Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/F1dpFz4ou2fZEkl15Q7vC2eC0Uw.roa
File:                     F1dpFz4ou2fZEkl15Q7vC2eC0Uw.roa (raw, json)
Hash identifier:          OAmB0h7Kuc44sCPwt7l21mGz22qtPJY1Wx6xM6dYSfw=
Subject key identifier:   17:57:69:17:3E:28:BB:67:D9:12:49:75:E5:0E:EF:0B:67:82:D1:4C
Certificate issuer:       /CN=f59d56c52c7733f83be774afa47bbd55d28797ac
Certificate serial:       018CC2DAEFFFED4CC113832BAFB36A4E02D6
Authority key identifier: F5:9D:56:C5:2C:77:33:F8:3B:E7:74:AF:A4:7B:BD:55:D2:87:97:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Z1WxSx3M_g753SvpHu9VdKHl6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/F1dpFz4ou2fZEkl15Q7vC2eC0Uw.roa
Signing time:             Mon 01 Jan 2024 02:29:37 +0000
ROA not before:           Mon 01 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49801
IP address blocks:        194.34.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/9Z1WxSx3M_g753SvpHu9VdKHl6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/9Z1WxSx3M_g753SvpHu9VdKHl6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Z1WxSx3M_g753SvpHu9VdKHl6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ef:ff:ed:4c:c1:13:83:2b:af:b3:6a:4e:02:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f59d56c52c7733f83be774afa47bbd55d28797ac
        Validity
            Not Before: Jan  1 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=175769173e28bb67d9124975e50eef0b6782d14c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f1:71:e8:ab:cf:d6:ce:ee:53:f4:57:c0:1a:
                    95:48:e6:0b:80:c0:f7:53:76:5e:29:cb:85:e3:d8:
                    78:d0:80:bc:e3:c9:46:25:7d:06:7c:a7:ab:f4:73:
                    22:f4:c2:3c:cd:cc:00:56:0f:99:4b:61:48:b3:50:
                    73:0c:d4:bc:6b:32:95:9e:9b:2b:06:5e:f5:4a:a7:
                    ac:3e:9b:d0:b8:2d:cd:d4:4d:d5:93:d5:f8:af:49:
                    e6:7b:6c:fd:f3:99:97:35:5e:74:bb:84:75:f5:4a:
                    55:da:db:d2:0e:64:a0:8e:98:72:23:80:45:14:94:
                    64:76:7c:75:61:b3:c4:da:1f:de:49:9f:74:d2:e6:
                    e7:fc:d4:f6:07:6b:56:33:a1:67:18:ad:1b:9f:c2:
                    67:59:4f:51:00:a0:65:55:27:1d:e4:90:3d:54:72:
                    a7:e4:75:5a:f0:1c:3e:7d:89:59:7b:2a:73:a4:ad:
                    f3:6f:b2:a9:01:1d:9d:27:e2:65:e7:78:fd:bd:a3:
                    76:1b:6d:18:8f:bb:8e:05:b8:5d:fc:1a:34:7f:9b:
                    b3:ea:39:52:c2:f7:c5:8e:ed:94:52:41:2f:3d:c9:
                    7d:b5:1e:f8:c5:50:0f:40:4c:3f:13:4a:36:f3:f8:
                    23:82:1c:ce:72:05:cd:28:4a:4e:ce:70:ac:bf:5c:
                    60:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:57:69:17:3E:28:BB:67:D9:12:49:75:E5:0E:EF:0B:67:82:D1:4C
            X509v3 Authority Key Identifier:
