Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/LiOpm8Bw3GirRvf1wrUJyZx2aBQ.roa
File:                     LiOpm8Bw3GirRvf1wrUJyZx2aBQ.roa (raw, json)
Hash identifier:          4M3xVjAN8hJK//QarRP4NeyLNDBgB4utDOK2cb0Dixw=
Subject key identifier:   2E:23:A9:9B:C0:70:DC:68:AB:46:F7:F5:C2:B5:09:C9:9C:76:68:14
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       01928AF96B85B7A9BCD49D42B649377B6214
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/LiOpm8Bw3GirRvf1wrUJyZx2aBQ.roa
Signing time:             Mon 14 Oct 2024 12:20:54 +0000
ROA not before:           Mon 14 Oct 2024 12:20:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215071
IP address blocks:        147.185.196.0/24 maxlen: 24
                          207.244.197.0/24 maxlen: 24
                          207.244.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:40:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8a:f9:6b:85:b7:a9:bc:d4:9d:42:b6:49:37:7b:62:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Oct 14 12:20:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e23a99bc070dc68ab46f7f5c2b509c99c766814
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f8:d3:5b:fe:c8:76:b3:cc:2e:d2:75:a0:f1:
                    b2:b6:93:d2:75:34:25:71:e9:ea:44:d7:a6:81:88:
                    f5:a7:f8:5d:d8:b7:0b:7d:27:38:0a:06:4a:74:1a:
                    ac:36:b5:e2:bf:73:a1:13:a7:ed:0e:67:45:79:fa:
                    b0:7a:fb:d1:2a:c9:41:a2:42:42:9c:7e:3e:cf:b1:
                    1e:2f:fe:e0:85:b6:07:b5:68:5c:62:d3:3f:92:cb:
                    96:75:b2:bb:0a:fa:f7:40:f6:3b:7b:8e:35:87:c7:
                    85:76:ac:83:5e:93:4a:87:b5:70:22:dc:05:df:9b:
                    db:ff:b5:23:cd:6d:2a:c4:9a:52:04:7f:dd:d8:53:
                    de:54:61:98:3c:b6:bf:28:77:ea:76:73:76:15:12:
                    01:41:0a:7b:fb:e3:df:f3:ef:c5:fb:06:6f:06:12:
                    f5:2b:e4:2f:37:84:35:c1:2b:ca:9e:54:37:5f:1d:
                    2e:d2:3b:e6:b4:01:b9:c5:d7:1b:78:f8:1a:26:24:
                    12:98:f9:0a:b0:3b:48:a3:f8:72:9c:9e:e8:4f:4f:
                    8f:c0:6a:be:d8:b3:b8:0b:f8:0b:86:5d:13:26:2a:
                    9a:6d:5c:90:4e:67:07:0a:ea:dc:88:ae:34:5e:5e:
                    8a:4e:2c:74:b6:2c:c2:58:0f:e3:44:5a:8f:bd:6d:
                    2b:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:23:A9:9B:C0:70:DC:68:AB:46:F7:F5:C2:B5:09:C9:9C:76:68:14
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/LiOpm8Bw3GirRvf1wrUJyZx2aBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.185.196.0/24
                  207.244.197.0-207.244.198.255

    Signature Algorithm: sha256WithRSAEncryption
         26:f5:00:ce:af:9f:3a:95:1d:82:ef:ed:dc:15:cc:c1:73:18:
         b3:c2:7a:e0:d7:56:45:09:62:2a:98:14:31:d1:c3:81:bd:a9:
         a6:3a:16:1f:f3:c9:1f:c6:d2:18:ea:a6:ac:84:53:09:91:ed:
         b7:d9:c0:c5:71:9b:db:c0:49:37:0d:90:06:47:a3:73:e2:b8:
         fc:8a:3d:7f:27:d7:d2:70:fc:fb:45:23:f2:6f:3b:ab:c9:0e:
         8f:08:49:c4:12:89:c0:9a:f7:f3:a9:18:7d:b8:fc:c6:1b:41:
         8f:32:28:1e:b3:f6:44:36:e7:54:28:13:8c:3a:f3:f5:95:bb:
         d7:5c:ef:4c:ca:30:6c:88:ab:e1:04:22:62:03:24:c0:1d:b1:
         70:1c:48:af:48:db:2d:da:c7:ea:28:e6:4b:63:85:3d:13:90:
         0e:de:d8:9a:68:9a:f8:f5:dd:39:25:c4:91:af:d2:e6:e4:a1:
         13:56:18:4b:ce:34:7a:c3:ec:1e:c3:b8:38:93:66:be:c9:03:
         2a:79:d2:50:7a:a5:76:4f:3d:60:21:e5:fa:56:61:52:d9:24:
         6f:1d:ed:3f:86:c0:9d:16:7b:57:77:11:8f:6a:d9:7c:a3:af:
         fb:6d:94:42:b0:84:3e:ee:6c:2d:8a:ba:c4:25:56:b0:92:6e:
         6d:26:a7:29
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZKK+WuFt6m81J1Ctkk3e2IUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjQxMDE0MTIyMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTIzYTk5YmMwNzBkYzY4YWI0NmY3ZjVjMmI1MDljOTljNzY2ODE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vjTW/7IdrPMLtJ1oPGytpPSdTQl
cenqRNemgYj1p/hd2LcLfSc4CgZKdBqsNrXiv3OhE6ftDmdFefqwevvRKslBokJC
nH4+z7EeL/7ghbYHtWhcYtM/ksuWdbK7Cvr3QPY7e441h8eFdqyDXpNKh7VwItwF
35vb/7UjzW0qxJpSBH/d2FPeVGGYPLa/KHfqdnN2FRIBQQp7++Pf8+/F+wZvBhL1
K+QvN4Q1wSvKnlQ3Xx0u0jvmtAG5xdcbePgaJiQSmPkKsDtIo/hynJ7oT0+PwGq+
2LO4C/gLhl0TJiqabVyQTmcHCurciK40Xl6KTix0tizCWA/jRFqPvW0rnwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFC4jqZvAcNxoq0b39cK1CcmcdmgUMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvTGlPcG04QnczR2lyUnZmMXdyVUp5WngyYUJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAk7nEMAwD
BADP9MUDBADP9MYwDQYJKoZIhvcNAQELBQADggEBACb1AM6vnzqVHYLv7dwVzMFz
GLPCeuDXVkUJYiqYFDHRw4G9qaY6Fh/zyR/G0hjqpqyEUwmR7bfZwMVxm9vASTcN
kAZHo3PiuPyKPX8n19Jw/PtFI/JvO6vJDo8IScQSicCa9/OpGH24/MYbQY8yKB6z
9kQ251QoE4w68/WVu9dc70zKMGyIq+EEImIDJMAdsXAcSK9I2y3ax+oo5ktjhT0T
kA7e2Jpomvj13TklxJGv0ubkoRNWGEvONHrD7B7DuDiTZr7JAyp50lB6pXZPPWAh
5fpWYVLZJG8d7T+GwJ0We1d3EY9q2Xyjr/ttlEKwhD7ubC2KusQlVrCSbm0mpyk=
-----END CERTIFICATE-----