Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/e29ff2-8e63-4e6c-8aff-732653c4fe2c/1/jKMFStCzdaRU_IZrUY2U3PafDJ4.roa
File:                     jKMFStCzdaRU_IZrUY2U3PafDJ4.roa (raw, json)
Hash identifier:          YtDUhbFNlLPvRt34wtXc6MuKAvNxmrfz8G1SSco02Rw=
Subject key identifier:   8C:A3:05:4A:D0:B3:75:A4:54:FC:86:6B:51:8D:94:DC:F6:9F:0C:9E
Certificate issuer:       /CN=6137d2fcbd43a51e531bc98bfab5eaf7190090af
Certificate serial:       019142650E5E6207FF38FA6E9A9DF0C50ECA
Authority key identifier: 61:37:D2:FC:BD:43:A5:1E:53:1B:C9:8B:FA:B5:EA:F7:19:00:90:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YTfS_L1DpR5TG8mL-rXq9xkAkK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/e29ff2-8e63-4e6c-8aff-732653c4fe2c/1/jKMFStCzdaRU_IZrUY2U3PafDJ4.roa
Signing time:             Sun 11 Aug 2024 17:03:24 +0000
ROA not before:           Sun 11 Aug 2024 17:03:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214431
IP address blocks:        195.200.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/e29ff2-8e63-4e6c-8aff-732653c4fe2c/1/YTfS_L1DpR5TG8mL-rXq9xkAkK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/e29ff2-8e63-4e6c-8aff-732653c4fe2c/1/YTfS_L1DpR5TG8mL-rXq9xkAkK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YTfS_L1DpR5TG8mL-rXq9xkAkK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 20:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:42:65:0e:5e:62:07:ff:38:fa:6e:9a:9d:f0:c5:0e:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6137d2fcbd43a51e531bc98bfab5eaf7190090af
        Validity
            Not Before: Aug 11 17:03:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ca3054ad0b375a454fc866b518d94dcf69f0c9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:3c:48:7e:5b:33:fc:cb:e3:3d:a5:9f:03:b0:
                    a8:f6:9f:19:e4:91:1d:64:6a:8d:9b:b3:02:fc:71:
                    c2:af:f2:1e:f2:2e:23:9c:50:1b:87:53:11:37:1b:
                    0e:68:55:00:41:89:d1:02:31:04:15:27:76:64:22:
                    72:2c:e0:af:5e:e1:bd:2a:8b:79:6f:6b:f8:6e:f3:
                    5a:d8:61:43:6f:da:fa:7a:72:23:2b:10:23:d2:10:
                    9a:8a:3f:47:d7:d9:9e:be:bb:66:69:c5:0f:f2:e6:
                    b4:cf:84:33:92:cc:23:e2:de:aa:1e:a5:7d:3b:6f:
                    8b:39:1e:9a:78:fc:f4:29:bc:22:78:3a:26:58:73:
                    e4:06:98:15:1f:1f:70:a8:76:a7:11:81:59:42:b8:
                    7d:6c:34:57:a6:c6:79:4e:93:54:04:d0:1d:f4:a1:
                    fc:64:b7:c7:6b:c0:07:6b:20:f4:af:f8:3e:d7:f7:
                    88:27:a5:a4:c4:2f:73:78:a6:69:5a:96:46:8f:84:
                    dc:1c:8c:50:53:ca:fd:9c:e4:fa:fa:a9:9f:8f:73:
                    ca:91:1e:1e:eb:ea:c0:84:e8:c0:fb:a7:47:28:b8:
                    0f:5a:a0:d6:82:15:87:16:90:12:3f:4d:69:df:ab:
                    9e:b8:7e:ee:3f:f1:90:d8:9e:10:60:83:c2:a7:28:
                    ba:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:A3:05:4A:D0:B3:75:A4:54:FC:86:6B:51:8D:94:DC:F6:9F:0C:9E
            X509v3 Authority Key Identifier:
