Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/288bcc-3603-4fc0-810a-6f15a6ead3cc/1/2XmVFxQ9Kz21ppv_ol-OLdzn-7Y.roa
File:                     2XmVFxQ9Kz21ppv_ol-OLdzn-7Y.roa (raw, json)
Hash identifier:          Eqw2aPCjFC27FqYG6Wb5LX0pAsuOlEnKc+EuVvAtj2I=
Subject key identifier:   D9:79:95:17:14:3D:2B:3D:B5:A6:9B:FF:A2:5F:8E:2D:DC:E7:FB:B6
Certificate issuer:       /CN=1e81990a8a8ccd7e8a4f48bb768f35d2699b78b2
Certificate serial:       018CC2DB445DEE019F462FFB9F32514A1B57
Authority key identifier: 1E:81:99:0A:8A:8C:CD:7E:8A:4F:48:BB:76:8F:35:D2:69:9B:78:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HoGZCoqMzX6KT0i7do810mmbeLI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/288bcc-3603-4fc0-810a-6f15a6ead3cc/1/2XmVFxQ9Kz21ppv_ol-OLdzn-7Y.roa
Signing time:             Mon 01 Jan 2024 02:29:58 +0000
ROA not before:           Mon 01 Jan 2024 02:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51325
IP address blocks:        195.226.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/288bcc-3603-4fc0-810a-6f15a6ead3cc/1/HoGZCoqMzX6KT0i7do810mmbeLI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/288bcc-3603-4fc0-810a-6f15a6ead3cc/1/HoGZCoqMzX6KT0i7do810mmbeLI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HoGZCoqMzX6KT0i7do810mmbeLI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:02:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:44:5d:ee:01:9f:46:2f:fb:9f:32:51:4a:1b:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e81990a8a8ccd7e8a4f48bb768f35d2699b78b2
        Validity
            Not Before: Jan  1 02:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9799517143d2b3db5a69bffa25f8e2ddce7fbb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:cb:99:3c:95:a2:83:d5:fe:95:dc:9b:97:a0:
                    8e:ee:9b:80:e6:2a:58:ef:45:41:b5:0e:a9:5c:68:
                    a3:0b:54:aa:98:d9:8b:eb:be:8c:c6:be:da:dd:0d:
                    a3:44:4f:8f:5a:e7:22:cd:39:41:09:4d:3c:f8:6e:
                    02:11:80:6a:e2:02:4a:37:e3:5f:22:d4:da:58:d9:
                    8c:6e:c9:df:57:98:0b:6b:84:90:92:a6:2d:cc:b2:
                    3d:2a:4c:ca:c8:7d:eb:3e:d3:35:c4:cf:b2:79:37:
                    80:dd:2f:b5:e3:8c:31:ec:8d:b1:84:0f:ef:05:57:
                    39:d5:a3:7e:c2:fd:b3:31:ee:27:ff:2f:fc:2c:66:
                    16:28:bf:50:ba:b1:d8:b7:78:22:2b:e6:be:0d:de:
                    cf:7f:5f:d0:57:52:cb:26:1d:48:ab:d0:1b:56:aa:
                    25:c5:0f:c0:73:c3:ee:2b:91:d2:45:19:15:4b:04:
                    6e:04:55:57:4a:d6:94:65:09:27:35:ab:27:71:dc:
                    78:26:25:fe:be:a0:9f:a5:46:8f:e0:68:be:9c:78:
                    ef:52:43:3a:dd:f7:9a:5e:c8:ff:f6:c4:ee:53:71:
                    c3:95:8f:00:0c:a1:11:7a:3e:76:04:3c:48:a9:80:
                    b8:f0:4a:22:10:6c:3c:3b:52:c8:2f:d5:38:5e:86:
                    93:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:79:95:17:14:3D:2B:3D:B5:A6:9B:FF:A2:5F:8E:2D:DC:E7:FB:B6
            X509v3 Authority Key Identifier:
