Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/f31be0-10e0-40ed-a6d7-41ecdc7a36f4/1/1-gxDH3wfbmmSIH_KAIPZ0xTKIKM.roa
File:                     1-gxDH3wfbmmSIH_KAIPZ0xTKIKM.roa (raw, json)
Hash identifier:          EXyxc9apCz26jZVGNY/TqY+IPi2myJqzbyKe475gHN0=
Subject key identifier:   FA:0C:43:1F:7C:1F:6E:69:92:20:7F:CA:00:83:D9:D3:14:CA:20:A3
Certificate issuer:       /CN=da52c38f0c7febae135d5dddd948cf26becef3bc
Certificate serial:       018CC72598962F48B3A4EF3F5C71B4C5E00B
Authority key identifier: DA:52:C3:8F:0C:7F:EB:AE:13:5D:5D:DD:D9:48:CF:26:BE:CE:F3:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2lLDjwx_664TXV3d2UjPJr7O87w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/f31be0-10e0-40ed-a6d7-41ecdc7a36f4/1/1-gxDH3wfbmmSIH_KAIPZ0xTKIKM.roa
Signing time:             Mon 01 Jan 2024 22:29:38 +0000
ROA not before:           Mon 01 Jan 2024 22:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24879
IP address blocks:        193.111.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/f31be0-10e0-40ed-a6d7-41ecdc7a36f4/1/2lLDjwx_664TXV3d2UjPJr7O87w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/f31be0-10e0-40ed-a6d7-41ecdc7a36f4/1/2lLDjwx_664TXV3d2UjPJr7O87w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2lLDjwx_664TXV3d2UjPJr7O87w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:98:96:2f:48:b3:a4:ef:3f:5c:71:b4:c5:e0:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da52c38f0c7febae135d5dddd948cf26becef3bc
        Validity
            Not Before: Jan  1 22:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa0c431f7c1f6e6992207fca0083d9d314ca20a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b5:0b:01:e4:59:70:2b:a8:81:67:04:83:26:
                    90:12:c9:74:10:0a:28:d7:ee:b6:a4:04:1b:c2:01:
                    75:8c:56:d6:f6:c9:4f:0b:a8:e7:51:6b:b5:cc:c1:
                    ae:f2:45:07:97:01:95:a9:e2:33:a5:7c:61:45:ad:
                    b9:7a:96:59:ba:ef:39:e9:71:fd:68:6c:11:9b:a9:
                    42:e3:07:52:4d:b7:49:26:95:04:15:a0:b7:a9:92:
                    4d:38:65:88:c8:10:54:98:8f:d8:14:79:2f:c5:75:
                    d6:1f:18:ed:3a:2c:39:b6:f8:c3:c5:c9:c0:42:d6:
                    43:cb:f1:1e:d1:82:3d:a7:d2:25:2a:65:4e:77:17:
                    5b:87:6a:1b:1e:f8:39:ec:3b:9a:bd:76:99:28:22:
                    50:45:85:d8:32:72:3a:75:cc:7f:ae:6f:fd:b3:06:
                    d3:e8:d3:9f:c7:0f:9c:7c:ae:0b:2f:45:3b:eb:20:
                    7a:1d:42:2f:79:d5:e7:1b:63:d3:3f:88:d2:e9:35:
                    c0:a2:b7:b6:0a:79:fd:02:c7:16:77:16:ce:e5:2a:
                    fd:54:60:a5:4c:1f:32:7f:16:d0:03:b9:c1:77:5d:
                    5d:fe:44:57:d7:ce:5c:eb:1e:74:ab:99:3f:29:ba:
                    a6:50:07:45:e9:7a:34:f0:11:68:96:1e:81:f1:31:
                    16:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:0C:43:1F:7C:1F:6E:69:92:20:7F:CA:00:83:D9:D3:14:CA:20:A3
            X509v3 Authority Key Identifier:
