Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/USSpE7xsLce4W828YLD1vFjLMhc.roa
File:                     USSpE7xsLce4W828YLD1vFjLMhc.roa (raw, json)
Hash identifier:          XTXWu+jXMj3+7LPNb6Jy5czEUSGG3peFgQ0qTEvXbMo=
Subject key identifier:   51:24:A9:13:BC:6C:2D:C7:B8:5B:CD:BC:60:B0:F5:BC:58:CB:32:17
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       019344216CB0FAE109D62CEC9592F9CFCAA3
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/USSpE7xsLce4W828YLD1vFjLMhc.roa
Signing time:             Tue 19 Nov 2024 11:14:21 +0000
ROA not before:           Tue 19 Nov 2024 11:14:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25198
IP address blocks:        195.114.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:44:21:6c:b0:fa:e1:09:d6:2c:ec:95:92:f9:cf:ca:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Nov 19 11:14:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5124a913bc6c2dc7b85bcdbc60b0f5bc58cb3217
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:f9:eb:42:ee:f3:05:18:0a:ab:02:d7:6a:3b:
                    b3:45:07:00:28:92:22:12:78:2e:31:56:60:84:d7:
                    22:37:53:fa:0d:42:1c:ee:63:ec:98:86:dc:69:6c:
                    28:94:c7:19:08:9a:06:6a:20:18:be:0e:31:8a:47:
                    ce:90:b5:22:b9:cd:10:9c:18:c9:03:b1:d0:9a:cd:
                    e3:9e:52:fe:af:f1:69:3f:6f:01:eb:d8:de:73:fa:
                    d7:b9:25:49:10:d4:58:1a:ad:84:9a:3f:ee:a3:ad:
                    f0:4a:43:ee:3d:82:61:75:c9:ac:2b:3a:d3:73:81:
                    c8:43:b2:22:0a:f3:47:2e:3d:c1:8d:f3:bc:03:f0:
                    d7:6d:9f:81:f1:31:4b:9c:3b:6f:33:fe:8e:ab:df:
                    3d:24:73:34:37:6b:05:cf:c0:55:c5:34:30:66:26:
                    bc:ea:34:e2:c8:1c:14:2c:a8:95:d5:77:4a:17:3b:
                    b6:91:ce:52:5b:cb:11:f5:6b:51:35:b1:27:fa:73:
                    d0:44:8c:c4:cb:0c:01:47:fd:78:cf:11:eb:02:ed:
                    28:2b:e5:5a:98:d2:ff:2f:7c:da:98:27:4e:07:6f:
                    69:4e:a2:d3:f0:56:ac:df:3a:f9:89:4f:d4:3e:4c:
                    f9:30:3f:86:e8:7c:8a:2d:a8:a5:8d:b6:37:bd:9c:
                    77:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:24:A9:13:BC:6C:2D:C7:B8:5B:CD:BC:60:B0:F5:BC:58:CB:32:17
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/USSpE7xsLce4W828YLD1vFjLMhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:cc:02:2d:db:86:c9:dc:1f:25:21:44:d7:72:aa:94:90:57:
         05:06:e9:57:69:ec:c4:de:a5:1a:88:0f:1e:ec:bb:48:cf:25:
         7b:f8:23:94:6c:c3:12:39:71:ae:9c:9c:83:17:eb:a1:3f:73:
         03:41:de:0c:84:e0:0f:d9:5e:69:6e:54:ec:c1:76:75:26:8d:
         e0:25:23:b3:9d:53:2d:d7:0f:05:d4:cf:7a:51:81:03:2a:60:
         ff:41:e6:e4:dd:3b:20:46:c7:b7:0e:53:7f:5e:01:b4:0f:07:
         35:07:16:d7:7c:0a:89:70:78:f0:2c:d1:c1:12:94:ca:96:43:
         19:d2:0c:bf:5b:c9:0f:a1:7b:2f:1c:2d:4a:16:0f:62:f8:12:
         08:32:ba:e2:20:b2:8c:dc:e3:12:77:b6:bd:c0:f1:63:ee:11:
         4c:b8:07:b1:91:4c:99:55:63:a0:63:68:fe:05:ca:fb:b6:08:
         1a:81:26:a2:f0:c9:bc:4b:5a:a9:48:c0:c9:a3:d6:39:b6:95:
         e4:97:c5:fb:d0:52:64:e7:94:85:80:0d:11:fc:79:a5:91:c9:
         c9:1c:c0:54:56:c4:57:ff:ff:9c:d8:5c:5d:d4:b7:da:ea:c7:
         ca:e6:b6:23:bb:8c:ab:bf:a5:8f:83:9e:04:e7:2a:b6:31:f1:
         9f:c1:37:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNEIWyw+uEJ1izslZL5z8qjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjQxMTE5MTExNDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTI0YTkxM2JjNmMyZGM3Yjg1YmNkYmM2MGIwZjViYzU4Y2IzMjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPnrQu7zBRgKqwLXajuzRQcAKJIi
EnguMVZghNciN1P6DUIc7mPsmIbcaWwolMcZCJoGaiAYvg4xikfOkLUiuc0QnBjJ
A7HQms3jnlL+r/FpP28B69jec/rXuSVJENRYGq2Emj/uo63wSkPuPYJhdcmsKzrT
c4HIQ7IiCvNHLj3BjfO8A/DXbZ+B8TFLnDtvM/6Oq989JHM0N2sFz8BVxTQwZia8
6jTiyBwULKiV1XdKFzu2kc5SW8sR9WtRNbEn+nPQRIzEywwBR/14zxHrAu0oK+Va
mNL/L3zamCdOB29pTqLT8Fas3zr5iU/UPkz5MD+G6HyKLailjbY3vZx3qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEkqRO8bC3HuFvNvGCw9bxYyzIXMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvVVNTcEU3eHNMY2U0VzgyOFlMRDF2RmpMTWhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3LDMA0G
CSqGSIb3DQEBCwUAA4IBAQAGzAIt24bJ3B8lIUTXcqqUkFcFBulXaezE3qUaiA8e
7LtIzyV7+COUbMMSOXGunJyDF+uhP3MDQd4MhOAP2V5pblTswXZ1Jo3gJSOznVMt
1w8F1M96UYEDKmD/Qebk3TsgRse3DlN/XgG0Dwc1BxbXfAqJcHjwLNHBEpTKlkMZ
0gy/W8kPoXsvHC1KFg9i+BIIMrriILKM3OMSd7a9wPFj7hFMuAexkUyZVWOgY2j+
Bcr7tggagSai8Mm8S1qpSMDJo9Y5tpXkl8X70FJk55SFgA0R/HmlkcnJHMBUVsRX
//+c2Fxd1Lfa6sfK5rYju4yrv6WPg54E5yq2MfGfwTdB
-----END CERTIFICATE-----