Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e36eb1-8af5-4910-8df4-ed2e136dc026/1/a7r43nSeeFkucPZdOIY_ccU3h9w.roa
File:                     a7r43nSeeFkucPZdOIY_ccU3h9w.roa (raw, json)
Hash identifier:          eqskUS+WB+IzzDa+JNssKTWqfGmm3nTWPX9Gh40Wbkc=
Subject key identifier:   6B:BA:F8:DE:74:9E:78:59:2E:70:F6:5D:38:86:3F:71:C5:37:87:DC
Certificate issuer:       /CN=c04a3d80f6786f1791098d45ecd554f0660cce4f
Certificate serial:       018CC42453824BA7D4EAF830977ACFC7672E
Authority key identifier: C0:4A:3D:80:F6:78:6F:17:91:09:8D:45:EC:D5:54:F0:66:0C:CE:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wEo9gPZ4bxeRCY1F7NVU8GYMzk8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/e36eb1-8af5-4910-8df4-ed2e136dc026/1/a7r43nSeeFkucPZdOIY_ccU3h9w.roa
Signing time:             Mon 01 Jan 2024 08:29:24 +0000
ROA not before:           Mon 01 Jan 2024 08:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206805
IP address blocks:        195.2.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/e36eb1-8af5-4910-8df4-ed2e136dc026/1/wEo9gPZ4bxeRCY1F7NVU8GYMzk8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/e36eb1-8af5-4910-8df4-ed2e136dc026/1/wEo9gPZ4bxeRCY1F7NVU8GYMzk8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wEo9gPZ4bxeRCY1F7NVU8GYMzk8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:53:82:4b:a7:d4:ea:f8:30:97:7a:cf:c7:67:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c04a3d80f6786f1791098d45ecd554f0660cce4f
        Validity
            Not Before: Jan  1 08:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bbaf8de749e78592e70f65d38863f71c53787dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:40:31:7a:87:fa:56:98:ca:f4:7b:da:1b:2e:
                    c8:86:7a:d3:c8:63:04:b9:81:aa:86:18:40:8a:4f:
                    69:0c:4c:aa:47:cd:83:b4:ca:c7:7c:b0:e0:69:25:
                    68:41:55:b2:a5:80:3d:fa:08:bd:bd:34:6d:7f:5f:
                    05:e0:89:58:cb:a2:7f:e4:35:85:8a:e0:a0:b2:54:
                    ec:fc:10:30:6d:24:d2:c0:2a:4e:8a:6c:0b:d5:86:
                    e6:e3:f4:3a:02:a2:ec:aa:80:83:99:2d:e3:4c:43:
                    f9:f6:c8:5e:c3:10:46:47:7e:44:41:ab:3e:ee:75:
                    bc:ed:70:f5:f2:d3:2f:9c:9a:17:81:fa:e4:34:3a:
                    c1:cb:d1:62:0b:d3:52:8f:f3:27:ff:16:cc:59:ad:
                    ab:e3:81:2a:e0:37:eb:3e:45:f4:d8:9b:20:78:6e:
                    f5:8e:25:50:b3:95:f9:a2:be:b9:fe:cc:30:82:f4:
                    ba:e4:bc:ed:df:6a:d8:80:5c:ee:07:e1:41:2a:3a:
                    35:4e:b9:47:37:e2:51:06:cb:e7:6d:1f:3f:34:bd:
                    c6:15:f4:77:f3:9e:f7:4c:6e:fb:87:3f:59:4c:64:
                    8d:a8:2d:02:77:2c:39:f5:a6:de:60:f0:3c:9a:82:
                    6b:cf:36:4a:51:54:be:b4:a0:34:b7:87:0a:38:b5:
                    17:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:BA:F8:DE:74:9E:78:59:2E:70:F6:5D:38:86:3F:71:C5:37:87:DC
            X509v3 Authority Key Identifier:
