Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/qwJajgsBTFSsfVHRIUdqd0bJ9L0.roa
File:                     qwJajgsBTFSsfVHRIUdqd0bJ9L0.roa (raw, json)
Hash identifier:          7shBf2J0cLJamhXB6hFKxvisUkvkPlgZrhnkXleQCFE=
Subject key identifier:   AB:02:5A:8E:0B:01:4C:54:AC:7D:51:D1:21:47:6A:77:46:C9:F4:BD
Certificate issuer:       /CN=f97a546b66e2449ce628432dd80ad6d4d00cd03e
Certificate serial:       018CC49395F666B10A4FD54A5F5B82FDCFC2
Authority key identifier: F9:7A:54:6B:66:E2:44:9C:E6:28:43:2D:D8:0A:D6:D4:D0:0C:D0:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-XpUa2biRJzmKEMt2ArW1NAM0D4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/qwJajgsBTFSsfVHRIUdqd0bJ9L0.roa
Signing time:             Mon 01 Jan 2024 10:30:55 +0000
ROA not before:           Mon 01 Jan 2024 10:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9123
IP address blocks:        195.206.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/1-XpUa2biRJzmKEMt2ArW1NAM0D4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/1-XpUa2biRJzmKEMt2ArW1NAM0D4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-XpUa2biRJzmKEMt2ArW1NAM0D4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 10:02:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:95:f6:66:b1:0a:4f:d5:4a:5f:5b:82:fd:cf:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f97a546b66e2449ce628432dd80ad6d4d00cd03e
        Validity
            Not Before: Jan  1 10:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab025a8e0b014c54ac7d51d121476a7746c9f4bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:04:21:80:cd:91:e3:34:61:bf:fc:2d:21:47:
                    7a:d1:62:14:ac:38:98:54:65:d1:25:5f:99:75:3a:
                    c0:20:4c:6d:f6:00:fd:4d:75:e7:ad:0b:b8:1c:cb:
                    d0:53:a5:7f:b0:6f:d0:2a:9a:c3:38:af:e4:77:e4:
                    d4:61:d2:12:50:50:e2:af:bc:57:3f:4d:6b:ab:77:
                    70:72:f3:91:1d:ef:eb:45:27:61:a2:8b:86:35:b8:
                    56:cd:fa:87:28:ec:e4:d4:36:47:8a:88:b2:a1:dc:
                    9e:fc:a9:52:90:3f:6d:5b:93:77:4c:b8:2b:f3:50:
                    55:64:b1:d7:a7:b2:b8:c0:ae:13:89:6d:3b:19:4a:
                    14:c5:88:1e:1c:eb:f6:bf:44:f3:0f:7e:06:c2:3c:
                    a9:69:dc:14:4a:09:cf:f3:48:40:ee:de:2f:72:c0:
                    0c:9f:02:bd:36:26:09:7d:e0:f0:56:b5:44:b2:a7:
                    e6:6d:ac:7f:ee:82:de:17:96:21:32:a0:69:c6:0c:
                    9c:7f:b7:f5:a7:d2:77:42:f1:de:34:b0:28:d1:f1:
                    0f:b7:7b:da:48:61:35:07:71:ab:61:c1:87:5f:51:
                    d6:38:33:54:06:b0:ee:b6:73:40:27:cd:9f:9b:2b:
                    a0:bb:6f:48:20:e7:49:c6:c3:f6:c8:8e:1b:9d:34:
                    e4:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:02:5A:8E:0B:01:4C:54:AC:7D:51:D1:21:47:6A:77:46:C9:F4:BD
            X509v3 Authority Key Identifier:
