Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/c7cbb1-0dcd-42f4-bf63-3df471c01c9e/1/FT3CF6YlG5uXv5-cAyXfOIfTv-8.roa
File:                     FT3CF6YlG5uXv5-cAyXfOIfTv-8.roa (raw, json)
Hash identifier:          xtwMuss8s4xAcsLkyE0NWzm82p09om3rnXEY4zTdghw=
Subject key identifier:   15:3D:C2:17:A6:25:1B:9B:97:BF:9F:9C:03:25:DF:38:87:D3:BF:EF
Certificate issuer:       /CN=ff329b98904a2ece8482e0f258f5c34fead58ce2
Certificate serial:       018CC7273C9E99CFC584119AD2BB0859063C
Authority key identifier: FF:32:9B:98:90:4A:2E:CE:84:82:E0:F2:58:F5:C3:4F:EA:D5:8C:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_zKbmJBKLs6EguDyWPXDT-rVjOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/c7cbb1-0dcd-42f4-bf63-3df471c01c9e/1/FT3CF6YlG5uXv5-cAyXfOIfTv-8.roa
Signing time:             Mon 01 Jan 2024 22:31:26 +0000
ROA not before:           Mon 01 Jan 2024 22:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1930
IP address blocks:        192.136.52.0/24 maxlen: 24
                          192.92.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/c7cbb1-0dcd-42f4-bf63-3df471c01c9e/1/_zKbmJBKLs6EguDyWPXDT-rVjOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/c7cbb1-0dcd-42f4-bf63-3df471c01c9e/1/_zKbmJBKLs6EguDyWPXDT-rVjOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_zKbmJBKLs6EguDyWPXDT-rVjOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3c:9e:99:cf:c5:84:11:9a:d2:bb:08:59:06:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff329b98904a2ece8482e0f258f5c34fead58ce2
        Validity
            Not Before: Jan  1 22:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=153dc217a6251b9b97bf9f9c0325df3887d3bfef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:0d:4f:14:7c:eb:6f:97:62:85:09:c1:93:f4:
                    76:23:f7:4f:55:3f:02:f4:d0:e0:93:32:ee:3c:0e:
                    87:d5:87:4e:6e:e8:e2:b4:13:b2:6c:d0:3c:89:e9:
                    9c:3f:08:17:c3:62:c2:dc:5c:e6:47:b2:38:ec:65:
                    b9:62:4c:2a:1a:ff:d3:71:eb:a4:f3:28:2e:a4:13:
                    ce:24:5e:b4:bd:f9:ad:36:c0:25:8f:5e:7f:68:1b:
                    f1:aa:b9:d7:c3:40:cf:d4:5d:3d:c4:03:ba:84:24:
                    84:09:a1:49:d2:ac:bd:e7:87:48:2e:da:69:46:2b:
                    2e:bd:31:80:39:80:f4:bf:6a:6b:95:ae:08:e4:1e:
                    22:26:cb:e3:32:a6:9c:b8:cb:a3:fb:dd:5f:89:11:
                    2b:bf:fe:55:a4:16:7c:2a:6c:96:22:e8:9d:88:f2:
                    f2:51:37:32:01:2f:33:d9:d6:2f:2f:cb:e3:b7:3b:
                    65:ee:8a:6f:c5:04:6d:ef:d9:2c:fc:69:ea:29:17:
                    6d:f3:36:fc:20:50:11:0f:d5:ea:e1:23:22:73:d7:
                    00:18:5b:d3:14:5f:0b:82:cf:f7:14:da:f1:f0:70:
                    b3:5c:1d:35:98:11:db:ee:21:19:4d:a2:f2:0d:fe:
                    20:88:08:c6:73:0b:f7:4b:5e:87:9e:90:d6:f7:86:
                    81:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:3D:C2:17:A6:25:1B:9B:97:BF:9F:9C:03:25:DF:38:87:D3:BF:EF
            X509v3 Authority Key Identifier:
