Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/d765a4-54eb-410d-8f3d-689ba4d33c4b/1/1-Ppl9xP2j3UQpUw1cFDlCWzzsbY.roa
File:                     1-Ppl9xP2j3UQpUw1cFDlCWzzsbY.roa (raw, json)
Hash identifier:          2V6OnG1YonIt/uzufi6Pj60ddgsVckDD3MzBKYOWoUY=
Subject key identifier:   F8:FA:65:F7:13:F6:8F:75:10:A5:4C:35:70:50:E5:09:6C:F3:B1:B6
Certificate issuer:       /CN=493a2d48376330a582faf3e3032ef7b0bcca33e8
Certificate serial:       01905E35BD45AFFC3B608F5994B6A374AD1F
Authority key identifier: 49:3A:2D:48:37:63:30:A5:82:FA:F3:E3:03:2E:F7:B0:BC:CA:33:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/STotSDdjMKWC-vPjAy73sLzKM-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/d765a4-54eb-410d-8f3d-689ba4d33c4b/1/1-Ppl9xP2j3UQpUw1cFDlCWzzsbY.roa
Signing time:             Fri 28 Jun 2024 09:38:18 +0000
ROA not before:           Fri 28 Jun 2024 09:38:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31693
IP address blocks:        164.138.56.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/d765a4-54eb-410d-8f3d-689ba4d33c4b/1/STotSDdjMKWC-vPjAy73sLzKM-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/d765a4-54eb-410d-8f3d-689ba4d33c4b/1/STotSDdjMKWC-vPjAy73sLzKM-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/STotSDdjMKWC-vPjAy73sLzKM-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5e:35:bd:45:af:fc:3b:60:8f:59:94:b6:a3:74:ad:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=493a2d48376330a582faf3e3032ef7b0bcca33e8
        Validity
            Not Before: Jun 28 09:38:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8fa65f713f68f7510a54c357050e5096cf3b1b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b2:14:18:1b:df:cc:24:49:be:ad:4d:2f:e6:
                    b8:47:95:e7:7b:d1:88:a2:a3:e4:bf:51:3d:32:a0:
                    ec:71:85:d0:5d:56:ed:cf:b4:23:7a:7a:34:63:26:
                    af:f1:96:0a:ac:64:ba:52:50:73:b6:fd:72:6c:32:
                    a6:2a:3f:49:1e:a2:20:e2:7a:7a:76:f5:cc:e2:92:
                    69:65:eb:67:c4:a1:42:19:66:e3:f0:a3:7f:a2:f7:
                    bd:a8:92:9c:47:52:d1:2e:48:43:5c:d1:bd:79:cc:
                    60:88:85:d1:45:3f:ef:4b:85:58:f8:91:a4:75:4d:
                    ce:43:d4:fa:b5:e0:c2:f5:1a:11:f0:df:07:40:78:
                    3b:3a:9f:de:8b:ec:31:46:a1:02:60:1c:6f:8b:2c:
                    98:78:f3:89:1a:78:06:90:9a:cf:d0:80:eb:27:52:
                    a0:4d:9b:e3:c1:51:27:be:02:3c:49:75:96:14:15:
                    bd:f6:9f:81:a9:b7:4e:fe:6f:7e:09:9f:54:70:4a:
                    7b:84:99:2c:f7:c2:e3:66:69:81:91:0f:73:d3:cf:
                    bb:d4:05:5e:b8:68:5f:31:0b:62:b6:fa:ec:52:06:
                    bb:14:0f:6d:81:13:57:78:c5:86:0c:c3:e4:99:a7:
                    8b:c6:76:24:21:84:5b:22:05:7a:17:bb:4f:02:81:
                    81:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:FA:65:F7:13:F6:8F:75:10:A5:4C:35:70:50:E5:09:6C:F3:B1:B6
            X509v3 Authority Key Identifier:
                keyid:49:3A:2D:48:37:63:30:A5:82:FA:F3:E3:03:2E:F7:B0:BC:CA:33:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/STotSDdjMKWC-vPjAy73sLzKM-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/d765a4-54eb-410d-8f3d-689ba4d33c4b/1/1-Ppl9xP2j3UQpUw1cFDlCWzzsbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/d765a4-54eb-410d-8f3d-689ba4d33c4b/1/STotSDdjMKWC-vPjAy73sLzKM-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.138.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         10:ab:e7:eb:e7:29:8b:5a:32:99:d3:de:f8:b1:5f:f1:0f:4a:
         d6:ed:2b:9c:e3:54:92:48:ed:4a:40:b4:c0:8f:45:69:1a:49:
         83:0c:9f:74:a2:44:39:e5:3c:ef:9a:f3:c0:40:f3:1d:6d:13:
         e4:b0:eb:76:31:c0:79:f3:06:06:76:a0:4f:ea:9e:46:7f:c5:
         e7:64:93:c1:42:16:ae:53:fb:6a:04:66:f9:db:32:c6:03:e7:
         91:68:6c:74:79:38:24:c7:c7:64:c5:ff:59:e5:68:8a:f6:33:
         0b:f6:9f:47:f4:1d:ed:62:29:67:cc:0d:5f:2a:63:b2:89:d0:
         9a:51:33:22:39:93:b3:e2:7d:70:a6:11:a5:e2:92:8a:97:9d:
         3c:b3:19:6a:df:e9:68:74:1e:a9:81:88:cf:5d:d2:9a:15:e7:
         30:df:cb:17:29:4d:ae:ad:c5:de:02:1c:f6:b0:b3:4d:4b:72:
         42:c4:f2:64:21:15:6c:53:65:bf:95:bc:ff:30:82:60:08:cf:
         dd:85:c5:12:e5:f3:d3:1e:63:b6:ed:92:f8:58:40:41:28:f5:
         a6:d6:c3:0c:19:08:77:ec:3e:f7:81:4e:2c:c7:b4:59:62:ed:
         c3:c8:00:e5:d8:eb:aa:6e:61:1c:27:3a:3b:46:3f:bb:e9:c3:
         1f:a9:86:c8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBeNb1Fr/w7YI9ZlLajdK0fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5M2EyZDQ4Mzc2MzMwYTU4MmZhZjNlMzAzMmVmN2IwYmNj
YTMzZTgwHhcNMjQwNjI4MDkzODE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGZhNjVmNzEzZjY4Zjc1MTBhNTRjMzU3MDUwZTUwOTZjZjNiMWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7IUGBvfzCRJvq1NL+a4R5Xne9GI
oqPkv1E9MqDscYXQXVbtz7Qjeno0Yyav8ZYKrGS6UlBztv1ybDKmKj9JHqIg4np6
dvXM4pJpZetnxKFCGWbj8KN/ove9qJKcR1LRLkhDXNG9ecxgiIXRRT/vS4VY+JGk
dU3OQ9T6teDC9RoR8N8HQHg7Op/ei+wxRqECYBxviyyYePOJGngGkJrP0IDrJ1Kg
TZvjwVEnvgI8SXWWFBW99p+BqbdO/m9+CZ9UcEp7hJks98LjZmmBkQ9z08+71AVe
uGhfMQtitvrsUga7FA9tgRNXeMWGDMPkmaeLxnYkIYRbIgV6F7tPAoGB1wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPj6ZfcT9o91EKVMNXBQ5Qls87G2MB8GA1UdIwQY
MBaAFEk6LUg3YzClgvrz4wMu97C8yjPoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1RvdFNEZGpNS1dDLXZQakF5NzNzTHpLTS1nLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9kNzY1YTQtNTRlYi00MTBkLThmM2Qt
Njg5YmE0ZDMzYzRiLzEvMS1QcGw5eFAyajNVUXBVdzFjRkRsQ1d6enNiWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjQvZDc2NWE0LTU0ZWItNDEwZC04ZjNkLTY4OWJhNGQzM2M0
Yi8xL1NUb3RTRGRqTUtXQy12UGpBeTczc0x6S00tZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA6SKODAN
BgkqhkiG9w0BAQsFAAOCAQEAEKvn6+cpi1oymdPe+LFf8Q9K1u0rnONUkkjtSkC0
wI9FaRpJgwyfdKJEOeU875rzwEDzHW0T5LDrdjHAefMGBnagT+qeRn/F52STwUIW
rlP7agRm+dsyxgPnkWhsdHk4JMfHZMX/WeVoivYzC/afR/Qd7WIpZ8wNXypjsonQ
mlEzIjmTs+J9cKYRpeKSipedPLMZat/paHQeqYGIz13SmhXnMN/LFylNrq3F3gIc
9rCzTUtyQsTyZCEVbFNlv5W8/zCCYAjP3YXFEuXz0x5jtu2S+FhAQSj1ptbDDBkI
d+w+94FOLMe0WWLtw8gA5djrqm5hHCc6O0Y/u+nDH6mGyA==
-----END CERTIFICATE-----