Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/7e18f0-af1d-47c1-8db5-5a5233dc0ce0/1/9TptvUpxTGaEvdxOfzMQDijxOEk.roa
File:                     9TptvUpxTGaEvdxOfzMQDijxOEk.roa (raw, json)
Hash identifier:          snnPhovCUxZEOv/4Zx13mE3XGm6veAJRNPElq9VH+lM=
Subject key identifier:   F5:3A:6D:BD:4A:71:4C:66:84:BD:DC:4E:7F:33:10:0E:28:F1:38:49
Certificate issuer:       /CN=893afc6efe62990a26932f40e150b27eed539c4b
Certificate serial:       018CCA2A2B2A30AA754BC7FBA4A2536EA058
Authority key identifier: 89:3A:FC:6E:FE:62:99:0A:26:93:2F:40:E1:50:B2:7E:ED:53:9C:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iTr8bv5imQomky9A4VCyfu1TnEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/7e18f0-af1d-47c1-8db5-5a5233dc0ce0/1/9TptvUpxTGaEvdxOfzMQDijxOEk.roa
Signing time:             Tue 02 Jan 2024 12:33:30 +0000
ROA not before:           Tue 02 Jan 2024 12:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12330
IP address blocks:        195.94.96.0/21 maxlen: 21
                          195.94.104.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/7e18f0-af1d-47c1-8db5-5a5233dc0ce0/1/iTr8bv5imQomky9A4VCyfu1TnEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/7e18f0-af1d-47c1-8db5-5a5233dc0ce0/1/iTr8bv5imQomky9A4VCyfu1TnEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iTr8bv5imQomky9A4VCyfu1TnEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:2b:2a:30:aa:75:4b:c7:fb:a4:a2:53:6e:a0:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=893afc6efe62990a26932f40e150b27eed539c4b
        Validity
            Not Before: Jan  2 12:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f53a6dbd4a714c6684bddc4e7f33100e28f13849
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d6:ba:96:29:dd:0d:fd:d0:04:35:92:0e:b1:
                    bf:c6:83:38:d9:f9:0e:1b:3d:40:f9:81:15:b6:ee:
                    9f:9b:2a:64:48:8e:ec:42:3f:67:3b:91:fe:ef:4d:
                    57:7a:6d:af:bb:d9:8a:05:f9:04:fc:5d:3c:22:c6:
                    10:5e:a0:cc:b9:b5:d0:58:bd:14:3c:6c:46:c3:97:
                    6c:f5:fc:ab:2e:e7:3d:0f:9a:0b:9f:16:96:07:78:
                    96:9c:6a:1a:89:ff:27:2e:4a:e9:77:38:8a:a2:69:
                    04:6c:26:e2:73:3d:8d:a8:05:b7:3d:63:70:de:da:
                    00:73:59:24:7c:fb:9a:b7:73:10:4d:c5:47:22:7e:
                    c3:59:bc:d9:a2:91:18:09:bf:7d:78:b6:e4:6d:b5:
                    14:6c:8d:bc:19:2a:49:a3:77:52:55:57:4c:b3:3c:
                    fc:30:36:3b:4b:51:9c:e3:81:aa:ae:11:65:d9:be:
                    14:ac:ec:58:87:49:a3:5d:e2:34:50:cd:1e:f8:44:
                    2c:6f:13:bb:ea:a2:27:44:bf:06:dd:79:d8:a1:62:
                    1d:ca:d3:14:dc:81:b2:7c:58:14:2d:df:07:fd:02:
                    bf:50:0a:7a:9c:e1:ca:a4:5a:46:3d:bd:1e:ce:bd:
                    ba:8a:38:e7:72:c9:0c:0e:a4:37:f9:49:48:99:a7:
                    21:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:3A:6D:BD:4A:71:4C:66:84:BD:DC:4E:7F:33:10:0E:28:F1:38:49
            X509v3 Authority Key Identifier:
