Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/01f08c-065e-4ac1-8e80-b15e3f09e01b/1/XwDIJJPJ760h-XL6w1NNvKGdN7s.roa
File:                     XwDIJJPJ760h-XL6w1NNvKGdN7s.roa (raw, json)
Hash identifier:          C/7NZrx1rODi4OfoG6IBJqHANimfyAXK9IDyt9/pFYE=
Subject key identifier:   5F:00:C8:24:93:C9:EF:AD:21:F9:72:FA:C3:53:4D:BC:A1:9D:37:BB
Certificate issuer:       /CN=0c7161e622f63c0db8568d8cb4c4d7c0d9808346
Certificate serial:       01949CBC7FA0E525A5F77D8A5187BB7ABBF7
Authority key identifier: 0C:71:61:E6:22:F6:3C:0D:B8:56:8D:8C:B4:C4:D7:C0:D9:80:83:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DHFh5iL2PA24Vo2MtMTXwNmAg0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/01f08c-065e-4ac1-8e80-b15e3f09e01b/1/XwDIJJPJ760h-XL6w1NNvKGdN7s.roa
Signing time:             Sat 25 Jan 2025 09:13:06 +0000
ROA not before:           Sat 25 Jan 2025 09:13:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210162
IP address blocks:        195.7.8.0/24 maxlen: 24
                          195.7.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/01f08c-065e-4ac1-8e80-b15e3f09e01b/1/DHFh5iL2PA24Vo2MtMTXwNmAg0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/01f08c-065e-4ac1-8e80-b15e3f09e01b/1/DHFh5iL2PA24Vo2MtMTXwNmAg0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DHFh5iL2PA24Vo2MtMTXwNmAg0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:9c:bc:7f:a0:e5:25:a5:f7:7d:8a:51:87:bb:7a:bb:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c7161e622f63c0db8568d8cb4c4d7c0d9808346
        Validity
            Not Before: Jan 25 09:13:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f00c82493c9efad21f972fac3534dbca19d37bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:21:97:c5:98:ca:8e:5b:f3:60:b2:f0:2c:01:
                    da:ce:e0:7c:81:35:fa:2a:a2:98:f9:52:b0:1c:aa:
                    6c:2d:d0:7a:bb:46:81:c9:07:a0:af:1d:68:23:20:
                    01:75:26:bc:0a:3d:a7:41:69:e7:c4:39:fb:86:67:
                    79:c7:f4:81:2a:c4:6f:ec:4a:11:27:d4:b6:bf:d7:
                    73:06:62:d6:0a:6a:c3:50:ba:30:08:f3:f5:36:ea:
                    6e:0f:f2:f1:8f:7f:21:0b:06:bf:08:21:8e:2b:d7:
                    ab:27:3e:2d:0a:0d:44:18:8b:9c:71:72:b7:ae:d2:
                    bc:24:92:b9:6c:36:d3:3f:fa:19:9a:b4:78:50:ac:
                    ab:5e:f6:ab:6f:85:90:6e:13:e8:1f:03:37:c3:13:
                    0d:4b:c5:0d:91:f8:e8:a2:a0:f9:2b:09:f2:dc:88:
                    50:a6:a4:52:7b:14:ab:03:70:64:0c:ff:99:35:1b:
                    59:1c:7e:b1:17:f0:4d:4b:bb:5c:b0:f8:04:30:18:
                    51:07:de:ef:74:d5:ae:ee:84:84:a5:99:ee:55:1a:
                    cd:7d:04:80:df:41:ed:4e:2b:07:fb:41:b0:2f:69:
                    73:e3:72:a7:37:af:02:e8:55:d2:4c:30:79:32:8f:
                    7e:b9:b4:b2:68:1a:1e:00:2c:d8:e3:51:ca:4d:15:
                    8b:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:00:C8:24:93:C9:EF:AD:21:F9:72:FA:C3:53:4D:BC:A1:9D:37:BB
            X509v3 Authority Key Identifier:
