Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/69194a-45a0-48ef-99bf-8e04887c0abf/1/2qE9ZWiu947kTtnHKyzq0BUJ8J4.roa
File:                     2qE9ZWiu947kTtnHKyzq0BUJ8J4.roa (raw, json)
Hash identifier:          UGMXOvlnnURDD/toBkppvm5R+zhbT9gpadAah0aydeg=
Subject key identifier:   DA:A1:3D:65:68:AE:F7:8E:E4:4E:D9:C7:2B:2C:EA:D0:15:09:F0:9E
Certificate issuer:       /CN=f9e0257d067ef8b85f620c67220cf977ddde3994
Certificate serial:       018CC26CFE5B00A9632C2978F1F2FD8F9F8D
Authority key identifier: F9:E0:25:7D:06:7E:F8:B8:5F:62:0C:67:22:0C:F9:77:DD:DE:39:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-eAlfQZ--LhfYgxnIgz5d93eOZQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/69194a-45a0-48ef-99bf-8e04887c0abf/1/2qE9ZWiu947kTtnHKyzq0BUJ8J4.roa
Signing time:             Mon 01 Jan 2024 00:29:31 +0000
ROA not before:           Mon 01 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41884
IP address blocks:        195.200.72.0/23 maxlen: 23
                          2001:67c:1c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/69194a-45a0-48ef-99bf-8e04887c0abf/1/1-eAlfQZ--LhfYgxnIgz5d93eOZQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/69194a-45a0-48ef-99bf-8e04887c0abf/1/1-eAlfQZ--LhfYgxnIgz5d93eOZQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-eAlfQZ--LhfYgxnIgz5d93eOZQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:fe:5b:00:a9:63:2c:29:78:f1:f2:fd:8f:9f:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9e0257d067ef8b85f620c67220cf977ddde3994
        Validity
            Not Before: Jan  1 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=daa13d6568aef78ee44ed9c72b2cead01509f09e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:dd:f7:97:d7:d0:69:ca:7b:c0:e4:df:6c:c3:
                    c4:e2:d9:21:7b:da:7a:51:70:1b:47:10:e0:e4:4b:
                    64:69:b4:30:f0:7c:89:82:0d:e4:2b:45:d7:65:f3:
                    c8:69:54:27:66:ef:5e:b3:f8:92:22:02:73:83:8c:
                    16:31:8d:ea:33:0d:24:22:14:e2:1e:ce:fb:fd:ee:
                    54:91:f4:60:0e:fc:38:e7:9f:6a:a4:d8:d8:d1:ef:
                    7a:6c:64:1d:e3:0d:e5:8b:ea:c4:b0:a5:8d:7d:01:
                    d6:66:c6:d5:ba:74:71:a7:4f:5b:0e:b8:9c:84:69:
                    a0:eb:b9:e0:6d:ef:93:7b:e0:95:97:e3:75:e2:04:
                    42:aa:16:88:53:1b:05:c6:6b:cd:a6:a2:73:2c:e9:
                    94:e2:e8:bb:b3:80:cf:c7:f1:ab:f8:90:85:ca:b7:
                    f8:69:66:27:4d:a4:cb:24:68:9d:48:7f:80:da:99:
                    ab:09:b2:df:af:f6:ee:3d:6d:e2:48:de:7e:79:75:
                    3c:f8:11:69:2d:15:2b:7f:2b:59:38:c5:18:2e:5d:
                    d6:7c:91:0e:bc:ef:ff:0f:5b:e3:44:f1:d0:88:46:
                    f7:bc:ea:38:9e:72:26:ab:ab:58:b5:39:e6:8a:39:
                    a4:c7:2c:e0:92:8a:bf:07:62:e8:e9:48:0e:cf:4c:
                    37:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:A1:3D:65:68:AE:F7:8E:E4:4E:D9:C7:2B:2C:EA:D0:15:09:F0:9E
            X509v3 Authority Key Identifier:
                keyid:F9:E0:25:7D:06:7E:F8:B8:5F:62:0C:67:22:0C:F9:77:DD:DE:39:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-eAlfQZ--LhfYgxnIgz5d93eOZQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/69194a-45a0-48ef-99bf-8e04887c0abf/1/2qE9ZWiu947kTtnHKyzq0BUJ8J4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/69194a-45a0-48ef-99bf-8e04887c0abf/1/1-eAlfQZ--LhfYgxnIgz5d93eOZQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.72.0/23
                IPv6:
                  2001:67c:1c::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:74:db:46:17:a8:e8:9e:02:27:fb:3b:fb:82:64:b0:2a:b5:
         f7:f1:08:0b:3c:49:12:5d:76:d0:ac:d4:3f:e5:d4:99:73:27:
         2a:e5:df:cd:26:0c:0c:cb:80:f1:15:10:03:7f:42:9c:3d:87:
         48:7c:49:bf:1f:2f:d8:5a:74:c9:54:a9:69:3f:82:f7:57:bd:
         17:fa:b9:da:96:1a:91:e4:47:c5:d8:7d:48:e8:14:c3:85:f4:
         35:9e:45:b0:69:2c:4e:a8:e8:39:f5:de:bf:82:b9:29:f5:cb:
         e6:15:24:10:14:a8:b2:45:4b:5c:ff:73:88:97:69:ff:4a:03:
         05:8c:4f:b9:b5:78:b6:40:f9:fc:42:f0:65:c8:c7:ba:f2:fb:
         82:d5:b0:e0:d8:bf:25:ab:be:30:e0:fb:fc:94:d6:95:8c:a1:
         a8:33:f3:b1:2a:ba:5c:ac:3f:38:b0:d7:5e:ed:b6:45:10:a5:
         03:6e:c3:cb:32:72:e3:a3:ea:ee:3d:6d:00:8f:e7:df:61:32:
         dd:08:74:3e:18:d0:1b:2a:82:b9:d7:89:0e:e7:57:10:ea:d0:
         e3:f8:57:62:d2:1c:96:f1:96:75:7e:11:e2:39:e6:dc:33:69:
         2f:a4:67:bf:94:49:b4:80:7c:1e:c9:74:a9:c9:a6:76:34:29:
         3c:cd:cb:bb
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAYzCbP5bAKljLCl48fL9j5+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5ZTAyNTdkMDY3ZWY4Yjg1ZjYyMGM2NzIyMGNmOTc3ZGRk
ZTM5OTQwHhcNMjQwMTAxMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWExM2Q2NTY4YWVmNzhlZTQ0ZWQ5YzcyYjJjZWFkMDE1MDlmMDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoN33l9fQacp7wOTfbMPE4tkhe9p6
UXAbRxDg5EtkabQw8HyJgg3kK0XXZfPIaVQnZu9es/iSIgJzg4wWMY3qMw0kIhTi
Hs77/e5UkfRgDvw4559qpNjY0e96bGQd4w3li+rEsKWNfQHWZsbVunRxp09bDric
hGmg67ngbe+Te+CVl+N14gRCqhaIUxsFxmvNpqJzLOmU4ui7s4DPx/Gr+JCFyrf4
aWYnTaTLJGidSH+A2pmrCbLfr/buPW3iSN5+eXU8+BFpLRUrfytZOMUYLl3WfJEO
vO//D1vjRPHQiEb3vOo4nnImq6tYtTnmijmkxyzgkoq/B2Lo6UgOz0w3dwIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFNqhPWVorveO5E7Zxyss6tAVCfCeMB8GA1UdIwQY
MBaAFPngJX0Gfvi4X2IMZyIM+Xfd3jmUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1lQWxmUVotLUxoZllneG5JZ3o1ZDkzZU9aUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWIvNjkxOTRhLTQ1YTAtNDhlZi05OWJm
LThlMDQ4ODdjMGFiZi8xLzJxRTlaV2l1OTQ3a1R0bkhLeXpxMEJVSjhKNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWIvNjkxOTRhLTQ1YTAtNDhlZi05OWJmLThlMDQ4ODdjMGFi
Zi8xLzEtZUFsZlFaLS1MaGZZZ3huSWd6NWQ5M2VPWlEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMAYIKwYBBQUHAQcBAf8EITAfMAwEAgABMAYDBAHDyEgw
DwQCAAIwCQMHACABBnwAHDANBgkqhkiG9w0BAQsFAAOCAQEAWHTbRheo6J4CJ/s7
+4JksCq19/EICzxJEl120KzUP+XUmXMnKuXfzSYMDMuA8RUQA39CnD2HSHxJvx8v
2Fp0yVSpaT+C91e9F/q52pYakeRHxdh9SOgUw4X0NZ5FsGksTqjoOfXev4K5KfXL
5hUkEBSoskVLXP9ziJdp/0oDBYxPubV4tkD5/ELwZcjHuvL7gtWw4Ni/Jau+MOD7
/JTWlYyhqDPzsSq6XKw/OLDXXu22RRClA27DyzJy46Pq7j1tAI/n32Ey3Qh0PhjQ
GyqCudeJDudXEOrQ4/hXYtIclvGWdX4R4jnm3DNpL6Rnv5RJtIB8Hsl0qcmmdjQp
PM3Luw==
-----END CERTIFICATE-----