Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/qN6xqDTlfIZ6mtU5cVSucfrKua4.roa
File:                     qN6xqDTlfIZ6mtU5cVSucfrKua4.roa (raw, json)
Hash identifier:          jnw0P64Pu8ojFkFbOD7F1hCvMA2u330ITIPg+iilA5Q=
Subject key identifier:   A8:DE:B1:A8:34:E5:7C:86:7A:9A:D5:39:71:54:AE:71:FA:CA:B9:AE
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       0193965764BA7D75B2DF4534C05A42BD8D5D
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/qN6xqDTlfIZ6mtU5cVSucfrKua4.roa
Signing time:             Thu 05 Dec 2024 10:22:10 +0000
ROA not before:           Thu 05 Dec 2024 10:22:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        195.114.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 04:19:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:96:57:64:ba:7d:75:b2:df:45:34:c0:5a:42:bd:8d:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Dec  5 10:22:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8deb1a834e57c867a9ad5397154ae71facab9ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:80:89:7c:7a:d3:a6:98:c0:72:e7:4f:58:9e:
                    6d:10:fa:75:14:c7:6d:05:4a:e2:6c:e5:d1:06:54:
                    87:50:a2:e5:84:68:3d:61:02:5b:d7:f3:76:c9:fa:
                    89:52:31:a5:62:02:b6:d3:dc:9b:53:71:7a:3f:72:
                    b5:b6:45:00:90:02:9c:52:37:d5:41:43:3b:0c:14:
                    23:ba:80:b1:f4:3d:1b:e5:d0:25:5e:36:30:90:fb:
                    aa:f3:ca:26:fb:a3:50:34:ef:e1:ce:81:b2:33:bd:
                    e5:84:9c:5d:7a:52:83:54:aa:d1:ad:45:29:c5:25:
                    77:fe:19:c7:4d:29:9c:0f:06:89:9e:b9:ba:25:2c:
                    74:ab:a8:30:c4:d5:df:52:70:21:47:30:05:b8:27:
                    01:08:71:8d:28:e8:bf:33:9d:a3:aa:52:f9:a1:af:
                    1a:67:aa:54:76:b1:e1:27:7b:81:e6:32:b1:fd:52:
                    de:a4:75:2a:f1:3f:1c:30:59:2d:ac:80:37:13:c0:
                    31:b6:e8:16:6e:89:08:89:46:01:31:45:a8:59:b8:
                    b3:69:9d:41:95:da:f4:b9:d7:c0:bf:a6:fc:81:37:
                    36:d7:18:a3:cf:7f:aa:3c:41:70:3a:af:d9:9f:13:
                    7b:e8:93:5d:be:85:3c:90:b0:f2:1f:ee:9d:a5:57:
                    0b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:DE:B1:A8:34:E5:7C:86:7A:9A:D5:39:71:54:AE:71:FA:CA:B9:AE
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/qN6xqDTlfIZ6mtU5cVSucfrKua4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:12:9e:b3:63:0e:a1:7e:5a:ad:60:de:6c:a9:5e:30:88:11:
         e0:75:55:e4:4d:64:63:08:b5:a4:4c:79:cd:8b:57:02:3e:b8:
         d1:b8:54:08:5a:3c:89:49:f6:5c:5c:dd:a9:be:40:02:f4:bc:
         4b:7c:34:c9:56:4d:6a:38:93:7e:13:79:25:07:9f:d1:c3:18:
         8b:30:83:16:81:e7:d3:d9:d5:22:f5:a2:b3:9f:87:19:dc:34:
         f5:74:6a:04:31:16:ef:af:2d:6d:5e:4e:f1:14:ea:ce:24:8c:
         66:ec:a3:13:45:b6:8f:73:68:2e:3d:db:7c:9a:d0:4f:51:8c:
         9a:e8:a3:77:95:3c:10:f9:95:c0:7f:cd:8f:55:f0:8f:9a:11:
         1d:46:77:d2:3f:74:b5:7c:05:a8:71:b7:72:15:07:58:fb:03:
         e1:3a:be:18:00:4f:8e:77:14:4a:c8:0a:f9:da:42:26:99:b6:
         91:cc:6a:07:7d:97:77:f6:1c:b1:d5:87:16:0f:00:01:7b:1c:
         cd:88:1d:00:2d:16:d4:6c:00:e2:16:88:d6:da:61:e5:4b:ff:
         b6:88:11:8f:05:0d:8a:56:75:bf:7b:ad:99:bb:43:45:ee:ae:
         ba:1f:58:07:da:81:cd:d6:fe:a8:b8:6b:9d:03:e1:15:2d:83:
         60:dc:74:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZOWV2S6fXWy30U0wFpCvY1dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjQxMjA1MTAyMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGRlYjFhODM0ZTU3Yzg2N2E5YWQ1Mzk3MTU0YWU3MWZhY2FiOWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvoCJfHrTppjAcudPWJ5tEPp1FMdt
BUribOXRBlSHUKLlhGg9YQJb1/N2yfqJUjGlYgK209ybU3F6P3K1tkUAkAKcUjfV
QUM7DBQjuoCx9D0b5dAlXjYwkPuq88om+6NQNO/hzoGyM73lhJxdelKDVKrRrUUp
xSV3/hnHTSmcDwaJnrm6JSx0q6gwxNXfUnAhRzAFuCcBCHGNKOi/M52jqlL5oa8a
Z6pUdrHhJ3uB5jKx/VLepHUq8T8cMFktrIA3E8AxtugWbokIiUYBMUWoWbizaZ1B
ldr0udfAv6b8gTc21xijz3+qPEFwOq/ZnxN76JNdvoU8kLDyH+6dpVcLHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjesag05XyGeprVOXFUrnH6yrmuMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvcU42eHFEVGxmSVo2bXRVNWNWU3VjZnJLdWE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3LMMA0G
CSqGSIb3DQEBCwUAA4IBAQAIEp6zYw6hflqtYN5sqV4wiBHgdVXkTWRjCLWkTHnN
i1cCPrjRuFQIWjyJSfZcXN2pvkAC9LxLfDTJVk1qOJN+E3klB5/RwxiLMIMWgefT
2dUi9aKzn4cZ3DT1dGoEMRbvry1tXk7xFOrOJIxm7KMTRbaPc2guPdt8mtBPUYya
6KN3lTwQ+ZXAf82PVfCPmhEdRnfSP3S1fAWocbdyFQdY+wPhOr4YAE+OdxRKyAr5
2kImmbaRzGoHfZd39hyx1YcWDwABexzNiB0ALRbUbADiFojW2mHlS/+2iBGPBQ2K
VnW/e62Zu0NF7q66H1gH2oHN1v6ouGudA+EVLYNg3HQx
-----END CERTIFICATE-----