                keyid:89:3A:FC:6E:FE:62:99:0A:26:93:2F:40:E1:50:B2:7E:ED:53:9C:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iTr8bv5imQomky9A4VCyfu1TnEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/7e18f0-af1d-47c1-8db5-5a5233dc0ce0/1/9TptvUpxTGaEvdxOfzMQDijxOEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/7e18f0-af1d-47c1-8db5-5a5233dc0ce0/1/iTr8bv5imQomky9A4VCyfu1TnEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.94.96.0-195.94.107.255

    Signature Algorithm: sha256WithRSAEncryption
         43:c1:da:16:2d:b3:bf:a5:72:f9:bb:ae:f9:89:fb:aa:9d:ae:
         2c:cd:81:02:21:9a:67:d1:96:f4:8c:2f:5d:f9:85:b8:43:e3:
         df:d7:04:58:c6:40:f1:bc:dd:45:95:94:9c:e9:0a:4a:9b:91:
         62:d9:1c:16:a9:73:72:91:4d:5c:af:ad:2f:6f:48:a6:46:ef:
         6b:c4:4e:b3:d9:ec:87:bc:af:bb:64:28:cd:30:37:a4:e1:da:
         26:d2:71:70:ce:3f:a5:97:fc:4a:c2:73:4c:74:3b:16:4d:e0:
         4c:a7:cd:c6:40:09:3f:d5:78:e1:e6:bb:75:5e:1c:89:aa:47:
         2b:23:b8:f4:b2:fa:a3:ef:9b:fd:ca:93:44:17:97:a8:23:b6:
         a3:d3:f7:e6:1e:89:10:19:33:4d:60:74:ee:d4:2c:7d:e8:c7:
         78:38:28:47:ca:e6:b1:a4:4f:c3:4a:08:76:54:76:5d:99:a3:
         76:9b:70:51:3c:73:c9:95:e9:29:9d:59:e9:72:dd:0b:d2:9c:
         f9:8f:e1:87:a5:5e:9b:91:77:29:c7:45:d4:55:f5:0f:3e:53:
         2a:a5:a7:41:f9:7c:2a:de:c7:ce:3f:59:64:31:83:d7:c6:2a:
         af:3f:86:96:89:b7:7e:88:85:1c:f7:fd:94:db:60:72:2b:c4:
         b3:78:56:fb
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKKisqMKp1S8f7pKJTbqBYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5M2FmYzZlZmU2Mjk5MGEyNjkzMmY0MGUxNTBiMjdlZWQ1
MzljNGIwHhcNMjQwMTAyMTIzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTNhNmRiZDRhNzE0YzY2ODRiZGRjNGU3ZjMzMTAwZTI4ZjEzODQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9a6lindDf3QBDWSDrG/xoM42fkO
Gz1A+YEVtu6fmypkSI7sQj9nO5H+701Xem2vu9mKBfkE/F08IsYQXqDMubXQWL0U
PGxGw5ds9fyrLuc9D5oLnxaWB3iWnGoaif8nLkrpdziKomkEbCbicz2NqAW3PWNw
3toAc1kkfPuat3MQTcVHIn7DWbzZopEYCb99eLbkbbUUbI28GSpJo3dSVVdMszz8
MDY7S1Gc44GqrhFl2b4UrOxYh0mjXeI0UM0e+EQsbxO76qInRL8G3XnYoWIdytMU
3IGyfFgULd8H/QK/UAp6nOHKpFpGPb0ezr26ijjncskMDqQ3+UlImachjQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPU6bb1KcUxmhL3cTn8zEA4o8ThJMB8GA1UdIwQY
MBaAFIk6/G7+YpkKJpMvQOFQsn7tU5xLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVRyOGJ2NWltUW9ta3k5QTRWQ3lmdTFUbkVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi83ZTE4ZjAtYWYxZC00N2MxLThkYjUt
NWE1MjMzZGMwY2UwLzEvOVRwdHZVcHhUR2FFdmR4T2Z6TVFEaWp4T0VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi83ZTE4ZjAtYWYxZC00N2MxLThkYjUtNWE1MjMzZGMwY2Uw
LzEvaVRyOGJ2NWltUW9ta3k5QTRWQ3lmdTFUbkVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAXDXmAD
BALDXmgwDQYJKoZIhvcNAQELBQADggEBAEPB2hYts7+lcvm7rvmJ+6qdrizNgQIh
mmfRlvSML135hbhD49/XBFjGQPG83UWVlJzpCkqbkWLZHBapc3KRTVyvrS9vSKZG
72vETrPZ7Ie8r7tkKM0wN6Th2ibScXDOP6WX/ErCc0x0OxZN4EynzcZACT/VeOHm
u3VeHImqRysjuPSy+qPvm/3Kk0QXl6gjtqPT9+YeiRAZM01gdO7ULH3ox3g4KEfK
5rGkT8NKCHZUdl2Zo3abcFE8c8mV6SmdWely3QvSnPmP4YelXpuRdynHRdRV9Q8+
Uyqlp0H5fCrex84/WWQxg9fGKq8/hpaJt36IhRz3/ZTbYHIrxLN4Vvs=
-----END CERTIFICATE-----