Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/a0c9ac-3a47-4d6c-aa15-a42ec8776fbb/1/O1xP_yYBGjCKEA_pvMlIAbVSsJQ.roa
File:                     O1xP_yYBGjCKEA_pvMlIAbVSsJQ.roa (raw, json)
Hash identifier:          TyRW/XFAnbOKjB64fg2YM1e8fBIwam912+YFCx6pLdg=
Subject key identifier:   3B:5C:4F:FF:26:01:1A:30:8A:10:0F:E9:BC:C9:48:01:B5:52:B0:94
Certificate issuer:       /CN=7f3e0b27b8e4d798f92b9de157f1da5a43cd49e5
Certificate serial:       018F543565AD171D61F1C6174F99C7A534FA
Authority key identifier: 7F:3E:0B:27:B8:E4:D7:98:F9:2B:9D:E1:57:F1:DA:5A:43:CD:49:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fz4LJ7jk15j5K53hV_HaWkPNSeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/a0c9ac-3a47-4d6c-aa15-a42ec8776fbb/1/O1xP_yYBGjCKEA_pvMlIAbVSsJQ.roa
Signing time:             Tue 07 May 2024 17:58:56 +0000
ROA not before:           Tue 07 May 2024 17:58:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        193.72.144.0/24 maxlen: 24
                          193.72.145.0/24 maxlen: 24
                          193.72.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/a0c9ac-3a47-4d6c-aa15-a42ec8776fbb/1/fz4LJ7jk15j5K53hV_HaWkPNSeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/a0c9ac-3a47-4d6c-aa15-a42ec8776fbb/1/fz4LJ7jk15j5K53hV_HaWkPNSeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fz4LJ7jk15j5K53hV_HaWkPNSeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:54:35:65:ad:17:1d:61:f1:c6:17:4f:99:c7:a5:34:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f3e0b27b8e4d798f92b9de157f1da5a43cd49e5
        Validity
            Not Before: May  7 17:58:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b5c4fff26011a308a100fe9bcc94801b552b094
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0a:4d:31:15:d9:78:78:4d:05:04:66:15:4d:
                    c8:2a:6a:70:c0:20:17:15:f4:77:e8:35:15:35:1b:
                    c8:a8:6b:cf:d7:8c:48:cf:95:3a:ad:79:d6:61:d0:
                    af:7a:57:20:a7:b4:e0:3b:58:39:69:0c:d4:92:b9:
                    57:92:03:3d:f4:ce:2d:81:62:29:32:2b:40:b3:05:
                    9d:a4:95:a7:1b:eb:4e:a0:e9:c9:16:d0:f0:d8:e0:
                    e4:f7:d1:ec:69:2e:0d:4f:9b:c5:de:21:38:c5:57:
                    83:0d:c9:f9:5d:5e:57:b3:72:e9:50:13:b0:bb:ba:
                    34:7f:3e:14:cc:d8:3a:05:80:ef:58:fb:13:b3:b3:
                    33:8a:c8:a4:2c:07:da:6b:e1:c9:6a:9c:68:92:02:
                    47:54:5b:90:d8:eb:a8:71:8b:60:92:2a:34:d5:ea:
                    4d:60:a9:63:59:db:f4:5d:33:0c:91:c3:4f:a3:70:
                    27:98:ef:dd:30:45:f8:c8:59:d8:d2:47:e3:d2:c8:
                    b1:c0:52:6a:63:03:5e:f7:8a:83:cd:79:6f:23:b8:
                    43:03:2d:ab:25:d0:0e:be:28:4a:c7:1f:aa:72:f5:
                    e5:f3:67:8e:ae:c4:ca:50:ab:dd:72:1d:63:31:8c:
                    69:ca:32:74:53:71:38:36:a1:91:36:a4:ec:16:24:
                    7e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:5C:4F:FF:26:01:1A:30:8A:10:0F:E9:BC:C9:48:01:B5:52:B0:94
            X509v3 Authority Key Identifier:
                keyid:7F:3E:0B:27:B8:E4:D7:98:F9:2B:9D:E1:57:F1:DA:5A:43:CD:49:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fz4LJ7jk15j5K53hV_HaWkPNSeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/a0c9ac-3a47-4d6c-aa15-a42ec8776fbb/1/O1xP_yYBGjCKEA_pvMlIAbVSsJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/a0c9ac-3a47-4d6c-aa15-a42ec8776fbb/1/fz4LJ7jk15j5K53hV_HaWkPNSeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.72.144.0-193.72.146.255

    Signature Algorithm: sha256WithRSAEncryption
         00:b2:3b:90:29:c2:fb:b5:f8:c0:0b:b4:58:07:33:72:be:94:
         f2:bf:60:cd:36:72:c8:c1:86:af:bb:30:72:1e:42:83:09:6a:
         f7:ae:7e:29:2e:b6:45:3a:42:34:5e:e3:84:bd:a8:50:bc:cd:
         90:e4:07:85:06:00:f0:5f:22:81:54:d9:4b:8e:a5:43:80:2a:
         27:dd:8d:3d:35:53:fd:f8:90:46:0f:82:91:92:9d:14:5d:ec:
         28:9e:41:55:fc:c3:39:d6:08:01:cc:fe:7c:39:5d:c0:c6:20:
         e2:49:46:7d:0b:b3:8f:14:f4:82:e1:d0:ca:5f:b5:da:b8:0f:
         6f:2e:8c:cc:af:4e:3c:a4:e6:1c:d9:ea:e4:03:ee:13:01:c6:
         91:4a:6a:97:2f:2c:c4:bf:30:27:67:af:d6:83:48:f4:13:d5:
         82:60:9c:d7:2e:08:24:1b:a0:51:09:50:1c:e5:9e:87:c8:16:
         2b:93:31:ff:a2:81:e7:92:1e:28:af:78:70:89:1a:bd:b0:63:
         c3:d7:af:86:00:89:2e:b1:b8:91:89:0c:0b:35:3e:70:c6:4b:
         00:f9:fa:75:7c:85:62:cf:fc:5c:35:8e:6c:52:47:54:d9:f5:
         58:eb:2c:84:fe:51:d7:d4:cb:1b:c7:47:d5:b2:b1:ad:eb:88:
         44:7d:4a:58
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY9UNWWtFx1h8cYXT5nHpTT6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmM2UwYjI3YjhlNGQ3OThmOTJiOWRlMTU3ZjFkYTVhNDNj
ZDQ5ZTUwHhcNMjQwNTA3MTc1ODU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjVjNGZmZjI2MDExYTMwOGExMDBmZTliY2M5NDgwMWI1NTJiMDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQpNMRXZeHhNBQRmFU3IKmpwwCAX
FfR36DUVNRvIqGvP14xIz5U6rXnWYdCvelcgp7TgO1g5aQzUkrlXkgM99M4tgWIp
MitAswWdpJWnG+tOoOnJFtDw2ODk99HsaS4NT5vF3iE4xVeDDcn5XV5Xs3LpUBOw
u7o0fz4UzNg6BYDvWPsTs7MzisikLAfaa+HJapxokgJHVFuQ2OuocYtgkio01epN
YKljWdv0XTMMkcNPo3AnmO/dMEX4yFnY0kfj0sixwFJqYwNe94qDzXlvI7hDAy2r
JdAOvihKxx+qcvXl82eOrsTKUKvdch1jMYxpyjJ0U3E4NqGRNqTsFiR+aQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDtcT/8mARowihAP6bzJSAG1UrCUMB8GA1UdIwQY
MBaAFH8+Cye45NeY+Sud4Vfx2lpDzUnlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZno0TEo3amsxNWo1SzUzaFZfSGFXa1BOU2VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9hMGM5YWMtM2E0Ny00ZDZjLWFhMTUt
YTQyZWM4Nzc2ZmJiLzEvTzF4UF95WUJHakNLRUFfcHZNbElBYlZTc0pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9hMGM5YWMtM2E0Ny00ZDZjLWFhMTUtYTQyZWM4Nzc2ZmJi
LzEvZno0TEo3amsxNWo1SzUzaFZfSGFXa1BOU2VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBATBSJAD
BADBSJIwDQYJKoZIhvcNAQELBQADggEBAACyO5Apwvu1+MALtFgHM3K+lPK/YM02
csjBhq+7MHIeQoMJaveufikutkU6QjRe44S9qFC8zZDkB4UGAPBfIoFU2UuOpUOA
KifdjT01U/34kEYPgpGSnRRd7CieQVX8wznWCAHM/nw5XcDGIOJJRn0Ls48U9ILh
0Mpftdq4D28ujMyvTjyk5hzZ6uQD7hMBxpFKapcvLMS/MCdnr9aDSPQT1YJgnNcu
CCQboFEJUBzlnofIFiuTMf+igeeSHiiveHCJGr2wY8PXr4YAiS6xuJGJDAs1PnDG
SwD5+nV8hWLP/Fw1jmxSR1TZ9VjrLIT+UdfUyxvHR9Wysa3riER9Slg=
-----END CERTIFICATE-----