Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/1-mOfjPsinzJyfgRyyH4-k8ihSMo.roa
File:                     1-mOfjPsinzJyfgRyyH4-k8ihSMo.roa (raw, json)
Hash identifier:          Frb4Ye3+QzepfUs8CX3LzwLDSc5KFGMRFTB6UuKxt7o=
Subject key identifier:   FA:63:9F:8C:FB:22:9F:32:72:7E:04:72:C8:7E:3E:93:C8:A1:48:CA
Certificate issuer:       /CN=331ed3d7ba511ca6002d845b3c0aa8111a3559cf
Certificate serial:       018CC56E831BE2047B24567FFBB2C0560ABD
Authority key identifier: 33:1E:D3:D7:BA:51:1C:A6:00:2D:84:5B:3C:0A:A8:11:1A:35:59:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mx7T17pRHKYALYRbPAqoERo1Wc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/1-mOfjPsinzJyfgRyyH4-k8ihSMo.roa
Signing time:             Mon 01 Jan 2024 14:30:03 +0000
ROA not before:           Mon 01 Jan 2024 14:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201921
IP address blocks:        194.33.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/Mx7T17pRHKYALYRbPAqoERo1Wc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/Mx7T17pRHKYALYRbPAqoERo1Wc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mx7T17pRHKYALYRbPAqoERo1Wc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:83:1b:e2:04:7b:24:56:7f:fb:b2:c0:56:0a:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=331ed3d7ba511ca6002d845b3c0aa8111a3559cf
        Validity
            Not Before: Jan  1 14:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa639f8cfb229f32727e0472c87e3e93c8a148ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f7:f3:5e:13:98:da:39:f1:0f:0a:d1:d0:77:
                    e9:e0:b0:63:59:72:97:77:35:c0:6e:93:9a:ce:af:
                    ab:71:48:2c:85:f8:98:51:7e:e6:65:3d:43:c7:42:
                    18:4d:b6:b3:42:a9:ff:06:f9:88:ac:75:64:07:0d:
                    40:ba:a6:72:c8:12:4d:06:b9:48:ee:b7:db:c3:7d:
                    f9:26:e0:0e:89:3b:09:ad:7d:fe:97:e8:80:40:b3:
                    29:df:1c:fd:dc:95:d7:90:d2:5d:12:84:76:42:82:
                    cf:73:5d:26:12:0d:88:a9:66:c8:ce:6e:6d:c7:3d:
                    61:16:aa:18:3b:6a:f7:31:7b:03:72:74:cb:c0:cd:
                    59:bd:29:78:8a:45:7d:a5:b1:a5:8b:da:11:6b:56:
                    98:5f:7d:af:3f:e3:8c:f5:33:25:fb:6c:50:3b:5d:
                    cd:18:30:cf:f4:a5:d4:0b:e9:66:0d:0f:ad:b4:c4:
                    6d:57:2e:7e:a0:12:8a:b7:fc:6b:7b:8f:b4:de:f3:
                    2b:66:32:ec:32:d7:74:fa:09:4b:93:e1:b9:c8:74:
                    60:a7:d7:e1:43:0c:fd:f7:45:a9:b7:8d:44:b4:d9:
                    ae:1c:ef:8b:09:4f:8e:48:e1:16:0e:4f:28:17:01:
                    dd:52:06:53:26:10:58:e5:8c:b3:49:99:21:ee:6a:
                    de:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:63:9F:8C:FB:22:9F:32:72:7E:04:72:C8:7E:3E:93:C8:A1:48:CA
            X509v3 Authority Key Identifier:
