Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/45a572-b808-40f5-8b25-ddca153a20ab/1/Dp364EsXyVXcHZOGFeHDYT79l8w.roa
File:                     Dp364EsXyVXcHZOGFeHDYT79l8w.roa (raw, json)
Hash identifier:          sFjoSM3W9HkoTvr7F/d5ouV/BBWaQbuQhevcgevIemA=
Subject key identifier:   0E:9D:FA:E0:4B:17:C9:55:DC:1D:93:86:15:E1:C3:61:3E:FD:97:CC
Certificate issuer:       /CN=faf647df218e2c6f3fd1cf549d27df4e50cd6db0
Certificate serial:       01936D110C7AC790022DC9E144F73F2D50E3
Authority key identifier: FA:F6:47:DF:21:8E:2C:6F:3F:D1:CF:54:9D:27:DF:4E:50:CD:6D:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-vZH3yGOLG8_0c9UnSffTlDNbbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/45a572-b808-40f5-8b25-ddca153a20ab/1/Dp364EsXyVXcHZOGFeHDYT79l8w.roa
Signing time:             Wed 27 Nov 2024 10:00:54 +0000
ROA not before:           Wed 27 Nov 2024 10:00:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398485
IP address blocks:        195.5.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/45a572-b808-40f5-8b25-ddca153a20ab/1/1-vZH3yGOLG8_0c9UnSffTlDNbbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/45a572-b808-40f5-8b25-ddca153a20ab/1/1-vZH3yGOLG8_0c9UnSffTlDNbbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-vZH3yGOLG8_0c9UnSffTlDNbbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:6d:11:0c:7a:c7:90:02:2d:c9:e1:44:f7:3f:2d:50:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=faf647df218e2c6f3fd1cf549d27df4e50cd6db0
        Validity
            Not Before: Nov 27 10:00:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e9dfae04b17c955dc1d938615e1c3613efd97cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:f1:19:96:4c:38:cc:86:56:87:93:bc:dc:05:
                    af:e3:12:ab:ed:37:8b:5d:a6:06:ed:56:ce:83:8f:
                    bd:67:c7:1e:60:c3:66:56:29:63:a8:bf:f3:93:f1:
                    6e:7f:6b:74:b7:ce:9b:b9:11:71:27:08:8e:fc:ee:
                    60:1c:48:98:3a:7a:63:d2:1a:db:63:1d:04:f0:2b:
                    12:0c:91:2d:86:43:ca:da:fd:c2:2d:95:b2:65:4b:
                    bc:ea:d1:68:5d:ef:0a:bd:ac:3d:c5:61:b4:86:1a:
                    c1:a4:ec:36:9b:ef:8a:67:f8:e6:1b:82:d4:68:db:
                    21:68:72:9f:04:6a:10:f2:09:3c:4c:8b:ae:e1:37:
                    20:75:40:b3:49:c7:45:33:35:8a:e5:f3:d9:3a:4d:
                    63:b1:23:e1:ef:58:6e:94:15:b6:c4:15:bb:24:73:
                    13:ad:52:58:d0:58:fb:ea:be:d1:e8:ae:b2:cb:f7:
                    01:a2:c8:2a:ae:02:4d:45:66:76:94:83:00:e3:5a:
                    c5:a7:fa:b0:f8:69:0a:2f:ae:3a:81:a8:d1:96:3a:
                    22:cd:d9:e4:6f:1c:ee:fb:7a:21:51:b2:42:4e:44:
                    20:94:05:46:87:c0:61:ed:63:fc:14:3e:00:55:d8:
                    6d:53:1e:9c:4b:2c:44:3f:d6:7e:15:c9:06:8b:f4:
                    91:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:9D:FA:E0:4B:17:C9:55:DC:1D:93:86:15:E1:C3:61:3E:FD:97:CC
            X509v3 Authority Key Identifier:
