Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/f0eefe-abce-4387-be38-5fe22b983b9e/1/Y_XaTrbQsHc_0clwD_SIScEPpKE.roa
File:                     Y_XaTrbQsHc_0clwD_SIScEPpKE.roa (raw, json)
Hash identifier:          eg1LVnvJJQ8AfPV3WyaH8j+hG33XumLGYr4w/BOysv4=
Subject key identifier:   63:F5:DA:4E:B6:D0:B0:77:3F:D1:C9:70:0F:F4:88:49:C1:0F:A4:A1
Certificate issuer:       /CN=e8abec04fd529994f5456a13a8b88f13fde12abb
Certificate serial:       018CC7952AB5539D80743F6AAFBA680B70C2
Authority key identifier: E8:AB:EC:04:FD:52:99:94:F5:45:6A:13:A8:B8:8F:13:FD:E1:2A:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6KvsBP1SmZT1RWoTqLiPE_3hKrs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/f0eefe-abce-4387-be38-5fe22b983b9e/1/Y_XaTrbQsHc_0clwD_SIScEPpKE.roa
Signing time:             Tue 02 Jan 2024 00:31:30 +0000
ROA not before:           Tue 02 Jan 2024 00:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        194.56.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/f0eefe-abce-4387-be38-5fe22b983b9e/1/6KvsBP1SmZT1RWoTqLiPE_3hKrs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/f0eefe-abce-4387-be38-5fe22b983b9e/1/6KvsBP1SmZT1RWoTqLiPE_3hKrs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6KvsBP1SmZT1RWoTqLiPE_3hKrs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 10:04:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:2a:b5:53:9d:80:74:3f:6a:af:ba:68:0b:70:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8abec04fd529994f5456a13a8b88f13fde12abb
        Validity
            Not Before: Jan  2 00:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63f5da4eb6d0b0773fd1c9700ff48849c10fa4a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:71:1d:50:d0:1d:15:fa:98:2d:a1:8d:a0:a3:
                    9c:86:3e:90:b5:35:bb:ff:57:4a:76:3d:9d:1c:75:
                    b9:05:04:f9:3d:c6:47:0c:aa:29:86:54:2f:15:3c:
                    b9:b5:45:06:33:57:c3:3b:f6:7a:1b:78:7d:c9:23:
                    0d:08:d0:de:57:83:75:e8:f7:a4:f3:ef:ad:06:37:
                    4a:ce:21:dd:4c:0b:f4:57:c1:e0:05:05:5c:df:aa:
                    cd:9d:6f:b3:cb:bf:f8:f7:54:f0:93:63:db:83:a4:
                    d0:e6:63:0b:2e:c8:f8:ee:0a:91:cf:f3:9f:99:c4:
                    13:34:18:6d:b3:19:e2:48:d1:47:76:e3:48:3c:59:
                    35:14:eb:1d:a7:73:59:f0:38:7e:7c:9e:55:20:89:
                    c3:b1:90:12:0a:05:03:d1:ee:39:e5:75:46:45:ce:
                    64:2a:5b:60:cb:07:11:e4:d6:dc:56:d6:07:87:7d:
                    5b:c4:56:68:f2:11:28:4c:f9:3d:79:1c:13:a6:e2:
                    5c:d1:3c:57:e6:4e:b4:54:9c:99:4e:7a:01:7a:de:
                    90:31:b0:5f:b5:6f:5c:d5:21:18:4c:86:72:38:3b:
                    11:44:9b:34:07:a1:c4:87:19:97:92:e9:cb:8c:bc:
                    e5:e6:b9:7e:70:19:6a:4f:a8:b9:f6:42:a5:71:ad:
                    4f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:F5:DA:4E:B6:D0:B0:77:3F:D1:C9:70:0F:F4:88:49:C1:0F:A4:A1
            X509v3 Authority Key Identifier:
