Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/kEv3N8pBsK8Ai345aL50PqxGrVY.roa
File:                     kEv3N8pBsK8Ai345aL50PqxGrVY.roa (raw, json)
Hash identifier:          Gzx7+XyK/ZFzy/dV63lLABCCSWUJRABz/oBmlgb4FhA=
Subject key identifier:   90:4B:F7:37:CA:41:B0:AF:00:8B:7E:39:68:BE:74:3E:AC:46:AD:56
Certificate issuer:       /CN=206f1c32bc0a9006081d552fede67d6842921ec3
Certificate serial:       018F1A14E267AA787D959BE59FC410C551C9
Authority key identifier: 20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/kEv3N8pBsK8Ai345aL50PqxGrVY.roa
Signing time:             Fri 26 Apr 2024 11:05:27 +0000
ROA not before:           Fri 26 Apr 2024 11:05:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215066
IP address blocks:        195.144.8.0/24 maxlen: 24
                          2a07:244::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1a:14:e2:67:aa:78:7d:95:9b:e5:9f:c4:10:c5:51:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=206f1c32bc0a9006081d552fede67d6842921ec3
        Validity
            Not Before: Apr 26 11:05:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=904bf737ca41b0af008b7e3968be743eac46ad56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c7:de:a7:22:11:f6:c9:c7:5d:62:e3:7e:bd:
                    b4:ee:e1:36:46:43:f6:a3:55:f2:84:91:9a:c6:5e:
                    25:14:80:75:e6:e1:07:3e:57:41:74:24:ba:bc:c6:
                    5d:ff:64:3e:2d:3a:7d:a8:22:06:53:2d:7f:98:c7:
                    58:0e:b7:76:cc:83:85:ea:18:86:38:f6:d6:95:01:
                    8d:d5:bf:1f:da:a2:d3:2b:d1:ff:ca:d4:ca:94:06:
                    61:82:83:ea:8a:05:08:08:d6:a6:3c:5f:19:03:cb:
                    03:73:b8:5d:ce:59:e1:12:a9:d2:c9:30:01:68:05:
                    76:a9:5d:ac:14:47:65:a2:af:fa:c8:1a:8f:9c:a0:
                    a5:a3:18:f7:d9:36:5f:c6:50:97:e1:ae:7b:bc:1d:
                    6b:16:8a:be:f4:85:65:db:67:c2:27:c5:c5:10:d9:
                    7f:8c:e6:50:dc:04:b8:71:30:37:e3:f2:e5:a8:c0:
                    42:27:e2:53:b4:c1:98:f8:31:a5:10:1d:0c:55:58:
                    8c:f5:4e:43:11:db:72:66:51:e4:d8:29:f9:4a:1b:
                    3d:ec:a5:3e:bd:83:ca:e3:86:ff:e9:bf:61:45:6d:
                    a7:f5:3c:02:30:21:ef:b7:6e:e4:b8:3a:6c:0f:b4:
                    57:b6:ac:13:3c:97:fe:76:a2:93:39:e7:d2:30:1b:
                    51:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:4B:F7:37:CA:41:B0:AF:00:8B:7E:39:68:BE:74:3E:AC:46:AD:56
            X509v3 Authority Key Identifier:
                keyid:20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/kEv3N8pBsK8Ai345aL50PqxGrVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.144.8.0/24
