Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/d3790d-9723-4b53-ad13-611ea442d2f3/1/1-ijT8-Ix6ibM-idyDsi6W_jktTo.roa
File:                     1-ijT8-Ix6ibM-idyDsi6W_jktTo.roa (raw, json)
Hash identifier:          DMe0LgUlh8Op8bEoGz6JQpL5VZsKSkGPdm1yIlYf4Ls=
Subject key identifier:   FA:28:D3:F3:E2:31:EA:26:CC:FA:27:72:0E:C8:BA:5B:F8:E4:B5:3A
Certificate issuer:       /CN=15cfcfcef82f7d1c5908a2e5a009fd1b3439817c
Certificate serial:       0192E7F4521B127E6DD1BD417915CF88F81B
Authority key identifier: 15:CF:CF:CE:F8:2F:7D:1C:59:08:A2:E5:A0:09:FD:1B:34:39:81:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fc_PzvgvfRxZCKLloAn9GzQ5gXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/d3790d-9723-4b53-ad13-611ea442d2f3/1/1-ijT8-Ix6ibM-idyDsi6W_jktTo.roa
Signing time:             Fri 01 Nov 2024 13:40:01 +0000
ROA not before:           Fri 01 Nov 2024 13:40:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214233
IP address blocks:        194.164.98.0/24 maxlen: 24
                          194.164.99.0/24 maxlen: 24
                          2a01:f080::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/d3790d-9723-4b53-ad13-611ea442d2f3/1/Fc_PzvgvfRxZCKLloAn9GzQ5gXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/d3790d-9723-4b53-ad13-611ea442d2f3/1/Fc_PzvgvfRxZCKLloAn9GzQ5gXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fc_PzvgvfRxZCKLloAn9GzQ5gXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e7:f4:52:1b:12:7e:6d:d1:bd:41:79:15:cf:88:f8:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15cfcfcef82f7d1c5908a2e5a009fd1b3439817c
        Validity
            Not Before: Nov  1 13:40:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa28d3f3e231ea26ccfa27720ec8ba5bf8e4b53a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:1f:e6:38:bb:5c:c1:52:2d:d6:1f:02:bc:52:
                    ef:21:dd:c5:67:74:a3:47:44:a2:f3:b4:10:3c:cc:
                    90:70:23:f3:0b:d4:96:2a:d6:9e:3a:81:05:0b:64:
                    3f:0e:3d:7b:ee:91:b7:f2:0f:96:36:9c:a5:1a:08:
                    59:9e:a4:0d:46:58:73:fc:0d:e7:38:35:a7:f6:1c:
                    0d:75:b2:eb:8a:cd:db:ff:74:e8:47:44:15:9d:29:
                    53:de:45:21:cf:1a:cb:d1:dd:ad:42:c2:63:57:4b:
                    c4:87:27:d0:cd:f6:b2:fb:dd:a3:fa:c8:c0:ab:28:
                    b3:5b:d6:12:eb:11:4a:2c:57:a0:52:67:f3:c2:bb:
                    59:37:a0:c0:62:65:0a:98:7c:21:cb:a2:ab:bf:36:
                    68:47:3f:96:04:6e:ec:73:32:85:a4:62:fd:78:9d:
                    28:7e:0a:1c:f8:55:78:d5:1a:9a:f3:13:a8:6a:53:
                    50:6f:3f:79:c3:4f:2b:b5:dc:19:3f:11:29:a9:43:
                    47:78:5e:1e:55:a6:6c:1a:3f:85:ac:1b:fc:41:1b:
                    18:df:ba:df:24:0d:8c:92:fe:ac:af:b3:8d:ea:12:
                    ae:dd:26:c5:22:89:ff:20:bd:66:44:82:6f:12:45:
                    d5:64:6e:64:8b:c2:8b:09:f0:78:ad:01:40:8c:0b:
                    d5:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:28:D3:F3:E2:31:EA:26:CC:FA:27:72:0E:C8:BA:5B:F8:E4:B5:3A
            X509v3 Authority Key Identifier:
                keyid:15:CF:CF:CE:F8:2F:7D:1C:59:08:A2:E5:A0:09:FD:1B:34:39:81:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fc_PzvgvfRxZCKLloAn9GzQ5gXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/d3790d-9723-4b53-ad13-611ea442d2f3/1/1-ijT8-Ix6ibM-idyDsi6W_jktTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/d3790d-9723-4b53-ad13-611ea442d2f3/1/Fc_PzvgvfRxZCKLloAn9GzQ5gXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.164.98.0/23
                IPv6:
                  2a01:f080::/29

    Signature Algorithm: sha256WithRSAEncryption
         72:26:cc:01:cc:27:ac:a5:bf:1c:21:7b:6f:62:cf:08:68:9d:
         9e:e6:5f:c0:fb:bd:fb:25:57:8c:f4:86:d5:fd:03:fa:60:f1:
         5c:95:cf:18:db:5d:de:99:53:74:de:ed:bb:f7:df:85:c9:4d:
         18:d9:26:0e:db:c2:81:cc:b5:ab:f8:88:54:6e:4d:9a:b0:fb:
         38:3b:b2:09:4d:c5:4c:f0:ab:94:e1:d7:b0:7a:6a:31:b1:5d:
         0f:93:0e:d5:72:b5:8e:b5:b5:79:3b:1c:14:dd:90:00:54:07:
         d3:91:56:5e:f3:7f:b3:9c:e2:2d:e3:e1:73:19:4c:4f:9f:11:
         8c:b8:ee:3d:3b:41:18:2c:d9:e0:1d:41:52:cb:d2:62:94:64:
         c3:0a:af:d7:31:47:47:43:ea:a6:ea:58:2a:cb:69:5b:75:7f:
         c6:0f:5c:96:1e:52:07:8f:f7:9b:4b:8a:f4:97:fc:ff:de:ea:
         fb:fa:1e:72:48:79:7d:a9:9a:3a:fb:b3:8a:29:0d:b7:ed:3e:
         1a:fc:4d:31:f0:d3:f5:3d:05:77:bf:7b:0f:1c:bf:ef:1f:2f:
         6c:51:25:9f:d7:4c:bf:69:b0:71:cb:79:a4:e0:bb:71:24:b7:
         97:dc:f0:72:3f:10:23:0d:18:c5:86:27:43:07:7c:1e:a2:4b:
         92:e3:aa:ef
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZLn9FIbEn5t0b1BeRXPiPgbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1Y2ZjZmNlZjgyZjdkMWM1OTA4YTJlNWEwMDlmZDFiMzQz
OTgxN2MwHhcNMjQxMTAxMTM0MDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTI4ZDNmM2UyMzFlYTI2Y2NmYTI3NzIwZWM4YmE1YmY4ZTRiNTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyx/mOLtcwVIt1h8CvFLvId3FZ3Sj
R0Si87QQPMyQcCPzC9SWKtaeOoEFC2Q/Dj177pG38g+WNpylGghZnqQNRlhz/A3n
ODWn9hwNdbLris3b/3ToR0QVnSlT3kUhzxrL0d2tQsJjV0vEhyfQzfay+92j+sjA
qyizW9YS6xFKLFegUmfzwrtZN6DAYmUKmHwhy6KrvzZoRz+WBG7sczKFpGL9eJ0o
fgoc+FV41Rqa8xOoalNQbz95w08rtdwZPxEpqUNHeF4eVaZsGj+FrBv8QRsY37rf
JA2Mkv6sr7ON6hKu3SbFIon/IL1mRIJvEkXVZG5ki8KLCfB4rQFAjAvVwwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPoo0/PiMeomzPoncg7Iulv45LU6MB8GA1UdIwQY
MBaAFBXPz874L30cWQii5aAJ/Rs0OYF8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmNfUHp2Z3ZmUnhaQ0tMbG9BbjlHelE1Z1h3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9kMzc5MGQtOTcyMy00YjUzLWFkMTMt
NjExZWE0NDJkMmYzLzEvMS1palQ4LUl4NmliTS1pZHlEc2k2V19qa3RUby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2IvZDM3OTBkLTk3MjMtNGI1My1hZDEzLTYxMWVhNDQyZDJm
My8xL0ZjX1B6dmd2ZlJ4WkNLTGxvQW45R3pRNWdYdy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAcKkYjAN
BAIAAjAHAwUDKgHwgDANBgkqhkiG9w0BAQsFAAOCAQEAcibMAcwnrKW/HCF7b2LP
CGidnuZfwPu9+yVXjPSG1f0D+mDxXJXPGNtd3plTdN7tu/ffhclNGNkmDtvCgcy1
q/iIVG5NmrD7ODuyCU3FTPCrlOHXsHpqMbFdD5MO1XK1jrW1eTscFN2QAFQH05FW
XvN/s5ziLePhcxlMT58RjLjuPTtBGCzZ4B1BUsvSYpRkwwqv1zFHR0PqpupYKstp
W3V/xg9clh5SB4/3m0uK9Jf8/97q+/oeckh5famaOvuziikNt+0+GvxNMfDT9T0F
d797Dxy/7x8vbFEln9dMv2mwcct5pOC7cSS3l9zwcj8QIw0YxYYnQwd8HqJLkuOq
7w==
-----END CERTIFICATE-----