                keyid:E8:AB:EC:04:FD:52:99:94:F5:45:6A:13:A8:B8:8F:13:FD:E1:2A:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6KvsBP1SmZT1RWoTqLiPE_3hKrs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/f0eefe-abce-4387-be38-5fe22b983b9e/1/Y_XaTrbQsHc_0clwD_SIScEPpKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/f0eefe-abce-4387-be38-5fe22b983b9e/1/6KvsBP1SmZT1RWoTqLiPE_3hKrs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:1f:37:e5:c0:16:43:a7:83:3b:b6:f9:2a:f4:92:6d:dc:6c:
         af:a6:1a:e2:82:73:3d:01:68:aa:6a:57:b1:df:13:8a:64:85:
         b7:1c:05:ca:7a:88:11:d9:fd:bf:cd:02:e1:ef:f1:71:dc:de:
         3e:b3:83:bf:81:76:94:7d:7a:a0:b0:a5:d4:d9:63:36:f6:1c:
         31:1a:34:19:d4:10:c8:84:5b:7c:3e:09:82:43:2c:c9:e2:a5:
         04:53:8c:0a:f5:02:05:01:dc:32:76:f7:c9:b4:4f:ff:6c:96:
         a9:4c:8c:04:22:92:40:02:ae:9d:a3:c2:33:36:22:b1:c9:bb:
         54:06:8b:98:4e:88:ae:65:21:2f:0d:4c:e2:93:30:e4:57:ea:
         a8:30:d7:14:36:95:6b:f3:1e:2f:bf:fb:f0:8b:dc:48:1c:90:
         e8:2d:e5:e0:35:83:9f:df:13:72:ed:06:b1:d8:33:94:2b:70:
         bb:bb:3f:66:95:b4:fa:4d:96:8d:36:78:86:56:1d:35:89:c6:
         9e:d2:55:8b:0c:76:c2:22:02:da:64:fa:d9:c4:b5:cc:81:c5:
         aa:63:d6:45:3e:ac:0d:13:b5:35:89:25:a6:1a:9c:1b:ec:d3:
         ce:21:54:b0:bb:e3:01:e3:0c:82:23:e7:b1:6f:95:05:37:55:
         29:d2:7d:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSq1U52AdD9qr7poC3DCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YWJlYzA0ZmQ1Mjk5OTRmNTQ1NmExM2E4Yjg4ZjEzZmRl
MTJhYmIwHhcNMjQwMTAyMDAzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2Y1ZGE0ZWI2ZDBiMDc3M2ZkMWM5NzAwZmY0ODg0OWMxMGZhNGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXEdUNAdFfqYLaGNoKOchj6QtTW7
/1dKdj2dHHW5BQT5PcZHDKophlQvFTy5tUUGM1fDO/Z6G3h9ySMNCNDeV4N16Pek
8++tBjdKziHdTAv0V8HgBQVc36rNnW+zy7/491Twk2Pbg6TQ5mMLLsj47gqRz/Of
mcQTNBhtsxniSNFHduNIPFk1FOsdp3NZ8Dh+fJ5VIInDsZASCgUD0e455XVGRc5k
KltgywcR5NbcVtYHh31bxFZo8hEoTPk9eRwTpuJc0TxX5k60VJyZTnoBet6QMbBf
tW9c1SEYTIZyODsRRJs0B6HEhxmXkunLjLzl5rl+cBlqT6i59kKlca1PYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGP12k620LB3P9HJcA/0iEnBD6ShMB8GA1UdIwQY
MBaAFOir7AT9UpmU9UVqE6i4jxP94Sq7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkt2c0JQMVNtWlQxUldvVHFMaVBFXzNoS3JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9mMGVlZmUtYWJjZS00Mzg3LWJlMzgt
NWZlMjJiOTgzYjllLzEvWV9YYVRyYlFzSGNfMGNsd0RfU0lTY0VQcEtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9mMGVlZmUtYWJjZS00Mzg3LWJlMzgtNWZlMjJiOTgzYjll
LzEvNkt2c0JQMVNtWlQxUldvVHFMaVBFXzNoS3JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjj0MA0G
CSqGSIb3DQEBCwUAA4IBAQCmHzflwBZDp4M7tvkq9JJt3GyvphrignM9AWiqalex
3xOKZIW3HAXKeogR2f2/zQLh7/Fx3N4+s4O/gXaUfXqgsKXU2WM29hwxGjQZ1BDI
hFt8PgmCQyzJ4qUEU4wK9QIFAdwydvfJtE//bJapTIwEIpJAAq6do8IzNiKxybtU
BouYToiuZSEvDUzikzDkV+qoMNcUNpVr8x4vv/vwi9xIHJDoLeXgNYOf3xNy7Qax
2DOUK3C7uz9mlbT6TZaNNniGVh01icae0lWLDHbCIgLaZPrZxLXMgcWqY9ZFPqwN
E7U1iSWmGpwb7NPOIVSwu+MB4wyCI+exb5UFN1Up0n3k
-----END CERTIFICATE-----