Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/Y8ymtLlnODS9kLW1mj2CSTLTTMM.roa
File:                     Y8ymtLlnODS9kLW1mj2CSTLTTMM.roa (raw, json)
Hash identifier:          oAD2HBJdf8BLMKB1y8NrIxNH6Wkk41OPyL1skEdM+D8=
Subject key identifier:   63:CC:A6:B4:B9:67:38:34:BD:90:B5:B5:9A:3D:82:49:32:D3:4C:C3
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       018F1A447B7F2857356FCE9D58DAACF66F36
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/Y8ymtLlnODS9kLW1mj2CSTLTTMM.roa
Signing time:             Fri 26 Apr 2024 11:57:26 +0000
ROA not before:           Fri 26 Apr 2024 11:57:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59432
IP address blocks:        195.114.200.0/24 maxlen: 24
                          195.114.206.0/24 maxlen: 24
                          195.114.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1a:44:7b:7f:28:57:35:6f:ce:9d:58:da:ac:f6:6f:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Apr 26 11:57:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63cca6b4b9673834bd90b5b59a3d824932d34cc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:23:ac:24:55:fb:a2:16:f4:41:e8:7f:ab:8d:
                    ff:79:1a:30:86:f3:8d:e2:f7:9f:f8:f9:ff:09:47:
                    40:08:d3:b6:6f:c5:a3:14:50:07:a9:9b:92:7a:ef:
                    6e:b6:f1:3d:bc:c0:fd:bf:b6:2f:65:7e:a5:1a:35:
                    5e:1a:18:d1:04:0a:a2:cf:3e:c1:d5:d1:ea:2b:1f:
                    b2:ac:de:e1:b9:78:ea:d2:41:73:9d:40:bc:e0:eb:
                    ea:fe:57:19:48:1d:e5:3e:b8:c5:5f:b3:bd:65:4e:
                    5e:b5:3f:b7:50:85:bc:9b:76:df:85:24:83:07:45:
                    ea:a4:2f:71:cf:98:4a:87:8c:fb:0d:8d:03:15:ba:
                    79:72:65:3b:95:ee:19:e4:78:dc:e8:21:d9:08:63:
                    97:4f:0d:25:a2:7c:04:21:a7:ed:08:37:06:ec:03:
                    d6:73:a7:1d:1d:70:9f:0d:90:66:a1:e8:b4:76:60:
                    53:39:54:d4:66:cf:5d:22:1e:da:93:22:08:e9:6a:
                    54:ea:1d:db:7a:89:3c:a0:3a:80:51:2a:3b:b3:00:
                    48:83:21:80:39:5c:a4:12:59:26:bf:6a:91:ec:65:
                    c8:9b:c7:c9:65:ad:c8:d3:72:2c:ed:20:3c:72:89:
                    21:7f:66:3d:d8:2d:68:65:fa:da:4e:8d:0a:55:30:
                    9d:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:CC:A6:B4:B9:67:38:34:BD:90:B5:B5:9A:3D:82:49:32:D3:4C:C3
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/Y8ymtLlnODS9kLW1mj2CSTLTTMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.200.0/24
                  195.114.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a4:36:45:eb:9f:27:be:98:24:84:d5:b5:0b:9e:eb:e2:a5:d5:
         55:4b:a0:0f:21:14:33:3a:38:95:9f:fe:e0:3b:35:e0:5f:7c:
         d7:3e:06:2f:15:73:22:54:83:1d:51:fd:72:72:62:a1:b0:26:
         5d:c4:b7:33:07:c9:97:4e:bc:a3:76:30:8a:85:23:8c:06:76:
         68:cd:22:7e:3e:38:44:0c:3e:e3:8b:81:05:61:2d:ee:57:05:
         b2:15:7e:dc:91:4d:9b:82:b4:45:29:5e:f2:a4:53:5a:1b:3b:
         f9:8e:c8:04:53:34:5c:3e:e0:a3:db:55:31:b9:33:44:6a:5e:
         ed:50:ce:75:b2:a3:2b:ed:87:f1:4e:db:89:42:59:71:a6:e0:
         86:46:3e:96:c5:e0:d2:51:ad:73:3a:5a:7e:cb:3b:d0:38:c4:
         42:e9:18:ac:e8:e4:5c:43:33:2b:50:0f:94:a2:55:2b:9e:bc:
         84:e9:02:50:2d:f8:6a:5f:6f:e6:c3:2b:d6:65:ea:68:45:e9:
         e1:94:5d:63:b8:71:60:21:18:4b:c6:3c:39:1d:98:0b:b2:19:
         be:cf:91:f0:9c:f4:6d:6e:a1:7b:d8:71:cb:d4:3d:78:a8:aa:
         05:35:eb:c9:80:d5:fe:d0:ed:97:bf:0a:ea:eb:2a:80:0f:3f:
         05:db:60:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8aRHt/KFc1b86dWNqs9m82MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjQwNDI2MTE1NzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2NjYTZiNGI5NjczODM0YmQ5MGI1YjU5YTNkODI0OTMyZDM0Y2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiOsJFX7ohb0Qeh/q43/eRowhvON
4vef+Pn/CUdACNO2b8WjFFAHqZuSeu9utvE9vMD9v7YvZX6lGjVeGhjRBAqizz7B
1dHqKx+yrN7huXjq0kFznUC84Ovq/lcZSB3lPrjFX7O9ZU5etT+3UIW8m3bfhSSD
B0XqpC9xz5hKh4z7DY0DFbp5cmU7le4Z5Hjc6CHZCGOXTw0lonwEIaftCDcG7APW
c6cdHXCfDZBmoei0dmBTOVTUZs9dIh7akyII6WpU6h3beok8oDqAUSo7swBIgyGA
OVykElkmv2qR7GXIm8fJZa3I03Is7SA8cokhf2Y92C1oZfraTo0KVTCdqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGPMprS5Zzg0vZC1tZo9gkky00zDMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvWTh5bXRMbG5PRFM5a0xXMW1qMkNTVExUVE1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw3LIAwQB
w3LOMA0GCSqGSIb3DQEBCwUAA4IBAQCkNkXrnye+mCSE1bULnuvipdVVS6APIRQz
OjiVn/7gOzXgX3zXPgYvFXMiVIMdUf1ycmKhsCZdxLczB8mXTryjdjCKhSOMBnZo
zSJ+PjhEDD7ji4EFYS3uVwWyFX7ckU2bgrRFKV7ypFNaGzv5jsgEUzRcPuCj21Ux
uTNEal7tUM51sqMr7YfxTtuJQllxpuCGRj6WxeDSUa1zOlp+yzvQOMRC6Ris6ORc
QzMrUA+UolUrnryE6QJQLfhqX2/mwyvWZepoRenhlF1juHFgIRhLxjw5HZgLshm+
z5HwnPRtbqF72HHL1D14qKoFNevJgNX+0O2Xvwrq6yqADz8F22Dx
-----END CERTIFICATE-----