Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/febb2e-f0da-4d74-b547-f7401b4e4b4a/1/1-k_KmZOBusITFY5I4gikxD7IMzQ.roa
File:                     1-k_KmZOBusITFY5I4gikxD7IMzQ.roa (raw, json)
Hash identifier:          79zln1HPthu79FYLzjfgPfgoaBv6A7oXYyV1p8vlRK8=
Subject key identifier:   FA:4F:CA:99:93:81:BA:C2:13:15:8E:48:E2:08:A4:C4:3E:C8:33:34
Certificate issuer:       /CN=887d30119351500f259a57e2ff6850797d1b4e1a
Certificate serial:       018CC42476C745FD333D7791ADB728818B77
Authority key identifier: 88:7D:30:11:93:51:50:0F:25:9A:57:E2:FF:68:50:79:7D:1B:4E:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iH0wEZNRUA8lmlfi_2hQeX0bTho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/febb2e-f0da-4d74-b547-f7401b4e4b4a/1/1-k_KmZOBusITFY5I4gikxD7IMzQ.roa
Signing time:             Mon 01 Jan 2024 08:29:33 +0000
ROA not before:           Mon 01 Jan 2024 08:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12570
IP address blocks:        193.17.248.0/22 maxlen: 22
                          195.78.122.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/febb2e-f0da-4d74-b547-f7401b4e4b4a/1/iH0wEZNRUA8lmlfi_2hQeX0bTho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/febb2e-f0da-4d74-b547-f7401b4e4b4a/1/iH0wEZNRUA8lmlfi_2hQeX0bTho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iH0wEZNRUA8lmlfi_2hQeX0bTho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:76:c7:45:fd:33:3d:77:91:ad:b7:28:81:8b:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=887d30119351500f259a57e2ff6850797d1b4e1a
        Validity
            Not Before: Jan  1 08:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa4fca999381bac213158e48e208a4c43ec83334
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:2a:9b:69:5c:10:fe:ed:77:38:4a:4b:5e:47:
                    c9:9e:e3:f8:f9:47:40:be:b2:03:15:ac:f8:3c:d7:
                    ab:e3:3e:2e:d1:ed:aa:16:2f:6b:14:1f:e4:5f:15:
                    b0:8c:18:7c:ad:cd:0e:84:82:69:ac:44:d6:4e:d7:
                    59:dc:1c:1a:30:2c:fe:ef:60:dd:a8:f4:8f:be:87:
                    a1:4f:4b:f6:f2:fb:0c:f7:d0:08:56:f0:e9:31:ce:
                    e1:24:59:a7:90:8a:58:a3:05:d2:3e:a0:5a:c5:71:
                    b7:00:c9:52:be:7c:06:3f:80:88:bd:db:dc:b6:b7:
                    5a:f4:c2:19:90:98:fb:41:98:60:bb:2c:45:6c:8b:
                    85:ca:49:8c:d7:45:08:d2:7d:e1:66:ef:7b:f6:9c:
                    9c:89:62:c5:1c:d0:89:d2:96:f1:a2:96:b2:db:10:
                    38:2c:aa:e8:91:84:e5:77:ac:c0:1b:74:f3:d7:3e:
                    fa:ca:1b:b6:82:fe:ef:2b:7d:04:28:56:85:a1:7c:
                    14:e0:35:f6:46:7c:9f:17:8f:ad:49:0b:b3:68:1b:
                    95:9f:54:08:ab:8f:80:ef:fa:e3:7e:44:90:79:6d:
                    68:50:2c:c5:76:b6:77:3e:30:f4:bd:91:f0:fe:9a:
                    cb:ac:af:f0:2c:bf:2b:7e:6f:b8:78:d4:f5:4a:20:
                    af:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:4F:CA:99:93:81:BA:C2:13:15:8E:48:E2:08:A4:C4:3E:C8:33:34
            X509v3 Authority Key Identifier:
