Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/647f28-59cf-4d68-a50f-1764b03618fc/1/lEkuEW8EviMetjsHoH1cfPquirw.roa
File:                     lEkuEW8EviMetjsHoH1cfPquirw.roa (raw, json)
Hash identifier:          a862beX9o/VH2MAJR1fguEQH5T+CIEuXUqOcrtZ0/zw=
Subject key identifier:   94:49:2E:11:6F:04:BE:23:1E:B6:3B:07:A0:7D:5C:7C:FA:AE:8A:BC
Certificate issuer:       /CN=e23c0c3e0106c965d460cd0c3cbc5e234f82a6b4
Certificate serial:       019421B1DBAC19232A14D5DADB72C9AC34DF
Authority key identifier: E2:3C:0C:3E:01:06:C9:65:D4:60:CD:0C:3C:BC:5E:23:4F:82:A6:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4jwMPgEGyWXUYM0MPLxeI0-CprQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/647f28-59cf-4d68-a50f-1764b03618fc/1/lEkuEW8EviMetjsHoH1cfPquirw.roa
Signing time:             Wed 01 Jan 2025 11:48:11 +0000
ROA not before:           Wed 01 Jan 2025 11:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39762
IP address blocks:        195.60.70.0/23 maxlen: 23
                          195.60.70.0/24 maxlen: 24
                          195.60.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/647f28-59cf-4d68-a50f-1764b03618fc/1/4jwMPgEGyWXUYM0MPLxeI0-CprQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/647f28-59cf-4d68-a50f-1764b03618fc/1/4jwMPgEGyWXUYM0MPLxeI0-CprQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4jwMPgEGyWXUYM0MPLxeI0-CprQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:db:ac:19:23:2a:14:d5:da:db:72:c9:ac:34:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e23c0c3e0106c965d460cd0c3cbc5e234f82a6b4
        Validity
            Not Before: Jan  1 11:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94492e116f04be231eb63b07a07d5c7cfaae8abc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:f1:c3:57:32:47:c3:e9:59:4b:48:60:b9:7f:
                    a2:81:72:a1:bf:71:fc:38:04:84:75:a8:fa:ef:e5:
                    69:f1:e0:23:b9:05:e5:a4:37:c5:23:e2:52:9e:0f:
                    4d:3e:be:12:e0:d4:47:b7:52:75:64:6f:5e:77:92:
                    13:61:8a:1f:64:ff:b6:88:5f:d4:b2:a2:39:4a:f0:
                    e7:09:05:27:39:6f:05:59:d4:1d:be:cf:62:67:3b:
                    81:0e:57:90:56:fb:12:85:cb:80:21:ab:93:67:b2:
                    d3:00:c5:64:48:56:d3:1f:e7:d9:e9:f5:9e:92:2f:
                    51:c6:c8:df:88:6a:a8:f6:8d:de:35:d1:1c:55:d6:
                    46:06:e7:2e:3c:38:09:41:db:f1:3c:a2:49:4e:f4:
                    4b:2e:ed:4f:d2:66:0a:a3:a6:0d:c3:c0:58:c4:82:
                    fe:45:43:78:08:97:94:73:e7:61:dd:96:48:e3:bd:
                    a5:c7:6d:65:9b:cc:1f:2b:ee:e5:10:12:6e:76:49:
                    82:62:b3:a7:8a:b5:10:ac:29:d0:a1:6a:89:90:aa:
                    2b:f6:d2:90:80:af:4e:10:97:7a:b0:7a:da:b5:40:
                    55:f0:83:c5:26:54:28:b0:a7:39:e9:f0:ec:dd:3b:
                    63:f3:a0:ff:ee:94:be:53:24:ce:44:9e:52:92:08:
                    92:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:49:2E:11:6F:04:BE:23:1E:B6:3B:07:A0:7D:5C:7C:FA:AE:8A:BC
