Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/HdJq5jkCCNlLXkJJDti5vq96dlY.roa
File:                     HdJq5jkCCNlLXkJJDti5vq96dlY.roa (raw, json)
Hash identifier:          D1R86tkeevaAkEl61LEdG0truRs1FeJ+hz8AisN9AsA=
Subject key identifier:   1D:D2:6A:E6:39:02:08:D9:4B:5E:42:49:0E:D8:B9:BE:AF:7A:76:56
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       0192ED23D53DBF1E884EB9DAB8864B6A8CED
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/HdJq5jkCCNlLXkJJDti5vq96dlY.roa
Signing time:             Sat 02 Nov 2024 13:50:01 +0000
ROA not before:           Sat 02 Nov 2024 13:50:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395793
IP address blocks:        147.185.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ed:23:d5:3d:bf:1e:88:4e:b9:da:b8:86:4b:6a:8c:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Nov  2 13:50:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dd26ae6390208d94b5e42490ed8b9beaf7a7656
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:bf:89:d3:2e:78:7c:cf:51:28:05:e8:2b:7b:
                    0e:2e:7f:39:3d:28:d9:79:ce:74:80:e2:7d:05:89:
                    79:d4:0d:d9:87:ac:fd:c9:17:ae:cc:d8:90:28:f0:
                    bd:ac:7c:2b:2c:19:0e:f2:c8:67:0c:56:1a:d0:1b:
                    2f:c0:2f:4d:64:67:2f:9c:f5:52:60:2c:e3:e7:15:
                    b4:5d:10:bc:98:39:6e:df:c8:5a:51:3d:62:e3:df:
                    f5:b7:74:35:12:8e:b4:56:2b:ef:3f:c7:ab:5f:72:
                    bb:c2:da:0b:a2:41:08:71:b2:8e:be:80:cf:39:a4:
                    a4:65:e0:74:69:2c:50:78:e7:c5:33:ab:2a:67:40:
                    36:26:b6:45:e4:45:a9:9a:0d:d4:08:8e:02:97:e6:
                    b1:ac:8b:bd:9b:26:fc:1a:70:e7:33:a5:e8:1f:54:
                    c7:bd:9a:12:75:ce:18:7a:27:30:fc:dc:66:4e:5c:
                    a7:e5:19:73:1c:0d:9b:9b:09:24:0e:0e:64:d8:9a:
                    d6:7a:23:94:06:a0:7f:fe:ea:a0:82:91:b7:0a:33:
                    d4:9a:2a:15:d8:cb:4d:dd:31:fe:ff:39:bd:e2:02:
                    fd:0b:10:58:ba:91:c9:73:13:6f:10:ee:c7:23:c2:
                    3e:d8:c4:a0:55:70:b3:66:4b:69:bb:4e:a7:6e:94:
                    9e:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:D2:6A:E6:39:02:08:D9:4B:5E:42:49:0E:D8:B9:BE:AF:7A:76:56
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/HdJq5jkCCNlLXkJJDti5vq96dlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.185.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:8d:71:ce:14:8e:8a:57:ce:0c:98:b8:fd:33:9d:1b:91:15:
         ac:21:7b:cd:eb:27:31:f3:20:3c:3e:2e:d0:fb:57:00:c9:20:
         43:ef:24:3f:ef:e9:0d:0a:e7:51:eb:b5:c4:f1:7d:8f:66:5a:
         92:32:b3:1b:0d:b7:2f:c3:e2:22:f5:a7:d1:83:7a:b2:20:3b:
         c2:28:21:5a:18:16:42:54:32:01:f6:fb:fe:6e:99:83:d9:cb:
         c4:76:90:17:14:a7:74:dc:ec:ed:05:16:8e:c6:40:97:63:59:
         02:e7:c1:98:c7:0a:7b:04:ac:10:cb:a4:9a:28:87:ff:65:4a:
         14:57:99:89:18:96:16:d5:db:19:31:fa:db:48:fb:ab:b2:39:
         9f:37:0f:5f:6a:28:45:dd:8c:1a:97:c6:76:e8:16:f8:24:16:
         22:17:ff:32:c6:de:ab:99:48:84:1a:86:3e:f1:c5:c2:1f:19:
         24:cd:17:54:f0:8f:9e:aa:39:3a:c6:d3:b3:f3:38:c3:89:dc:
         7e:eb:87:4f:47:c9:66:69:f6:15:46:05:9f:0d:bb:fb:51:99:
         1f:a6:7a:9c:d3:53:41:6d:0b:cc:a6:59:c1:c2:56:45:1e:4f:
         93:30:da:24:a4:2b:06:18:f5:18:8e:ee:82:b9:01:af:d7:09:
         bf:ae:cc:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLtI9U9vx6ITrnauIZLaoztMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjQxMTAyMTM1MDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGQyNmFlNjM5MDIwOGQ5NGI1ZTQyNDkwZWQ4YjliZWFmN2E3NjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqr+J0y54fM9RKAXoK3sOLn85PSjZ
ec50gOJ9BYl51A3Zh6z9yReuzNiQKPC9rHwrLBkO8shnDFYa0BsvwC9NZGcvnPVS
YCzj5xW0XRC8mDlu38haUT1i49/1t3Q1Eo60VivvP8erX3K7wtoLokEIcbKOvoDP
OaSkZeB0aSxQeOfFM6sqZ0A2JrZF5EWpmg3UCI4Cl+axrIu9myb8GnDnM6XoH1TH
vZoSdc4Yeicw/NxmTlyn5RlzHA2bmwkkDg5k2JrWeiOUBqB//uqggpG3CjPUmioV
2MtN3TH+/zm94gL9CxBYupHJcxNvEO7HI8I+2MSgVXCzZktpu06nbpSezQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3SauY5AgjZS15CSQ7Yub6venZWMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvSGRKcTVqa0NDTmxMWGtKSkR0aTV2cTk2ZGxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk7nPMA0G
CSqGSIb3DQEBCwUAA4IBAQBrjXHOFI6KV84MmLj9M50bkRWsIXvN6ycx8yA8Pi7Q
+1cAySBD7yQ/7+kNCudR67XE8X2PZlqSMrMbDbcvw+Ii9afRg3qyIDvCKCFaGBZC
VDIB9vv+bpmD2cvEdpAXFKd03OztBRaOxkCXY1kC58GYxwp7BKwQy6SaKIf/ZUoU
V5mJGJYW1dsZMfrbSPursjmfNw9faihF3Ywal8Z26Bb4JBYiF/8yxt6rmUiEGoY+
8cXCHxkkzRdU8I+eqjk6xtOz8zjDidx+64dPR8lmafYVRgWfDbv7UZkfpnqc01NB
bQvMplnBwlZFHk+TMNokpCsGGPUYju6CuQGv1wm/rsww
-----END CERTIFICATE-----