Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/7dde96-10dd-4323-81d2-d2e3372ac29c/1/kQCj7GZw8gcSboVIigeA17lxGJQ.roa
File:                     kQCj7GZw8gcSboVIigeA17lxGJQ.roa (raw, json)
Hash identifier:          tFjabdoEkrx+Nrv3igJu+B7LKEMv7pJDm02E4YWbfoo=
Subject key identifier:   91:00:A3:EC:66:70:F2:07:12:6E:85:48:8A:07:80:D7:B9:71:18:94
Certificate issuer:       /CN=1f482e5e412c1debb776dedfaf45c33174e7642e
Certificate serial:       019001EC244F7A8FE9819C1137D65391198F
Authority key identifier: 1F:48:2E:5E:41:2C:1D:EB:B7:76:DE:DF:AF:45:C3:31:74:E7:64:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0guXkEsHeu3dt7fr0XDMXTnZC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/7dde96-10dd-4323-81d2-d2e3372ac29c/1/kQCj7GZw8gcSboVIigeA17lxGJQ.roa
Signing time:             Mon 10 Jun 2024 11:32:51 +0000
ROA not before:           Mon 10 Jun 2024 11:32:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60893
IP address blocks:        130.255.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/7dde96-10dd-4323-81d2-d2e3372ac29c/1/H0guXkEsHeu3dt7fr0XDMXTnZC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/7dde96-10dd-4323-81d2-d2e3372ac29c/1/H0guXkEsHeu3dt7fr0XDMXTnZC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0guXkEsHeu3dt7fr0XDMXTnZC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:01:ec:24:4f:7a:8f:e9:81:9c:11:37:d6:53:91:19:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f482e5e412c1debb776dedfaf45c33174e7642e
        Validity
            Not Before: Jun 10 11:32:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9100a3ec6670f207126e85488a0780d7b9711894
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:0e:39:df:f8:87:e5:22:54:26:51:36:11:8c:
                    a3:40:7e:1f:43:e3:4d:12:31:c2:fb:bd:07:e3:ab:
                    45:33:63:d5:ca:36:2b:b3:9e:91:92:87:69:48:30:
                    6e:3d:fa:74:c9:bc:44:19:3b:74:f6:a9:0e:9a:62:
                    41:91:56:22:35:3d:12:78:65:cd:0d:c8:45:4f:93:
                    c5:89:77:3f:b4:a9:cb:7e:e5:66:b0:bf:c3:e4:c4:
                    42:4b:d1:7c:75:d8:92:41:c8:60:0c:86:a3:22:ec:
                    31:0a:b3:4d:eb:7f:3e:1b:64:cf:02:02:a8:a4:15:
                    f8:15:f4:c1:92:7e:c2:5f:45:93:f1:67:4b:43:f9:
                    64:e8:3c:6b:d7:2c:b3:1a:73:6a:d0:f4:9e:d9:16:
                    7d:28:d5:b3:6a:5a:bb:f3:c5:4c:4a:a8:0b:d9:cd:
                    05:4d:6a:d8:c1:79:1a:95:5a:86:df:be:a0:19:e6:
                    60:3b:62:cc:1e:4f:43:a6:31:2b:a9:00:61:ac:33:
                    42:86:c3:b4:de:fb:26:bf:d0:26:4b:28:7f:48:19:
                    75:b8:fd:46:c9:a0:7f:f8:15:43:01:c9:8d:0d:5c:
                    2c:e1:6f:50:51:36:45:5c:e0:7d:48:7e:b4:90:2b:
                    0a:b3:c4:5c:bb:72:0d:37:21:08:58:9c:a0:fb:f8:
                    13:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:00:A3:EC:66:70:F2:07:12:6E:85:48:8A:07:80:D7:B9:71:18:94
            X509v3 Authority Key Identifier:
                keyid:1F:48:2E:5E:41:2C:1D:EB:B7:76:DE:DF:AF:45:C3:31:74:E7:64:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0guXkEsHeu3dt7fr0XDMXTnZC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/7dde96-10dd-4323-81d2-d2e3372ac29c/1/kQCj7GZw8gcSboVIigeA17lxGJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/7dde96-10dd-4323-81d2-d2e3372ac29c/1/H0guXkEsHeu3dt7fr0XDMXTnZC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.255.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:c9:0d:c8:73:85:34:2e:36:f7:c4:bd:6a:53:22:e9:1a:bf:
         37:5c:a1:08:a8:76:1c:15:28:ff:ce:46:86:47:0c:0a:7d:54:
         91:14:d9:18:39:a2:44:79:6d:71:8f:d8:93:96:fe:a0:5f:21:
         a6:19:26:13:78:d9:75:9e:68:40:2f:d9:38:51:6f:0e:9f:3f:
         af:0a:02:78:6b:09:bc:dd:9c:08:21:c4:35:74:80:2a:31:15:
         fb:f6:2c:0b:d3:ac:e0:1f:83:4a:4b:22:67:9a:ad:a9:1b:cd:
         c0:00:81:89:af:02:c4:ab:1f:5f:4e:b9:ec:8f:5c:63:c4:d8:
         07:9c:c6:15:08:18:07:79:89:84:3b:29:a6:ed:26:15:61:12:
         ab:84:bd:3b:07:db:fc:32:0c:9e:e2:ee:13:b2:92:d6:f6:2e:
         f3:0a:d8:99:37:eb:e9:a4:cc:0c:cc:3c:29:41:c8:11:83:93:
         14:31:d5:05:95:2a:7e:81:39:eb:71:9c:99:e4:d7:c2:e0:2d:
         a3:37:3f:71:34:b4:3f:26:e8:b7:6f:7c:f7:9f:4b:c9:5b:86:
         57:53:2c:2f:bd:70:61:3f:6d:fc:bb:f6:34:24:39:2f:04:fc:
         1b:53:31:38:03:64:81:af:57:c4:6b:57:44:17:87:b5:6a:e7:
         3f:a4:cc:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAB7CRPeo/pgZwRN9ZTkRmPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDgyZTVlNDEyYzFkZWJiNzc2ZGVkZmFmNDVjMzMxNzRl
NzY0MmUwHhcNMjQwNjEwMTEzMjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTAwYTNlYzY2NzBmMjA3MTI2ZTg1NDg4YTA3ODBkN2I5NzExODk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwg453/iH5SJUJlE2EYyjQH4fQ+NN
EjHC+70H46tFM2PVyjYrs56RkodpSDBuPfp0ybxEGTt09qkOmmJBkVYiNT0SeGXN
DchFT5PFiXc/tKnLfuVmsL/D5MRCS9F8ddiSQchgDIajIuwxCrNN638+G2TPAgKo
pBX4FfTBkn7CX0WT8WdLQ/lk6Dxr1yyzGnNq0PSe2RZ9KNWzalq788VMSqgL2c0F
TWrYwXkalVqG376gGeZgO2LMHk9DpjErqQBhrDNChsO03vsmv9AmSyh/SBl1uP1G
yaB/+BVDAcmNDVws4W9QUTZFXOB9SH60kCsKs8Rcu3INNyEIWJyg+/gTtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJEAo+xmcPIHEm6FSIoHgNe5cRiUMB8GA1UdIwQY
MBaAFB9ILl5BLB3rt3be369FwzF052QuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBndVhrRXNIZXUzZHQ3ZnIwWERNWFRuWkM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS83ZGRlOTYtMTBkZC00MzIzLTgxZDIt
ZDJlMzM3MmFjMjljLzEva1FDajdHWnc4Z2NTYm9WSWlnZUExN2x4R0pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS83ZGRlOTYtMTBkZC00MzIzLTgxZDItZDJlMzM3MmFjMjlj
LzEvSDBndVhrRXNIZXUzZHQ3ZnIwWERNWFRuWkM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgv+rMA0G
CSqGSIb3DQEBCwUAA4IBAQBgyQ3Ic4U0Ljb3xL1qUyLpGr83XKEIqHYcFSj/zkaG
RwwKfVSRFNkYOaJEeW1xj9iTlv6gXyGmGSYTeNl1nmhAL9k4UW8Onz+vCgJ4awm8
3ZwIIcQ1dIAqMRX79iwL06zgH4NKSyJnmq2pG83AAIGJrwLEqx9fTrnsj1xjxNgH
nMYVCBgHeYmEOymm7SYVYRKrhL07B9v8Mgye4u4TspLW9i7zCtiZN+vppMwMzDwp
QcgRg5MUMdUFlSp+gTnrcZyZ5NfC4C2jNz9xNLQ/Jui3b3z3n0vJW4ZXUywvvXBh
P238u/Y0JDkvBPwbUzE4A2SBr1fEa1dEF4e1auc/pMxV
-----END CERTIFICATE-----