Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/9ff602-b0bd-4c3f-af94-2fc34ad9dd47/1/YQeRJqgRleqW4EwBdTJ9nWFg_7g.roa
File:                     YQeRJqgRleqW4EwBdTJ9nWFg_7g.roa (raw, json)
Hash identifier:          O6bJdgqBmKQ2xbFoK7ZE6jFr/Nct5UXmjDzAZPJl6tk=
Subject key identifier:   61:07:91:26:A8:11:95:EA:96:E0:4C:01:75:32:7D:9D:61:60:FF:B8
Certificate issuer:       /CN=e6502200a6e63f76397adb94dfd834c116809b9f
Certificate serial:       018CC726EA2CEBED84ABF223BFBD60D7E778
Authority key identifier: E6:50:22:00:A6:E6:3F:76:39:7A:DB:94:DF:D8:34:C1:16:80:9B:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5lAiAKbmP3Y5etuU39g0wRaAm58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/9ff602-b0bd-4c3f-af94-2fc34ad9dd47/1/YQeRJqgRleqW4EwBdTJ9nWFg_7g.roa
Signing time:             Mon 01 Jan 2024 22:31:05 +0000
ROA not before:           Mon 01 Jan 2024 22:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39276
IP address blocks:        195.238.91.0/24 maxlen: 24
                          195.238.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/9ff602-b0bd-4c3f-af94-2fc34ad9dd47/1/5lAiAKbmP3Y5etuU39g0wRaAm58.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/9ff602-b0bd-4c3f-af94-2fc34ad9dd47/1/5lAiAKbmP3Y5etuU39g0wRaAm58.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5lAiAKbmP3Y5etuU39g0wRaAm58.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ea:2c:eb:ed:84:ab:f2:23:bf:bd:60:d7:e7:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6502200a6e63f76397adb94dfd834c116809b9f
        Validity
            Not Before: Jan  1 22:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61079126a81195ea96e04c0175327d9d6160ffb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:8a:10:c8:27:7f:f8:6a:af:43:a4:d5:34:72:
                    b5:61:3c:7a:87:eb:72:7c:be:cc:2b:b9:4f:99:22:
                    84:9f:0f:c6:09:94:8e:28:90:a3:9f:6b:3d:01:99:
                    e9:ad:7a:a6:1d:37:f5:4d:4c:35:0f:96:87:38:a1:
                    bc:d9:d1:9e:b5:32:f6:f8:f5:8f:8b:b8:e4:44:f1:
                    a9:78:a6:a8:50:2c:86:9b:a6:b7:16:b4:a0:f7:35:
                    89:00:a9:e8:83:9c:50:bb:bd:bc:47:ee:20:f5:77:
                    67:ba:4f:c2:66:79:de:74:fa:16:e1:38:53:24:8d:
                    a2:3a:fc:ea:b4:0b:52:bb:56:47:e6:99:14:c4:e0:
                    a1:ad:d9:43:65:07:e1:ee:32:69:79:f0:42:56:95:
                    9c:43:64:45:b9:f3:bd:fa:92:a7:6d:3b:ba:33:20:
                    c9:7a:1e:8c:f3:57:58:c9:50:6c:a7:ba:f4:4c:c6:
                    15:1f:ca:06:31:89:cd:af:38:34:4e:69:4a:06:64:
                    7f:c0:39:ca:09:68:ed:60:f4:7c:c1:7f:df:cc:d5:
                    1e:3d:ae:c9:a0:79:86:01:94:3f:5e:43:55:5e:95:
                    2d:cb:49:ff:96:b9:c8:26:2e:c7:7f:08:93:91:9f:
                    19:07:56:74:6a:db:c0:9f:e1:e2:c1:fa:1f:3b:e5:
                    0b:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:07:91:26:A8:11:95:EA:96:E0:4C:01:75:32:7D:9D:61:60:FF:B8
            X509v3 Authority Key Identifier:
