Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/1-mWA8Kc9-pGF5DtgdzHFq9y8_Ks.roa
File:                     1-mWA8Kc9-pGF5DtgdzHFq9y8_Ks.roa (raw, json)
Hash identifier:          1j1MV3Kmebw1PBNxvZuDU4I9xmkJCjxMFVy14qPwn7I=
Subject key identifier:   FA:65:80:F0:A7:3D:FA:91:85:E4:3B:60:77:31:C5:AB:DC:BC:FC:AB
Certificate issuer:       /CN=21698c1cdc66dc285d0f807629c46261a88b2de7
Certificate serial:       01927AD991FB9902DC8DF085B8BEF8CF22F0
Authority key identifier: 21:69:8C:1C:DC:66:DC:28:5D:0F:80:76:29:C4:62:61:A8:8B:2D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IWmMHNxm3ChdD4B2KcRiYaiLLec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/1-mWA8Kc9-pGF5DtgdzHFq9y8_Ks.roa
Signing time:             Fri 11 Oct 2024 09:12:11 +0000
ROA not before:           Fri 11 Oct 2024 09:12:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49408
IP address blocks:        193.164.84.0/24 maxlen: 24
                          193.164.85.0/24 maxlen: 24
                          193.164.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/IWmMHNxm3ChdD4B2KcRiYaiLLec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/IWmMHNxm3ChdD4B2KcRiYaiLLec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IWmMHNxm3ChdD4B2KcRiYaiLLec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7a:d9:91:fb:99:02:dc:8d:f0:85:b8:be:f8:cf:22:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21698c1cdc66dc285d0f807629c46261a88b2de7
        Validity
            Not Before: Oct 11 09:12:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa6580f0a73dfa9185e43b607731c5abdcbcfcab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:02:46:36:3b:9d:98:82:59:d2:62:3d:65:8a:
                    63:5c:cb:d5:7b:02:e6:1e:be:d0:5b:2a:7f:af:c3:
                    86:d0:9f:37:28:49:4a:9e:3c:a4:d6:44:89:14:98:
                    14:78:a4:54:d6:ab:5b:39:c8:03:65:e8:8c:d3:c5:
                    c0:a8:c4:94:b4:b6:72:6d:80:c9:22:34:dc:80:76:
                    17:86:69:ac:79:45:cd:b0:5d:0a:f5:48:83:62:c3:
                    a0:c2:25:43:29:9b:28:61:09:02:6a:18:ca:96:60:
                    83:8e:f8:9f:49:2f:5e:44:36:fd:3d:a3:df:b3:2a:
                    be:d6:f7:28:f8:74:8a:c1:a8:c4:61:5c:97:38:38:
                    67:b2:04:fb:15:17:df:a1:07:49:6b:3e:9d:41:6f:
                    b9:98:9c:5e:65:43:d8:2e:47:d0:7d:fe:d4:f1:93:
                    01:bd:74:5c:02:a1:a5:f4:17:b7:59:23:61:f5:e9:
                    d9:12:a2:1f:62:53:2f:e0:4a:aa:18:f2:3c:75:e3:
                    20:d1:d0:52:4a:ad:b0:83:1f:fe:9c:d3:91:89:1f:
                    e4:02:77:c2:1f:63:13:6f:36:a6:7f:38:b5:d2:5f:
                    6e:42:53:a3:9f:45:5e:3d:9d:e7:9c:d1:b4:31:eb:
                    17:6d:fe:b3:7c:39:35:3a:a6:86:95:d6:24:7e:c2:
                    8d:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:65:80:F0:A7:3D:FA:91:85:E4:3B:60:77:31:C5:AB:DC:BC:FC:AB
            X509v3 Authority Key Identifier:
                keyid:21:69:8C:1C:DC:66:DC:28:5D:0F:80:76:29:C4:62:61:A8:8B:2D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWmMHNxm3ChdD4B2KcRiYaiLLec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/1-mWA8Kc9-pGF5DtgdzHFq9y8_Ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/IWmMHNxm3ChdD4B2KcRiYaiLLec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.84.0/23
                  193.164.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:cb:dd:30:01:62:ac:99:9d:86:0f:5e:cc:4e:a0:f7:17:9f:
         97:67:00:9f:23:31:42:ed:a2:48:8e:6d:84:49:ee:43:0d:04:
         f1:38:75:d5:ec:26:64:6a:de:c5:90:61:0a:cb:b8:12:36:5d:
         88:f8:87:63:3d:a8:fc:e7:e4:c6:22:1f:23:7e:7f:55:5a:e4:
         1a:4c:1a:8e:0b:a3:cc:c1:b7:aa:c5:91:6e:72:17:e7:16:98:
         d7:bf:6c:bb:5e:e6:35:d9:5f:5b:04:8d:5f:92:b6:bc:bd:f2:
         03:b9:24:74:d7:92:ea:b5:30:ca:0c:4b:3c:32:0b:0a:d9:db:
         ea:57:02:eb:05:9a:d5:ca:9f:be:20:e2:38:0a:ed:60:ff:c2:
         56:9c:cc:c2:a5:f4:16:fd:28:2d:78:90:cf:fc:7a:ba:78:db:
         fc:b3:80:d5:21:e3:50:17:3d:a4:e1:21:c5:fb:96:23:94:17:
         9f:59:1c:16:5f:d1:b5:94:b8:5f:31:06:1e:b3:f8:5d:f6:ee:
         24:b7:99:b0:10:4d:98:da:96:3c:1d:6b:b2:eb:d1:88:84:3d:
         46:2a:a8:b8:90:5f:20:dd:d8:d0:03:d5:f5:84:01:f3:d6:d5:
         e3:a1:22:62:a3:b8:09:b9:6b:5b:a7:8e:4a:ea:98:0b:99:a0:
         02:f1:7b:45
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZJ62ZH7mQLcjfCFuL74zyLwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjk4YzFjZGM2NmRjMjg1ZDBmODA3NjI5YzQ2MjYxYTg4
YjJkZTcwHhcNMjQxMDExMDkxMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTY1ODBmMGE3M2RmYTkxODVlNDNiNjA3NzMxYzVhYmRjYmNmY2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4wJGNjudmIJZ0mI9ZYpjXMvVewLm
Hr7QWyp/r8OG0J83KElKnjyk1kSJFJgUeKRU1qtbOcgDZeiM08XAqMSUtLZybYDJ
IjTcgHYXhmmseUXNsF0K9UiDYsOgwiVDKZsoYQkCahjKlmCDjvifSS9eRDb9PaPf
syq+1vco+HSKwajEYVyXODhnsgT7FRffoQdJaz6dQW+5mJxeZUPYLkfQff7U8ZMB
vXRcAqGl9Be3WSNh9enZEqIfYlMv4EqqGPI8deMg0dBSSq2wgx/+nNORiR/kAnfC
H2MTbzamfzi10l9uQlOjn0VePZ3nnNG0MesXbf6zfDk1OqaGldYkfsKNAQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPplgPCnPfqRheQ7YHcxxavcvPyrMB8GA1UdIwQY
MBaAFCFpjBzcZtwoXQ+AdinEYmGoiy3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdtTUhOeG0zQ2hkRDRCMktjUmlZYWlMTGVjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8xMWRjNzEtODE3MC00NWI1LThjNWIt
NGQ3MzczMGY3ZDMyLzEvMS1tV0E4S2M5LXBHRjVEdGdkekhGcTl5OF9Lcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDcvMTFkYzcxLTgxNzAtNDViNS04YzViLTRkNzM3MzBmN2Qz
Mi8xL0lXbU1ITnhtM0NoZEQ0QjJLY1JpWWFpTExlYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAcGkVAME
AMGkWDANBgkqhkiG9w0BAQsFAAOCAQEAX8vdMAFirJmdhg9ezE6g9xefl2cAnyMx
Qu2iSI5thEnuQw0E8Th11ewmZGrexZBhCsu4EjZdiPiHYz2o/OfkxiIfI35/VVrk
GkwajgujzMG3qsWRbnIX5xaY179su17mNdlfWwSNX5K2vL3yA7kkdNeS6rUwygxL
PDILCtnb6lcC6wWa1cqfviDiOArtYP/CVpzMwqX0Fv0oLXiQz/x6unjb/LOA1SHj
UBc9pOEhxfuWI5QXn1kcFl/RtZS4XzEGHrP4XfbuJLeZsBBNmNqWPB1rsuvRiIQ9
RiqouJBfIN3Y0APV9YQB89bV46EiYqO4CblrW6eOSuqYC5mgAvF7RQ==
-----END CERTIFICATE-----