                keyid:0C:71:61:E6:22:F6:3C:0D:B8:56:8D:8C:B4:C4:D7:C0:D9:80:83:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DHFh5iL2PA24Vo2MtMTXwNmAg0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01f08c-065e-4ac1-8e80-b15e3f09e01b/1/XwDIJJPJ760h-XL6w1NNvKGdN7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01f08c-065e-4ac1-8e80-b15e3f09e01b/1/DHFh5iL2PA24Vo2MtMTXwNmAg0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.7.8.0/24
                  195.7.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:15:19:15:93:19:42:7c:1e:cd:c0:fa:1d:90:e8:3f:91:d2:
         fc:12:b4:e4:3f:39:9f:04:f6:4a:e1:f9:8d:6f:16:b1:e8:34:
         65:b5:6f:91:9f:24:2a:7f:7d:b2:b7:96:3d:c3:df:de:93:a2:
         b7:5a:59:b5:c6:ac:86:dd:33:2d:4a:ba:b1:b5:52:82:33:1c:
         e9:da:82:c5:47:b8:a1:ef:8b:53:9f:3b:97:ed:d8:71:3c:40:
         bb:fd:a4:ca:c2:ae:62:6c:d1:48:5a:49:86:f0:1c:18:a1:66:
         63:77:47:07:98:2d:f7:a5:2a:b4:77:85:6b:9a:85:79:d9:e4:
         83:5d:17:7b:4d:95:84:f4:ce:79:f4:aa:07:af:3e:cd:0b:1e:
         cc:e0:4a:9f:4a:ce:78:e8:5a:68:58:03:75:83:be:d5:b4:3f:
         b9:6f:05:62:66:4d:51:b2:0e:6d:71:03:3c:87:bf:25:7b:63:
         19:00:c8:c5:9f:ce:9f:d5:16:03:a2:98:7f:d5:dd:9d:38:af:
         bd:b3:cc:e5:93:02:f6:e6:a6:2b:87:a6:ed:5a:eb:d5:d5:52:
         94:e0:99:18:f0:3f:91:25:d1:47:69:35:60:a9:50:1c:b9:61:
         97:26:1b:2a:14:a0:d6:6c:1f:06:82:81:bd:54:28:0e:cf:da:
         e5:63:2b:27
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZScvH+g5SWl932KUYe7erv3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNzE2MWU2MjJmNjNjMGRiODU2OGQ4Y2I0YzRkN2MwZDk4
MDgzNDYwHhcNMjUwMTI1MDkxMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjAwYzgyNDkzYzllZmFkMjFmOTcyZmFjMzUzNGRiY2ExOWQzN2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiyGXxZjKjlvzYLLwLAHazuB8gTX6
KqKY+VKwHKpsLdB6u0aByQegrx1oIyABdSa8Cj2nQWnnxDn7hmd5x/SBKsRv7EoR
J9S2v9dzBmLWCmrDULowCPP1NupuD/Lxj38hCwa/CCGOK9erJz4tCg1EGIuccXK3
rtK8JJK5bDbTP/oZmrR4UKyrXvarb4WQbhPoHwM3wxMNS8UNkfjooqD5Kwny3IhQ
pqRSexSrA3BkDP+ZNRtZHH6xF/BNS7tcsPgEMBhRB97vdNWu7oSEpZnuVRrNfQSA
30HtTisH+0GwL2lz43KnN68C6FXSTDB5Mo9+ubSyaBoeACzY41HKTRWLpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF8AyCSTye+tIfly+sNTTbyhnTe7MB8GA1UdIwQY
MBaAFAxxYeYi9jwNuFaNjLTE18DZgINGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREhGaDVpTDJQQTI0Vm8yTXRNVFh3Tm1BZzBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMWYwOGMtMDY1ZS00YWMxLThlODAt
YjE1ZTNmMDllMDFiLzEvWHdESUpKUEo3NjBoLVhMNncxTk52S0dkTjdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMWYwOGMtMDY1ZS00YWMxLThlODAtYjE1ZTNmMDllMDFi
LzEvREhGaDVpTDJQQTI0Vm8yTXRNVFh3Tm1BZzBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwwcIAwQA
wwcLMA0GCSqGSIb3DQEBCwUAA4IBAQAFFRkVkxlCfB7NwPodkOg/kdL8ErTkPzmf
BPZK4fmNbxax6DRltW+RnyQqf32yt5Y9w9/ek6K3Wlm1xqyG3TMtSrqxtVKCMxzp
2oLFR7ih74tTnzuX7dhxPEC7/aTKwq5ibNFIWkmG8BwYoWZjd0cHmC33pSq0d4Vr
moV52eSDXRd7TZWE9M559KoHrz7NCx7M4EqfSs546FpoWAN1g77VtD+5bwViZk1R
sg5tcQM8h78le2MZAMjFn86f1RYDoph/1d2dOK+9s8zlkwL25qYrh6btWuvV1VKU
4JkY8D+RJdFHaTVgqVAcuWGXJhsqFKDWbB8GgoG9VCgOz9rlYysn
-----END CERTIFICATE-----