Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/1FykPfMOjADpu-mbaKmUmwHClAU.roa
File:                     1FykPfMOjADpu-mbaKmUmwHClAU.roa (raw, json)
Hash identifier:          KXjGFTNfB9EJUoZSaq1JvcCCULF0WH4o7OFlIhNsdPg=
Subject key identifier:   D4:5C:A4:3D:F3:0E:8C:00:E9:BB:E9:9B:68:A9:94:9B:01:C2:94:05
Certificate issuer:       /CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
Certificate serial:       0191744A7685CB38FEB5064E740C57553B1F
Authority key identifier: 09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/1FykPfMOjADpu-mbaKmUmwHClAU.roa
Signing time:             Wed 21 Aug 2024 09:35:22 +0000
ROA not before:           Wed 21 Aug 2024 09:35:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        80.93.202.0/24 maxlen: 24
                          80.93.204.0/24 maxlen: 24
                          80.93.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:74:4a:76:85:cb:38:fe:b5:06:4e:74:0c:57:55:3b:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
        Validity
            Not Before: Aug 21 09:35:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d45ca43df30e8c00e9bbe99b68a9949b01c29405
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:f9:10:5d:ff:41:25:1e:3e:60:93:61:2b:ce:
                    c3:08:64:4e:68:9a:31:87:76:93:4e:04:6e:45:ff:
                    e7:a2:1c:4c:73:ac:15:96:2c:1a:57:3a:fc:0d:d6:
                    6a:65:50:d0:f1:ad:6e:02:52:a5:a6:6d:41:dc:00:
                    07:7a:03:fd:3b:8f:13:ab:7e:49:78:7e:47:3a:d5:
                    7d:06:56:91:2b:93:96:c5:45:15:bd:15:6c:ef:af:
                    8c:4a:0e:0e:35:9c:14:12:0f:5b:0a:40:c0:59:8e:
                    8a:e1:ff:3e:bf:31:f4:4f:c5:98:38:47:de:a3:22:
                    02:1a:da:0c:ca:8a:3c:b6:a5:95:b1:b6:45:b7:d9:
                    38:55:1f:be:b4:9d:81:67:02:d6:9d:62:9a:60:f7:
                    28:01:13:bf:30:29:cd:e2:1f:d6:c5:25:18:19:72:
                    40:18:3d:ee:35:ca:f6:42:a6:9e:7d:fc:da:a5:e5:
                    3e:76:54:79:32:f2:18:8c:d2:38:07:64:5e:71:4b:
                    e6:5a:17:77:08:75:82:86:97:cd:11:23:10:c8:33:
                    0b:fa:5a:6e:dd:f1:21:ca:29:90:39:7b:60:28:d6:
                    90:14:21:3b:f2:87:a9:7a:21:2d:cf:48:fa:be:f5:
                    ae:6c:86:24:c1:d4:b8:24:ad:d7:40:50:7b:30:3e:
                    91:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:5C:A4:3D:F3:0E:8C:00:E9:BB:E9:9B:68:A9:94:9B:01:C2:94:05
            X509v3 Authority Key Identifier:
                keyid:09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/1FykPfMOjADpu-mbaKmUmwHClAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.202.0/24
                  80.93.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4b:0b:cd:89:67:34:12:bf:72:33:ab:2b:d4:8a:1e:e6:12:7d:
         68:30:17:f4:28:38:db:dc:27:b8:36:24:50:25:91:13:a2:0a:
         d9:f2:c6:e3:15:19:60:4d:bd:cb:84:1b:10:f6:81:c6:60:7f:
         05:61:ac:f6:07:e4:ad:e3:72:e2:24:96:b4:eb:6b:c5:09:77:
         4a:50:6b:01:34:6c:b5:7a:f3:49:d5:8b:fc:6b:b6:4f:b0:88:
         14:4a:0b:00:b7:79:d3:66:dd:1d:68:fc:dd:95:3e:fc:70:56:
         7e:59:2b:01:e5:40:bc:b5:04:05:13:6d:6f:8b:ad:9d:ea:c7:
         17:e6:ce:a2:f5:a6:83:be:12:d2:fb:f3:78:42:8a:24:ba:00:
         dc:77:79:f7:4e:60:da:a8:ea:35:37:df:36:fd:a4:50:8b:8c:
         b6:cf:60:48:da:c2:6f:b0:b7:9b:09:48:28:b5:a0:52:25:56:
         84:37:23:14:a2:f2:a6:4a:e1:a4:97:24:f2:ee:84:81:25:23:
         27:97:fc:3e:86:cb:b9:1f:79:8f:3b:7c:9c:9b:ef:5f:5c:da:
         fc:1d:fe:5d:01:18:2d:6b:b3:07:af:74:69:96:39:98:ca:23:
         7a:c6:68:1a:dd:e7:c8:1d:e8:6b:4b:ca:25:5a:67:61:6b:34:
         30:dd:d1:77
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZF0SnaFyzj+tQZOdAxXVTsfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OGY3YmEzNGJjNjU2N2JkMzYxNmQ1NzRmNzI4NWRkNzU1
NmRiZmQwHhcNMjQwODIxMDkzNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDVjYTQzZGYzMGU4YzAwZTliYmU5OWI2OGE5OTQ5YjAxYzI5NDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5fkQXf9BJR4+YJNhK87DCGROaJox
h3aTTgRuRf/nohxMc6wVliwaVzr8DdZqZVDQ8a1uAlKlpm1B3AAHegP9O48Tq35J
eH5HOtV9BlaRK5OWxUUVvRVs76+MSg4ONZwUEg9bCkDAWY6K4f8+vzH0T8WYOEfe
oyICGtoMyoo8tqWVsbZFt9k4VR++tJ2BZwLWnWKaYPcoARO/MCnN4h/WxSUYGXJA
GD3uNcr2QqaeffzapeU+dlR5MvIYjNI4B2RecUvmWhd3CHWChpfNESMQyDML+lpu
3fEhyimQOXtgKNaQFCE78oepeiEtz0j6vvWubIYkwdS4JK3XQFB7MD6RkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNRcpD3zDowA6bvpm2iplJsBwpQFMB8GA1UdIwQY
MBaAFAmPe6NLxlZ702FtV09yhd11Vtv9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMt
ZTIxNjZhZDc0ZTNmLzEvMUZ5a1BmTU9qQURwdS1tYmFLbVVtd0hDbEFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMtZTIxNjZhZDc0ZTNm
LzEvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUF3KAwQB
UF3MMA0GCSqGSIb3DQEBCwUAA4IBAQBLC82JZzQSv3IzqyvUih7mEn1oMBf0KDjb
3Ce4NiRQJZETogrZ8sbjFRlgTb3LhBsQ9oHGYH8FYaz2B+St43LiJJa062vFCXdK
UGsBNGy1evNJ1Yv8a7ZPsIgUSgsAt3nTZt0daPzdlT78cFZ+WSsB5UC8tQQFE21v
i62d6scX5s6i9aaDvhLS+/N4QookugDcd3n3TmDaqOo1N982/aRQi4y2z2BI2sJv
sLebCUgotaBSJVaENyMUovKmSuGklyTy7oSBJSMnl/w+hsu5H3mPO3ycm+9fXNr8
Hf5dARgta7MHr3RpljmYyiN6xmga3efIHehrS8olWmdhazQw3dF3
-----END CERTIFICATE-----