Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/V1ufluIXihr0QEz_KE-m__Rclfw.roa
File:                     V1ufluIXihr0QEz_KE-m__Rclfw.roa (raw, json)
Hash identifier:          1m7zv7mPFNtkrSCjPxxqRcZW0YlYy153eLy7FTeaVlY=
Subject key identifier:   57:5B:9F:96:E2:17:8A:1A:F4:40:4C:FF:28:4F:A6:FF:F4:5C:95:FC
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       018EF04F8169624936ED260A5E384CA62A76
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/V1ufluIXihr0QEz_KE-m__Rclfw.roa
Signing time:             Thu 18 Apr 2024 08:25:26 +0000
ROA not before:           Thu 18 Apr 2024 08:25:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        87.254.11.0/24 maxlen: 24
                          87.254.16.0/24 maxlen: 24
                          87.254.17.0/24 maxlen: 24
                          217.25.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f0:4f:81:69:62:49:36:ed:26:0a:5e:38:4c:a6:2a:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Apr 18 08:25:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=575b9f96e2178a1af4404cff284fa6fff45c95fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:ad:46:05:4d:b9:9b:59:2f:3a:e9:be:58:9f:
                    f2:20:f8:66:77:76:54:8f:01:12:51:a8:57:58:0c:
                    e7:ce:57:54:72:9f:13:31:de:e6:22:c2:b7:12:d6:
                    9e:dd:ed:89:47:9d:50:1d:55:f2:1c:91:57:ce:cd:
                    7c:1f:0a:dd:d0:04:25:7a:e4:07:e3:99:95:eb:a7:
                    d4:1c:73:38:3a:41:d3:ed:c0:f0:fb:4c:b3:cb:96:
                    79:09:4d:53:da:ef:8b:14:73:e7:4f:d7:4c:46:66:
                    79:dd:36:f7:25:04:9b:af:f4:c1:1c:4a:b7:ff:53:
                    81:4e:9e:39:7e:af:b7:59:71:4d:39:64:1d:76:50:
                    02:b8:2e:77:5c:af:5b:52:ad:a2:a1:1d:23:8b:03:
                    10:14:b0:d7:e5:bd:4d:35:9c:2e:d4:9c:2f:e7:d0:
                    dd:e3:5e:47:c1:41:1e:7f:1f:f1:83:d2:16:0f:5b:
                    2b:4e:01:ee:19:2a:b3:2a:a1:6d:93:55:9a:aa:04:
                    7b:5e:6d:54:6f:03:bc:77:6b:af:d3:d6:82:64:e7:
                    43:8e:38:66:98:a5:ac:1f:7f:7d:24:7c:6c:91:38:
                    e8:3f:86:e2:13:9f:90:a8:86:20:a6:04:8c:12:06:
                    b2:35:a4:87:da:cc:c6:59:84:aa:16:7b:2c:38:c6:
                    57:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:5B:9F:96:E2:17:8A:1A:F4:40:4C:FF:28:4F:A6:FF:F4:5C:95:FC
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/V1ufluIXihr0QEz_KE-m__Rclfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.11.0/24
                  87.254.16.0/23
                  217.25.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:cb:84:bb:34:ca:fc:b6:96:cd:26:3e:5c:10:35:5c:82:0b:
         53:d6:b2:ca:c1:5e:3d:a0:25:53:07:40:b0:bd:58:33:1d:1b:
         25:0e:c9:f0:24:d6:48:fb:ea:cd:5d:7e:67:f5:83:dc:3b:b5:
         88:a1:49:e4:ec:73:13:7a:f5:94:ab:ea:69:e0:ea:a0:f4:b2:
         ae:a2:ad:4c:b0:b8:8d:c0:0a:3d:d7:18:a0:cc:aa:e3:9f:8b:
         76:a8:5e:d3:f0:dd:1b:e3:6a:22:1d:bb:ba:2f:45:03:de:e7:
         f5:d5:7f:b5:2c:05:8f:86:d0:8f:13:a5:be:66:9c:b6:a5:5d:
         4c:d3:ec:34:9e:9c:af:0b:6c:ce:76:8d:7f:09:1b:ec:15:36:
         de:bb:4d:4e:41:74:ac:0b:32:45:d6:bd:67:fb:ba:f6:a7:2c:
         28:2a:c5:9b:6a:82:91:fa:54:81:89:d7:43:0c:2a:50:62:bb:
         be:ce:1c:ad:c4:3e:09:a1:96:64:cd:5e:e1:da:8a:94:7b:92:
         df:89:f1:02:5b:88:0b:a6:bb:0f:79:05:2e:67:13:68:b2:a0:
         73:1c:bc:14:84:36:8b:0f:9b:16:a1:fd:62:98:98:00:0f:38:
         5b:b3:94:2c:ed:44:cf:38:a9:91:5d:53:72:8e:55:ed:43:01:
         d2:4a:09:dc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY7wT4FpYkk27SYKXjhMpip2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjQwNDE4MDgyNTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzViOWY5NmUyMTc4YTFhZjQ0MDRjZmYyODRmYTZmZmY0NWM5NWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAga1GBU25m1kvOum+WJ/yIPhmd3ZU
jwESUahXWAznzldUcp8TMd7mIsK3Etae3e2JR51QHVXyHJFXzs18Hwrd0AQleuQH
45mV66fUHHM4OkHT7cDw+0yzy5Z5CU1T2u+LFHPnT9dMRmZ53Tb3JQSbr/TBHEq3
/1OBTp45fq+3WXFNOWQddlACuC53XK9bUq2ioR0jiwMQFLDX5b1NNZwu1Jwv59Dd
415HwUEefx/xg9IWD1srTgHuGSqzKqFtk1WaqgR7Xm1UbwO8d2uv09aCZOdDjjhm
mKWsH399JHxskTjoP4biE5+QqIYgpgSMEgayNaSH2szGWYSqFnssOMZXkwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFdbn5biF4oa9EBM/yhPpv/0XJX8MB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvVjF1Zmx1SVhpaHIwUUV6X0tFLW1fX1JjbGZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAV/4LAwQB
V/4QAwQA2RkBMA0GCSqGSIb3DQEBCwUAA4IBAQApy4S7NMr8tpbNJj5cEDVcggtT
1rLKwV49oCVTB0CwvVgzHRslDsnwJNZI++rNXX5n9YPcO7WIoUnk7HMTevWUq+pp
4Oqg9LKuoq1MsLiNwAo91xigzKrjn4t2qF7T8N0b42oiHbu6L0UD3uf11X+1LAWP
htCPE6W+Zpy2pV1M0+w0npyvC2zOdo1/CRvsFTbeu01OQXSsCzJF1r1n+7r2pywo
KsWbaoKR+lSBiddDDCpQYru+zhytxD4JoZZkzV7h2oqUe5LfifECW4gLprsPeQUu
ZxNosqBzHLwUhDaLD5sWof1imJgADzhbs5Qs7UTPOKmRXVNyjlXtQwHSSgnc
-----END CERTIFICATE-----