                keyid:FF:32:9B:98:90:4A:2E:CE:84:82:E0:F2:58:F5:C3:4F:EA:D5:8C:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_zKbmJBKLs6EguDyWPXDT-rVjOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/c7cbb1-0dcd-42f4-bf63-3df471c01c9e/1/FT3CF6YlG5uXv5-cAyXfOIfTv-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/c7cbb1-0dcd-42f4-bf63-3df471c01c9e/1/_zKbmJBKLs6EguDyWPXDT-rVjOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.92.133.0/24
                  192.136.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:93:7c:06:dd:84:5e:c7:16:db:13:2e:af:02:e9:90:4f:ae:
         0c:a8:df:e8:8a:ac:97:a2:d5:36:9d:75:84:d0:62:85:e7:ef:
         d8:24:56:03:0a:7b:a6:e9:d6:28:5f:4e:c7:1b:e0:97:38:33:
         22:98:f7:06:93:b7:a7:f7:4a:a1:4d:22:a5:17:38:9c:25:fe:
         dc:4e:67:1f:7d:7e:c5:05:a4:21:26:5e:3e:32:3d:38:e5:e2:
         97:5b:85:fe:82:67:35:08:ec:bc:ef:97:8f:06:6a:8d:db:4e:
         08:2b:a3:5e:fc:22:a1:3f:a7:15:a3:8b:0b:0f:74:8c:76:71:
         bf:0e:fb:b9:06:76:48:41:80:87:bc:db:72:b4:5b:5f:75:78:
         96:4f:4b:e7:7b:11:e4:84:c7:91:da:8e:fe:58:2e:82:58:e2:
         d5:8f:f2:c7:0d:83:37:ba:31:cb:21:26:42:27:9e:c8:ca:29:
         1b:82:0e:87:92:d5:a7:67:07:7e:0a:03:43:0f:8c:c4:ad:dd:
         ca:49:ca:f2:21:74:64:3c:49:29:48:07:c9:b2:b9:06:8d:3b:
         66:fc:f5:62:37:ce:9a:82:03:0f:fe:63:1f:a9:6b:e4:1e:ec:
         9e:20:75:ae:19:2c:61:98:6f:36:d5:a8:02:fe:cf:e4:aa:d7:
         c9:e2:2f:a6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJzyemc/FhBGa0rsIWQY8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMzI5Yjk4OTA0YTJlY2U4NDgyZTBmMjU4ZjVjMzRmZWFk
NThjZTIwHhcNMjQwMTAxMjIzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTNkYzIxN2E2MjUxYjliOTdiZjlmOWMwMzI1ZGYzODg3ZDNiZmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAng1PFHzrb5dihQnBk/R2I/dPVT8C
9NDgkzLuPA6H1YdObujitBOybNA8iemcPwgXw2LC3FzmR7I47GW5YkwqGv/Tceuk
8ygupBPOJF60vfmtNsAlj15/aBvxqrnXw0DP1F09xAO6hCSECaFJ0qy954dILtpp
RisuvTGAOYD0v2prla4I5B4iJsvjMqacuMuj+91fiRErv/5VpBZ8KmyWIuidiPLy
UTcyAS8z2dYvL8vjtztl7opvxQRt79ks/GnqKRdt8zb8IFARD9Xq4SMic9cAGFvT
FF8Lgs/3FNrx8HCzXB01mBHb7iEZTaLyDf4giAjGcwv3S16HnpDW94aBxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBU9whemJRubl7+fnAMl3ziH07/vMB8GA1UdIwQY
MBaAFP8ym5iQSi7OhILg8lj1w0/q1YziMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3pLYm1KQktMczZFZ3VEeVdQWERULXJWak9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9jN2NiYjEtMGRjZC00MmY0LWJmNjMt
M2RmNDcxYzAxYzllLzEvRlQzQ0Y2WWxHNXVYdjUtY0F5WGZPSWZUdi04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9jN2NiYjEtMGRjZC00MmY0LWJmNjMtM2RmNDcxYzAxYzll
LzEvX3pLYm1KQktMczZFZ3VEeVdQWERULXJWak9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwFyFAwQA
wIg0MA0GCSqGSIb3DQEBCwUAA4IBAQCik3wG3YRexxbbEy6vAumQT64MqN/oiqyX
otU2nXWE0GKF5+/YJFYDCnum6dYoX07HG+CXODMimPcGk7en90qhTSKlFzicJf7c
TmcffX7FBaQhJl4+Mj045eKXW4X+gmc1COy875ePBmqN204IK6Ne/CKhP6cVo4sL
D3SMdnG/Dvu5BnZIQYCHvNtytFtfdXiWT0vnexHkhMeR2o7+WC6CWOLVj/LHDYM3
ujHLISZCJ57Iyikbgg6HktWnZwd+CgNDD4zErd3KScryIXRkPEkpSAfJsrkGjTtm
/PViN86aggMP/mMfqWvkHuyeIHWuGSxhmG821agC/s/kqtfJ4i+m
-----END CERTIFICATE-----