                keyid:DA:52:C3:8F:0C:7F:EB:AE:13:5D:5D:DD:D9:48:CF:26:BE:CE:F3:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2lLDjwx_664TXV3d2UjPJr7O87w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/f31be0-10e0-40ed-a6d7-41ecdc7a36f4/1/1-gxDH3wfbmmSIH_KAIPZ0xTKIKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/f31be0-10e0-40ed-a6d7-41ecdc7a36f4/1/2lLDjwx_664TXV3d2UjPJr7O87w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:9d:99:be:ae:ee:0f:ae:16:c7:8b:a3:24:35:f0:bb:5e:02:
         a5:4f:09:42:0d:4c:15:0d:7d:af:37:d1:8b:43:e3:9b:a7:a1:
         fa:8d:f0:92:67:fd:c6:ef:a3:74:ad:93:4e:ba:da:f2:34:28:
         a7:dd:16:b8:7d:38:4f:c7:d8:ab:fc:20:5c:9d:27:f1:a8:d4:
         d7:9a:53:f4:c0:93:6b:a2:4e:ed:ca:80:8d:d2:2d:4b:ae:c3:
         51:5f:5a:b1:e1:ef:24:19:7a:f4:7e:b1:84:15:eb:a2:09:85:
         d3:56:ac:b6:79:22:2a:8b:b1:b4:70:3b:c1:dd:1a:01:f5:d3:
         26:c5:11:00:1f:4d:6d:37:68:a6:0b:1a:80:42:bc:bb:f6:23:
         2f:7e:95:2b:4e:7e:85:db:5c:79:a1:9d:de:1f:37:3f:83:82:
         d2:23:aa:a6:38:a9:57:67:7b:2f:c5:3a:1a:f0:e1:35:5d:dd:
         ef:47:95:b5:ba:3e:0f:12:0e:24:3f:96:d0:5c:55:52:ac:d8:
         b0:d9:23:b9:ea:94:7f:9f:c5:25:63:b1:e1:32:3a:bb:d8:6a:
         5b:e5:f2:ae:a1:a0:d1:48:de:8a:cd:11:00:45:5a:8c:0e:03:
         92:f3:5e:c0:93:ed:7d:de:b4:10:58:ea:e3:44:ec:84:09:83:
         24:de:c0:66
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJZiWL0izpO8/XHG0xeALMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNTJjMzhmMGM3ZmViYWUxMzVkNWRkZGQ5NDhjZjI2YmVj
ZWYzYmMwHhcNMjQwMTAxMjIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTBjNDMxZjdjMWY2ZTY5OTIyMDdmY2EwMDgzZDlkMzE0Y2EyMGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLULAeRZcCuogWcEgyaQEsl0EAoo
1+62pAQbwgF1jFbW9slPC6jnUWu1zMGu8kUHlwGVqeIzpXxhRa25epZZuu856XH9
aGwRm6lC4wdSTbdJJpUEFaC3qZJNOGWIyBBUmI/YFHkvxXXWHxjtOiw5tvjDxcnA
QtZDy/Ee0YI9p9IlKmVOdxdbh2obHvg57DuavXaZKCJQRYXYMnI6dcx/rm/9swbT
6NOfxw+cfK4LL0U76yB6HUIvedXnG2PTP4jS6TXAore2Cnn9AscWdxbO5Sr9VGCl
TB8yfxbQA7nBd11d/kRX185c6x50q5k/KbqmUAdF6Xo08BFolh6B8TEWwQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPoMQx98H25pkiB/ygCD2dMUyiCjMB8GA1UdIwQY
MBaAFNpSw48Mf+uuE11d3dlIzya+zvO8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmxMRGp3eF82NjRUWFYzZDJValBKcjdPODd3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mMzFiZTAtMTBlMC00MGVkLWE2ZDct
NDFlY2RjN2EzNmY0LzEvMS1neERIM3dmYm1tU0lIX0tBSVBaMHhUS0lLTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmUvZjMxYmUwLTEwZTAtNDBlZC1hNmQ3LTQxZWNkYzdhMzZm
NC8xLzJsTERqd3hfNjY0VFhWM2QyVWpQSnI3Tzg3dy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMFvpjAN
BgkqhkiG9w0BAQsFAAOCAQEAE52Zvq7uD64Wx4ujJDXwu14CpU8JQg1MFQ19rzfR
i0Pjm6eh+o3wkmf9xu+jdK2TTrra8jQop90WuH04T8fYq/wgXJ0n8ajU15pT9MCT
a6JO7cqAjdItS67DUV9aseHvJBl69H6xhBXrogmF01astnkiKouxtHA7wd0aAfXT
JsURAB9NbTdopgsagEK8u/YjL36VK05+hdtceaGd3h83P4OC0iOqpjipV2d7L8U6
GvDhNV3d70eVtbo+DxIOJD+W0FxVUqzYsNkjueqUf5/FJWOx4TI6u9hqW+XyrqGg
0Ujeis0RAEVajA4DkvNewJPtfd60EFjq40TshAmDJN7AZg==
-----END CERTIFICATE-----