Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/fIm9jMAajXrEPaJkgeJcAp1c7As.roa
File:                     fIm9jMAajXrEPaJkgeJcAp1c7As.roa (raw, json)
Hash identifier:          yV4EqmfDghDalnBYEGQyWKuTsRUvB1P882bhDMqFRfg=
Subject key identifier:   7C:89:BD:8C:C0:1A:8D:7A:C4:3D:A2:64:81:E2:5C:02:9D:5C:EC:0B
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       0192E351CBB0D269909E46E2B1318719F0C8
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/fIm9jMAajXrEPaJkgeJcAp1c7As.roa
Signing time:             Thu 31 Oct 2024 16:04:01 +0000
ROA not before:           Thu 31 Oct 2024 16:04:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1072
IP address blocks:        193.118.169.0/24 maxlen: 24
                          193.118.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e3:51:cb:b0:d2:69:90:9e:46:e2:b1:31:87:19:f0:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Oct 31 16:04:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c89bd8cc01a8d7ac43da26481e25c029d5cec0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f6:ce:a8:6c:49:01:e3:20:f1:6b:38:50:f5:
                    e7:d7:a3:e3:23:a6:9e:f8:d8:55:a8:5b:fe:e5:d7:
                    b9:53:b6:21:19:8e:e7:9e:94:ce:60:c6:e1:76:82:
                    7c:49:b3:37:0c:f9:08:f8:4b:c9:ac:11:2e:ae:d6:
                    d7:a2:84:31:3f:08:db:8e:e9:44:bf:e7:ac:14:e4:
                    d8:2c:39:4c:94:17:cc:12:81:18:e5:8e:49:bb:b8:
                    d7:a0:af:e1:85:30:0b:73:d2:b9:0d:b9:e2:56:15:
                    1b:f9:d4:26:f3:de:4c:67:4a:3a:a0:cf:4c:74:2e:
                    17:59:1e:40:26:a5:37:4b:27:7b:db:6f:08:62:8c:
                    01:56:3d:8c:01:63:58:31:29:0b:6b:ba:6d:dd:32:
                    0e:98:ce:8f:aa:ea:c1:00:67:3d:11:b2:ee:97:46:
                    3d:ec:e0:e8:41:0c:b6:8e:ba:72:dc:cf:12:4d:88:
                    6e:3b:28:04:ed:97:32:90:f7:90:fa:06:ad:bc:e9:
                    f7:f0:ec:bb:ae:2f:54:18:28:3c:1b:76:0a:bd:54:
                    08:62:d2:e4:79:07:32:07:2e:fb:5f:b6:88:c1:47:
                    4d:19:11:a6:40:a5:59:38:08:af:74:86:72:e4:01:
                    7e:20:43:91:0a:e4:61:d4:58:1c:be:80:d7:43:99:
                    09:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:89:BD:8C:C0:1A:8D:7A:C4:3D:A2:64:81:E2:5C:02:9D:5C:EC:0B
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/fIm9jMAajXrEPaJkgeJcAp1c7As.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.118.169.0-193.118.170.255

    Signature Algorithm: sha256WithRSAEncryption
         ad:93:8f:12:c7:92:5a:09:a6:60:54:f7:1d:c6:45:1e:a9:3b:
         42:6b:4c:d8:16:72:94:09:ba:1f:05:3c:88:69:de:43:d1:6c:
         3e:cd:0d:aa:75:9d:3c:fd:68:22:75:ce:5f:8c:e5:cc:86:82:
         7a:27:10:98:4c:d4:f8:57:9a:4c:4c:46:15:c8:e5:9d:76:8b:
         08:6c:69:02:4b:c1:dc:cd:55:04:f4:7c:d4:13:8b:b8:28:85:
         b0:8c:f6:d9:30:16:35:db:fa:8d:1e:48:50:f9:f8:c7:62:7a:
         63:d9:d2:96:f2:e7:03:48:82:2b:9b:d9:91:30:e2:ff:b0:2e:
         e3:26:61:35:cd:90:ff:4b:e0:0a:f9:22:07:e6:aa:7d:ca:54:
         1e:91:e4:1d:1a:ce:e2:b0:83:23:e1:e5:af:6b:c4:5d:cb:09:
         9a:71:ac:15:6c:58:fd:1e:0d:fa:64:8b:75:61:87:9e:f2:39:
         d0:20:07:d1:a2:6f:be:39:89:e9:a2:25:f8:b8:42:68:32:14:
         03:f3:14:c4:87:84:43:bb:67:a9:60:a4:a0:51:ac:54:08:be:
         0e:4e:46:5c:34:16:25:31:63:fc:02:66:8c:7a:dc:94:36:e6:
         94:bd:81:77:34:e1:7e:10:df:a3:1d:4e:be:98:8c:2c:00:96:
         72:fe:23:5b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZLjUcuw0mmQnkbisTGHGfDIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjQxMDMxMTYwNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yzg5YmQ4Y2MwMWE4ZDdhYzQzZGEyNjQ4MWUyNWMwMjlkNWNlYzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfbOqGxJAeMg8Ws4UPXn16PjI6ae
+NhVqFv+5de5U7YhGY7nnpTOYMbhdoJ8SbM3DPkI+EvJrBEurtbXooQxPwjbjulE
v+esFOTYLDlMlBfMEoEY5Y5Ju7jXoK/hhTALc9K5DbniVhUb+dQm895MZ0o6oM9M
dC4XWR5AJqU3Syd7228IYowBVj2MAWNYMSkLa7pt3TIOmM6PqurBAGc9EbLul0Y9
7ODoQQy2jrpy3M8STYhuOygE7ZcykPeQ+gatvOn38Oy7ri9UGCg8G3YKvVQIYtLk
eQcyBy77X7aIwUdNGRGmQKVZOAivdIZy5AF+IEORCuRh1FgcvoDXQ5kJrwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHyJvYzAGo16xD2iZIHiXAKdXOwLMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvZkltOWpNQWFqWHJFUGFKa2dlSmNBcDFjN0FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADBdqkD
BADBdqowDQYJKoZIhvcNAQELBQADggEBAK2TjxLHkloJpmBU9x3GRR6pO0JrTNgW
cpQJuh8FPIhp3kPRbD7NDap1nTz9aCJ1zl+M5cyGgnonEJhM1PhXmkxMRhXI5Z12
iwhsaQJLwdzNVQT0fNQTi7gohbCM9tkwFjXb+o0eSFD5+MdiemPZ0pby5wNIgiub
2ZEw4v+wLuMmYTXNkP9L4Ar5Igfmqn3KVB6R5B0azuKwgyPh5a9rxF3LCZpxrBVs
WP0eDfpki3Vhh57yOdAgB9Gib745iemiJfi4QmgyFAPzFMSHhEO7Z6lgpKBRrFQI
vg5ORlw0FiUxY/wCZox63JQ25pS9gXc04X4Q36MdTr6YjCwAlnL+I1s=
-----END CERTIFICATE-----