Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/1-WsKz-qeZHaaRBEkLNMbWmuwJYQ.roa
File:                     1-WsKz-qeZHaaRBEkLNMbWmuwJYQ.roa (raw, json)
Hash identifier:          BSBKi1b1YRk/Q8TUurwQRTIn77SrxEdrKw43fm9dk1I=
Subject key identifier:   F9:6B:0A:CF:EA:9E:64:76:9A:44:11:24:2C:D3:1B:5A:6B:B0:25:84
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       018EBD9882D123CA44A271259199306471CC
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/1-WsKz-qeZHaaRBEkLNMbWmuwJYQ.roa
Signing time:             Mon 08 Apr 2024 12:04:32 +0000
ROA not before:           Mon 08 Apr 2024 12:04:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215439
IP address blocks:        212.80.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:98:82:d1:23:ca:44:a2:71:25:91:99:30:64:71:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Apr  8 12:04:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f96b0acfea9e64769a4411242cd31b5a6bb02584
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:6d:ab:72:89:28:d6:26:8c:7f:2a:c9:5a:85:
                    17:7c:2e:db:cb:e7:e8:05:7d:2f:32:d0:77:78:af:
                    1a:0d:f3:27:15:ca:16:82:0f:22:4d:5d:72:6c:98:
                    61:19:df:64:9b:25:08:15:9d:68:10:da:51:5c:60:
                    5b:5b:13:c7:bd:c6:26:eb:88:8f:72:45:91:45:0c:
                    24:36:61:ea:41:ae:6d:fd:8b:2a:ee:c8:2d:f3:89:
                    12:9d:f8:00:37:d8:cd:a4:53:81:ce:f8:82:0f:d5:
                    bb:01:81:5e:7d:42:1c:f4:7b:eb:7d:f1:64:90:bb:
                    b9:c7:f4:00:3d:06:a6:d8:70:1c:79:a7:ad:f5:8a:
                    8c:4b:1e:28:48:2c:17:54:de:dd:de:ba:2d:fa:ee:
                    8a:87:39:3a:eb:ae:65:87:39:24:2e:ab:e5:73:39:
                    5c:2b:88:36:b8:eb:42:f4:55:5b:c4:ca:03:f6:6b:
                    9f:af:46:0b:9e:f7:42:74:3d:32:a9:41:7a:15:b3:
                    dc:30:3c:ca:c3:db:dd:76:09:4f:67:a0:b9:8e:ce:
                    08:59:20:81:5a:ea:12:ff:8e:ec:4d:71:00:0a:21:
                    bc:47:bc:2d:f1:d1:34:58:d2:7b:ed:e6:85:13:04:
                    2b:26:1b:92:64:8b:6b:f0:af:77:9c:33:8b:d4:11:
                    19:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:6B:0A:CF:EA:9E:64:76:9A:44:11:24:2C:D3:1B:5A:6B:B0:25:84
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/1-WsKz-qeZHaaRBEkLNMbWmuwJYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.80.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:39:03:a3:6f:40:5f:bc:b3:71:f2:c8:91:c0:99:08:1b:64:
         59:37:53:60:03:15:6b:bb:f3:70:ba:fa:f4:58:7d:f5:7f:fa:
         7b:7d:a5:84:17:63:ed:c5:4c:b3:33:96:01:3b:60:58:31:19:
         6a:21:71:5c:bb:db:29:81:de:68:3c:31:1f:a4:85:ec:91:7d:
         8f:f5:3e:3a:dc:0e:ea:57:94:58:8f:4e:04:e8:ec:19:d9:8c:
         94:51:0b:b1:95:09:5e:5d:99:ab:35:ff:b6:c2:61:9f:3f:7f:
         8f:4c:cc:ca:fb:33:7a:4d:1d:ec:96:04:38:5e:13:cf:42:85:
         68:4b:66:5a:35:f4:e8:e0:a6:c8:70:d1:23:a9:80:6c:2e:2e:
         da:7a:8f:d4:77:b6:c3:ad:f7:5c:76:80:b1:b2:2d:e5:f9:5f:
         4b:9c:63:5d:64:15:5c:a5:67:5b:53:59:e3:e7:ed:15:c7:09:
         ae:5e:38:d9:8b:32:61:0d:b9:2b:a3:81:8f:a6:fb:27:9b:8d:
         cb:97:b2:f6:de:c0:27:16:54:65:98:4d:52:9c:ea:09:cc:72:
         c9:75:a6:18:11:d3:7b:a4:1f:07:0f:24:99:6a:19:b2:b6:94:
         8e:e5:e8:68:fc:6b:6b:c9:4f:e4:c0:46:6c:2c:7a:e3:bb:fe:
         7c:64:8a:50
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY69mILRI8pEonElkZkwZHHMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQwNDA4MTIwNDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTZiMGFjZmVhOWU2NDc2OWE0NDExMjQyY2QzMWI1YTZiYjAyNTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkm2rcoko1iaMfyrJWoUXfC7by+fo
BX0vMtB3eK8aDfMnFcoWgg8iTV1ybJhhGd9kmyUIFZ1oENpRXGBbWxPHvcYm64iP
ckWRRQwkNmHqQa5t/Ysq7sgt84kSnfgAN9jNpFOBzviCD9W7AYFefUIc9HvrffFk
kLu5x/QAPQam2HAceaet9YqMSx4oSCwXVN7d3rot+u6Khzk6665lhzkkLqvlczlc
K4g2uOtC9FVbxMoD9mufr0YLnvdCdD0yqUF6FbPcMDzKw9vddglPZ6C5js4IWSCB
WuoS/47sTXEACiG8R7wt8dE0WNJ77eaFEwQrJhuSZItr8K93nDOL1BEZ+QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPlrCs/qnmR2mkQRJCzTG1prsCWEMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvMS1Xc0t6LXFlWkhhYVJCRWtMTk1iV211d0pZUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjEvNWY2OTA2LTNmYjAtNGRmZi04ZDAxLTJhMDljYzUzYTgw
NS8xL3R5bEY5WEVERlRvSGhVNTA0aWZ5cnNIRjlEQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANRQBzAN
BgkqhkiG9w0BAQsFAAOCAQEAaDkDo29AX7yzcfLIkcCZCBtkWTdTYAMVa7vzcLr6
9Fh99X/6e32lhBdj7cVMszOWATtgWDEZaiFxXLvbKYHeaDwxH6SF7JF9j/U+OtwO
6leUWI9OBOjsGdmMlFELsZUJXl2ZqzX/tsJhnz9/j0zMyvszek0d7JYEOF4Tz0KF
aEtmWjX06OCmyHDRI6mAbC4u2nqP1He2w633XHaAsbIt5flfS5xjXWQVXKVnW1NZ
4+ftFccJrl442YsyYQ25K6OBj6b7J5uNy5ey9t7AJxZUZZhNUpzqCcxyyXWmGBHT
e6QfBw8kmWoZsraUjuXoaPxra8lP5MBGbCx647v+fGSKUA==
-----END CERTIFICATE-----