Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/87ca91-6fb8-4038-890c-4915fe7f92ce/1/X7vOmeav7oq3v3EoUpYgdjT6Hos.roa
File:                     X7vOmeav7oq3v3EoUpYgdjT6Hos.roa (raw, json)
Hash identifier:          Gq1/MgKZlM3g/qYVlbQJRtxpG9XXRGmeRmU9TXq8O3w=
Subject key identifier:   5F:BB:CE:99:E6:AF:EE:8A:B7:BF:71:28:52:96:20:76:34:FA:1E:8B
Certificate issuer:       /CN=644f033f782eaf32ab09088775d64ac4b94b5b11
Certificate serial:       018D36B455E14E52316EE59E035F912C049F
Authority key identifier: 64:4F:03:3F:78:2E:AF:32:AB:09:08:87:75:D6:4A:C4:B9:4B:5B:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZE8DP3gurzKrCQiHddZKxLlLWxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/87ca91-6fb8-4038-890c-4915fe7f92ce/1/X7vOmeav7oq3v3EoUpYgdjT6Hos.roa
Signing time:             Tue 23 Jan 2024 14:23:24 +0000
ROA not before:           Tue 23 Jan 2024 14:23:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198154
IP address blocks:        213.134.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/87ca91-6fb8-4038-890c-4915fe7f92ce/1/ZE8DP3gurzKrCQiHddZKxLlLWxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/87ca91-6fb8-4038-890c-4915fe7f92ce/1/ZE8DP3gurzKrCQiHddZKxLlLWxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZE8DP3gurzKrCQiHddZKxLlLWxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:36:b4:55:e1:4e:52:31:6e:e5:9e:03:5f:91:2c:04:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=644f033f782eaf32ab09088775d64ac4b94b5b11
        Validity
            Not Before: Jan 23 14:23:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fbbce99e6afee8ab7bf71285296207634fa1e8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ef:45:57:06:a5:ee:49:5a:94:52:b8:18:cf:
                    e1:e7:1a:67:51:b1:31:d9:22:2a:65:ea:0c:8a:85:
                    f5:49:94:1c:7e:c9:55:1a:ce:48:9a:40:ad:96:c2:
                    4e:f8:f4:21:b9:fd:13:98:59:9d:37:a0:f3:73:30:
                    68:67:5d:eb:53:92:5b:b8:da:ab:cc:5a:14:3f:a9:
                    fc:2f:16:d3:26:76:f0:f3:bc:ff:98:04:5d:f6:df:
                    8d:17:66:4b:14:54:eb:10:0e:09:8e:5f:5f:8a:22:
                    d7:98:d4:4e:7e:e0:15:d0:e3:60:28:11:23:14:51:
                    0f:a6:b9:a8:6d:d9:51:ea:5a:2e:66:0a:38:02:ff:
                    68:1e:85:df:d5:77:c0:37:86:e0:b7:b9:87:72:28:
                    04:85:eb:14:53:32:fd:35:5f:49:d9:15:f3:20:40:
                    81:db:e1:cd:12:6c:97:3c:97:6d:39:10:c2:95:53:
                    bb:20:59:eb:50:9c:0a:62:a3:39:ca:f7:de:5a:19:
                    9c:1c:73:85:31:06:97:8d:ae:42:d8:45:f3:5c:f0:
                    8b:2b:5d:ed:59:0b:36:4c:53:ff:92:b1:23:b6:49:
                    7d:4a:44:b5:2f:28:54:d5:4b:df:25:41:4a:29:bc:
                    1a:58:ea:5b:1e:cc:a7:f1:79:8c:03:74:f6:00:9d:
                    db:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:BB:CE:99:E6:AF:EE:8A:B7:BF:71:28:52:96:20:76:34:FA:1E:8B
            X509v3 Authority Key Identifier:
                keyid:64:4F:03:3F:78:2E:AF:32:AB:09:08:87:75:D6:4A:C4:B9:4B:5B:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZE8DP3gurzKrCQiHddZKxLlLWxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/87ca91-6fb8-4038-890c-4915fe7f92ce/1/X7vOmeav7oq3v3EoUpYgdjT6Hos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/87ca91-6fb8-4038-890c-4915fe7f92ce/1/ZE8DP3gurzKrCQiHddZKxLlLWxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.134.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:da:64:44:99:d2:85:b1:e1:db:22:db:0a:76:6e:be:43:19:
         b0:36:1e:45:b9:ad:22:94:d0:2a:7c:f8:e4:22:c4:d2:6e:49:
         0a:bd:b1:40:35:71:00:f9:24:b6:9d:02:42:4e:34:e2:45:77:
         56:0c:72:ed:7a:67:ee:c7:45:c8:39:34:58:a1:3f:9f:78:c1:
         1d:c3:02:24:32:a3:0c:a0:cb:5b:c1:b7:cf:b9:c0:4b:0a:49:
         f6:9b:3f:d6:56:d1:20:f9:70:eb:69:d2:96:cc:07:bd:e3:eb:
         40:1b:ec:9f:1b:a7:ab:62:20:f0:2a:d7:f1:12:9c:63:61:71:
         8f:5d:cb:2c:2e:1d:c7:18:d0:ac:ad:87:53:1b:2d:07:f8:e3:
         71:fe:6c:94:b3:a2:c0:d5:7a:c9:7c:86:ca:00:c7:83:7f:72:
         45:15:78:c4:14:3d:6e:32:7f:03:99:d7:18:55:21:45:b1:81:
         31:fa:3d:17:b5:e6:74:91:00:db:20:7a:55:1c:f1:38:35:7d:
         48:11:34:aa:b4:ac:36:ca:2a:6d:f9:15:a7:3e:43:9b:6d:f7:
         94:04:20:f4:9e:42:dd:d0:0e:24:da:18:1d:82:ed:d0:5e:6e:
         15:cb:81:f4:e6:02:de:65:79:a1:98:5a:22:e7:43:8c:50:6a:
         4e:fb:b0:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY02tFXhTlIxbuWeA1+RLASfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0NGYwMzNmNzgyZWFmMzJhYjA5MDg4Nzc1ZDY0YWM0Yjk0
YjViMTEwHhcNMjQwMTIzMTQyMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmJiY2U5OWU2YWZlZThhYjdiZjcxMjg1Mjk2MjA3NjM0ZmExZThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAou9FVwal7klalFK4GM/h5xpnUbEx
2SIqZeoMioX1SZQcfslVGs5ImkCtlsJO+PQhuf0TmFmdN6DzczBoZ13rU5JbuNqr
zFoUP6n8LxbTJnbw87z/mARd9t+NF2ZLFFTrEA4Jjl9fiiLXmNROfuAV0ONgKBEj
FFEPprmobdlR6louZgo4Av9oHoXf1XfAN4bgt7mHcigEhesUUzL9NV9J2RXzIECB
2+HNEmyXPJdtORDClVO7IFnrUJwKYqM5yvfeWhmcHHOFMQaXja5C2EXzXPCLK13t
WQs2TFP/krEjtkl9SkS1LyhU1UvfJUFKKbwaWOpbHsyn8XmMA3T2AJ3bLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+7zpnmr+6Kt79xKFKWIHY0+h6LMB8GA1UdIwQY
MBaAFGRPAz94Lq8yqwkIh3XWSsS5S1sRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkU4RFAzZ3VyektyQ1FpSGRkWkt4TGxMV3hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS84N2NhOTEtNmZiOC00MDM4LTg5MGMt
NDkxNWZlN2Y5MmNlLzEvWDd2T21lYXY3b3EzdjNFb1VwWWdkalQ2SG9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS84N2NhOTEtNmZiOC00MDM4LTg5MGMtNDkxNWZlN2Y5MmNl
LzEvWkU4RFAzZ3VyektyQ1FpSGRkWkt4TGxMV3hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YYRMA0G
CSqGSIb3DQEBCwUAA4IBAQA72mREmdKFseHbItsKdm6+QxmwNh5Fua0ilNAqfPjk
IsTSbkkKvbFANXEA+SS2nQJCTjTiRXdWDHLtemfux0XIOTRYoT+feMEdwwIkMqMM
oMtbwbfPucBLCkn2mz/WVtEg+XDradKWzAe94+tAG+yfG6erYiDwKtfxEpxjYXGP
XcssLh3HGNCsrYdTGy0H+ONx/myUs6LA1XrJfIbKAMeDf3JFFXjEFD1uMn8DmdcY
VSFFsYEx+j0XteZ0kQDbIHpVHPE4NX1IETSqtKw2yipt+RWnPkObbfeUBCD0nkLd
0A4k2hgdgu3QXm4Vy4H05gLeZXmhmFoi50OMUGpO+7B0
-----END CERTIFICATE-----