Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/88c995-ede0-4cc4-a66d-25baa8230fcb/1/a1yqEePM9sZu1-nmpI8dgCP0PYs.roa
File:                     a1yqEePM9sZu1-nmpI8dgCP0PYs.roa (raw, json)
Hash identifier:          8GrPm2r+Cc2rPEKMipg8l6aVLkCyRZUMFWujBPBRHdI=
Subject key identifier:   6B:5C:AA:11:E3:CC:F6:C6:6E:D7:E9:E6:A4:8F:1D:80:23:F4:3D:8B
Certificate issuer:       /CN=fbbf4d59cbd978ae1127c67fd22f04c62ff837cf
Certificate serial:       019179D930A4C09010C393F8F2E41FFC7E6E
Authority key identifier: FB:BF:4D:59:CB:D9:78:AE:11:27:C6:7F:D2:2F:04:C6:2F:F8:37:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-79NWcvZeK4RJ8Z_0i8Exi_4N88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/88c995-ede0-4cc4-a66d-25baa8230fcb/1/a1yqEePM9sZu1-nmpI8dgCP0PYs.roa
Signing time:             Thu 22 Aug 2024 11:29:22 +0000
ROA not before:           Thu 22 Aug 2024 11:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210811
IP address blocks:        217.28.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/88c995-ede0-4cc4-a66d-25baa8230fcb/1/1-79NWcvZeK4RJ8Z_0i8Exi_4N88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/88c995-ede0-4cc4-a66d-25baa8230fcb/1/1-79NWcvZeK4RJ8Z_0i8Exi_4N88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-79NWcvZeK4RJ8Z_0i8Exi_4N88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:79:d9:30:a4:c0:90:10:c3:93:f8:f2:e4:1f:fc:7e:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbbf4d59cbd978ae1127c67fd22f04c62ff837cf
        Validity
            Not Before: Aug 22 11:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b5caa11e3ccf6c66ed7e9e6a48f1d8023f43d8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:8b:48:2e:82:cf:fe:df:a7:fa:68:c1:d8:9b:
                    10:52:b5:85:b2:29:35:c1:5f:1d:51:c5:4c:c8:86:
                    db:4a:d7:0c:ab:39:05:10:60:c2:57:99:0a:c8:d0:
                    c8:94:15:43:ff:94:d4:27:46:32:01:31:71:e2:ea:
                    e9:90:98:32:ce:67:8c:3e:7c:50:22:eb:c9:4a:a2:
                    9f:86:72:25:df:b1:b6:bb:b7:0e:e8:5f:66:8f:eb:
                    cf:bf:77:09:c4:2a:c9:99:86:bf:95:e6:c1:c8:9f:
                    13:3b:f0:88:73:d5:fa:9b:72:ed:2b:f2:82:c6:23:
                    12:a6:f9:da:d6:8e:44:1e:f3:63:e7:a3:5e:9a:02:
                    e4:a0:e6:77:7d:4c:83:a9:21:55:88:73:66:e6:a2:
                    bf:39:d9:3f:35:cf:2e:17:09:e1:fe:5c:e5:a5:22:
                    4b:cc:c2:62:48:be:cf:c8:67:72:02:dd:58:a3:af:
                    09:41:96:3a:13:04:5d:9f:0b:5c:3e:25:5a:e1:94:
                    7d:89:cd:d6:6a:cc:df:ad:45:b3:95:fd:fa:64:78:
                    be:15:44:27:19:5f:60:6d:e7:40:a1:9b:d8:68:f8:
                    2b:ee:57:dd:2e:b9:28:6a:aa:f6:ea:1f:20:ec:88:
                    9d:d2:00:1b:b8:ae:e3:aa:35:60:13:09:fc:f5:c5:
                    7c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:5C:AA:11:E3:CC:F6:C6:6E:D7:E9:E6:A4:8F:1D:80:23:F4:3D:8B
            X509v3 Authority Key Identifier:
