Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/S0vSbU01S9ItJ-UwBRv--R-iBvI.roa
File:                     S0vSbU01S9ItJ-UwBRv--R-iBvI.roa (raw, json)
Hash identifier:          G1Ael5iCT4NF6NtIr0dZiu1glOLWgY+sUZUmwT1473o=
Subject key identifier:   4B:4B:D2:6D:4D:35:4B:D2:2D:27:E5:30:05:1B:FE:F9:1F:A2:06:F2
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       0192051052F7103C27A058FF3019E1F957DA
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/S0vSbU01S9ItJ-UwBRv--R-iBvI.roa
Signing time:             Wed 18 Sep 2024 12:16:48 +0000
ROA not before:           Wed 18 Sep 2024 12:16:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201409
IP address blocks:        193.142.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:05:10:52:f7:10:3c:27:a0:58:ff:30:19:e1:f9:57:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Sep 18 12:16:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b4bd26d4d354bd22d27e530051bfef91fa206f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:da:51:c6:d2:d2:f9:a3:63:02:7b:16:98:22:
                    1e:63:af:2f:12:c3:7f:3c:43:32:ce:bb:29:aa:52:
                    f5:33:50:dd:f7:9a:65:ce:0c:59:e7:cb:48:cc:cb:
                    23:e0:36:5d:be:73:9c:e5:1c:58:60:ea:c5:a9:0f:
                    96:90:c4:29:da:60:1c:a8:9d:ef:06:89:85:9b:d2:
                    f1:38:ef:8e:0c:a7:67:40:6e:c9:2b:7c:39:5f:d6:
                    a0:18:2d:6a:e2:c9:b5:e1:52:6a:72:7b:99:5b:45:
                    da:0d:d6:e4:70:60:46:53:b5:06:e6:40:d8:fb:ae:
                    48:f4:09:da:ad:6c:a9:0a:33:2c:e9:58:f1:2c:30:
                    74:f5:fe:6f:7e:4b:92:85:f9:4d:53:75:e2:1f:d6:
                    7d:46:68:19:59:3b:92:dc:60:02:d8:16:ed:7a:89:
                    16:6c:4b:2c:7f:8c:03:61:a2:ce:53:32:79:b6:f9:
                    fd:a9:49:c5:c8:b9:14:1c:19:f8:a2:2a:00:bd:e2:
                    86:a4:7e:ad:67:5a:e9:d0:de:81:3c:56:17:48:14:
                    91:38:50:60:65:6c:01:49:92:2b:74:40:67:20:a1:
                    bf:14:f9:e0:be:ac:ea:4b:de:e5:82:33:b8:a7:b0:
                    bb:23:57:44:2f:eb:0f:ee:93:f5:e4:ca:12:d6:9a:
                    3d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:4B:D2:6D:4D:35:4B:D2:2D:27:E5:30:05:1B:FE:F9:1F:A2:06:F2
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/S0vSbU01S9ItJ-UwBRv--R-iBvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:1e:79:cd:5d:e0:01:e2:22:60:de:2d:9f:ed:84:42:cc:88:
         ee:47:bf:71:67:dc:fa:3c:27:20:d2:76:c5:a8:6f:db:a6:f5:
         aa:3d:5b:b1:cd:3f:6f:08:41:0e:43:7a:cf:da:a3:18:18:e8:
         00:a1:29:5d:56:57:f2:fb:e2:ff:ad:8a:c3:25:42:75:21:66:
         a1:e8:75:92:f7:9c:94:c4:05:6a:93:52:28:75:69:44:e3:6b:
         97:c6:ab:9c:86:b1:7d:e1:88:e2:6d:87:f6:cd:1d:b4:15:ca:
         5f:3f:1e:ba:79:a2:3e:5a:15:bb:ed:f5:61:31:33:e1:63:fe:
         ad:22:d5:75:63:ee:2f:52:28:9c:ef:d6:da:39:91:4b:4b:0d:
         32:05:ac:5f:c0:d7:e3:78:8b:eb:25:85:0f:10:70:c4:4f:93:
         35:e1:20:e4:6b:d8:5c:44:a7:76:5e:91:dd:b6:f0:dd:09:08:
         d4:8b:b7:29:17:b1:01:ae:47:49:d2:ac:35:41:c6:4a:c8:bd:
         3e:7f:0e:61:21:ff:7e:87:9b:f6:54:66:b7:1b:be:6a:c1:2c:
         37:81:67:35:3a:79:c4:95:d0:4a:c2:a4:34:42:44:6a:49:da:
         14:3d:da:ed:54:e6:31:13:63:2e:1b:64:53:2a:09:39:df:99:
         75:16:d0:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIFEFL3EDwnoFj/MBnh+VfaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjQwOTE4MTIxNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjRiZDI2ZDRkMzU0YmQyMmQyN2U1MzAwNTFiZmVmOTFmYTIwNmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNpRxtLS+aNjAnsWmCIeY68vEsN/
PEMyzrspqlL1M1Dd95plzgxZ58tIzMsj4DZdvnOc5RxYYOrFqQ+WkMQp2mAcqJ3v
BomFm9LxOO+ODKdnQG7JK3w5X9agGC1q4sm14VJqcnuZW0XaDdbkcGBGU7UG5kDY
+65I9AnarWypCjMs6VjxLDB09f5vfkuShflNU3XiH9Z9RmgZWTuS3GAC2BbteokW
bEssf4wDYaLOUzJ5tvn9qUnFyLkUHBn4oioAveKGpH6tZ1rp0N6BPFYXSBSROFBg
ZWwBSZIrdEBnIKG/FPngvqzqS97lgjO4p7C7I1dEL+sP7pP15MoS1po9UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEtL0m1NNUvSLSflMAUb/vkfogbyMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvUzB2U2JVMDFTOUl0Si1Vd0JSdi0tUi1pQnZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY47MA0G
CSqGSIb3DQEBCwUAA4IBAQAoHnnNXeAB4iJg3i2f7YRCzIjuR79xZ9z6PCcg0nbF
qG/bpvWqPVuxzT9vCEEOQ3rP2qMYGOgAoSldVlfy++L/rYrDJUJ1IWah6HWS95yU
xAVqk1IodWlE42uXxquchrF94YjibYf2zR20FcpfPx66eaI+WhW77fVhMTPhY/6t
ItV1Y+4vUiic79baOZFLSw0yBaxfwNfjeIvrJYUPEHDET5M14SDka9hcRKd2XpHd
tvDdCQjUi7cpF7EBrkdJ0qw1QcZKyL0+fw5hIf9+h5v2VGa3G75qwSw3gWc1OnnE
ldBKwqQ0QkRqSdoUPdrtVOYxE2MuG2RTKgk535l1FtDj
-----END CERTIFICATE-----