Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/n7qe9DQk4uzJUbhnXxkQkRRjUhQ.roa
File:                     n7qe9DQk4uzJUbhnXxkQkRRjUhQ.roa (raw, json)
Hash identifier:          pJelRzOyxYmHqUDpMGFLo3IQJqfka1QNNH9vWbDDnPI=
Subject key identifier:   9F:BA:9E:F4:34:24:E2:EC:C9:51:B8:67:5F:19:10:91:14:63:52:14
Certificate issuer:       /CN=af0f5a9bd2ad1e96865f00d08522b9aad3e91a4d
Certificate serial:       018CC5DBFD68E521A6BBEADC475E1A338091
Authority key identifier: AF:0F:5A:9B:D2:AD:1E:96:86:5F:00:D0:85:22:B9:AA:D3:E9:1A:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rw9am9KtHpaGXwDQhSK5qtPpGk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/n7qe9DQk4uzJUbhnXxkQkRRjUhQ.roa
Signing time:             Mon 01 Jan 2024 16:29:37 +0000
ROA not before:           Mon 01 Jan 2024 16:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197498
IP address blocks:        195.60.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/rw9am9KtHpaGXwDQhSK5qtPpGk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/rw9am9KtHpaGXwDQhSK5qtPpGk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rw9am9KtHpaGXwDQhSK5qtPpGk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:fd:68:e5:21:a6:bb:ea:dc:47:5e:1a:33:80:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af0f5a9bd2ad1e96865f00d08522b9aad3e91a4d
        Validity
            Not Before: Jan  1 16:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fba9ef43424e2ecc951b8675f19109114635214
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:df:09:1a:d6:cf:e9:18:ce:2c:cb:d6:a2:66:
                    b8:01:f8:56:34:5b:4c:ef:6d:0d:76:ac:fc:e8:02:
                    80:da:7f:dc:4a:5c:a4:56:77:81:f5:91:01:d8:b6:
                    d6:39:2f:68:95:71:ea:77:6c:b7:52:c8:2e:2b:90:
                    c8:df:1d:63:82:b5:fc:4b:2b:93:de:a1:0c:ce:45:
                    73:a2:83:6c:7d:d6:47:95:d6:d3:4d:08:5c:3e:ae:
                    d7:3e:0b:f8:a9:30:38:78:84:f3:96:ad:5d:e3:2c:
                    32:8e:7a:5e:d0:4d:2f:3d:dd:08:6f:08:14:33:1f:
                    46:2d:27:bc:df:79:b6:20:8c:e3:06:88:6a:a5:00:
                    85:be:d3:a6:16:57:89:ff:e8:5d:92:92:e2:dd:a1:
                    6d:17:12:67:8e:5b:a0:fd:79:ab:d9:56:5d:7a:08:
                    f7:30:88:76:e5:16:f7:78:19:f3:21:5b:39:40:40:
                    25:c1:0f:65:7c:13:0b:18:a0:ac:50:49:24:4b:75:
                    b8:69:10:28:c0:43:fe:da:b7:be:87:e0:14:e1:ba:
                    31:f1:ed:ca:c2:8a:bf:13:d0:35:be:20:cf:3c:a4:
                    80:2b:53:91:3d:1b:c4:e5:70:d8:ce:b3:fd:5d:48:
                    e2:90:bd:08:ac:dd:d3:ee:d4:30:f4:85:1d:30:71:
                    0f:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:BA:9E:F4:34:24:E2:EC:C9:51:B8:67:5F:19:10:91:14:63:52:14
            X509v3 Authority Key Identifier:
