Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/1-XPcwifcxxOdk-SFS7OjquA0AZ4.roa
File:                     1-XPcwifcxxOdk-SFS7OjquA0AZ4.roa (raw, json)
Hash identifier:          hNgB1mnWBdrYdwAFmuFa5b8VuxmMoMLd8iLwSl36ReM=
Subject key identifier:   F9:73:DC:C2:27:DC:C7:13:9D:93:E4:85:4B:B3:A3:AA:E0:34:01:9E
Certificate issuer:       /CN=c7b623bbc54e9846748cd77b2b8b343827e5aeaa
Certificate serial:       019327BDCB32B904D5ED6C89E00EA6BAFA36
Authority key identifier: C7:B6:23:BB:C5:4E:98:46:74:8C:D7:7B:2B:8B:34:38:27:E5:AE:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x7Yju8VOmEZ0jNd7K4s0OCflrqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/1-XPcwifcxxOdk-SFS7OjquA0AZ4.roa
Signing time:             Wed 13 Nov 2024 22:56:09 +0000
ROA not before:           Wed 13 Nov 2024 22:56:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     394177
IP address blocks:        185.233.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/x7Yju8VOmEZ0jNd7K4s0OCflrqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/x7Yju8VOmEZ0jNd7K4s0OCflrqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x7Yju8VOmEZ0jNd7K4s0OCflrqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:27:bd:cb:32:b9:04:d5:ed:6c:89:e0:0e:a6:ba:fa:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7b623bbc54e9846748cd77b2b8b343827e5aeaa
        Validity
            Not Before: Nov 13 22:56:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f973dcc227dcc7139d93e4854bb3a3aae034019e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:22:c4:3c:52:e2:98:92:2f:df:1f:96:a5:af:
                    6b:2f:ec:89:77:a3:91:0e:a8:f6:01:cf:44:28:31:
                    bc:a9:9c:d1:7f:9b:cf:43:22:f0:7c:b2:93:b6:90:
                    a1:ce:2c:a1:c1:f3:6d:aa:d1:be:c0:ba:75:15:6a:
                    e4:5a:0b:ce:46:66:4c:21:79:9d:e9:51:4d:c0:bb:
                    a7:22:be:00:2f:62:bd:9e:5f:fd:3a:7b:37:1c:2f:
                    7f:33:e1:57:39:3a:3b:ab:20:7b:c0:3a:52:ac:4a:
                    fa:fe:67:05:9a:1b:be:a0:38:bf:ca:9a:0d:b8:84:
                    26:66:ff:7e:ac:c1:a9:46:31:10:03:80:eb:63:6f:
                    fe:11:bb:85:dc:c0:28:45:62:14:25:bf:1d:b0:b0:
                    47:0b:34:ef:f8:3b:a6:44:8e:dd:ab:46:e7:f0:e1:
                    93:18:bb:74:4a:62:78:f8:a0:38:5f:28:13:fd:a8:
                    3c:9a:2e:cc:39:a0:b2:b6:42:bd:8c:5b:70:3b:29:
                    90:de:0c:9a:7d:bb:e5:92:d2:07:3b:07:1a:7c:ee:
                    6d:dd:4f:87:11:b5:ce:a9:c3:d9:2f:a8:f3:93:96:
                    40:ab:ad:67:b3:c2:04:37:4d:25:b6:ec:e8:87:4d:
                    64:39:9f:59:b3:d1:9d:91:07:bf:cf:00:7e:84:f5:
                    00:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:73:DC:C2:27:DC:C7:13:9D:93:E4:85:4B:B3:A3:AA:E0:34:01:9E
            X509v3 Authority Key Identifier:
