Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/cRvhZJn6ow7FfQUafYebU3ck6_k.roa
File:                     cRvhZJn6ow7FfQUafYebU3ck6_k.roa (raw, json)
Hash identifier:          W+cj9KTgUuxEcWUy6AIXcv75Jye5ss3sRNwY3gyc8L8=
Subject key identifier:   71:1B:E1:64:99:FA:A3:0E:C5:7D:05:1A:7D:87:9B:53:77:24:EB:F9
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       018ECEDB5EE7B71C228EA6C23F00124395C2
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/cRvhZJn6ow7FfQUafYebU3ck6_k.roa
Signing time:             Thu 11 Apr 2024 20:31:06 +0000
ROA not before:           Thu 11 Apr 2024 20:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59432
IP address blocks:        195.114.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 03:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ce:db:5e:e7:b7:1c:22:8e:a6:c2:3f:00:12:43:95:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Apr 11 20:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=711be16499faa30ec57d051a7d879b537724ebf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:af:23:2a:ba:cc:67:80:1c:a4:a2:1b:62:d7:
                    b9:99:bf:2e:61:99:60:e9:4f:ba:c7:e8:bf:9a:fe:
                    62:5a:1d:6b:8e:fc:8e:46:18:de:25:1d:ca:da:fa:
                    0a:67:c3:80:57:6d:1d:ad:bf:03:8e:01:92:b8:2d:
                    bd:af:44:a4:63:0c:56:8c:53:89:f5:9c:3f:64:1d:
                    82:ce:57:87:29:cd:7f:68:02:df:09:ff:25:23:c9:
                    b5:92:58:f9:51:ee:14:be:1d:ba:33:b4:8d:ce:e1:
                    59:1e:9c:28:ce:a0:40:bb:ed:d6:3c:5f:58:4e:fd:
                    8f:e9:b0:77:df:7d:d2:f9:0d:db:9f:05:55:18:06:
                    82:d0:4d:fe:15:2a:91:ba:05:a6:2f:c9:cb:50:78:
                    8e:83:82:0e:cc:75:ad:2e:2b:36:94:40:43:0b:3c:
                    f9:da:5e:dd:c1:d2:f8:5e:9a:8a:38:9a:04:53:f0:
                    61:7c:44:9c:17:94:bd:99:15:6a:7f:3a:e9:12:60:
                    b1:bc:99:fd:16:01:f1:ba:36:c9:0c:60:5d:4b:3c:
                    32:74:0d:1e:bd:bc:48:81:18:e5:ae:69:a1:7f:cc:
                    1d:89:3e:e9:0f:4b:63:1a:c6:c5:b4:bd:b9:21:46:
                    3b:f6:e8:50:54:a5:c8:20:16:f7:ed:60:15:82:61:
                    4b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:1B:E1:64:99:FA:A3:0E:C5:7D:05:1A:7D:87:9B:53:77:24:EB:F9
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/cRvhZJn6ow7FfQUafYebU3ck6_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:7d:50:99:e6:a8:68:11:aa:29:96:29:3e:ef:19:8d:89:6b:
         e8:0e:0a:0d:7b:0a:70:87:2d:5b:88:2f:f6:f6:0f:19:5a:dc:
         2c:cd:7b:40:00:09:5c:15:bd:4d:1b:78:63:fb:58:8e:aa:72:
         22:7e:0f:c9:95:69:29:e4:c3:a9:ff:93:e7:a9:63:14:d0:a0:
         8e:2a:39:80:48:11:c0:29:24:9c:8d:18:68:19:45:5a:3e:43:
         b1:32:1c:f7:57:37:27:7b:86:55:66:cd:0c:d9:c1:8c:a5:b6:
         f9:4a:c5:41:e3:28:ab:9c:4f:67:9b:be:0d:43:a1:02:cc:2d:
         57:02:75:e7:5b:93:7d:91:64:52:5a:37:08:4b:66:15:53:2f:
         ca:85:9b:45:a4:9a:ad:ac:f3:62:ec:94:a7:e0:ef:b1:b8:b4:
         8b:c4:3c:a9:aa:5a:24:b5:7c:c2:02:f9:6d:e8:a2:ca:26:20:
         3e:07:e1:a9:b1:b1:81:aa:78:e5:68:b2:20:ac:5d:e4:16:fb:
         0e:e1:3b:7c:e9:9f:82:c9:c1:25:82:7e:fb:72:71:e8:05:84:
         72:94:7e:c1:0f:4f:54:67:db:09:a0:cf:c7:96:79:2d:1c:37:
         d5:64:0b:78:35:28:65:3c:fa:b5:b5:de:a3:32:42:e7:64:a8:
         11:d2:dd:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7O217ntxwijqbCPwASQ5XCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjQwNDExMjAzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTFiZTE2NDk5ZmFhMzBlYzU3ZDA1MWE3ZDg3OWI1Mzc3MjRlYmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAla8jKrrMZ4AcpKIbYte5mb8uYZlg
6U+6x+i/mv5iWh1rjvyORhjeJR3K2voKZ8OAV20drb8DjgGSuC29r0SkYwxWjFOJ
9Zw/ZB2CzleHKc1/aALfCf8lI8m1klj5Ue4Uvh26M7SNzuFZHpwozqBAu+3WPF9Y
Tv2P6bB3333S+Q3bnwVVGAaC0E3+FSqRugWmL8nLUHiOg4IOzHWtLis2lEBDCzz5
2l7dwdL4XpqKOJoEU/BhfEScF5S9mRVqfzrpEmCxvJn9FgHxujbJDGBdSzwydA0e
vbxIgRjlrmmhf8wdiT7pD0tjGsbFtL25IUY79uhQVKXIIBb37WAVgmFLOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEb4WSZ+qMOxX0FGn2Hm1N3JOv5MB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvY1J2aFpKbjZvdzdGZlFVYWZZZWJVM2NrNl9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3LIMA0G
CSqGSIb3DQEBCwUAA4IBAQCbfVCZ5qhoEaoplik+7xmNiWvoDgoNewpwhy1biC/2
9g8ZWtwszXtAAAlcFb1NG3hj+1iOqnIifg/JlWkp5MOp/5PnqWMU0KCOKjmASBHA
KSScjRhoGUVaPkOxMhz3Vzcne4ZVZs0M2cGMpbb5SsVB4yirnE9nm74NQ6ECzC1X
AnXnW5N9kWRSWjcIS2YVUy/KhZtFpJqtrPNi7JSn4O+xuLSLxDypqloktXzCAvlt
6KLKJiA+B+GpsbGBqnjlaLIgrF3kFvsO4Tt86Z+CycElgn77cnHoBYRylH7BD09U
Z9sJoM/HlnktHDfVZAt4NShlPPq1td6jMkLnZKgR0t3C
-----END CERTIFICATE-----