9RRqfShBiLmgIwnYti+4XXq0UJ7zGFG8aq3ThC5qJeC+Sw3qwQ08mbPwDr/XH
Rw/kF+RCt5aHu1mYB4GfFTcYEFi6jPfp5M8PHBPoKhNgYvGK52g4PmHERzVP87AL
cIit13sJha7LQ1UmJ6Yv0ZIpZ1fFK7yYR/WD5H3LXb5FOTOaw6Ylt96ISFyfQVNT
lc5Gl+POAZL2INiVRdjW751J5NXyBAL1h1xFPTjK/QILucqTTPKuShUNtFFVuEiH
+ZCNIK/t47j6OXF8TsRcHpZyIhPlL+9ll/gbspLpuRWxiksO+S4DWAlrHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH6/TH9CAKQTLHpyOjR6OLqfpxb1MB8GA1UdIwQY
MBaAFHqTipNfi6+c2TOQZBZZDXgucofHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXBPS2sxLUxyNXpaTTVCa0Zsa05lQzV5aDhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9mZjBiZmMtMjZmZS00NDEyLWEyMzIt
MzE5OTlmM2FkZDM2LzEvZnI5TWYwSUFwQk1zZW5JNk5IbzR1cC1uRnZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9mZjBiZmMtMjZmZS00NDEyLWEyMzItMzE5OTlmM2FkZDM2
LzEvZXBPS2sxLUxyNXpaTTVCa0Zsa05lQzV5aDhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwMNiMA0G
CSqGSIb3DQEBCwUAA4IBAQBD9z4SMAV7V6KcWU85jPAbM1/K3c+2FL4HjagAGDc0
9i5m1KpDs+U1gNODpo5G8kDU1HCVKzeuYmYqIjypJNmWV+IfEHnsiMIf3tNbVbHt
yPxpSM3OQMrHhjPb/3qhexZeQkr1dtL/Sw4Ms6DE4rT4eaVR9dRU7H+R056evXjX
L7Vedd+J9EHqzZZx3qtC9Z9npduF3LV8PjeLKgdR995G7mCa9dis5iClwOdpKKLG
FlH60D//8cMzlQBWYSy7D8hyqO5k1hrK83q5EHRyCFXPcucwochZ9ZybqWTQPFe6
x6uy4kh3+r4zkN6UA7YjWapMpOFsQzZO4f/Fv7ZEw+zs
-----END CERTIFICATE-----