Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/280b76-15ac-4c68-8032-f3797ef348ff/1/9fpAJyJU7G4LtmgpCCq7DMKyVQk.roa
File:                     9fpAJyJU7G4LtmgpCCq7DMKyVQk.roa (raw, json)
Hash identifier:          chFLywLNzX0pLe8MTyYEnc2ZHkL5IPeKZlx3UMt6MnE=
Subject key identifier:   F5:FA:40:27:22:54:EC:6E:0B:B6:68:29:08:2A:BB:0C:C2:B2:55:09
Certificate issuer:       /CN=05ad79492e809934d693b11855e75103241569eb
Certificate serial:       018CC6B77CA4E9E822D4600879806CA9022C
Authority key identifier: 05:AD:79:49:2E:80:99:34:D6:93:B1:18:55:E7:51:03:24:15:69:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ba15SS6AmTTWk7EYVedRAyQVaes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/280b76-15ac-4c68-8032-f3797ef348ff/1/9fpAJyJU7G4LtmgpCCq7DMKyVQk.roa
Signing time:             Mon 01 Jan 2024 20:29:22 +0000
ROA not before:           Mon 01 Jan 2024 20:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2269
IP address blocks:        138.231.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/280b76-15ac-4c68-8032-f3797ef348ff/1/Ba15SS6AmTTWk7EYVedRAyQVaes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/280b76-15ac-4c68-8032-f3797ef348ff/1/Ba15SS6AmTTWk7EYVedRAyQVaes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ba15SS6AmTTWk7EYVedRAyQVaes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:7c:a4:e9:e8:22:d4:60:08:79:80:6c:a9:02:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05ad79492e809934d693b11855e75103241569eb
        Validity
            Not Before: Jan  1 20:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5fa40272254ec6e0bb66829082abb0cc2b25509
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:73:23:af:34:5a:ff:84:4c:de:0d:d4:8e:65:
                    55:5b:4f:e7:5f:a9:91:19:79:dc:f4:00:8b:18:0c:
                    b2:77:25:89:f7:c9:3e:3f:16:e1:df:a0:33:14:af:
                    6c:bf:a2:d1:4c:bc:cb:e4:35:5e:1f:18:8d:08:29:
                    2e:01:56:e8:19:03:89:dd:37:31:f0:d6:85:58:f2:
                    bb:9e:75:7d:1b:55:d4:ce:8d:27:b1:61:10:c5:3d:
                    05:7b:f6:46:61:c6:13:6b:24:95:48:af:3a:9d:4e:
                    ab:9b:10:a5:b3:d2:7c:47:ae:06:6a:74:63:d0:4e:
                    80:c3:d2:c5:fb:1b:64:91:a8:23:d1:5e:8a:98:1b:
                    77:d5:4d:00:c9:63:09:be:84:6e:d7:bb:a9:16:5a:
                    a2:8d:5e:56:c5:30:ca:22:a0:78:af:6b:88:45:14:
                    de:7c:0e:06:6a:1a:f9:38:69:15:c4:3f:bf:0a:3f:
                    d9:ad:d1:14:6b:b3:73:60:1b:90:83:a9:56:dc:bc:
                    6c:b6:5b:ef:f9:f3:61:d9:9b:c7:4a:dd:ae:0f:25:
                    bd:1c:00:f4:55:c4:24:fe:30:92:39:fc:92:d1:01:
                    53:28:a9:df:25:ce:68:9d:a6:66:20:e1:61:5a:f3:
                    4f:58:94:d8:c4:68:99:5e:a3:e8:ed:c4:71:ad:2d:
                    79:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:FA:40:27:22:54:EC:6E:0B:B6:68:29:08:2A:BB:0C:C2:B2:55:09
            X509v3 Authority Key Identifier:
                keyid:05:AD:79:49:2E:80:99:34:D6:93:B1:18:55:E7:51:03:24:15:69:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ba15SS6AmTTWk7EYVedRAyQVaes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/280b76-15ac-4c68-8032-f3797ef348ff/1/9fpAJyJU7G4LtmgpCCq7DMKyVQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/280b76-15ac-4c68-8032-f3797ef348ff/1/Ba15SS6AmTTWk7EYVedRAyQVaes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.231.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a7:5c:f5:b0:a7:16:78:ce:37:77:63:a9:17:d9:09:00:63:5e:
         cb:f8:a8:ee:99:6a:b4:26:b2:dd:8c:86:a5:87:00:76:cb:06:
         7c:d3:0d:1b:7b:64:55:13:93:af:bf:75:c0:fc:0a:84:33:82:
         e5:01:13:e5:3f:a3:36:ed:7f:00:ad:e6:3e:2d:f0:f1:da:c2:
         cf:0b:bf:e5:e9:b2:59:15:bb:9e:ac:ca:2b:f5:77:db:d4:93:
         a4:ee:97:66:b2:d8:d9:1d:bb:03:1b:23:54:07:9c:ad:04:f3:
         fe:a0:42:64:ce:8a:55:e1:a4:1e:ce:c6:03:e1:2d:b4:13:19:
         c4:70:db:86:bf:2a:52:30:6d:c2:8e:64:f4:fc:68:43:d0:a1:
         b7:e7:fb:ac:60:45:c9:5d:86:9d:79:5e:d3:10:4b:7c:54:65:
         73:69:9d:5a:61:91:c1:37:03:f2:74:64:c7:23:fb:54:7c:ed:
         c5:e8:44:46:18:95:77:a1:76:62:b9:36:d7:7a:1b:3c:ce:d3:
         cb:c5:ba:e6:57:9d:cc:96:ae:7e:5b:70:6a:6c:df:77:c5:45:
         3a:ff:5b:2b:9d:73:e8:47:70:b5:f1:d5:b9:0d:19:bb:fa:82:
         27:e4:34:84:96:96:5b:89:31:0f:42:44:d5:8d:fa:cd:2a:6b:
         30:a9:8e:d2
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzGt3yk6egi1GAIeYBsqQIsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YWQ3OTQ5MmU4MDk5MzRkNjkzYjExODU1ZTc1MTAzMjQx
NTY5ZWIwHhcNMjQwMTAxMjAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWZhNDAyNzIyNTRlYzZlMGJiNjY4MjkwODJhYmIwY2MyYjI1NTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3MjrzRa/4RM3g3UjmVVW0/nX6mR
GXnc9ACLGAyydyWJ98k+Pxbh36AzFK9sv6LRTLzL5DVeHxiNCCkuAVboGQOJ3Tcx
8NaFWPK7nnV9G1XUzo0nsWEQxT0Fe/ZGYcYTaySVSK86nU6rmxCls9J8R64GanRj
0E6Aw9LF+xtkkagj0V6KmBt31U0AyWMJvoRu17upFlqijV5WxTDKIqB4r2uIRRTe
fA4Gahr5OGkVxD+/Cj/ZrdEUa7NzYBuQg6lW3Lxstlvv+fNh2ZvHSt2uDyW9HAD0
VcQk/jCSOfyS0QFTKKnfJc5onaZmIOFhWvNPWJTYxGiZXqPo7cRxrS15swIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFPX6QCciVOxuC7ZoKQgquwzCslUJMB8GA1UdIwQY
MBaAFAWteUkugJk01pOxGFXnUQMkFWnrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmExNVNTNkFtVFRXazdFWVZlZFJBeVFWYWVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yODBiNzYtMTVhYy00YzY4LTgwMzIt
ZjM3OTdlZjM0OGZmLzEvOWZwQUp5SlU3RzRMdG1ncENDcTdETUt5VlFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yODBiNzYtMTVhYy00YzY4LTgwMzItZjM3OTdlZjM0OGZm
LzEvQmExNVNTNkFtVFRXazdFWVZlZFJBeVFWYWVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAiucwDQYJ
KoZIhvcNAQELBQADggEBAKdc9bCnFnjON3djqRfZCQBjXsv4qO6ZarQmst2MhqWH
AHbLBnzTDRt7ZFUTk6+/dcD8CoQzguUBE+U/ozbtfwCt5j4t8PHaws8Lv+XpslkV
u56syiv1d9vUk6Tul2ay2NkduwMbI1QHnK0E8/6gQmTOilXhpB7OxgPhLbQTGcRw
24a/KlIwbcKOZPT8aEPQobfn+6xgRcldhp15XtMQS3xUZXNpnVphkcE3A/J0ZMcj
+1R87cXoREYYlXehdmK5Ntd6GzzO08vFuuZXncyWrn5bcGps33fFRTr/Wyudc+hH
cLXx1bkNGbv6gifkNISWlluJMQ9CRNWN+s0qazCpjtI=
-----END CERTIFICATE-----