                keyid:F5:9D:56:C5:2C:77:33:F8:3B:E7:74:AF:A4:7B:BD:55:D2:87:97:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Z1WxSx3M_g753SvpHu9VdKHl6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/F1dpFz4ou2fZEkl15Q7vC2eC0Uw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/9Z1WxSx3M_g753SvpHu9VdKHl6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:a0:a5:79:56:f2:92:c9:5c:43:5b:9c:f5:ac:61:1e:c8:79:
         4b:3e:b2:27:29:6a:9c:fe:20:66:65:13:ce:4b:d4:a6:84:f9:
         3a:c9:20:9c:57:4e:59:56:98:39:30:d2:22:11:6d:21:33:46:
         96:1d:e5:2d:2c:2c:57:3b:df:5a:4c:d0:a1:e9:ea:72:84:e4:
         6c:ce:3e:4d:ef:44:4a:58:cb:28:0d:61:bb:42:8c:b5:22:99:
         c9:e2:85:be:0f:87:16:f9:e2:ae:3e:39:15:68:09:d4:13:7e:
         52:7f:68:13:4f:9f:52:37:c3:d5:a9:34:e7:64:0e:a5:d3:80:
         84:4b:de:30:a6:88:6e:ef:24:ce:57:41:25:ce:b1:43:c4:4d:
         f2:a6:b8:73:8d:1d:05:bf:ef:a2:24:96:73:fc:ba:c1:47:a0:
         10:ab:57:f1:d0:70:52:f1:89:00:81:f1:49:03:22:43:ef:d8:
         ec:82:1f:90:3c:a2:af:1a:81:fd:18:b5:82:77:52:b6:51:1b:
         80:c4:03:60:a7:25:08:2b:8f:b2:c8:df:17:af:ee:cf:f6:06:
         3a:5e:87:52:79:ef:41:ed:4f:38:7d:90:bb:6d:d7:38:b6:45:
         13:d4:47:8c:d7:46:90:92:91:0b:c4:a8:72:fb:34:10:6a:d8:
         fe:9e:49:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2u//7UzBE4Mrr7NqTgLWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1OWQ1NmM1MmM3NzMzZjgzYmU3NzRhZmE0N2JiZDU1ZDI4
Nzk3YWMwHhcNMjQwMTAxMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzU3NjkxNzNlMjhiYjY3ZDkxMjQ5NzVlNTBlZWYwYjY3ODJkMTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfFx6KvP1s7uU/RXwBqVSOYLgMD3
U3ZeKcuF49h40IC848lGJX0GfKer9HMi9MI8zcwAVg+ZS2FIs1BzDNS8azKVnpsr
Bl71SqesPpvQuC3N1E3Vk9X4r0nme2z985mXNV50u4R19UpV2tvSDmSgjphyI4BF
FJRkdnx1YbPE2h/eSZ900ubn/NT2B2tWM6FnGK0bn8JnWU9RAKBlVScd5JA9VHKn
5HVa8Bw+fYlZeypzpK3zb7KpAR2dJ+Jl53j9vaN2G20Yj7uOBbhd/Bo0f5uz6jlS
wvfFju2UUkEvPcl9tR74xVAPQEw/E0o28/gjghzOcgXNKEpOznCsv1xgrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBdXaRc+KLtn2RJJdeUO7wtngtFMMB8GA1UdIwQY
MBaAFPWdVsUsdzP4O+d0r6R7vVXSh5esMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVoxV3hTeDNNX2c3NTNTdnBIdTlWZEtIbDZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9jYzEwMTMtNWRjYi00ZWJjLWI3OWUt
NWMwNjdiOGI5MWE1LzEvRjFkcEZ6NG91MmZaRWtsMTVRN3ZDMmVDMFV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9jYzEwMTMtNWRjYi00ZWJjLWI3OWUtNWMwNjdiOGI5MWE1
LzEvOVoxV3hTeDNNX2c3NTNTdnBIdTlWZEtIbDZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiKhMA0G
CSqGSIb3DQEBCwUAA4IBAQCkoKV5VvKSyVxDW5z1rGEeyHlLPrInKWqc/iBmZRPO
S9SmhPk6ySCcV05ZVpg5MNIiEW0hM0aWHeUtLCxXO99aTNCh6epyhORszj5N70RK
WMsoDWG7Qoy1IpnJ4oW+D4cW+eKuPjkVaAnUE35Sf2gTT59SN8PVqTTnZA6l04CE
S94wpohu7yTOV0ElzrFDxE3yprhzjR0Fv++iJJZz/LrBR6AQq1fx0HBS8YkAgfFJ
AyJD79jsgh+QPKKvGoH9GLWCd1K2URuAxANgpyUIK4+yyN8Xr+7P9gY6XodSee9B
7U84fZC7bdc4tkUT1EeM10aQkpELxKhy+zQQatj+nkn7
-----END CERTIFICATE-----