                keyid:FA:F6:47:DF:21:8E:2C:6F:3F:D1:CF:54:9D:27:DF:4E:50:CD:6D:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-vZH3yGOLG8_0c9UnSffTlDNbbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/45a572-b808-40f5-8b25-ddca153a20ab/1/Dp364EsXyVXcHZOGFeHDYT79l8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/45a572-b808-40f5-8b25-ddca153a20ab/1/1-vZH3yGOLG8_0c9UnSffTlDNbbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:df:7d:4f:2c:e9:93:54:f1:ed:61:39:df:43:0f:05:74:84:
         51:6d:2e:09:e4:ee:cd:03:e5:e6:bb:65:34:54:57:da:76:fb:
         64:37:38:ad:25:45:34:de:0d:16:fc:0a:f6:04:5b:5b:a3:39:
         72:66:c6:99:5a:55:5a:19:7f:0e:cf:b3:00:87:ae:a8:62:b5:
         6c:00:39:1c:14:fd:fb:48:f4:bf:56:63:bb:7c:9b:f7:ec:d4:
         09:e1:08:db:25:27:74:7f:78:b4:14:ad:15:54:e8:a7:1a:c3:
         00:b0:c7:84:6b:90:9b:e2:49:3b:7c:26:f1:a9:dc:ae:ef:7e:
         43:2a:02:a7:ac:3d:68:92:92:94:99:66:68:46:41:49:0b:f2:
         fd:1f:59:72:8e:bc:49:9a:4f:b6:67:4c:08:8e:cb:c6:aa:d2:
         5f:bc:87:b1:cf:b7:a9:1c:9b:da:f2:61:55:42:79:16:92:29:
         84:7a:78:e2:c2:a6:ed:05:b5:81:68:1b:a0:41:d1:1f:db:d7:
         1e:47:1d:26:1e:16:96:4c:11:03:0e:d6:df:d7:c1:0f:1e:64:
         6f:9a:f6:b8:f6:3a:41:f4:76:2d:5d:76:56:e6:1a:23:d0:ac:
         16:d9:ed:08:c7:e6:28:92:99:98:ea:72:eb:49:1b:2c:d8:78:
         e6:6b:6a:0f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZNtEQx6x5ACLcnhRPc/LVDjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZjY0N2RmMjE4ZTJjNmYzZmQxY2Y1NDlkMjdkZjRlNTBj
ZDZkYjAwHhcNMjQxMTI3MTAwMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTlkZmFlMDRiMTdjOTU1ZGMxZDkzODYxNWUxYzM2MTNlZmQ5N2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8PEZlkw4zIZWh5O83AWv4xKr7TeL
XaYG7VbOg4+9Z8ceYMNmViljqL/zk/Fuf2t0t86buRFxJwiO/O5gHEiYOnpj0hrb
Yx0E8CsSDJEthkPK2v3CLZWyZUu86tFoXe8Kvaw9xWG0hhrBpOw2m++KZ/jmG4LU
aNshaHKfBGoQ8gk8TIuu4TcgdUCzScdFMzWK5fPZOk1jsSPh71hulBW2xBW7JHMT
rVJY0Fj76r7R6K6yy/cBosgqrgJNRWZ2lIMA41rFp/qw+GkKL646gajRljoizdnk
bxzu+3ohUbJCTkQglAVGh8Bh7WP8FD4AVdhtUx6cSyxEP9Z+FckGi/SRfQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFA6d+uBLF8lV3B2ThhXhw2E+/ZfMMB8GA1UdIwQY
MBaAFPr2R98hjixvP9HPVJ0n305QzW2wMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS12WkgzeUdPTEc4XzBjOVVuU2ZmVGxETmJiQS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTQvNDVhNTcyLWI4MDgtNDBmNS04YjI1
LWRkY2ExNTNhMjBhYi8xL0RwMzY0RXNYeVZYY0haT0dGZUhEWVQ3OWw4dy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTQvNDVhNTcyLWI4MDgtNDBmNS04YjI1LWRkY2ExNTNhMjBh
Yi8xLzEtdlpIM3lHT0xHOF8wYzlVblNmZlRsRE5iYkEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDBasw
DQYJKoZIhvcNAQELBQADggEBADrffU8s6ZNU8e1hOd9DDwV0hFFtLgnk7s0D5ea7
ZTRUV9p2+2Q3OK0lRTTeDRb8CvYEW1ujOXJmxplaVVoZfw7PswCHrqhitWwAORwU
/ftI9L9WY7t8m/fs1AnhCNslJ3R/eLQUrRVU6KcawwCwx4RrkJviSTt8JvGp3K7v
fkMqAqesPWiSkpSZZmhGQUkL8v0fWXKOvEmaT7ZnTAiOy8aq0l+8h7HPt6kcm9ry
YVVCeRaSKYR6eOLCpu0FtYFoG6BB0R/b1x5HHSYeFpZMEQMO1t/XwQ8eZG+a9rj2
OkH0di1ddlbmGiPQrBbZ7QjH5iiSmZjqcutJGyzYeOZrag8=
-----END CERTIFICATE-----