                IPv6:
                  2a07:244::/32

    Signature Algorithm: sha256WithRSAEncryption
         7a:8f:45:45:9f:3e:aa:97:36:32:92:ea:1a:e7:e8:1d:fb:66:
         a6:50:39:e7:39:2f:8a:02:06:de:2c:91:3b:f9:c4:aa:80:ec:
         10:89:f6:c0:d9:b6:76:83:e2:8a:5e:75:c0:0f:d2:9d:1a:ac:
         4b:fd:65:a1:ce:ef:6f:d6:37:7d:8b:a5:5b:0f:f3:94:e8:88:
         0c:ce:83:c3:ec:30:37:85:15:99:16:3c:45:33:ff:05:1e:d8:
         ee:fc:2b:7c:1f:e4:b5:52:c0:94:1c:e6:67:bc:68:88:40:b3:
         88:aa:14:0f:f9:36:36:0f:a1:ff:0f:16:da:5a:6c:38:a1:6e:
         fd:ce:73:5f:a8:f1:ba:f8:f7:26:bd:a7:23:be:66:3c:91:dc:
         20:13:ae:ea:17:1c:a7:5f:67:aa:43:b0:a5:38:88:2c:6e:be:
         72:d2:33:9f:2b:86:ed:56:68:e8:f3:9c:27:60:12:a0:a4:70:
         ec:d3:a3:b0:ef:55:ba:5d:c6:39:dc:cb:e4:51:05:6f:f7:46:
         3a:15:17:75:1f:20:ec:b5:26:c6:77:32:f3:c6:71:d1:7c:4a:
         a5:62:79:56:d7:38:66:28:a3:17:2b:e3:a3:88:14:62:30:fa:
         81:29:c9:c6:79:02:d3:be:bf:26:a0:b9:a8:d6:d1:f5:4d:f3:
         d4:fc:9f:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY8aFOJnqnh9lZvln8QQxVHJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNmYxYzMyYmMwYTkwMDYwODFkNTUyZmVkZTY3ZDY4NDI5
MjFlYzMwHhcNMjQwNDI2MTEwNTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDRiZjczN2NhNDFiMGFmMDA4YjdlMzk2OGJlNzQzZWFjNDZhZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8fepyIR9snHXWLjfr207uE2RkP2
o1XyhJGaxl4lFIB15uEHPldBdCS6vMZd/2Q+LTp9qCIGUy1/mMdYDrd2zIOF6hiG
OPbWlQGN1b8f2qLTK9H/ytTKlAZhgoPqigUICNamPF8ZA8sDc7hdzlnhEqnSyTAB
aAV2qV2sFEdloq/6yBqPnKCloxj32TZfxlCX4a57vB1rFoq+9IVl22fCJ8XFENl/
jOZQ3AS4cTA34/LlqMBCJ+JTtMGY+DGlEB0MVViM9U5DEdtyZlHk2Cn5Shs97KU+
vYPK44b/6b9hRW2n9TwCMCHvt27kuDpsD7RXtqwTPJf+dqKTOefSMBtRXQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJBL9zfKQbCvAIt+OWi+dD6sRq1WMB8GA1UdIwQY
MBaAFCBvHDK8CpAGCB1VL+3mfWhCkh7DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzIt
YmJhODYwYjI2YzAyLzEva0V2M044cEJzSzhBaTM0NWFMNTBQcXhHclZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzItYmJhODYwYjI2YzAy
LzEvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw5AIMA0E
AgACMAcDBQAqBwJEMA0GCSqGSIb3DQEBCwUAA4IBAQB6j0VFnz6qlzYykuoa5+gd
+2amUDnnOS+KAgbeLJE7+cSqgOwQifbA2bZ2g+KKXnXAD9KdGqxL/WWhzu9v1jd9
i6VbD/OU6IgMzoPD7DA3hRWZFjxFM/8FHtju/Ct8H+S1UsCUHOZnvGiIQLOIqhQP
+TY2D6H/DxbaWmw4oW79znNfqPG6+PcmvacjvmY8kdwgE67qFxynX2eqQ7ClOIgs
br5y0jOfK4btVmjo85wnYBKgpHDs06Ow71W6XcY53MvkUQVv90Y6FRd1HyDstSbG
dzLzxnHRfEqlYnlW1zhmKKMXK+OjiBRiMPqBKcnGeQLTvr8moLmo1tH1TfPU/J/A
-----END CERTIFICATE-----