Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/sT1Vy62sMuvLba4Gz61YfPa5ofA.roa
File:                     sT1Vy62sMuvLba4Gz61YfPa5ofA.roa (raw, json)
Hash identifier:          PoYa1sgAccBniNLARhZ4V8Yt0E0ua86XhQpAFUvt31U=
Subject key identifier:   B1:3D:55:CB:AD:AC:32:EB:CB:6D:AE:06:CF:AD:58:7C:F6:B9:A1:F0
Certificate issuer:       /CN=002647c801fb58fcfaac135bb48f5e61fea7e566
Certificate serial:       0190BFF7EB7AA4D8213114447D6D5324283D
Authority key identifier: 00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/sT1Vy62sMuvLba4Gz61YfPa5ofA.roa
Signing time:             Wed 17 Jul 2024 09:13:34 +0000
ROA not before:           Wed 17 Jul 2024 09:13:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     393942
IP address blocks:        185.131.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bf:f7:eb:7a:a4:d8:21:31:14:44:7d:6d:53:24:28:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=002647c801fb58fcfaac135bb48f5e61fea7e566
        Validity
            Not Before: Jul 17 09:13:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b13d55cbadac32ebcb6dae06cfad587cf6b9a1f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:22:ff:e3:7a:f5:ec:ee:ef:98:cc:b3:f3:81:
                    17:6d:e7:f1:d4:a3:50:3e:9d:04:3e:da:51:94:84:
                    ff:3b:a0:f3:a9:b0:50:64:70:47:d1:4d:ce:a5:15:
                    74:c0:76:66:54:c8:44:9e:c6:82:52:91:9d:2a:84:
                    68:3a:70:5a:a8:7f:6a:7e:54:b4:47:3f:a8:21:30:
                    f9:3f:45:92:9f:c7:e7:37:81:de:2d:0a:42:a2:dd:
                    63:a0:67:f7:1d:f0:5f:a2:d5:84:ad:22:a6:f3:da:
                    87:18:1e:c3:37:77:1a:40:4c:aa:90:ea:56:ce:75:
                    ca:d9:e6:92:be:e5:c2:74:74:3d:01:11:2f:48:77:
                    3f:bb:85:16:9b:aa:31:d8:b2:b2:46:48:36:ca:e3:
                    15:9e:1c:2e:26:fd:a1:54:7b:f1:60:ee:8a:65:d5:
                    ea:32:0c:db:c4:3c:5f:ff:a9:65:e1:53:2c:5d:0d:
                    04:37:3d:d4:9b:5e:86:b2:28:38:ed:b8:36:35:53:
                    a6:4a:00:55:c0:91:4e:aa:dd:0e:e8:08:74:f7:7d:
                    fb:0a:66:e6:9d:28:73:0a:12:57:1b:3c:7e:b6:99:
                    89:7a:2c:a6:c5:3b:a8:d3:44:a2:6c:49:3d:d6:53:
                    8f:a3:97:bc:d6:ff:ba:dd:d8:86:bc:e6:1f:ad:af:
                    05:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:3D:55:CB:AD:AC:32:EB:CB:6D:AE:06:CF:AD:58:7C:F6:B9:A1:F0
            X509v3 Authority Key Identifier:
                keyid:00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/sT1Vy62sMuvLba4Gz61YfPa5ofA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:7e:f0:b6:0d:e7:d3:c9:48:83:58:66:e3:a5:ad:7d:04:4c:
         df:37:d6:c0:84:bb:dc:01:fb:fe:9d:95:b9:3e:de:17:43:7a:
         27:32:91:d5:a0:81:10:33:21:4c:a4:08:28:7a:88:5b:e5:8b:
         20:fb:f5:5e:8e:78:48:c8:03:a6:63:fc:c3:f0:34:45:8b:59:
         a6:ef:86:ae:fa:16:80:83:4f:8e:61:f1:f6:60:fc:12:57:60:
         3f:7e:2b:df:66:20:74:cc:35:a3:45:3e:f0:65:64:e5:55:66:
         f9:4d:71:c6:93:72:51:9b:0c:b1:63:c9:5f:f0:72:6a:31:cd:
         99:a5:1d:24:73:23:0d:10:60:ef:9e:52:9b:aa:50:7a:8a:fe:
         50:72:85:69:76:d6:5d:15:80:9f:a0:a6:81:93:82:24:47:7a:
         82:14:27:63:44:cf:98:97:d2:ab:f4:83:c9:22:0b:21:ac:1c:
         60:b0:5e:45:e7:a8:d7:f7:42:fd:8a:ba:35:d0:40:5c:ec:17:
         7c:80:80:a2:06:08:2a:93:90:aa:7f:8e:5c:da:78:67:9c:d6:
         f3:16:ea:1b:83:ef:15:aa:92:d7:2c:4f:3a:17:20:bb:96:44:
         0f:43:f6:8e:37:1f:7b:d8:41:f4:77:dc:cb:c7:6a:9d:48:6b:
         46:55:2c:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZC/9+t6pNghMRREfW1TJCg9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMjY0N2M4MDFmYjU4ZmNmYWFjMTM1YmI0OGY1ZTYxZmVh
N2U1NjYwHhcNMjQwNzE3MDkxMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTNkNTVjYmFkYWMzMmViY2I2ZGFlMDZjZmFkNTg3Y2Y2YjlhMWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCL/43r17O7vmMyz84EXbefx1KNQ
Pp0EPtpRlIT/O6DzqbBQZHBH0U3OpRV0wHZmVMhEnsaCUpGdKoRoOnBaqH9qflS0
Rz+oITD5P0WSn8fnN4HeLQpCot1joGf3HfBfotWErSKm89qHGB7DN3caQEyqkOpW
znXK2eaSvuXCdHQ9AREvSHc/u4UWm6ox2LKyRkg2yuMVnhwuJv2hVHvxYO6KZdXq
MgzbxDxf/6ll4VMsXQ0ENz3Um16Gsig47bg2NVOmSgBVwJFOqt0O6Ah09337Cmbm
nShzChJXGzx+tpmJeiymxTuo00SibEk91lOPo5e81v+63diGvOYfra8F8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLE9VcutrDLry22uBs+tWHz2uaHwMB8GA1UdIwQY
MBaAFAAmR8gB+1j8+qwTW7SPXmH+p+VmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODIt
OTRlZmJmNWNlY2Q0LzEvc1QxVnk2MnNNdXZMYmE0R3o2MVlmUGE1b2ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODItOTRlZmJmNWNlY2Q0
LzEvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYPPMA0G
CSqGSIb3DQEBCwUAA4IBAQAnfvC2DefTyUiDWGbjpa19BEzfN9bAhLvcAfv+nZW5
Pt4XQ3onMpHVoIEQMyFMpAgoeohb5Ysg+/VejnhIyAOmY/zD8DRFi1mm74au+haA
g0+OYfH2YPwSV2A/fivfZiB0zDWjRT7wZWTlVWb5TXHGk3JRmwyxY8lf8HJqMc2Z
pR0kcyMNEGDvnlKbqlB6iv5QcoVpdtZdFYCfoKaBk4IkR3qCFCdjRM+Yl9Kr9IPJ
IgshrBxgsF5F56jX90L9iro10EBc7Bd8gICiBggqk5Cqf45c2nhnnNbzFuobg+8V
qpLXLE86FyC7lkQPQ/aONx972EH0d9zLx2qdSGtGVSxU
-----END CERTIFICATE-----