                keyid:1E:81:99:0A:8A:8C:CD:7E:8A:4F:48:BB:76:8F:35:D2:69:9B:78:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HoGZCoqMzX6KT0i7do810mmbeLI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/288bcc-3603-4fc0-810a-6f15a6ead3cc/1/2XmVFxQ9Kz21ppv_ol-OLdzn-7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/288bcc-3603-4fc0-810a-6f15a6ead3cc/1/HoGZCoqMzX6KT0i7do810mmbeLI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.226.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:43:9b:fb:95:64:73:36:f6:1e:a6:12:8d:8d:00:2e:2f:a3:
         a4:56:af:1d:7a:58:ac:19:46:e4:a4:0f:47:65:cd:ec:bc:dc:
         46:71:ec:2d:2f:87:95:88:e6:73:03:e4:68:e8:96:72:b2:7b:
         80:0d:8b:88:2c:aa:7c:ad:be:66:41:30:3e:a1:2c:35:33:56:
         df:69:33:d9:a4:e5:e3:7c:8c:3a:05:23:57:82:e2:33:32:d9:
         86:03:44:00:cb:0a:ee:1f:0f:b8:44:81:1c:c2:88:87:f3:77:
         01:f4:03:7a:48:97:5d:a5:b7:87:04:d0:6f:7a:ab:6b:dd:ef:
         18:b4:99:1d:b5:69:1f:f7:a1:b9:31:ad:59:6e:da:f9:95:5c:
         44:e3:49:ae:30:92:26:f5:7a:cc:4a:71:84:f9:3a:8e:70:f6:
         48:d8:0d:fe:b5:43:a2:69:40:ec:6e:f0:40:51:1e:8d:cb:4e:
         85:72:0f:37:69:7c:37:cd:f6:1e:1f:c7:02:28:b7:98:a2:ee:
         12:1d:07:67:54:58:f5:6f:83:bc:fb:d4:27:73:d1:28:d1:2a:
         da:74:84:40:16:5b:07:83:02:83:a5:4a:4e:d5:e4:a4:e3:f0:
         00:36:68:b8:c4:6e:d4:57:79:1c:47:30:59:ec:be:4a:5d:f2:
         c4:ad:83:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC20Rd7gGfRi/7nzJRShtXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlODE5OTBhOGE4Y2NkN2U4YTRmNDhiYjc2OGYzNWQyNjk5
Yjc4YjIwHhcNMjQwMTAxMDIyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTc5OTUxNzE0M2QyYjNkYjVhNjliZmZhMjVmOGUyZGRjZTdmYmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAisuZPJWig9X+ldybl6CO7puA5ipY
70VBtQ6pXGijC1SqmNmL676Mxr7a3Q2jRE+PWucizTlBCU08+G4CEYBq4gJKN+Nf
ItTaWNmMbsnfV5gLa4SQkqYtzLI9KkzKyH3rPtM1xM+yeTeA3S+144wx7I2xhA/v
BVc51aN+wv2zMe4n/y/8LGYWKL9QurHYt3giK+a+Dd7Pf1/QV1LLJh1Iq9AbVqol
xQ/Ac8PuK5HSRRkVSwRuBFVXStaUZQknNasncdx4JiX+vqCfpUaP4Gi+nHjvUkM6
3feaXsj/9sTuU3HDlY8ADKERej52BDxIqYC48EoiEGw8O1LIL9U4XoaTGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNl5lRcUPSs9taab/6Jfji3c5/u2MB8GA1UdIwQY
MBaAFB6BmQqKjM1+ik9Iu3aPNdJpm3iyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG9HWkNvcU16WDZLVDBpN2RvODEwbW1iZUxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy8yODhiY2MtMzYwMy00ZmMwLTgxMGEt
NmYxNWE2ZWFkM2NjLzEvMlhtVkZ4UTlLejIxcHB2X29sLU9MZHpuLTdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy8yODhiY2MtMzYwMy00ZmMwLTgxMGEtNmYxNWE2ZWFkM2Nj
LzEvSG9HWkNvcU16WDZLVDBpN2RvODEwbW1iZUxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+LWMA0G
CSqGSIb3DQEBCwUAA4IBAQAeQ5v7lWRzNvYephKNjQAuL6OkVq8delisGUbkpA9H
Zc3svNxGcewtL4eViOZzA+Ro6JZysnuADYuILKp8rb5mQTA+oSw1M1bfaTPZpOXj
fIw6BSNXguIzMtmGA0QAywruHw+4RIEcwoiH83cB9AN6SJddpbeHBNBveqtr3e8Y
tJkdtWkf96G5Ma1Zbtr5lVxE40muMJIm9XrMSnGE+TqOcPZI2A3+tUOiaUDsbvBA
UR6Ny06Fcg83aXw3zfYeH8cCKLeYou4SHQdnVFj1b4O8+9Qnc9Eo0SradIRAFlsH
gwKDpUpO1eSk4/AANmi4xG7UV3kcRzBZ7L5KXfLErYON
-----END CERTIFICATE-----