                keyid:33:1E:D3:D7:BA:51:1C:A6:00:2D:84:5B:3C:0A:A8:11:1A:35:59:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mx7T17pRHKYALYRbPAqoERo1Wc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/1-mOfjPsinzJyfgRyyH4-k8ihSMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/Mx7T17pRHKYALYRbPAqoERo1Wc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:fc:c7:ec:21:ba:20:01:99:ad:3a:f3:c8:1b:27:32:26:aa:
         f0:77:3b:5d:5e:d5:f5:97:83:88:c4:b5:99:df:fe:9b:29:ea:
         6f:7c:9e:4a:c6:af:cc:97:e3:3b:32:51:d9:d2:85:29:8b:6c:
         f0:9c:b1:f0:33:61:6e:75:f2:6e:70:c1:73:e1:bc:ed:fe:fd:
         a1:10:83:69:43:b5:53:09:fe:13:2a:7e:8f:ce:bb:56:c7:11:
         28:73:ff:b1:21:e2:9e:b3:ec:20:16:a3:57:87:dd:c8:c6:fc:
         7a:ca:59:0b:3e:8d:97:4f:4c:59:b3:7e:c1:7f:a7:b4:f1:1d:
         0d:07:2c:3a:47:7b:7e:5d:fa:44:01:11:0f:40:11:9d:e5:81:
         8f:d1:ed:94:f8:4e:dc:f4:52:ad:89:6b:1d:73:35:2a:07:b8:
         0a:98:a9:f3:ef:ec:15:d1:a1:b3:c6:25:32:87:2a:5c:7c:c5:
         56:cf:5b:04:a9:53:64:27:b1:90:99:f5:5e:bd:d7:18:97:bc:
         01:89:45:22:b9:e2:3e:c7:5d:48:e7:28:0b:dd:42:71:5a:be:
         13:9d:0e:18:c3:7a:a1:4c:38:39:f0:e8:7c:2a:21:a0:86:8b:
         ea:9f:98:89:41:db:bf:68:f0:d4:aa:d0:01:fe:1f:da:07:1b:
         0b:9d:d8:69
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFboMb4gR7JFZ/+7LAVgq9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMWVkM2Q3YmE1MTFjYTYwMDJkODQ1YjNjMGFhODExMWEz
NTU5Y2YwHhcNMjQwMTAxMTQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTYzOWY4Y2ZiMjI5ZjMyNzI3ZTA0NzJjODdlM2U5M2M4YTE0OGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPfzXhOY2jnxDwrR0Hfp4LBjWXKX
dzXAbpOazq+rcUgshfiYUX7mZT1Dx0IYTbazQqn/BvmIrHVkBw1AuqZyyBJNBrlI
7rfbw335JuAOiTsJrX3+l+iAQLMp3xz93JXXkNJdEoR2QoLPc10mEg2IqWbIzm5t
xz1hFqoYO2r3MXsDcnTLwM1ZvSl4ikV9pbGli9oRa1aYX32vP+OM9TMl+2xQO13N
GDDP9KXUC+lmDQ+ttMRtVy5+oBKKt/xre4+03vMrZjLsMtd0+glLk+G5yHRgp9fh
Qwz990Wpt41EtNmuHO+LCU+OSOEWDk8oFwHdUgZTJhBY5YyzSZkh7mreaQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPpjn4z7Ip8ycn4Ecsh+PpPIoUjKMB8GA1UdIwQY
MBaAFDMe09e6URymAC2EWzwKqBEaNVnPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXg3VDE3cFJIS1lBTFlSYlBBcW9FUm8xV2M4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9mZWFhMWItYjdjMS00YjQ4LTk1OTQt
YmFmMjRkZDU4MzlmLzEvMS1tT2ZqUHNpbnpKeWZnUnl5SDQtazhpaFNNby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTAvZmVhYTFiLWI3YzEtNGI0OC05NTk0LWJhZjI0ZGQ1ODM5
Zi8xL014N1QxN3BSSEtZQUxZUmJQQXFvRVJvMVdjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIhUjAN
BgkqhkiG9w0BAQsFAAOCAQEAhPzH7CG6IAGZrTrzyBsnMiaq8Hc7XV7V9ZeDiMS1
md/+mynqb3yeSsavzJfjOzJR2dKFKYts8Jyx8DNhbnXybnDBc+G87f79oRCDaUO1
Uwn+Eyp+j867VscRKHP/sSHinrPsIBajV4fdyMb8espZCz6Nl09MWbN+wX+ntPEd
DQcsOkd7fl36RAERD0ARneWBj9HtlPhO3PRSrYlrHXM1Kge4Cpip8+/sFdGhs8Yl
MocqXHzFVs9bBKlTZCexkJn1Xr3XGJe8AYlFIrniPsddSOcoC91CcVq+E50OGMN6
oUw4OfDofCohoIaL6p+YiUHbv2jw1KrQAf4f2gcbC53YaQ==
-----END CERTIFICATE-----