Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/yWUWla5lc3r2enYOKkec8wVdxh4.roa
File:                     yWUWla5lc3r2enYOKkec8wVdxh4.roa (raw, json)
Hash identifier:          gV6iN6iPh9xgn9dMCnyY6YfRc4YeRk/zouOdxpb3xb8=
Subject key identifier:   C9:65:16:95:AE:65:73:7A:F6:7A:76:0E:2A:47:9C:F3:05:5D:C6:1E
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       019172043050A5909BEE5543201B7D72E7C4
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/yWUWla5lc3r2enYOKkec8wVdxh4.roa
Signing time:             Tue 20 Aug 2024 22:59:22 +0000
ROA not before:           Tue 20 Aug 2024 22:59:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     135391
IP address blocks:        195.114.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:72:04:30:50:a5:90:9b:ee:55:43:20:1b:7d:72:e7:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Aug 20 22:59:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9651695ae65737af67a760e2a479cf3055dc61e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5f:2c:80:f0:a8:a1:69:a9:32:04:52:41:9f:
                    f3:f5:20:8a:d5:d2:75:1d:cd:3c:af:1e:cc:fb:40:
                    1b:a4:9f:cb:7e:b0:7c:b4:96:f7:f1:78:4a:d5:c2:
                    cb:e7:7a:11:86:8e:d5:5c:15:8b:25:d8:93:71:d1:
                    2a:ba:e8:f3:f2:30:55:70:e3:2f:42:da:d9:25:08:
                    bb:12:b3:00:a6:d7:3b:79:c3:c5:08:8c:14:78:ef:
                    90:27:ea:3f:18:42:7e:60:1f:e5:91:6a:12:99:03:
                    ea:d0:c4:86:e7:9e:cd:75:b4:22:52:4f:58:88:e9:
                    63:44:c4:a6:84:29:36:3a:09:d0:86:50:06:72:ae:
                    cf:6a:4d:44:e6:16:7c:4e:ac:43:d7:04:94:5e:35:
                    13:03:c2:62:24:77:c0:ad:3c:c4:a3:01:a2:1e:0a:
                    65:50:2f:f7:e4:dd:6f:c5:f4:c2:8a:86:ef:ae:21:
                    0a:fe:db:2d:b1:72:b5:ba:6c:25:5a:fa:b7:a8:aa:
                    bc:53:d8:93:2e:b9:41:93:39:7f:cb:52:d1:34:7e:
                    72:33:27:3a:c1:58:5d:4a:1c:98:30:73:19:f9:10:
                    58:a1:6e:4e:29:c3:41:10:35:9d:d5:43:08:07:e0:
                    5e:aa:8f:5d:d6:19:c6:0f:57:36:a2:92:7e:6e:76:
                    a3:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:65:16:95:AE:65:73:7A:F6:7A:76:0E:2A:47:9C:F3:05:5D:C6:1E
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/yWUWla5lc3r2enYOKkec8wVdxh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:2d:51:a1:28:d0:b0:2b:03:d9:d2:39:95:e0:cc:c8:1f:c2:
         77:94:ee:29:e6:7b:97:16:65:ad:57:7c:e6:56:12:3b:f7:f0:
         68:53:60:ed:61:ce:2a:11:ff:ab:36:dd:ad:26:c8:ab:ed:f8:
         cf:3b:16:6f:3a:61:57:b5:a6:d0:89:b6:b1:b7:c6:ea:c2:c6:
         b1:d3:05:e7:0d:d8:3b:ab:5d:45:1e:0e:b2:36:4d:a5:78:f7:
         0f:53:96:67:e3:d0:ca:0e:0f:28:af:f2:a7:cb:5e:c6:7a:f7:
         6a:7e:eb:02:5d:6d:36:83:e2:4e:f3:55:a9:14:25:60:17:58:
         99:7c:e2:58:36:7a:ba:42:c9:72:bb:7d:3d:f7:49:b1:9c:4a:
         08:8c:3b:6b:95:58:43:35:99:d7:3a:68:e4:c8:9e:31:96:60:
         5b:f3:98:43:27:b6:32:58:f6:af:e6:4d:46:f0:d8:25:e9:46:
         cf:7d:87:4e:2b:bb:2e:66:e2:d0:d9:c0:00:88:cf:7a:30:99:
         1c:64:db:07:ad:c6:0c:26:55:e1:da:c8:5d:b4:b2:2b:73:23:
         f6:d9:b0:3b:02:7a:dc:a4:48:c4:0c:69:b3:af:35:84:7c:22:
         ab:fe:20:6c:85:c5:4c:d0:d1:8c:0b:d4:69:50:fb:54:f2:86:
         d5:21:37:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFyBDBQpZCb7lVDIBt9cufEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjQwODIwMjI1OTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTY1MTY5NWFlNjU3MzdhZjY3YTc2MGUyYTQ3OWNmMzA1NWRjNjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAul8sgPCooWmpMgRSQZ/z9SCK1dJ1
Hc08rx7M+0AbpJ/LfrB8tJb38XhK1cLL53oRho7VXBWLJdiTcdEquujz8jBVcOMv
QtrZJQi7ErMAptc7ecPFCIwUeO+QJ+o/GEJ+YB/lkWoSmQPq0MSG557NdbQiUk9Y
iOljRMSmhCk2OgnQhlAGcq7Pak1E5hZ8TqxD1wSUXjUTA8JiJHfArTzEowGiHgpl
UC/35N1vxfTCiobvriEK/tstsXK1umwlWvq3qKq8U9iTLrlBkzl/y1LRNH5yMyc6
wVhdShyYMHMZ+RBYoW5OKcNBEDWd1UMIB+Beqo9d1hnGD1c2opJ+bnaj1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMllFpWuZXN69np2DipHnPMFXcYeMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEveVdVV2xhNWxjM3IyZW5ZT0trZWM4d1ZkeGg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3LIMA0G
CSqGSIb3DQEBCwUAA4IBAQAGLVGhKNCwKwPZ0jmV4MzIH8J3lO4p5nuXFmWtV3zm
VhI79/BoU2DtYc4qEf+rNt2tJsir7fjPOxZvOmFXtabQibaxt8bqwsax0wXnDdg7
q11FHg6yNk2lePcPU5Zn49DKDg8or/Kny17GevdqfusCXW02g+JO81WpFCVgF1iZ
fOJYNnq6Qslyu30990mxnEoIjDtrlVhDNZnXOmjkyJ4xlmBb85hDJ7YyWPav5k1G
8Ngl6UbPfYdOK7suZuLQ2cAAiM96MJkcZNsHrcYMJlXh2shdtLIrcyP22bA7Anrc
pEjEDGmzrzWEfCKr/iBshcVM0NGMC9RpUPtU8obVITdF
-----END CERTIFICATE-----