                keyid:C0:4A:3D:80:F6:78:6F:17:91:09:8D:45:EC:D5:54:F0:66:0C:CE:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wEo9gPZ4bxeRCY1F7NVU8GYMzk8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e36eb1-8af5-4910-8df4-ed2e136dc026/1/a7r43nSeeFkucPZdOIY_ccU3h9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e36eb1-8af5-4910-8df4-ed2e136dc026/1/wEo9gPZ4bxeRCY1F7NVU8GYMzk8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.2.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:46:b6:c5:cc:b9:0d:64:da:04:87:d9:ea:ec:2c:63:d3:b5:
         0e:e2:e1:ec:af:ba:15:6a:20:d5:b2:4c:48:16:d1:3b:f3:5d:
         30:a0:27:5c:2b:57:1a:45:5e:16:75:7f:78:6f:96:c4:95:9c:
         20:a0:00:5d:9f:c2:07:a3:56:24:da:7b:e4:ae:9a:0e:c1:9d:
         03:4e:a1:e9:d7:86:5f:4f:00:4e:cb:6f:69:38:8b:1a:97:ba:
         cc:cc:4c:26:87:ec:24:31:8a:86:b3:37:3b:ef:e3:2f:8a:0f:
         23:66:8e:a0:bd:40:cd:ff:ae:43:25:c5:7b:5b:97:de:7b:7d:
         62:59:4d:4d:4b:3c:01:bd:97:55:9e:ce:0a:05:c9:4b:dc:6e:
         1e:ca:6f:07:6f:69:07:3a:dc:10:c3:c9:94:f0:46:24:84:f7:
         e3:b8:34:0d:45:c2:81:98:62:e8:72:18:23:1d:2e:71:00:77:
         68:19:b0:d9:a3:a9:45:73:84:c5:df:58:6c:26:80:1e:6e:09:
         0e:a3:11:05:2d:33:11:21:09:e1:e7:85:2c:84:48:3c:42:17:
         ca:b0:cc:89:49:36:f3:f5:29:08:df:e9:2b:b4:e3:a5:62:87:
         6e:7c:d7:47:6c:bd:2b:cc:68:0b:10:b6:18:6c:89:c9:2a:a2:
         7c:be:67:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFOCS6fU6vgwl3rPx2cuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNGEzZDgwZjY3ODZmMTc5MTA5OGQ0NWVjZDU1NGYwNjYw
Y2NlNGYwHhcNMjQwMTAxMDgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmJhZjhkZTc0OWU3ODU5MmU3MGY2NWQzODg2M2Y3MWM1Mzc4N2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEAxeof6VpjK9HvaGy7IhnrTyGME
uYGqhhhAik9pDEyqR82DtMrHfLDgaSVoQVWypYA9+gi9vTRtf18F4IlYy6J/5DWF
iuCgslTs/BAwbSTSwCpOimwL1Ybm4/Q6AqLsqoCDmS3jTEP59shewxBGR35EQas+
7nW87XD18tMvnJoXgfrkNDrBy9FiC9NSj/Mn/xbMWa2r44Eq4DfrPkX02JsgeG71
jiVQs5X5or65/swwgvS65Lzt32rYgFzuB+FBKjo1TrlHN+JRBsvnbR8/NL3GFfR3
8573TG77hz9ZTGSNqC0Cdyw59abeYPA8moJrzzZKUVS+tKA0t4cKOLUX+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGu6+N50nnhZLnD2XTiGP3HFN4fcMB8GA1UdIwQY
MBaAFMBKPYD2eG8XkQmNRezVVPBmDM5PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0VvOWdQWjRieGVSQ1kxRjdOVlU4R1lNems4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lMzZlYjEtOGFmNS00OTEwLThkZjQt
ZWQyZTEzNmRjMDI2LzEvYTdyNDNuU2VlRmt1Y1BaZE9JWV9jY1UzaDl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lMzZlYjEtOGFmNS00OTEwLThkZjQtZWQyZTEzNmRjMDI2
LzEvd0VvOWdQWjRieGVSQ1kxRjdOVlU4R1lNems4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwLjMA0G
CSqGSIb3DQEBCwUAA4IBAQBRRrbFzLkNZNoEh9nq7Cxj07UO4uHsr7oVaiDVskxI
FtE7810woCdcK1caRV4WdX94b5bElZwgoABdn8IHo1Yk2nvkrpoOwZ0DTqHp14Zf
TwBOy29pOIsal7rMzEwmh+wkMYqGszc77+Mvig8jZo6gvUDN/65DJcV7W5fee31i
WU1NSzwBvZdVns4KBclL3G4eym8Hb2kHOtwQw8mU8EYkhPfjuDQNRcKBmGLochgj
HS5xAHdoGbDZo6lFc4TF31hsJoAebgkOoxEFLTMRIQnh54UshEg8QhfKsMyJSTbz
9SkI3+krtOOlYodufNdHbL0rzGgLELYYbInJKqJ8vmfr
-----END CERTIFICATE-----