                keyid:FB:BF:4D:59:CB:D9:78:AE:11:27:C6:7F:D2:2F:04:C6:2F:F8:37:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-79NWcvZeK4RJ8Z_0i8Exi_4N88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/88c995-ede0-4cc4-a66d-25baa8230fcb/1/a1yqEePM9sZu1-nmpI8dgCP0PYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/88c995-ede0-4cc4-a66d-25baa8230fcb/1/1-79NWcvZeK4RJ8Z_0i8Exi_4N88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.28.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:eb:bd:a3:62:69:b7:ca:e8:20:79:82:2c:e7:6a:72:d0:d5:
         9f:42:3c:93:4b:b9:d2:0c:ab:91:9c:14:9a:d1:24:e8:ab:0e:
         33:6c:42:b5:0a:18:6c:45:c6:c3:e7:f2:49:ca:bd:ed:22:1a:
         57:39:8a:c0:10:8e:f6:dc:3f:7c:fb:9c:3a:e9:3b:2a:ee:83:
         a8:fd:75:60:bb:c9:96:41:d3:fe:f6:c4:50:5a:ea:d7:ab:bc:
         b6:ba:93:b4:f9:83:75:1b:f9:82:da:e2:8b:d4:13:2b:20:cb:
         c3:52:ff:88:bf:fa:fd:72:2d:b4:09:a1:8d:07:11:80:4a:63:
         ee:75:6a:9c:47:34:32:ce:d0:2a:ba:01:9d:61:50:75:81:d2:
         34:94:33:07:21:49:40:f2:95:68:61:24:ff:46:97:79:e4:81:
         d4:4c:21:2d:2a:53:63:ac:8c:b7:d4:80:4d:76:13:26:d4:dd:
         cc:a4:e2:45:e6:93:23:da:e6:e8:1e:a4:33:53:b9:8b:1a:4f:
         12:2a:0a:f9:0d:80:4a:45:16:4d:6f:c6:ae:d0:61:98:39:a3:
         aa:37:ac:d0:9f:f9:82:f3:91:2f:43:1a:e3:45:a7:84:a1:f9:
         57:12:42:a6:6e:54:88:7f:09:57:24:fb:9a:1b:9b:b2:b8:e1:
         a3:40:c6:c4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZF52TCkwJAQw5P48uQf/H5uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYmY0ZDU5Y2JkOTc4YWUxMTI3YzY3ZmQyMmYwNGM2MmZm
ODM3Y2YwHhcNMjQwODIyMTEyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjVjYWExMWUzY2NmNmM2NmVkN2U5ZTZhNDhmMWQ4MDIzZjQzZDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtotILoLP/t+n+mjB2JsQUrWFsik1
wV8dUcVMyIbbStcMqzkFEGDCV5kKyNDIlBVD/5TUJ0YyATFx4urpkJgyzmeMPnxQ
IuvJSqKfhnIl37G2u7cO6F9mj+vPv3cJxCrJmYa/lebByJ8TO/CIc9X6m3LtK/KC
xiMSpvna1o5EHvNj56NemgLkoOZ3fUyDqSFViHNm5qK/Odk/Nc8uFwnh/lzlpSJL
zMJiSL7PyGdyAt1Yo68JQZY6EwRdnwtcPiVa4ZR9ic3WaszfrUWzlf36ZHi+FUQn
GV9gbedAoZvYaPgr7lfdLrkoaqr26h8g7Iid0gAbuK7jqjVgEwn89cV8FwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGtcqhHjzPbGbtfp5qSPHYAj9D2LMB8GA1UdIwQY
MBaAFPu/TVnL2XiuESfGf9IvBMYv+DfPMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS03OU5XY3ZaZUs0Uko4Wl8waThFeGlfNE44OC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQvODhjOTk1LWVkZTAtNGNjNC1hNjZk
LTI1YmFhODIzMGZjYi8xL2ExeXFFZVBNOXNadTEtbm1wSThkZ0NQMFBZcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzQvODhjOTk1LWVkZTAtNGNjNC1hNjZkLTI1YmFhODIzMGZj
Yi8xLzEtNzlOV2N2WmVLNFJKOFpfMGk4RXhpXzROODguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADZHF0w
DQYJKoZIhvcNAQELBQADggEBAKvrvaNiabfK6CB5giznanLQ1Z9CPJNLudIMq5Gc
FJrRJOirDjNsQrUKGGxFxsPn8knKve0iGlc5isAQjvbcP3z7nDrpOyrug6j9dWC7
yZZB0/72xFBa6tervLa6k7T5g3Ub+YLa4ovUEysgy8NS/4i/+v1yLbQJoY0HEYBK
Y+51apxHNDLO0Cq6AZ1hUHWB0jSUMwchSUDylWhhJP9Gl3nkgdRMIS0qU2OsjLfU
gE12EybU3cyk4kXmkyPa5ugepDNTuYsaTxIqCvkNgEpFFk1vxq7QYZg5o6o3rNCf
+YLzkS9DGuNFp4Sh+VcSQqZuVIh/CVck+5obm7K44aNAxsQ=
-----END CERTIFICATE-----