                keyid:61:37:D2:FC:BD:43:A5:1E:53:1B:C9:8B:FA:B5:EA:F7:19:00:90:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YTfS_L1DpR5TG8mL-rXq9xkAkK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e29ff2-8e63-4e6c-8aff-732653c4fe2c/1/jKMFStCzdaRU_IZrUY2U3PafDJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e29ff2-8e63-4e6c-8aff-732653c4fe2c/1/YTfS_L1DpR5TG8mL-rXq9xkAkK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:51:cc:61:30:6c:a5:58:91:06:f7:97:bf:8c:fb:d1:3f:bd:
         a7:2d:e5:b2:28:ce:71:34:13:fd:fa:00:4a:3d:c7:a7:76:d6:
         ec:60:b9:1a:32:8c:4e:12:7a:63:14:74:3f:5a:90:40:b0:73:
         1b:a6:91:bb:19:84:88:83:e7:6a:18:ca:46:67:64:c4:90:93:
         f9:a5:fd:1b:f3:7d:b0:7d:ee:52:2b:7c:98:93:fa:f1:b6:13:
         b4:09:00:76:aa:02:a2:ad:d3:9f:2c:06:b4:fd:7e:95:57:c8:
         b1:11:c7:8b:38:dd:9c:04:91:4c:96:3c:fb:50:87:8d:ca:ec:
         60:e9:cf:cd:09:6c:d7:40:27:ae:5f:2d:37:c5:d8:90:ce:68:
         39:e7:d9:c2:07:a9:88:1b:08:f4:48:c6:24:0d:68:dc:b4:2f:
         fa:64:88:9d:97:3a:0a:98:4f:fe:b6:db:82:e0:7a:26:8f:90:
         29:f2:7a:d2:f8:60:a3:89:77:fe:f4:df:c1:fc:70:c2:99:b8:
         31:e4:50:13:76:fb:ef:27:83:a6:79:fa:f0:f5:06:63:d6:72:
         1a:f3:2a:2a:96:ce:d1:fd:32:15:0e:69:34:b0:11:64:82:cc:
         0b:41:a9:de:1a:2a:92:ec:5d:3c:b8:4e:09:54:8f:c4:53:b6:
         fd:5d:5f:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFCZQ5eYgf/OPpump3wxQ7KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxMzdkMmZjYmQ0M2E1MWU1MzFiYzk4YmZhYjVlYWY3MTkw
MDkwYWYwHhcNMjQwODExMTcwMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2EzMDU0YWQwYjM3NWE0NTRmYzg2NmI1MThkOTRkY2Y2OWYwYzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzxIflsz/MvjPaWfA7Co9p8Z5JEd
ZGqNm7MC/HHCr/Ie8i4jnFAbh1MRNxsOaFUAQYnRAjEEFSd2ZCJyLOCvXuG9Kot5
b2v4bvNa2GFDb9r6enIjKxAj0hCaij9H19mevrtmacUP8ua0z4Qzkswj4t6qHqV9
O2+LOR6aePz0KbwieDomWHPkBpgVHx9wqHanEYFZQrh9bDRXpsZ5TpNUBNAd9KH8
ZLfHa8AHayD0r/g+1/eIJ6WkxC9zeKZpWpZGj4TcHIxQU8r9nOT6+qmfj3PKkR4e
6+rAhOjA+6dHKLgPWqDWghWHFpASP01p36ueuH7uP/GQ2J4QYIPCpyi6ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIyjBUrQs3WkVPyGa1GNlNz2nwyeMB8GA1UdIwQY
MBaAFGE30vy9Q6UeUxvJi/q16vcZAJCvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVRmU19MMURwUjVURzhtTC1yWHE5eGtBa0s4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lMjlmZjItOGU2My00ZTZjLThhZmYt
NzMyNjUzYzRmZTJjLzEvaktNRlN0Q3pkYVJVX0laclVZMlUzUGFmREo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lMjlmZjItOGU2My00ZTZjLThhZmYtNzMyNjUzYzRmZTJj
LzEvWVRmU19MMURwUjVURzhtTC1yWHE5eGtBa0s4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw8hNMA0G
CSqGSIb3DQEBCwUAA4IBAQAUUcxhMGylWJEG95e/jPvRP72nLeWyKM5xNBP9+gBK
PcendtbsYLkaMoxOEnpjFHQ/WpBAsHMbppG7GYSIg+dqGMpGZ2TEkJP5pf0b832w
fe5SK3yYk/rxthO0CQB2qgKirdOfLAa0/X6VV8ixEceLON2cBJFMljz7UIeNyuxg
6c/NCWzXQCeuXy03xdiQzmg559nCB6mIGwj0SMYkDWjctC/6ZIidlzoKmE/+ttuC
4Homj5Ap8nrS+GCjiXf+9N/B/HDCmbgx5FATdvvvJ4Omefrw9QZj1nIa8yoqls7R
/TIVDmk0sBFkgswLQaneGiqS7F08uE4JVI/EU7b9XV80
-----END CERTIFICATE-----