            X509v3 Authority Key Identifier:
                keyid:E2:3C:0C:3E:01:06:C9:65:D4:60:CD:0C:3C:BC:5E:23:4F:82:A6:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4jwMPgEGyWXUYM0MPLxeI0-CprQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/647f28-59cf-4d68-a50f-1764b03618fc/1/lEkuEW8EviMetjsHoH1cfPquirw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/647f28-59cf-4d68-a50f-1764b03618fc/1/4jwMPgEGyWXUYM0MPLxeI0-CprQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:75:b1:ea:69:3a:41:28:f9:c3:9a:40:9f:61:6a:d1:4d:c8:
         f7:ce:72:53:64:32:8b:e3:4e:44:17:59:a2:9f:36:a6:fb:e6:
         fd:0c:be:de:74:5c:fd:af:f4:f4:f0:9b:ab:00:c9:1f:b8:a6:
         17:bc:77:c5:33:b5:08:35:19:cf:72:5b:56:60:a7:e0:dd:5d:
         a7:8d:cf:9a:f3:1b:84:6a:6d:8c:0d:43:d7:4a:b9:d2:a7:54:
         19:56:15:1e:f6:01:a4:d4:ad:f9:04:51:dc:e2:a2:8a:eb:40:
         97:88:b2:86:a4:0c:0c:13:be:84:ba:d3:79:5a:d7:2f:b9:a0:
         eb:22:58:db:f0:c6:a5:6d:84:e5:99:b6:f7:6b:aa:90:a1:ed:
         01:5f:5b:04:2b:d2:3e:84:ca:fa:b2:4f:c9:25:5e:71:88:e0:
         d8:26:fc:7d:a3:9f:ed:cb:15:3f:df:d3:4e:58:75:14:55:77:
         0e:25:e0:88:f1:ff:93:91:58:d7:d9:8e:b8:4f:aa:a0:c4:b8:
         27:5d:b7:01:f6:21:ba:da:d5:0f:89:e5:be:48:70:0a:70:87:
         70:a1:fc:c2:11:cf:20:ec:ce:ad:e9:29:ca:08:bd:8c:3e:6e:
         de:69:4c:db:96:a7:51:b7:b1:98:1d:51:78:52:57:00:79:c9:
         97:fc:71:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdusGSMqFNXa23LJrDTfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyM2MwYzNlMDEwNmM5NjVkNDYwY2QwYzNjYmM1ZTIzNGY4
MmE2YjQwHhcNMjUwMTAxMTE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDQ5MmUxMTZmMDRiZTIzMWViNjNiMDdhMDdkNWM3Y2ZhYWU4YWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7fHDVzJHw+lZS0hguX+igXKhv3H8
OASEdaj67+Vp8eAjuQXlpDfFI+JSng9NPr4S4NRHt1J1ZG9ed5ITYYofZP+2iF/U
sqI5SvDnCQUnOW8FWdQdvs9iZzuBDleQVvsShcuAIauTZ7LTAMVkSFbTH+fZ6fWe
ki9RxsjfiGqo9o3eNdEcVdZGBucuPDgJQdvxPKJJTvRLLu1P0mYKo6YNw8BYxIL+
RUN4CJeUc+dh3ZZI472lx21lm8wfK+7lEBJudkmCYrOnirUQrCnQoWqJkKor9tKQ
gK9OEJd6sHratUBV8IPFJlQosKc56fDs3Ttj86D/7pS+UyTORJ5SkgiS2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRJLhFvBL4jHrY7B6B9XHz6roq8MB8GA1UdIwQY
MBaAFOI8DD4BBsll1GDNDDy8XiNPgqa0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGp3TVBnRUd5V1hVWU0wTVBMeGVJMC1DcHJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC82NDdmMjgtNTljZi00ZDY4LWE1MGYt
MTc2NGIwMzYxOGZjLzEvbEVrdUVXOEV2aU1ldGpzSG9IMWNmUHF1aXJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC82NDdmMjgtNTljZi00ZDY4LWE1MGYtMTc2NGIwMzYxOGZj
LzEvNGp3TVBnRUd5V1hVWU0wTVBMeGVJMC1DcHJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwzxGMA0G
CSqGSIb3DQEBCwUAA4IBAQCDdbHqaTpBKPnDmkCfYWrRTcj3znJTZDKL405EF1mi
nzam++b9DL7edFz9r/T08JurAMkfuKYXvHfFM7UINRnPcltWYKfg3V2njc+a8xuE
am2MDUPXSrnSp1QZVhUe9gGk1K35BFHc4qKK60CXiLKGpAwME76EutN5WtcvuaDr
Iljb8MalbYTlmbb3a6qQoe0BX1sEK9I+hMr6sk/JJV5xiODYJvx9o5/tyxU/39NO
WHUUVXcOJeCI8f+TkVjX2Y64T6qgxLgnXbcB9iG62tUPieW+SHAKcIdwofzCEc8g
7M6t6SnKCL2MPm7eaUzblqdRt7GYHVF4UlcAecmX/HGG
-----END CERTIFICATE-----