Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/793e7c-7139-4da6-b802-d4bc772a92bd/1/1--_Zcgs6dmSejokLiM_ybNoSeYY.roa
File:                     1--_Zcgs6dmSejokLiM_ybNoSeYY.roa (raw, json)
Hash identifier:          WtkOeqxSouyMu3WCH8w+fCLALFhCyGea7LlfmEYOb0U=
Subject key identifier:   FB:EF:D9:72:0B:3A:76:64:9E:8E:89:0B:88:CF:F2:6C:DA:12:79:86
Certificate issuer:       /CN=02f56262c9e8c7d1344df2b0f8c25da13abd6222
Certificate serial:       019421B2029DA1539C3C34A84CCC4EFFE819
Authority key identifier: 02:F5:62:62:C9:E8:C7:D1:34:4D:F2:B0:F8:C2:5D:A1:3A:BD:62:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AvViYsnox9E0TfKw-MJdoTq9YiI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/793e7c-7139-4da6-b802-d4bc772a92bd/1/1--_Zcgs6dmSejokLiM_ybNoSeYY.roa
Signing time:             Wed 01 Jan 2025 11:48:21 +0000
ROA not before:           Wed 01 Jan 2025 11:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207620
IP address blocks:        84.38.241.0/24 maxlen: 24
                          91.224.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/793e7c-7139-4da6-b802-d4bc772a92bd/1/AvViYsnox9E0TfKw-MJdoTq9YiI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/793e7c-7139-4da6-b802-d4bc772a92bd/1/AvViYsnox9E0TfKw-MJdoTq9YiI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AvViYsnox9E0TfKw-MJdoTq9YiI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:02:9d:a1:53:9c:3c:34:a8:4c:cc:4e:ff:e8:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02f56262c9e8c7d1344df2b0f8c25da13abd6222
        Validity
            Not Before: Jan  1 11:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fbefd9720b3a76649e8e890b88cff26cda127986
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:46:95:1f:33:12:01:f5:5b:8a:ca:4a:42:b7:
                    a2:b7:33:02:4f:bf:90:da:98:50:44:d8:e3:e2:ab:
                    bd:76:5b:81:8f:3d:0a:bb:e8:98:94:e9:c8:f3:94:
                    c4:72:91:e1:a9:da:56:d7:be:64:1c:06:f3:2d:c0:
                    aa:17:a2:fd:01:06:16:f8:a3:55:0d:b0:54:0e:4e:
                    10:84:7f:c1:a7:e8:ed:fb:e4:40:6b:36:a6:74:8c:
                    43:18:72:d2:30:a1:fd:39:a6:c3:08:d8:3f:78:34:
                    73:b3:6a:46:2a:eb:8b:93:ce:48:b1:a3:cf:0d:ca:
                    1b:d8:d2:26:aa:38:db:97:31:21:7a:74:4f:9c:e2:
                    57:48:5f:03:5f:f4:ac:3c:db:c4:a9:d1:44:d0:d6:
                    65:00:76:ae:5b:fc:f0:bc:a8:fc:48:11:22:6a:40:
                    ed:e3:c4:46:81:69:b9:06:d3:93:e5:5d:a3:c0:46:
                    27:27:84:71:ab:2f:33:1f:61:ff:fc:48:6e:c6:82:
                    43:de:7d:8b:a5:f2:a0:6f:ba:ea:11:54:02:f1:1e:
                    34:b0:a8:e3:4e:83:7c:63:db:03:dd:8f:42:71:b7:
                    db:74:c3:d7:3d:32:cc:3d:a5:1b:65:14:4c:24:0d:
                    76:ce:51:e6:cf:b3:d0:16:44:94:c2:b9:d4:99:37:
                    99:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:EF:D9:72:0B:3A:76:64:9E:8E:89:0B:88:CF:F2:6C:DA:12:79:86
            X509v3 Authority Key Identifier:
                keyid:02:F5:62:62:C9:E8:C7:D1:34:4D:F2:B0:F8:C2:5D:A1:3A:BD:62:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AvViYsnox9E0TfKw-MJdoTq9YiI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/793e7c-7139-4da6-b802-d4bc772a92bd/1/1--_Zcgs6dmSejokLiM_ybNoSeYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/793e7c-7139-4da6-b802-d4bc772a92bd/1/AvViYsnox9E0TfKw-MJdoTq9YiI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.241.0/24
                  91.224.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:74:48:08:14:6f:51:10:3c:33:72:b4:d7:04:1b:34:4d:98:
         a6:f9:64:8c:2a:53:4e:d5:74:94:aa:f0:42:16:43:04:c9:bd:
         25:c6:5b:2a:25:a9:5b:b8:b2:d0:d1:a9:8b:98:83:e7:27:bb:
         20:9e:3e:32:bf:cc:81:42:51:92:57:76:37:6d:8d:b8:ad:81:
         8d:1e:1c:53:e9:bf:84:90:47:0a:91:15:4b:c0:75:62:e6:f2:
         a5:6e:2e:5b:c7:69:8e:c7:5e:4b:1c:8d:24:8a:5a:bc:77:ca:
         3a:23:ef:f7:b2:e0:fd:74:ec:ac:01:65:26:ab:7f:f3:34:7f:
         0d:98:1d:83:39:dd:74:60:44:f7:3a:ac:cf:c7:d8:65:40:53:
         89:fd:9b:4e:93:71:59:9f:d9:3b:c8:b0:1e:0d:f9:d5:0a:df:
         93:2b:4e:43:bc:58:b6:fb:00:9f:b6:7a:3e:ec:d0:c9:03:8a:
         d6:cd:52:50:64:c3:7f:8e:64:69:8a:65:eb:c1:f1:bb:97:8d:
         85:15:ea:33:00:20:93:59:4a:f2:e0:76:ee:da:b0:62:8c:09:
         d5:64:52:eb:ee:53:94:43:5c:73:32:32:4b:f4:1f:11:37:57:
         c2:1b:f1:85:d0:8f:de:53:9a:83:92:9b:1e:21:17:d9:89:6e:
         00:f2:29:f8
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQhsgKdoVOcPDSoTMxO/+gZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyZjU2MjYyYzllOGM3ZDEzNDRkZjJiMGY4YzI1ZGExM2Fi
ZDYyMjIwHhcNMjUwMTAxMTE0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmVmZDk3MjBiM2E3NjY0OWU4ZTg5MGI4OGNmZjI2Y2RhMTI3OTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5UaVHzMSAfVbispKQreitzMCT7+Q
2phQRNjj4qu9dluBjz0Ku+iYlOnI85TEcpHhqdpW175kHAbzLcCqF6L9AQYW+KNV
DbBUDk4QhH/Bp+jt++RAazamdIxDGHLSMKH9OabDCNg/eDRzs2pGKuuLk85IsaPP
Dcob2NImqjjblzEhenRPnOJXSF8DX/SsPNvEqdFE0NZlAHauW/zwvKj8SBEiakDt
48RGgWm5BtOT5V2jwEYnJ4Rxqy8zH2H//EhuxoJD3n2LpfKgb7rqEVQC8R40sKjj
ToN8Y9sD3Y9CcbfbdMPXPTLMPaUbZRRMJA12zlHmz7PQFkSUwrnUmTeZAQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPvv2XILOnZkno6JC4jP8mzaEnmGMB8GA1UdIwQY
MBaAFAL1YmLJ6MfRNE3ysPjCXaE6vWIiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXZWaVlzbm94OUUwVGZLdy1NSmRvVHE5WWlJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC83OTNlN2MtNzEzOS00ZGE2LWI4MDIt
ZDRiYzc3MmE5MmJkLzEvMS0tX1pjZ3M2ZG1TZWpva0xpTV95Yk5vU2VZWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTgvNzkzZTdjLTcxMzktNGRhNi1iODAyLWQ0YmM3NzJhOTJi
ZC8xL0F2VmlZc25veDlFMFRmS3ctTUpkb1RxOVlpSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAFQm8QME
AFvgqjANBgkqhkiG9w0BAQsFAAOCAQEAMHRICBRvURA8M3K01wQbNE2YpvlkjCpT
TtV0lKrwQhZDBMm9JcZbKiWpW7iy0NGpi5iD5ye7IJ4+Mr/MgUJRkld2N22NuK2B
jR4cU+m/hJBHCpEVS8B1YubypW4uW8dpjsdeSxyNJIpavHfKOiPv97Lg/XTsrAFl
Jqt/8zR/DZgdgznddGBE9zqsz8fYZUBTif2bTpNxWZ/ZO8iwHg351QrfkytOQ7xY
tvsAn7Z6PuzQyQOK1s1SUGTDf45kaYpl68Hxu5eNhRXqMwAgk1lK8uB27tqwYowJ
1WRS6+5TlENcczIyS/QfETdXwhvxhdCP3lOag5KbHiEX2YluAPIp+A==
-----END CERTIFICATE-----