                keyid:F9:7A:54:6B:66:E2:44:9C:E6:28:43:2D:D8:0A:D6:D4:D0:0C:D0:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-XpUa2biRJzmKEMt2ArW1NAM0D4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/qwJajgsBTFSsfVHRIUdqd0bJ9L0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/1-XpUa2biRJzmKEMt2ArW1NAM0D4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.206.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:cc:24:40:5f:b1:ff:a8:74:4a:c2:96:c7:4c:58:12:0c:c1:
         e7:45:a6:fa:49:10:36:0a:ab:c5:ee:c1:c1:96:f8:1a:38:e7:
         6f:d6:ca:3c:32:99:05:05:a1:6e:9f:08:31:ba:0e:9d:fd:27:
         81:e3:f8:cb:98:b7:24:8e:67:54:73:1e:c1:c3:16:f1:cc:bc:
         78:25:9d:15:58:c2:ae:43:e6:3d:15:3d:c7:e7:83:7b:7b:9b:
         17:f3:60:29:f2:2d:14:72:ba:75:62:96:88:fc:4d:e0:ae:42:
         b0:fe:2a:f1:eb:c2:f9:79:aa:25:9c:db:c2:0b:c4:38:b5:a2:
         52:17:9d:1e:43:df:7b:11:34:6e:8f:93:a6:36:ff:2c:7c:a5:
         5d:92:83:a9:22:ed:87:6d:95:00:c7:05:34:97:86:93:40:f4:
         c5:42:4e:0f:0a:13:8a:a1:72:6d:49:a5:4a:8b:2b:7e:52:d9:
         a0:68:36:8c:03:f1:2d:66:d5:e0:ff:24:15:39:77:3b:1b:ff:
         f8:a2:db:05:aa:cc:4a:e5:3a:d8:e5:ed:c1:bf:47:ee:37:3b:
         dc:99:ce:5f:94:e8:38:45:7a:85:65:af:05:dd:09:07:35:bb:
         62:ec:52:c0:5c:a3:a5:bd:55:a0:b8:a7:75:23:15:5e:1b:80:
         b5:10:eb:b1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEk5X2ZrEKT9VKX1uC/c/CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5N2E1NDZiNjZlMjQ0OWNlNjI4NDMyZGQ4MGFkNmQ0ZDAw
Y2QwM2UwHhcNMjQwMTAxMTAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjAyNWE4ZTBiMDE0YzU0YWM3ZDUxZDEyMTQ3NmE3NzQ2YzlmNGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+gQhgM2R4zRhv/wtIUd60WIUrDiY
VGXRJV+ZdTrAIExt9gD9TXXnrQu4HMvQU6V/sG/QKprDOK/kd+TUYdISUFDir7xX
P01rq3dwcvORHe/rRSdhoouGNbhWzfqHKOzk1DZHioiyodye/KlSkD9tW5N3TLgr
81BVZLHXp7K4wK4TiW07GUoUxYgeHOv2v0TzD34GwjypadwUSgnP80hA7t4vcsAM
nwK9NiYJfeDwVrVEsqfmbax/7oLeF5YhMqBpxgycf7f1p9J3QvHeNLAo0fEPt3va
SGE1B3GrYcGHX1HWODNUBrDutnNAJ82fmyugu29IIOdJxsP2yI4bnTTk9QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKsCWo4LAUxUrH1R0SFHandGyfS9MB8GA1UdIwQY
MBaAFPl6VGtm4kSc5ihDLdgK1tTQDNA+MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1YcFVhMmJpUkp6bUtFTXQyQXJXMU5BTTBENC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQvMjI2OTk2LTRiM2YtNGY1Zi04YTdl
LTBiMWI2NjQxYjhhMi8xL3F3SmFqZ3NCVEZTc2ZWSFJJVWRxZDBiSjlMMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWQvMjI2OTk2LTRiM2YtNGY1Zi04YTdlLTBiMWI2NjQxYjhh
Mi8xLzEtWHBVYTJiaVJKem1LRU10MkFyVzFOQU0wRDQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDzvMw
DQYJKoZIhvcNAQELBQADggEBAEPMJEBfsf+odErClsdMWBIMwedFpvpJEDYKq8Xu
wcGW+Bo452/WyjwymQUFoW6fCDG6Dp39J4Hj+MuYtySOZ1RzHsHDFvHMvHglnRVY
wq5D5j0VPcfng3t7mxfzYCnyLRRyunViloj8TeCuQrD+KvHrwvl5qiWc28ILxDi1
olIXnR5D33sRNG6Pk6Y2/yx8pV2Sg6ki7YdtlQDHBTSXhpNA9MVCTg8KE4qhcm1J
pUqLK35S2aBoNowD8S1m1eD/JBU5dzsb//ii2wWqzErlOtjl7cG/R+43O9yZzl+U
6DhFeoVlrwXdCQc1u2LsUsBco6W9VaC4p3UjFV4bgLUQ67E=
-----END CERTIFICATE-----