Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/f1QP3l8vcKw3_wVo7Y8-Pj9LyKM.roa
File:                     f1QP3l8vcKw3_wVo7Y8-Pj9LyKM.roa (raw, json)
Hash identifier:          LeQlpmtBDN22jvUFYPJWmMuwd0Wf7bp5AoKuBcwpCF8=
Subject key identifier:   7F:54:0F:DE:5F:2F:70:AC:37:FF:05:68:ED:8F:3E:3E:3F:4B:C8:A3
Certificate issuer:       /CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
Certificate serial:       018CC348F460AC5B8D0B56B95FF7FD535DFA
Authority key identifier: A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/f1QP3l8vcKw3_wVo7Y8-Pj9LyKM.roa
Signing time:             Mon 01 Jan 2024 04:29:47 +0000
ROA not before:           Mon 01 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9096
IP address blocks:        188.172.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f4:60:ac:5b:8d:0b:56:b9:5f:f7:fd:53:5d:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
        Validity
            Not Before: Jan  1 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f540fde5f2f70ac37ff0568ed8f3e3e3f4bc8a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:20:82:18:b4:8f:d8:42:51:ef:28:1f:2c:aa:
                    68:12:f7:ca:d5:38:f9:29:f8:29:84:31:7e:29:f5:
                    43:af:65:71:cf:00:8b:ed:f7:48:cc:af:f5:c2:50:
                    29:31:95:ec:06:01:88:6c:c8:5b:11:dd:8e:22:76:
                    82:67:2c:f2:7d:47:9d:4f:4a:1a:cf:53:49:32:af:
                    68:7e:8a:52:a3:82:84:61:44:23:43:8a:a3:f3:53:
                    ce:74:ba:6f:68:3f:15:d8:76:a8:b8:26:4d:77:45:
                    de:da:58:f1:98:67:53:cd:bc:72:a1:37:58:e6:38:
                    d8:4a:3b:57:a5:e5:ab:4e:08:ad:08:88:83:32:b0:
                    2f:a2:9c:25:7b:9d:38:d6:6e:87:d8:fe:4c:b5:ae:
                    b2:a1:3b:38:9c:33:8b:d9:c2:75:d4:81:b8:52:76:
                    39:54:82:1a:28:dd:80:f5:51:67:99:fe:32:1d:fb:
                    cf:b5:81:df:ca:0b:23:f7:2a:98:d7:73:c2:84:b5:
                    9d:9d:55:1f:87:1c:83:1e:f4:4e:f8:c9:cd:f2:3d:
                    7d:15:c7:d2:1d:a8:b7:3e:ee:78:0a:c5:0e:5d:66:
                    e2:5c:9f:da:4d:89:82:79:09:06:b2:e3:ad:26:9b:
                    aa:b5:c0:d4:77:49:95:42:5a:18:5d:ad:04:12:24:
                    ea:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:54:0F:DE:5F:2F:70:AC:37:FF:05:68:ED:8F:3E:3E:3F:4B:C8:A3
            X509v3 Authority Key Identifier:
                keyid:A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/f1QP3l8vcKw3_wVo7Y8-Pj9LyKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.172.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:2e:ce:bd:05:aa:c1:9d:c5:74:2c:fe:be:2d:53:e4:1d:0b:
         ab:e6:ee:b3:9d:96:43:06:26:51:fe:ef:f1:e5:67:72:7b:2e:
         35:ca:c4:f0:55:6a:0e:5c:ab:d3:6d:2c:ce:41:f0:99:52:15:
         ec:2f:d8:79:f8:e0:55:0a:cd:62:b8:df:37:c9:83:a0:16:85:
         1c:ed:8a:87:82:5e:48:10:8d:7c:55:26:35:af:62:90:4a:4f:
         03:e2:ec:cf:7d:bf:64:07:ba:f2:f2:34:af:b5:dc:e0:90:0b:
         ef:50:da:14:97:af:21:5b:34:91:91:fa:41:2c:c9:b8:79:41:
         02:b3:e4:79:4a:5f:82:9a:10:01:61:89:51:14:b3:26:8e:b7:
         bb:b6:60:49:e3:7f:ed:bd:a9:b9:c4:cc:2c:0a:55:f1:20:a5:
         3d:6b:49:95:57:b3:87:6c:3a:eb:f9:68:53:92:d0:32:88:59:
         6b:d5:ea:0f:d4:ec:08:29:a5:93:88:c2:5c:92:c1:16:08:6a:
         50:76:88:05:b3:9a:6c:dd:a6:eb:68:c7:f4:57:82:3d:4e:63:
         c0:3b:c4:97:8d:15:74:69:52:f2:c5:d4:13:1d:26:0f:de:ee:
         bc:1a:7e:21:2b:ca:80:d3:93:ae:ac:78:aa:f2:ce:99:ed:81:
         f4:e5:64:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPRgrFuNC1a5X/f9U136MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MzlhZmViYWNlODk5YThlZTBiYjRmOGJiNDQ3NWZlMjQ3
YTE1MjgwHhcNMjQwMTAxMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjU0MGZkZTVmMmY3MGFjMzdmZjA1NjhlZDhmM2UzZTNmNGJjOGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSCCGLSP2EJR7ygfLKpoEvfK1Tj5
KfgphDF+KfVDr2VxzwCL7fdIzK/1wlApMZXsBgGIbMhbEd2OInaCZyzyfUedT0oa
z1NJMq9ofopSo4KEYUQjQ4qj81POdLpvaD8V2HaouCZNd0Xe2ljxmGdTzbxyoTdY
5jjYSjtXpeWrTgitCIiDMrAvopwle5041m6H2P5Mta6yoTs4nDOL2cJ11IG4UnY5
VIIaKN2A9VFnmf4yHfvPtYHfygsj9yqY13PChLWdnVUfhxyDHvRO+MnN8j19FcfS
Hai3Pu54CsUOXWbiXJ/aTYmCeQkGsuOtJpuqtcDUd0mVQloYXa0EEiTqMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH9UD95fL3CsN/8FaO2PPj4/S8ijMB8GA1UdIwQY
MBaAFKU5r+us6Jmo7gu0+LtEdf4kehUoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYt
NzQxMzk1OTEzMTJlLzEvZjFRUDNsOHZjS3czX3dWbzdZOC1QajlMeUtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYtNzQxMzk1OTEzMTJl
LzEvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvKzFMA0G
CSqGSIb3DQEBCwUAA4IBAQBKLs69BarBncV0LP6+LVPkHQur5u6znZZDBiZR/u/x
5Wdyey41ysTwVWoOXKvTbSzOQfCZUhXsL9h5+OBVCs1iuN83yYOgFoUc7YqHgl5I
EI18VSY1r2KQSk8D4uzPfb9kB7ry8jSvtdzgkAvvUNoUl68hWzSRkfpBLMm4eUEC
s+R5Sl+CmhABYYlRFLMmjre7tmBJ43/tvam5xMwsClXxIKU9a0mVV7OHbDrr+WhT
ktAyiFlr1eoP1OwIKaWTiMJcksEWCGpQdogFs5ps3abraMf0V4I9TmPAO8SXjRV0
aVLyxdQTHSYP3u68Gn4hK8qA05OurHiq8s6Z7YH05WRW
-----END CERTIFICATE-----