Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/DOpacWobpdU-FajkgHEGzTfR8tc.roa
File:                     DOpacWobpdU-FajkgHEGzTfR8tc.roa (raw, json)
Hash identifier:          mE73T9eGGu7+n83RSnDiC+9WLf3RKAmRZMUJAN5e0t8=
Subject key identifier:   0C:EA:5A:71:6A:1B:A5:D5:3E:15:A8:E4:80:71:06:CD:37:D1:F2:D7
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       0192484FE67AE818856DF4B35D2B250D0AC0
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/DOpacWobpdU-FajkgHEGzTfR8tc.roa
Signing time:             Tue 01 Oct 2024 13:40:48 +0000
ROA not before:           Tue 01 Oct 2024 13:40:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204958
IP address blocks:        152.89.171.0/24 maxlen: 24
                          185.57.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:48:4f:e6:7a:e8:18:85:6d:f4:b3:5d:2b:25:0d:0a:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Oct  1 13:40:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cea5a716a1ba5d53e15a8e4807106cd37d1f2d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d3:11:4f:1d:48:6d:93:18:be:6b:ec:03:31:
                    02:08:8a:e8:f3:28:f6:64:4b:4c:d4:7d:02:23:0e:
                    35:ff:17:57:09:ee:65:38:9d:da:5e:c2:62:c9:ec:
                    ce:cc:14:6e:ff:c9:69:07:c0:af:9b:4c:22:36:13:
                    df:1f:9c:f1:18:2c:ed:2e:63:71:c1:09:18:cb:27:
                    01:5e:bc:06:10:9e:97:1f:9c:46:82:49:97:ca:72:
                    2b:2a:f3:5a:ea:a4:9e:0e:41:d3:bb:fc:5d:4b:c6:
                    ed:58:1a:9b:0d:f7:14:c9:7f:ee:9d:42:ef:f0:a0:
                    87:ae:e5:70:af:ac:67:04:81:d9:aa:1d:05:02:54:
                    ca:e5:a9:5c:7f:58:05:e8:ec:70:5f:45:30:cd:87:
                    d2:41:76:5d:f2:cf:67:5b:78:d8:ab:9a:89:f3:57:
                    fa:21:54:37:3c:e4:a7:4e:6d:6c:47:69:d5:f5:3e:
                    cd:82:b7:de:e9:5d:9e:e0:3e:3e:c0:70:ad:8a:70:
                    37:24:be:3f:01:ff:5a:41:10:be:fe:76:80:4f:8b:
                    24:c7:f1:67:93:9c:da:22:f8:09:4a:31:77:bc:31:
                    09:bb:b3:c7:1a:09:f2:12:81:16:34:42:f3:14:85:
                    a0:62:b1:14:72:9f:0a:85:7a:c6:22:ae:38:4c:ba:
                    e1:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:EA:5A:71:6A:1B:A5:D5:3E:15:A8:E4:80:71:06:CD:37:D1:F2:D7
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/DOpacWobpdU-FajkgHEGzTfR8tc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.171.0/24
                  185.57.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:90:bc:ad:f5:8e:2f:19:49:f7:c0:97:e0:dc:b1:43:54:73:
         94:6b:3e:bc:71:99:87:3a:ce:c8:8e:0c:bb:81:54:09:f4:84:
         2f:cc:5d:d6:ff:46:fd:62:d9:fa:97:95:82:7b:40:5f:e7:07:
         13:3d:a1:4f:10:7e:b6:ce:dc:ca:ee:cf:d4:a2:ef:d1:76:44:
         91:d4:67:e7:9a:b7:65:0f:f2:5e:37:3c:ef:b9:67:ea:a0:e2:
         d7:4a:bf:90:a0:03:53:26:82:26:08:c9:af:40:ef:30:8a:e9:
         f4:34:0f:ba:4c:ad:65:23:a5:5a:61:c5:17:20:74:57:40:1e:
         6a:cb:60:a2:ab:a6:61:8f:a7:6a:0c:6f:4f:d6:c6:07:b9:d2:
         2b:1a:17:ca:0f:a1:89:41:33:44:b9:27:b2:ac:2c:ce:94:c8:
         16:54:68:75:8f:54:23:fa:39:76:67:d1:0e:41:fe:8f:0c:a0:
         a5:6b:5e:4d:c1:53:3b:1b:4a:31:02:24:02:4b:4f:6f:0c:34:
         74:ae:07:93:0a:85:50:04:c9:74:b2:37:76:32:f3:2f:c1:40:
         3e:5e:26:5b:43:f8:6e:87:5e:7d:2d:4e:5e:4b:a1:89:cb:f6:
         0b:26:44:d2:2d:25:e3:c4:48:b8:50:2d:e6:ee:78:2c:db:45:
         96:a0:db:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJIT+Z66BiFbfSzXSslDQrAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQxMDAxMTM0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2VhNWE3MTZhMWJhNWQ1M2UxNWE4ZTQ4MDcxMDZjZDM3ZDFmMmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutMRTx1IbZMYvmvsAzECCIro8yj2
ZEtM1H0CIw41/xdXCe5lOJ3aXsJiyezOzBRu/8lpB8Cvm0wiNhPfH5zxGCztLmNx
wQkYyycBXrwGEJ6XH5xGgkmXynIrKvNa6qSeDkHTu/xdS8btWBqbDfcUyX/unULv
8KCHruVwr6xnBIHZqh0FAlTK5alcf1gF6OxwX0UwzYfSQXZd8s9nW3jYq5qJ81f6
IVQ3POSnTm1sR2nV9T7Ngrfe6V2e4D4+wHCtinA3JL4/Af9aQRC+/naAT4skx/Fn
k5zaIvgJSjF3vDEJu7PHGgnyEoEWNELzFIWgYrEUcp8KhXrGIq44TLrhYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAzqWnFqG6XVPhWo5IBxBs030fLXMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvRE9wYWNXb2JwZFUtRmFqa2dIRUd6VGZSOHRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAmFmrAwQA
uTnnMA0GCSqGSIb3DQEBCwUAA4IBAQAPkLyt9Y4vGUn3wJfg3LFDVHOUaz68cZmH
Os7Ijgy7gVQJ9IQvzF3W/0b9Ytn6l5WCe0Bf5wcTPaFPEH62ztzK7s/Uou/RdkSR
1GfnmrdlD/JeNzzvuWfqoOLXSr+QoANTJoImCMmvQO8wiun0NA+6TK1lI6VaYcUX
IHRXQB5qy2Ciq6Zhj6dqDG9P1sYHudIrGhfKD6GJQTNEuSeyrCzOlMgWVGh1j1Qj
+jl2Z9EOQf6PDKCla15NwVM7G0oxAiQCS09vDDR0rgeTCoVQBMl0sjd2MvMvwUA+
XiZbQ/huh159LU5eS6GJy/YLJkTSLSXjxEi4UC3m7ngs20WWoNt+
-----END CERTIFICATE-----