Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/fp9PQtu62Ub6kx91jcWQrC_PgRI.roa
File:                     fp9PQtu62Ub6kx91jcWQrC_PgRI.roa (raw, json)
Hash identifier:          pMeO0yybt/4DBKSC3zYq4chrQlmYKvrBRORrPi7DDvE=
Subject key identifier:   7E:9F:4F:42:DB:BA:D9:46:FA:93:1F:75:8D:C5:90:AC:2F:CF:81:12
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       0192B52A3C141D76EBC08497B28C710B7B19
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/fp9PQtu62Ub6kx91jcWQrC_PgRI.roa
Signing time:             Tue 22 Oct 2024 16:58:16 +0000
ROA not before:           Tue 22 Oct 2024 16:58:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        84.51.233.0/24 maxlen: 24
                          103.210.197.0/24 maxlen: 24
                          167.160.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b5:2a:3c:14:1d:76:eb:c0:84:97:b2:8c:71:0b:7b:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Oct 22 16:58:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e9f4f42dbbad946fa931f758dc590ac2fcf8112
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3f:51:01:f0:44:6f:f7:06:71:98:03:77:71:
                    ab:91:55:91:be:85:85:24:1c:30:c9:6b:9f:2d:8d:
                    14:da:87:1c:95:7a:83:ab:2d:3a:bf:27:70:38:c9:
                    90:06:7d:46:26:fa:d2:bb:e9:c8:82:4e:5d:c6:c0:
                    5c:5c:64:cb:41:5e:c8:c8:d3:f8:97:06:65:c3:66:
                    45:bb:68:e1:ff:c2:2c:80:1b:8b:77:4d:1f:4f:1e:
                    ef:1a:d0:ac:e8:1f:c1:3c:d7:8f:9f:9e:d0:46:fe:
                    15:9b:0a:cc:09:71:21:b2:80:0d:e4:4d:87:73:33:
                    44:c3:15:fb:83:25:5a:13:61:d4:4a:63:77:32:a7:
                    07:52:4c:92:7a:6d:6c:2e:5f:9f:26:c1:e7:3d:9f:
                    da:44:46:96:22:fb:a6:e4:35:17:aa:6f:b1:48:95:
                    67:9a:be:81:36:6b:23:03:9b:0b:ee:88:93:6a:e0:
                    0b:0d:79:a2:69:3d:b9:c1:40:0f:73:86:0e:b1:24:
                    66:ea:3f:7b:66:67:d9:d7:9a:6b:b2:8a:e4:05:79:
                    bb:bc:00:e3:69:24:b7:bc:fe:0d:ee:f2:ec:fa:e8:
                    57:41:44:fc:42:8b:db:3a:44:a5:6f:33:86:62:61:
                    27:df:17:fa:d7:c0:ad:c0:cd:cb:c3:26:23:6b:18:
                    2b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:9F:4F:42:DB:BA:D9:46:FA:93:1F:75:8D:C5:90:AC:2F:CF:81:12
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/fp9PQtu62Ub6kx91jcWQrC_PgRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.51.233.0/24
                  103.210.197.0/24
                  167.160.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:96:d8:f6:7d:f0:58:ba:b7:6e:0a:b0:f4:8b:ac:b7:65:72:
         3e:18:bc:d0:1f:07:fa:92:33:33:27:f7:67:8b:df:b7:4d:e9:
         e9:b0:c2:98:10:94:9a:b6:91:53:d9:a8:fd:5e:a2:ab:41:68:
         70:d1:86:68:de:29:78:fe:09:75:69:8c:9c:9e:7e:ca:24:03:
         6a:c0:35:2a:cf:62:a7:14:c1:47:10:ea:25:84:8d:12:e2:ee:
         ad:a6:59:a8:ce:6c:29:9d:18:fe:d7:a8:e9:79:83:bb:25:a3:
         7f:c2:72:01:37:e0:76:ab:cd:95:96:f2:09:bb:38:f4:6e:fd:
         26:65:bb:e8:b9:2d:12:e1:7b:a1:cb:df:07:69:8f:ec:93:9b:
         8c:c2:c7:e1:3d:19:ae:f8:a4:7b:a9:ee:62:21:88:73:4d:ed:
         db:2e:40:0d:ab:9f:84:80:15:fb:bc:a0:ee:98:36:68:b6:89:
         3e:5d:df:de:d8:5e:ef:77:2e:36:63:c6:3c:89:3a:f5:fe:18:
         ff:af:60:e5:42:03:5a:1a:f1:3f:f5:19:aa:34:aa:ed:8b:b4:
         08:c3:86:b9:f9:3d:59:77:3f:26:3e:41:f2:82:99:23:44:e3:
         c5:2e:01:f2:67:fd:9a:7a:e1:64:75:0b:92:c4:7d:45:78:68:
         f4:8e:1d:dd
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZK1KjwUHXbrwISXsoxxC3sZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjQxMDIyMTY1ODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTlmNGY0MmRiYmFkOTQ2ZmE5MzFmNzU4ZGM1OTBhYzJmY2Y4MTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApD9RAfBEb/cGcZgDd3GrkVWRvoWF
JBwwyWufLY0U2occlXqDqy06vydwOMmQBn1GJvrSu+nIgk5dxsBcXGTLQV7IyNP4
lwZlw2ZFu2jh/8IsgBuLd00fTx7vGtCs6B/BPNePn57QRv4VmwrMCXEhsoAN5E2H
czNEwxX7gyVaE2HUSmN3MqcHUkySem1sLl+fJsHnPZ/aREaWIvum5DUXqm+xSJVn
mr6BNmsjA5sL7oiTauALDXmiaT25wUAPc4YOsSRm6j97ZmfZ15prsorkBXm7vADj
aSS3vP4N7vLs+uhXQUT8QovbOkSlbzOGYmEn3xf618CtwM3LwyYjaxgr+QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFH6fT0LbutlG+pMfdY3FkKwvz4ESMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvZnA5UFF0dTYyVWI2a3g5MWpjV1FyQ19QZ1JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVDPpAwQA
Z9LFAwQAp6AMMA0GCSqGSIb3DQEBCwUAA4IBAQCNltj2ffBYurduCrD0i6y3ZXI+
GLzQHwf6kjMzJ/dni9+3TenpsMKYEJSatpFT2aj9XqKrQWhw0YZo3il4/gl1aYyc
nn7KJANqwDUqz2KnFMFHEOolhI0S4u6tplmozmwpnRj+16jpeYO7JaN/wnIBN+B2
q82VlvIJuzj0bv0mZbvouS0S4Xuhy98HaY/sk5uMwsfhPRmu+KR7qe5iIYhzTe3b
LkANq5+EgBX7vKDumDZotok+Xd/e2F7vdy42Y8Y8iTr1/hj/r2DlQgNaGvE/9Rmq
NKrti7QIw4a5+T1Zdz8mPkHygpkjROPFLgHyZ/2aeuFkdQuSxH1FeGj0jh3d
-----END CERTIFICATE-----