Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/f22131-a0ff-4f27-8dfa-69152e9a08c3/1/_Qb07n9WVG2VqlxtKE64XdNwSyw.roa
File:                     _Qb07n9WVG2VqlxtKE64XdNwSyw.roa (raw, json)
Hash identifier:          FIwQOArofbI6HQ9DlJc9ghdqCf2aIcLUSpDeStFRz3Q=
Subject key identifier:   FD:06:F4:EE:7F:56:54:6D:95:AA:5C:6D:28:4E:B8:5D:D3:70:4B:2C
Certificate issuer:       /CN=9783a5487b35c1d1e1f157c191312b3df4bc17ab
Certificate serial:       018FE3981C4706DD3BB649EEED9D8075E27F
Authority key identifier: 97:83:A5:48:7B:35:C1:D1:E1:F1:57:C1:91:31:2B:3D:F4:BC:17:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l4OlSHs1wdHh8VfBkTErPfS8F6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/f22131-a0ff-4f27-8dfa-69152e9a08c3/1/_Qb07n9WVG2VqlxtKE64XdNwSyw.roa
Signing time:             Tue 04 Jun 2024 14:12:27 +0000
ROA not before:           Tue 04 Jun 2024 14:12:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215405
IP address blocks:        195.60.80.0/26 maxlen: 26
                          2001:7f8:116::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/f22131-a0ff-4f27-8dfa-69152e9a08c3/1/l4OlSHs1wdHh8VfBkTErPfS8F6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/f22131-a0ff-4f27-8dfa-69152e9a08c3/1/l4OlSHs1wdHh8VfBkTErPfS8F6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l4OlSHs1wdHh8VfBkTErPfS8F6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e3:98:1c:47:06:dd:3b:b6:49:ee:ed:9d:80:75:e2:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9783a5487b35c1d1e1f157c191312b3df4bc17ab
        Validity
            Not Before: Jun  4 14:12:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd06f4ee7f56546d95aa5c6d284eb85dd3704b2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f6:0a:3f:ef:e8:9e:57:cb:cd:db:61:4e:2d:
                    3b:52:0a:78:33:77:4e:66:9d:df:a5:f4:1b:1d:0c:
                    18:f6:37:d5:c7:d6:ca:d9:cd:db:59:47:1c:c5:bc:
                    80:43:79:9b:3d:23:04:14:99:ab:0e:cb:34:f4:4a:
                    4d:e0:96:df:5e:de:9f:3c:dc:a9:f2:71:58:c0:29:
                    ca:24:4f:db:e4:bc:30:b3:0b:52:10:a3:01:dc:41:
                    bd:0c:93:58:eb:92:30:36:13:b0:7e:20:fe:3b:8e:
                    4a:2a:37:75:1d:30:fe:44:e1:4e:eb:18:11:4b:b4:
                    bb:e4:47:82:65:45:f1:74:96:fb:dc:62:88:96:b1:
                    62:93:54:3e:eb:1d:31:be:79:8c:cb:1b:d7:9a:66:
                    79:8a:21:a5:87:41:c1:41:76:15:bd:db:2b:77:bf:
                    39:81:9d:83:1b:9b:20:b1:4f:22:1a:0b:54:04:fa:
                    81:be:67:63:63:a6:59:b6:22:64:6a:04:db:c7:2e:
                    17:d1:2e:0b:f8:ca:18:25:e0:7b:11:38:af:9b:01:
                    c6:73:fd:0e:8c:c0:10:36:d8:c8:41:b5:06:0d:a5:
                    9a:95:03:0d:da:3c:6f:52:75:5e:77:4a:1c:2d:24:
                    f9:02:64:7a:c0:6b:a9:c3:fa:77:7d:7f:eb:71:c5:
                    4b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:06:F4:EE:7F:56:54:6D:95:AA:5C:6D:28:4E:B8:5D:D3:70:4B:2C
            X509v3 Authority Key Identifier:
                keyid:97:83:A5:48:7B:35:C1:D1:E1:F1:57:C1:91:31:2B:3D:F4:BC:17:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l4OlSHs1wdHh8VfBkTErPfS8F6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/f22131-a0ff-4f27-8dfa-69152e9a08c3/1/_Qb07n9WVG2VqlxtKE64XdNwSyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/f22131-a0ff-4f27-8dfa-69152e9a08c3/1/l4OlSHs1wdHh8VfBkTErPfS8F6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.80.0/26
                IPv6:
                  2001:7f8:116::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:d8:b5:e4:05:ae:30:22:8f:3a:26:82:23:7e:4e:aa:24:0a:
         ae:9a:19:df:25:38:f8:44:94:3e:4d:02:84:33:b8:5c:6a:bd:
         42:6c:be:bd:dc:12:5e:a0:32:a0:3b:61:74:5f:60:6c:f4:b1:
         75:31:26:ff:ac:22:0b:e4:86:03:c2:74:18:c8:bd:33:ca:ec:
         1e:7b:5f:6a:e6:b9:33:d9:7a:26:a5:3a:8f:41:e0:b4:6a:47:
         e7:52:0e:6c:f4:ef:c4:52:2f:6e:af:c3:5e:97:b8:4c:23:9d:
         98:ef:f6:2f:eb:89:61:03:7f:d6:db:76:ae:8c:a0:f9:38:e2:
         94:84:53:d1:63:14:03:9c:71:30:c9:87:da:1a:00:a0:b6:29:
         8b:c9:8b:2b:a8:63:42:47:bc:cd:bf:1f:80:8a:53:f6:66:fe:
         2a:40:7c:6b:7a:7e:98:50:84:21:37:37:6c:00:54:8a:9b:a7:
         46:99:53:28:97:f3:88:53:f8:0e:bf:18:60:01:ab:7b:a4:84:
         bb:c4:97:66:7d:f8:71:e5:e4:db:25:a7:ee:91:23:f4:60:de:
         f5:f4:29:44:d7:42:de:3e:dd:e7:6f:00:6b:a0:e3:07:fd:76:
         f4:9a:3f:20:4b:4c:37:51:3d:5a:d3:9c:ae:33:3b:fe:31:82:
         91:cb:9f:e3
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY/jmBxHBt07tknu7Z2AdeJ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ODNhNTQ4N2IzNWMxZDFlMWYxNTdjMTkxMzEyYjNkZjRi
YzE3YWIwHhcNMjQwNjA0MTQxMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDA2ZjRlZTdmNTY1NDZkOTVhYTVjNmQyODRlYjg1ZGQzNzA0YjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPYKP+/onlfLzdthTi07Ugp4M3dO
Zp3fpfQbHQwY9jfVx9bK2c3bWUccxbyAQ3mbPSMEFJmrDss09EpN4JbfXt6fPNyp
8nFYwCnKJE/b5LwwswtSEKMB3EG9DJNY65IwNhOwfiD+O45KKjd1HTD+ROFO6xgR
S7S75EeCZUXxdJb73GKIlrFik1Q+6x0xvnmMyxvXmmZ5iiGlh0HBQXYVvdsrd785
gZ2DG5sgsU8iGgtUBPqBvmdjY6ZZtiJkagTbxy4X0S4L+MoYJeB7ETivmwHGc/0O
jMAQNtjIQbUGDaWalQMN2jxvUnVed0ocLST5AmR6wGupw/p3fX/rccVLvwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFP0G9O5/VlRtlapcbShOuF3TcEssMB8GA1UdIwQY
MBaAFJeDpUh7NcHR4fFXwZExKz30vBerMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDRPbFNIczF3ZEhoOFZmQmtURXJQZlM4RjZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mMjIxMzEtYTBmZi00ZjI3LThkZmEt
NjkxNTJlOWEwOGMzLzEvX1FiMDduOVdWRzJWcWx4dEtFNjRYZE53U3l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mMjIxMzEtYTBmZi00ZjI3LThkZmEtNjkxNTJlOWEwOGMz
LzEvbDRPbFNIczF3ZEhoOFZmQmtURXJQZlM4RjZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDANBAIAATAHAwUGwzxQADAP
BAIAAjAJAwcAIAEH+AEWMA0GCSqGSIb3DQEBCwUAA4IBAQAA2LXkBa4wIo86JoIj
fk6qJAqumhnfJTj4RJQ+TQKEM7hcar1CbL693BJeoDKgO2F0X2Bs9LF1MSb/rCIL
5IYDwnQYyL0zyuwee19q5rkz2XompTqPQeC0akfnUg5s9O/EUi9ur8Nel7hMI52Y
7/Yv64lhA3/W23aujKD5OOKUhFPRYxQDnHEwyYfaGgCgtimLyYsrqGNCR7zNvx+A
ilP2Zv4qQHxren6YUIQhNzdsAFSKm6dGmVMol/OIU/gOvxhgAat7pIS7xJdmffhx
5eTbJafukSP0YN719ClE10LePt3nbwBroOMH/Xb0mj8gS0w3UT1a05yuMzv+MYKR
y5/j
-----END CERTIFICATE-----