                keyid:C7:B6:23:BB:C5:4E:98:46:74:8C:D7:7B:2B:8B:34:38:27:E5:AE:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x7Yju8VOmEZ0jNd7K4s0OCflrqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/1-XPcwifcxxOdk-SFS7OjquA0AZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/x7Yju8VOmEZ0jNd7K4s0OCflrqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:09:aa:ad:2c:4b:33:26:ce:15:b2:3d:15:77:92:f7:ea:a8:
         fd:92:d1:0d:29:0d:73:20:7d:78:05:16:2d:7a:ea:2e:af:5a:
         79:1c:4d:ef:93:72:07:22:f3:a3:24:b5:1c:9e:ee:37:c4:02:
         91:e2:96:c9:79:48:0c:ae:55:15:2c:00:e7:d0:b7:fc:44:16:
         5c:f7:2e:1d:90:a0:24:8f:a9:ff:9f:98:36:6e:62:ce:6d:70:
         22:8e:4e:2a:0e:e3:61:3c:e5:f8:bd:e3:62:8a:69:3d:d2:52:
         c6:82:6a:4b:eb:c8:a2:96:3c:48:1c:8d:d2:bb:ec:f1:f8:af:
         6b:74:a3:35:bc:6a:2a:b7:d5:7c:be:6e:d7:40:6c:c5:4f:bf:
         19:0a:38:ad:34:59:12:fc:ed:7b:d2:4c:5b:ca:39:97:88:60:
         63:79:9b:d5:7c:63:33:0b:15:80:00:fc:8b:4a:09:a2:e3:1e:
         20:66:20:f7:4e:a5:ad:76:30:2b:1e:2b:e2:54:03:48:b1:a7:
         ba:c0:74:2c:dd:80:48:21:8d:09:2c:4a:a4:41:6c:ea:ee:5a:
         b8:2f:30:14:8e:84:6c:ed:a5:59:06:ec:e0:38:28:42:11:29:
         bb:89:cd:30:b3:a7:2e:a8:dc:4a:86:7a:40:8d:1b:2f:37:1e:
         27:43:19:a1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZMnvcsyuQTV7WyJ4A6muvo2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3YjYyM2JiYzU0ZTk4NDY3NDhjZDc3YjJiOGIzNDM4Mjdl
NWFlYWEwHhcNMjQxMTEzMjI1NjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTczZGNjMjI3ZGNjNzEzOWQ5M2U0ODU0YmIzYTNhYWUwMzQwMTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CLEPFLimJIv3x+Wpa9rL+yJd6OR
Dqj2Ac9EKDG8qZzRf5vPQyLwfLKTtpChziyhwfNtqtG+wLp1FWrkWgvORmZMIXmd
6VFNwLunIr4AL2K9nl/9Ons3HC9/M+FXOTo7qyB7wDpSrEr6/mcFmhu+oDi/ypoN
uIQmZv9+rMGpRjEQA4DrY2/+EbuF3MAoRWIUJb8dsLBHCzTv+DumRI7dq0bn8OGT
GLt0SmJ4+KA4XygT/ag8mi7MOaCytkK9jFtwOymQ3gyafbvlktIHOwcafO5t3U+H
EbXOqcPZL6jzk5ZAq61ns8IEN00ltuzoh01kOZ9Zs9GdkQe/zwB+hPUACQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPlz3MIn3McTnZPkhUuzo6rgNAGeMB8GA1UdIwQY
MBaAFMe2I7vFTphGdIzXeyuLNDgn5a6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDdZanU4Vk9tRVowak5kN0s0czBPQ2ZscnFvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9lZDg3OWItZTNjNC00YjdhLWJkMGMt
MzRlNGUwNjc5MzMzLzEvMS1YUGN3aWZjeHhPZGstU0ZTN09qcXVBMEFaNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTIvZWQ4NzliLWUzYzQtNGI3YS1iZDBjLTM0ZTRlMDY3OTMz
My8xL3g3WWp1OFZPbUVaMGpOZDdLNHMwT0NmbHJxby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnppjAN
BgkqhkiG9w0BAQsFAAOCAQEAcgmqrSxLMybOFbI9FXeS9+qo/ZLRDSkNcyB9eAUW
LXrqLq9aeRxN75NyByLzoyS1HJ7uN8QCkeKWyXlIDK5VFSwA59C3/EQWXPcuHZCg
JI+p/5+YNm5izm1wIo5OKg7jYTzl+L3jYoppPdJSxoJqS+vIopY8SByN0rvs8fiv
a3SjNbxqKrfVfL5u10BsxU+/GQo4rTRZEvzte9JMW8o5l4hgY3mb1XxjMwsVgAD8
i0oJouMeIGYg906lrXYwKx4r4lQDSLGnusB0LN2ASCGNCSxKpEFs6u5auC8wFI6E
bO2lWQbs4DgoQhEpu4nNMLOnLqjcSoZ6QI0bLzceJ0MZoQ==
-----END CERTIFICATE-----