                keyid:AF:0F:5A:9B:D2:AD:1E:96:86:5F:00:D0:85:22:B9:AA:D3:E9:1A:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rw9am9KtHpaGXwDQhSK5qtPpGk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/n7qe9DQk4uzJUbhnXxkQkRRjUhQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/rw9am9KtHpaGXwDQhSK5qtPpGk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:43:2b:ca:71:9e:ab:77:e8:47:9f:4d:f2:7e:15:fa:78:43:
         90:f0:38:84:f5:56:32:53:a9:eb:de:bf:43:07:66:eb:f3:ad:
         89:bf:df:6d:9e:fb:ff:13:1b:4b:7d:79:85:1b:a5:a3:47:2b:
         de:46:a0:be:d8:21:01:85:cc:ee:6b:a4:88:de:ab:1c:76:6d:
         6c:76:0a:6d:5a:04:06:2e:54:f7:e5:3b:a1:6a:6a:af:c4:13:
         92:cb:1e:b7:a6:47:0f:4a:01:05:cf:4b:7e:5d:ca:0d:4f:66:
         3d:31:2e:f3:68:d2:16:f4:6a:28:61:19:e8:41:f0:38:83:00:
         42:7b:cf:fd:b7:b3:10:1c:53:96:53:af:8e:2d:99:eb:b3:c1:
         4a:14:59:b2:71:b3:0b:da:30:72:ab:51:b0:66:b6:13:53:51:
         2e:b6:ee:de:14:01:ca:35:d8:49:ed:fe:49:26:0f:a6:3c:49:
         da:f3:5b:91:c3:dd:0f:99:99:1b:ec:5d:27:d5:03:91:6c:4c:
         e6:2a:71:d0:34:f7:0b:b1:67:67:d8:42:19:58:f8:95:1e:85:
         7d:b0:29:0b:34:98:16:1c:af:8c:d7:ab:b6:92:34:be:f1:de:
         f8:1b:f8:f4:a5:c3:4b:e9:ce:09:6d:e1:29:74:d7:4a:a4:19:
         2c:95:64:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/1o5SGmu+rcR14aM4CRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMGY1YTliZDJhZDFlOTY4NjVmMDBkMDg1MjJiOWFhZDNl
OTFhNGQwHhcNMjQwMTAxMTYyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmJhOWVmNDM0MjRlMmVjYzk1MWI4Njc1ZjE5MTA5MTE0NjM1MjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl98JGtbP6RjOLMvWoma4AfhWNFtM
720Ndqz86AKA2n/cSlykVneB9ZEB2LbWOS9olXHqd2y3UsguK5DI3x1jgrX8SyuT
3qEMzkVzooNsfdZHldbTTQhcPq7XPgv4qTA4eITzlq1d4ywyjnpe0E0vPd0IbwgU
Mx9GLSe833m2IIzjBohqpQCFvtOmFleJ/+hdkpLi3aFtFxJnjlug/Xmr2VZdegj3
MIh25Rb3eBnzIVs5QEAlwQ9lfBMLGKCsUEkkS3W4aRAowEP+2re+h+AU4box8e3K
woq/E9A1viDPPKSAK1ORPRvE5XDYzrP9XUjikL0IrN3T7tQw9IUdMHEP4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ+6nvQ0JOLsyVG4Z18ZEJEUY1IUMB8GA1UdIwQY
MBaAFK8PWpvSrR6Whl8A0IUiuarT6RpNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnc5YW05S3RIcGFHWHdEUWhTSzVxdFBwR2swLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS82YWQ5YjgtOWYwZS00YWQwLWEyMjAt
M2FjM2I2NzM3MDQyLzEvbjdxZTlEUWs0dXpKVWJoblh4a1FrUlJqVWhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS82YWQ5YjgtOWYwZS00YWQwLWEyMjAtM2FjM2I2NzM3MDQy
LzEvcnc5YW05S3RIcGFHWHdEUWhTSzVxdFBwR2swLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzzjMA0G
CSqGSIb3DQEBCwUAA4IBAQBcQyvKcZ6rd+hHn03yfhX6eEOQ8DiE9VYyU6nr3r9D
B2br862Jv99tnvv/ExtLfXmFG6WjRyveRqC+2CEBhczua6SI3qscdm1sdgptWgQG
LlT35TuhamqvxBOSyx63pkcPSgEFz0t+XcoNT2Y9MS7zaNIW9GooYRnoQfA4gwBC
e8/9t7MQHFOWU6+OLZnrs8FKFFmycbML2jByq1GwZrYTU1Eutu7eFAHKNdhJ7f5J
Jg+mPEna81uRw90PmZkb7F0n1QORbEzmKnHQNPcLsWdn2EIZWPiVHoV9sCkLNJgW
HK+M16u2kjS+8d74G/j0pcNL6c4JbeEpdNdKpBkslWTb
-----END CERTIFICATE-----