Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/RclfnGkzAv6pJNXUc2a41MX3W_w.roa
File:                     RclfnGkzAv6pJNXUc2a41MX3W_w.roa (raw, json)
Hash identifier:          hhlVIsLYZ/FGG5M4dEQWJhcLg7UlkPDSabeii3SPRxY=
Subject key identifier:   45:C9:5F:9C:69:33:02:FE:A9:24:D5:D4:73:66:B8:D4:C5:F7:5B:FC
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01910A6A00B7C1272D313ECAAD6BCAD3C377
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/RclfnGkzAv6pJNXUc2a41MX3W_w.roa
Signing time:             Wed 31 Jul 2024 20:10:04 +0000
ROA not before:           Wed 31 Jul 2024 20:10:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207252
IP address blocks:        85.202.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:0a:6a:00:b7:c1:27:2d:31:3e:ca:ad:6b:ca:d3:c3:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jul 31 20:10:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45c95f9c693302fea924d5d47366b8d4c5f75bfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:4b:c7:b8:e5:37:93:ec:3c:aa:7c:7f:95:a1:
                    97:41:7d:cb:c7:9f:c7:ba:74:b4:fd:11:f6:04:f1:
                    1e:9f:87:06:af:da:0d:45:8d:36:bf:46:af:eb:b1:
                    b9:21:f5:a9:1c:88:2f:ff:f5:97:a8:1a:8c:83:50:
                    5d:a2:33:fc:2b:af:6d:99:bf:6d:d7:c6:c4:ce:f6:
                    f4:59:dd:9f:2d:80:0a:dc:6f:bd:5c:74:de:6f:bd:
                    d2:ef:d7:08:ee:42:94:f1:fe:b6:6d:ef:54:40:c4:
                    32:cc:d9:8d:7d:22:34:f5:29:20:d0:e8:c9:2f:15:
                    b1:3b:e2:0b:8a:cc:9f:6c:9c:3b:c9:b5:06:8b:80:
                    1e:20:83:ee:32:20:80:ce:ac:2c:3e:32:67:77:75:
                    be:7c:db:f4:9d:2e:5f:c8:e3:4b:ac:16:50:00:32:
                    e3:6f:ca:b2:5e:04:b5:4f:f4:44:a9:8c:04:f9:94:
                    77:1d:b9:79:b5:cb:28:b1:a1:60:86:33:d4:d0:ae:
                    63:90:47:09:d2:be:34:b5:cc:ad:1a:39:cf:08:b0:
                    82:eb:f0:03:1c:b5:a8:bd:ef:bc:1f:f1:50:fd:c6:
                    df:dd:5d:97:0f:fa:39:37:02:d8:15:86:46:27:d9:
                    33:82:41:90:10:0b:bd:11:f8:e9:0a:12:f3:4f:cf:
                    98:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:C9:5F:9C:69:33:02:FE:A9:24:D5:D4:73:66:B8:D4:C5:F7:5B:FC
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/RclfnGkzAv6pJNXUc2a41MX3W_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:af:4e:4c:a2:96:22:8a:d8:ba:73:53:68:c2:9a:36:1b:3c:
         91:d4:a6:1b:33:da:9a:2f:ee:e9:0b:84:a8:1d:41:cb:79:9d:
         e6:65:4b:0a:ee:ca:3e:f7:7a:d5:76:82:95:7d:53:fe:c2:1b:
         26:d1:9c:c5:69:65:aa:f3:dc:9f:09:00:fa:a4:60:08:a1:fa:
         13:c2:f4:5f:6c:ad:56:51:52:76:0d:05:34:7b:c1:db:15:50:
         2b:91:83:f4:b4:c0:f4:ae:82:49:b8:c7:8e:cb:a8:32:53:e0:
         a2:ca:cc:b3:7d:61:20:49:d4:61:26:47:53:9c:ce:f1:a3:40:
         ea:e7:0f:60:ef:5e:1a:59:de:d7:71:1f:2e:a9:e8:46:03:8c:
         ab:8e:cd:09:29:85:c6:5a:14:ca:3f:8a:5d:eb:8a:e1:17:6e:
         11:71:af:7b:ac:c6:db:a2:65:7f:67:07:f2:e2:d9:db:48:7e:
         ed:24:d2:54:0d:98:27:fd:e8:d4:f7:ab:52:03:6d:4d:2a:ca:
         a0:9d:90:68:4a:f9:ae:06:63:69:27:36:37:75:07:f8:60:9d:
         cf:1e:e5:f5:de:de:de:06:fe:a6:55:76:57:bd:c4:75:43:b0:
         eb:e9:4f:17:70:42:86:d8:1e:0e:4a:74:3c:36:48:93:5d:f0:
         7c:2c:f2:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEKagC3wSctMT7KrWvK08N3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwNzMxMjAxMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWM5NWY5YzY5MzMwMmZlYTkyNGQ1ZDQ3MzY2YjhkNGM1Zjc1YmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kvHuOU3k+w8qnx/laGXQX3Lx5/H
unS0/RH2BPEen4cGr9oNRY02v0av67G5IfWpHIgv//WXqBqMg1BdojP8K69tmb9t
18bEzvb0Wd2fLYAK3G+9XHTeb73S79cI7kKU8f62be9UQMQyzNmNfSI09Skg0OjJ
LxWxO+ILisyfbJw7ybUGi4AeIIPuMiCAzqwsPjJnd3W+fNv0nS5fyONLrBZQADLj
b8qyXgS1T/REqYwE+ZR3Hbl5tcsosaFghjPU0K5jkEcJ0r40tcytGjnPCLCC6/AD
HLWove+8H/FQ/cbf3V2XD/o5NwLYFYZGJ9kzgkGQEAu9EfjpChLzT8+YnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEXJX5xpMwL+qSTV1HNmuNTF91v8MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvUmNsZm5Ha3pBdjZwSk5YVWMyYTQxTVgzV193LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcqjMA0G
CSqGSIb3DQEBCwUAA4IBAQCsr05MopYiiti6c1Nowpo2GzyR1KYbM9qaL+7pC4So
HUHLeZ3mZUsK7so+93rVdoKVfVP+whsm0ZzFaWWq89yfCQD6pGAIofoTwvRfbK1W
UVJ2DQU0e8HbFVArkYP0tMD0roJJuMeOy6gyU+CiysyzfWEgSdRhJkdTnM7xo0Dq
5w9g714aWd7XcR8uqehGA4yrjs0JKYXGWhTKP4pd64rhF24Rca97rMbbomV/Zwfy
4tnbSH7tJNJUDZgn/ejU96tSA21NKsqgnZBoSvmuBmNpJzY3dQf4YJ3PHuX13t7e
Bv6mVXZXvcR1Q7Dr6U8XcEKG2B4OSnQ8NkiTXfB8LPIo
-----END CERTIFICATE-----