                keyid:E6:50:22:00:A6:E6:3F:76:39:7A:DB:94:DF:D8:34:C1:16:80:9B:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5lAiAKbmP3Y5etuU39g0wRaAm58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/9ff602-b0bd-4c3f-af94-2fc34ad9dd47/1/YQeRJqgRleqW4EwBdTJ9nWFg_7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/9ff602-b0bd-4c3f-af94-2fc34ad9dd47/1/5lAiAKbmP3Y5etuU39g0wRaAm58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:1d:e7:b1:8a:e3:24:98:ef:07:e3:b5:d1:b7:0c:cf:04:53:
         72:e1:e9:74:f6:96:cf:b3:c8:bd:29:c0:c6:69:85:ba:de:f7:
         dc:7e:e5:d7:28:41:d2:df:1d:44:df:68:7d:96:13:a7:76:b1:
         72:a6:84:44:6b:83:d4:8b:02:8a:e9:85:82:cb:58:27:04:c8:
         c1:4e:44:c0:d8:a2:87:5d:9f:61:b3:38:7f:d4:9c:b0:0f:d8:
         1f:e3:a0:8f:57:fd:10:32:a4:65:c8:5a:e8:79:35:de:6c:3a:
         0c:a6:10:e4:b8:39:ab:36:c7:62:6d:53:20:06:19:0f:63:ea:
         50:75:65:40:3c:ac:ed:88:07:0e:00:63:a1:f8:64:5a:3a:1e:
         e7:c8:17:b6:35:bf:e9:25:73:d1:5e:23:79:5f:86:b0:ef:09:
         fd:20:d5:39:61:51:2f:97:1e:ce:40:d5:da:37:8b:4e:cc:a9:
         4b:c0:3f:11:47:18:63:7d:f6:12:4d:fa:19:a5:89:53:c1:3c:
         79:48:3a:42:ce:bc:cf:f8:90:c9:7f:7d:92:cc:b6:04:6a:d2:
         9e:1c:20:50:bb:06:63:00:9d:11:21:41:a1:1f:35:65:ad:0c:
         fc:a6:e5:e6:60:12:3e:aa:c1:34:2b:01:0c:71:6b:8d:7e:ed:
         e5:df:40:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJuos6+2Eq/Ijv71g1+d4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2NTAyMjAwYTZlNjNmNzYzOTdhZGI5NGRmZDgzNGMxMTY4
MDliOWYwHhcNMjQwMTAxMjIzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTA3OTEyNmE4MTE5NWVhOTZlMDRjMDE3NTMyN2Q5ZDYxNjBmZmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIoQyCd/+GqvQ6TVNHK1YTx6h+ty
fL7MK7lPmSKEnw/GCZSOKJCjn2s9AZnprXqmHTf1TUw1D5aHOKG82dGetTL2+PWP
i7jkRPGpeKaoUCyGm6a3FrSg9zWJAKnog5xQu728R+4g9Xdnuk/CZnnedPoW4ThT
JI2iOvzqtAtSu1ZH5pkUxOChrdlDZQfh7jJpefBCVpWcQ2RFufO9+pKnbTu6MyDJ
eh6M81dYyVBsp7r0TMYVH8oGMYnNrzg0TmlKBmR/wDnKCWjtYPR8wX/fzNUePa7J
oHmGAZQ/XkNVXpUty0n/lrnIJi7HfwiTkZ8ZB1Z0atvAn+HiwfofO+ULJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGEHkSaoEZXqluBMAXUyfZ1hYP+4MB8GA1UdIwQY
MBaAFOZQIgCm5j92OXrblN/YNMEWgJufMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWxBaUFLYm1QM1k1ZXR1VTM5ZzB3UmFBbTU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy85ZmY2MDItYjBiZC00YzNmLWFmOTQt
MmZjMzRhZDlkZDQ3LzEvWVFlUkpxZ1JsZXFXNEV3QmRUSjluV0ZnXzdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy85ZmY2MDItYjBiZC00YzNmLWFmOTQtMmZjMzRhZDlkZDQ3
LzEvNWxBaUFLYm1QM1k1ZXR1VTM5ZzB3UmFBbTU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw+5aMA0G
CSqGSIb3DQEBCwUAA4IBAQAlHeexiuMkmO8H47XRtwzPBFNy4el09pbPs8i9KcDG
aYW63vfcfuXXKEHS3x1E32h9lhOndrFypoREa4PUiwKK6YWCy1gnBMjBTkTA2KKH
XZ9hszh/1JywD9gf46CPV/0QMqRlyFroeTXebDoMphDkuDmrNsdibVMgBhkPY+pQ
dWVAPKztiAcOAGOh+GRaOh7nyBe2Nb/pJXPRXiN5X4aw7wn9INU5YVEvlx7OQNXa
N4tOzKlLwD8RRxhjffYSTfoZpYlTwTx5SDpCzrzP+JDJf32SzLYEatKeHCBQuwZj
AJ0RIUGhHzVlrQz8puXmYBI+qsE0KwEMcWuNfu3l30Ah
-----END CERTIFICATE-----