Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/3e0935-6a95-47a4-ad4c-3542f99be63b/1/jAeBGrf8BFIRbqKfW6MMAFHsAAY.roa
File:                     jAeBGrf8BFIRbqKfW6MMAFHsAAY.roa (raw, json)
Hash identifier:          XkntMpJexF4yO1fbtCkxhPtOe5hHQjbro7XU8mxBw50=
Subject key identifier:   8C:07:81:1A:B7:FC:04:52:11:6E:A2:9F:5B:A3:0C:00:51:EC:00:06
Certificate issuer:       /CN=ee6f421c253096280347dc2e92ca10cc398c134f
Certificate serial:       019426D91CBEB7046B7DEC6EE7356315E736
Authority key identifier: EE:6F:42:1C:25:30:96:28:03:47:DC:2E:92:CA:10:CC:39:8C:13:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7m9CHCUwligDR9wuksoQzDmME08.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/3e0935-6a95-47a4-ad4c-3542f99be63b/1/jAeBGrf8BFIRbqKfW6MMAFHsAAY.roa
Signing time:             Thu 02 Jan 2025 11:49:10 +0000
ROA not before:           Thu 02 Jan 2025 11:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21334
IP address blocks:        195.230.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/3e0935-6a95-47a4-ad4c-3542f99be63b/1/7m9CHCUwligDR9wuksoQzDmME08.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/3e0935-6a95-47a4-ad4c-3542f99be63b/1/7m9CHCUwligDR9wuksoQzDmME08.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7m9CHCUwligDR9wuksoQzDmME08.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:1c:be:b7:04:6b:7d:ec:6e:e7:35:63:15:e7:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee6f421c253096280347dc2e92ca10cc398c134f
        Validity
            Not Before: Jan  2 11:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c07811ab7fc0452116ea29f5ba30c0051ec0006
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:1a:d2:fd:a6:b9:23:0b:a3:0e:f1:8a:01:e7:
                    df:aa:b9:6d:08:a4:44:b2:39:b8:7c:f7:49:36:8e:
                    a8:40:ba:ea:5b:35:69:5b:40:bc:34:29:18:d0:25:
                    ac:bf:47:d8:fa:86:32:c6:9d:c4:01:41:72:24:9e:
                    05:24:da:aa:60:a6:ef:09:b1:dd:e0:1b:96:85:48:
                    ee:21:57:d9:42:31:9e:d4:f3:f0:77:2f:87:3e:3e:
                    9f:c0:c7:6d:8d:ab:78:b9:1f:4f:52:9a:51:7a:12:
                    94:a0:e1:1d:b4:53:96:c5:b1:24:76:79:cf:a3:b3:
                    d6:fd:65:de:b2:ab:81:54:62:ce:66:31:42:c3:83:
                    a5:ff:db:e7:fb:2b:65:38:92:0b:b7:11:f6:95:fa:
                    2f:4c:33:3e:33:74:48:29:b6:dd:06:67:34:8c:65:
                    6a:10:e5:d2:aa:f8:01:b6:96:0c:1b:be:7d:b5:6a:
                    c5:fa:6e:2c:16:82:59:96:24:33:f1:9f:d2:52:3b:
                    3d:bf:53:1a:27:93:ba:78:85:ee:94:d7:0d:9d:37:
                    4a:81:f0:ed:91:9a:96:30:83:9d:15:02:b5:33:d8:
                    6e:b6:e1:06:e1:b4:8e:34:e1:59:5f:1e:cd:46:27:
                    84:c2:a6:24:ef:d9:e8:54:46:cc:e4:67:53:8c:d9:
                    32:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:07:81:1A:B7:FC:04:52:11:6E:A2:9F:5B:A3:0C:00:51:EC:00:06
            X509v3 Authority Key Identifier:
                keyid:EE:6F:42:1C:25:30:96:28:03:47:DC:2E:92:CA:10:CC:39:8C:13:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7m9CHCUwligDR9wuksoQzDmME08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3e0935-6a95-47a4-ad4c-3542f99be63b/1/jAeBGrf8BFIRbqKfW6MMAFHsAAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3e0935-6a95-47a4-ad4c-3542f99be63b/1/7m9CHCUwligDR9wuksoQzDmME08.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.230.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:33:68:4f:94:b6:33:c8:46:75:94:1e:52:da:29:62:07:01:
         af:96:ff:ca:76:d2:8c:7e:61:67:00:57:22:d6:9f:ca:0d:0a:
         34:5d:76:b0:d4:3c:be:ac:ee:81:f0:4f:c5:44:56:fd:bb:51:
         28:2a:df:54:e7:28:ab:9e:99:0c:7e:df:a5:df:18:2d:7d:bd:
         a3:77:4e:7c:ae:f0:74:e6:59:94:cd:a6:c4:54:d5:9a:84:0a:
         e4:3e:78:64:96:da:9d:eb:37:1c:e4:c0:21:0b:d3:e2:59:01:
         a6:58:ae:56:78:0a:d4:5a:0d:b0:5a:fb:a2:8f:e5:b1:1c:bb:
         e4:9c:5b:e6:57:af:08:1e:1f:5c:ef:76:0f:ea:a7:fe:76:91:
         28:dc:df:7b:cc:71:37:84:38:be:ec:04:36:f5:06:72:e9:06:
         0d:f5:bc:96:b3:4a:48:3c:50:2c:44:b0:14:a1:c0:67:8f:b8:
         a5:49:67:72:c0:8d:22:07:68:a8:1b:97:5e:4c:de:93:72:8d:
         c0:14:3c:d4:6e:9f:8f:cd:9f:ea:94:a9:ea:54:d7:10:33:8a:
         6b:f1:3e:57:45:d7:01:80:59:7b:41:d9:2e:26:fd:9e:d7:6b:
         2f:ac:b1:73:f6:d9:5f:5c:ed:c3:aa:1c:f3:69:dd:df:97:e0:
         ce:f4:7e:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Ry+twRrfexu5zVjFec2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlNmY0MjFjMjUzMDk2MjgwMzQ3ZGMyZTkyY2ExMGNjMzk4
YzEzNGYwHhcNMjUwMTAyMTE0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzA3ODExYWI3ZmMwNDUyMTE2ZWEyOWY1YmEzMGMwMDUxZWMwMDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRrS/aa5IwujDvGKAeffqrltCKRE
sjm4fPdJNo6oQLrqWzVpW0C8NCkY0CWsv0fY+oYyxp3EAUFyJJ4FJNqqYKbvCbHd
4BuWhUjuIVfZQjGe1PPwdy+HPj6fwMdtjat4uR9PUppRehKUoOEdtFOWxbEkdnnP
o7PW/WXesquBVGLOZjFCw4Ol/9vn+ytlOJILtxH2lfovTDM+M3RIKbbdBmc0jGVq
EOXSqvgBtpYMG759tWrF+m4sFoJZliQz8Z/SUjs9v1MaJ5O6eIXulNcNnTdKgfDt
kZqWMIOdFQK1M9hutuEG4bSONOFZXx7NRieEwqYk79noVEbM5GdTjNkyqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIwHgRq3/ARSEW6in1ujDABR7AAGMB8GA1UdIwQY
MBaAFO5vQhwlMJYoA0fcLpLKEMw5jBNPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN205Q0hDVXdsaWdEUjl3dWtzb1F6RG1NRTA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zZTA5MzUtNmE5NS00N2E0LWFkNGMt
MzU0MmY5OWJlNjNiLzEvakFlQkdyZjhCRklSYnFLZlc2TU1BRkhzQUFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zZTA5MzUtNmE5NS00N2E0LWFkNGMtMzU0MmY5OWJlNjNi
LzEvN205Q0hDVXdsaWdEUjl3dWtzb1F6RG1NRTA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+ZqMA0G
CSqGSIb3DQEBCwUAA4IBAQBSM2hPlLYzyEZ1lB5S2iliBwGvlv/KdtKMfmFnAFci
1p/KDQo0XXaw1Dy+rO6B8E/FRFb9u1EoKt9U5yirnpkMft+l3xgtfb2jd058rvB0
5lmUzabEVNWahArkPnhkltqd6zcc5MAhC9PiWQGmWK5WeArUWg2wWvuij+WxHLvk
nFvmV68IHh9c73YP6qf+dpEo3N97zHE3hDi+7AQ29QZy6QYN9byWs0pIPFAsRLAU
ocBnj7ilSWdywI0iB2ioG5deTN6Tco3AFDzUbp+PzZ/qlKnqVNcQM4pr8T5XRdcB
gFl7QdkuJv2e12svrLFz9tlfXO3Dqhzzad3fl+DO9H5o
-----END CERTIFICATE-----