Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/6df248-ec5b-47d7-bdd0-47cc7d1abc6b/1/s-fiFgRTr8YcphKgjKu66sE7P8E.roa
File:                     s-fiFgRTr8YcphKgjKu66sE7P8E.roa (raw, json)
Hash identifier:          pWHzEs+2JVRlLQJ0Q1QUO2nT8jqhi3wZ2GIZ22ERSNM=
Subject key identifier:   B3:E7:E2:16:04:53:AF:C6:1C:A6:12:A0:8C:AB:BA:EA:C1:3B:3F:C1
Certificate issuer:       /CN=82534505845fa0a93f8285a6da8bce6d1d7200dd
Certificate serial:       018CC3B72360F9A198821CE6A1392792DD45
Authority key identifier: 82:53:45:05:84:5F:A0:A9:3F:82:85:A6:DA:8B:CE:6D:1D:72:00:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/glNFBYRfoKk_goWm2ovObR1yAN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/6df248-ec5b-47d7-bdd0-47cc7d1abc6b/1/s-fiFgRTr8YcphKgjKu66sE7P8E.roa
Signing time:             Mon 01 Jan 2024 06:30:08 +0000
ROA not before:           Mon 01 Jan 2024 06:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        195.234.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/6df248-ec5b-47d7-bdd0-47cc7d1abc6b/1/glNFBYRfoKk_goWm2ovObR1yAN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/6df248-ec5b-47d7-bdd0-47cc7d1abc6b/1/glNFBYRfoKk_goWm2ovObR1yAN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/glNFBYRfoKk_goWm2ovObR1yAN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:23:60:f9:a1:98:82:1c:e6:a1:39:27:92:dd:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82534505845fa0a93f8285a6da8bce6d1d7200dd
        Validity
            Not Before: Jan  1 06:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3e7e2160453afc61ca612a08cabbaeac13b3fc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:39:a0:fb:4a:80:65:10:a8:fc:f4:14:8d:75:
                    99:8d:d1:85:9a:10:a5:a0:5a:f3:9e:00:a4:b6:7a:
                    f4:04:01:05:6c:3f:62:12:e5:97:2a:44:5b:ad:a4:
                    41:ea:8f:55:de:40:f2:40:d8:21:c5:7a:98:17:0c:
                    8e:ed:52:6f:aa:5d:9f:29:5c:6c:57:0d:1c:2c:75:
                    82:d2:fd:b6:2f:62:66:90:d0:30:d3:bc:fb:9b:6f:
                    0d:67:c2:d9:a4:b3:c7:de:fa:98:df:21:bc:0b:0a:
                    9c:bd:a1:c1:7c:84:82:48:1c:53:4e:ca:72:fa:e4:
                    5c:86:7d:12:e0:5e:7d:11:00:ec:44:66:91:36:ac:
                    51:d1:1d:24:52:40:aa:c8:34:04:0d:34:31:ad:ec:
                    ef:42:b4:1f:a9:ad:74:c7:aa:93:37:0e:90:13:9a:
                    9a:0c:71:9a:d7:5e:ba:22:35:24:45:fc:38:d0:5e:
                    83:2b:09:8b:0d:5e:bc:99:e4:16:a4:f5:d4:f1:b5:
                    16:f0:d9:e1:98:47:56:97:8e:11:5f:74:63:96:85:
                    f8:27:d1:42:56:df:0d:35:4b:80:56:b1:bd:d4:2a:
                    77:a8:89:9b:e5:53:02:ff:a4:90:5d:27:c6:f9:97:
                    24:2f:c3:eb:38:ea:5e:d9:61:a0:2b:7f:cd:c1:f6:
                    bd:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:E7:E2:16:04:53:AF:C6:1C:A6:12:A0:8C:AB:BA:EA:C1:3B:3F:C1
            X509v3 Authority Key Identifier:
                keyid:82:53:45:05:84:5F:A0:A9:3F:82:85:A6:DA:8B:CE:6D:1D:72:00:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/glNFBYRfoKk_goWm2ovObR1yAN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/6df248-ec5b-47d7-bdd0-47cc7d1abc6b/1/s-fiFgRTr8YcphKgjKu66sE7P8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/6df248-ec5b-47d7-bdd0-47cc7d1abc6b/1/glNFBYRfoKk_goWm2ovObR1yAN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:0e:6f:a9:ca:8f:b5:e9:c5:7b:5d:e1:3a:87:5c:66:b7:b8:
         bf:f9:6c:35:a1:2a:93:9e:3a:32:0e:b3:45:cf:d4:99:52:3b:
         c6:2d:b4:69:4e:db:84:6d:c1:e4:25:e9:4c:b5:b3:6e:e7:52:
         8d:e5:17:46:b8:6c:04:bf:a7:d9:bf:4e:ae:5c:ea:b4:03:16:
         44:0e:ee:d0:05:3e:e4:37:7e:50:c6:53:a1:e1:e2:67:dc:28:
         64:85:4f:70:25:85:f7:a6:00:ac:22:84:f0:41:1d:3c:93:4c:
         c5:7d:a8:c5:f9:35:30:75:2b:fc:42:fb:c3:3a:06:2f:bb:29:
         17:c9:f7:e1:8e:39:f4:9e:d1:2f:ce:3b:51:44:5b:25:c4:c5:
         59:95:67:c6:a0:0d:dc:51:e5:e5:b7:69:c5:22:72:05:85:b1:
         fe:3d:52:48:5f:a9:08:1a:e2:5c:5e:a1:32:93:3e:34:01:e2:
         37:be:74:0e:f7:a2:2e:c4:e7:f7:47:5c:c3:7c:50:0e:9c:57:
         3e:57:d0:fc:4c:34:75:01:a3:fb:44:72:b4:e5:18:73:b3:a8:
         ca:45:ad:f8:9e:1c:9d:c4:98:8f:63:54:64:e1:40:a6:3a:82:
         1e:85:04:28:28:65:ab:bf:4a:6b:44:a6:70:7a:f6:76:6a:4e:
         91:8b:c6:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyNg+aGYghzmoTknkt1FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNTM0NTA1ODQ1ZmEwYTkzZjgyODVhNmRhOGJjZTZkMWQ3
MjAwZGQwHhcNMjQwMTAxMDYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2U3ZTIxNjA0NTNhZmM2MWNhNjEyYTA4Y2FiYmFlYWMxM2IzZmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzmg+0qAZRCo/PQUjXWZjdGFmhCl
oFrzngCktnr0BAEFbD9iEuWXKkRbraRB6o9V3kDyQNghxXqYFwyO7VJvql2fKVxs
Vw0cLHWC0v22L2JmkNAw07z7m28NZ8LZpLPH3vqY3yG8CwqcvaHBfISCSBxTTspy
+uRchn0S4F59EQDsRGaRNqxR0R0kUkCqyDQEDTQxrezvQrQfqa10x6qTNw6QE5qa
DHGa1166IjUkRfw40F6DKwmLDV68meQWpPXU8bUW8NnhmEdWl44RX3RjloX4J9FC
Vt8NNUuAVrG91Cp3qImb5VMC/6SQXSfG+ZckL8PrOOpe2WGgK3/Nwfa92QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPn4hYEU6/GHKYSoIyruurBOz/BMB8GA1UdIwQY
MBaAFIJTRQWEX6CpP4KFptqLzm0dcgDdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2xORkJZUmZvS2tfZ29XbTJvdk9iUjF5QU4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS82ZGYyNDgtZWM1Yi00N2Q3LWJkZDAt
NDdjYzdkMWFiYzZiLzEvcy1maUZnUlRyOFljcGhLZ2pLdTY2c0U3UDhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS82ZGYyNDgtZWM1Yi00N2Q3LWJkZDAtNDdjYzdkMWFiYzZi
LzEvZ2xORkJZUmZvS2tfZ29XbTJvdk9iUjF5QU4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+q0MA0G
CSqGSIb3DQEBCwUAA4IBAQAyDm+pyo+16cV7XeE6h1xmt7i/+Ww1oSqTnjoyDrNF
z9SZUjvGLbRpTtuEbcHkJelMtbNu51KN5RdGuGwEv6fZv06uXOq0AxZEDu7QBT7k
N35QxlOh4eJn3ChkhU9wJYX3pgCsIoTwQR08k0zFfajF+TUwdSv8QvvDOgYvuykX
yffhjjn0ntEvzjtRRFslxMVZlWfGoA3cUeXlt2nFInIFhbH+PVJIX6kIGuJcXqEy
kz40AeI3vnQO96IuxOf3R1zDfFAOnFc+V9D8TDR1AaP7RHK05Rhzs6jKRa34nhyd
xJiPY1Rk4UCmOoIehQQoKGWrv0prRKZwevZ2ak6Ri8ZC
-----END CERTIFICATE-----