                keyid:88:7D:30:11:93:51:50:0F:25:9A:57:E2:FF:68:50:79:7D:1B:4E:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iH0wEZNRUA8lmlfi_2hQeX0bTho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/febb2e-f0da-4d74-b547-f7401b4e4b4a/1/1-k_KmZOBusITFY5I4gikxD7IMzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/febb2e-f0da-4d74-b547-f7401b4e4b4a/1/iH0wEZNRUA8lmlfi_2hQeX0bTho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.248.0/22
                  195.78.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:3a:ca:79:6e:59:a3:16:12:4b:fc:15:a6:64:1a:b7:24:30:
         55:7e:62:42:9e:21:3a:1e:dc:2a:2f:cb:d2:19:c7:73:2f:98:
         8a:12:f9:12:db:1f:87:e4:ff:02:6d:3b:ee:00:cc:22:6a:09:
         30:5e:53:30:41:82:4f:da:c0:86:b0:87:22:a2:de:6e:06:77:
         45:4b:d4:d7:d1:9a:04:de:fa:55:76:22:1b:45:c2:4a:e7:6d:
         77:18:80:6d:27:76:d5:68:bb:38:5d:41:ed:1c:87:36:f6:17:
         06:6f:c9:6e:55:55:a2:b9:97:d8:5b:3a:ae:76:dd:0c:23:07:
         d0:d3:57:92:34:47:a2:b3:3b:cd:91:d1:a8:7f:eb:d2:5f:87:
         ed:b7:5a:c0:11:f3:45:72:74:f6:75:5a:36:3c:42:b8:7e:63:
         89:7a:3d:e4:a7:11:ed:21:de:02:79:70:10:f5:26:22:a7:3e:
         ea:db:da:bc:6f:68:78:c4:b3:a7:be:1c:88:25:87:4e:cd:77:
         0b:b8:b3:57:73:60:02:2b:cd:76:6f:0e:14:19:ec:7b:a3:35:
         d4:b6:bf:42:76:f2:c1:21:78:74:1e:23:28:b3:78:e3:dd:f7:
         5f:7f:97:3a:c7:df:93:ca:b1:08:76:9b:38:25:a3:3e:d1:79:
         64:e1:ca:23
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzEJHbHRf0zPXeRrbcogYt3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4N2QzMDExOTM1MTUwMGYyNTlhNTdlMmZmNjg1MDc5N2Qx
YjRlMWEwHhcNMjQwMTAxMDgyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTRmY2E5OTkzODFiYWMyMTMxNThlNDhlMjA4YTRjNDNlYzgzMzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCqbaVwQ/u13OEpLXkfJnuP4+UdA
vrIDFaz4PNer4z4u0e2qFi9rFB/kXxWwjBh8rc0OhIJprETWTtdZ3BwaMCz+72Dd
qPSPvoehT0v28vsM99AIVvDpMc7hJFmnkIpYowXSPqBaxXG3AMlSvnwGP4CIvdvc
trda9MIZkJj7QZhguyxFbIuFykmM10UI0n3hZu979pyciWLFHNCJ0pbxopay2xA4
LKrokYTld6zAG3Tz1z76yhu2gv7vK30EKFaFoXwU4DX2RnyfF4+tSQuzaBuVn1QI
q4+A7/rjfkSQeW1oUCzFdrZ3PjD0vZHw/prLrK/wLL8rfm+4eNT1SiCv3QIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPpPypmTgbrCExWOSOIIpMQ+yDM0MB8GA1UdIwQY
MBaAFIh9MBGTUVAPJZpX4v9oUHl9G04aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUgwd0VaTlJVQThsbWxmaV8yaFFlWDBiVGhvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC9mZWJiMmUtZjBkYS00ZDc0LWI1NDct
Zjc0MDFiNGU0YjRhLzEvMS1rX0ttWk9CdXNJVEZZNUk0Z2lreEQ3SU16US5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjgvZmViYjJlLWYwZGEtNGQ3NC1iNTQ3LWY3NDAxYjRlNGI0
YS8xL2lIMHdFWk5SVUE4bG1sZmlfMmhRZVgwYlRoby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAsER+AME
AcNOejANBgkqhkiG9w0BAQsFAAOCAQEALTrKeW5ZoxYSS/wVpmQatyQwVX5iQp4h
Oh7cKi/L0hnHcy+YihL5Etsfh+T/Am077gDMImoJMF5TMEGCT9rAhrCHIqLebgZ3
RUvU19GaBN76VXYiG0XCSudtdxiAbSd21Wi7OF1B7RyHNvYXBm/JblVVormX2Fs6
rnbdDCMH0NNXkjRHorM7zZHRqH/r0l+H7bdawBHzRXJ09nVaNjxCuH5jiXo95KcR
7SHeAnlwEPUmIqc+6tvavG9oeMSzp74ciCWHTs13C7izV3NgAivNdm8OFBnse6M1
1La/QnbywSF4dB4jKLN44933X3+XOsffk8qxCHabOCWjPtF5ZOHKIw==
-----END CERTIFICATE-----