Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/f0fd3d-c0fe-4c5d-b4d1-7db53c657c29/1/1-FYvMC6ph_CcKlep5DWb8ylHlyg.roa
File:                     1-FYvMC6ph_CcKlep5DWb8ylHlyg.roa (raw, json)
Hash identifier:          dpkEx8PngDVOCDmuL/BxaGfyBhSAAc6TQb7M6y0VZFc=
Subject key identifier:   F8:56:2F:30:2E:A9:87:F0:9C:2A:57:A9:E4:35:9B:F3:29:47:97:28
Certificate issuer:       /CN=f5232ee805f78e592eff2cca61539109e5a3467d
Certificate serial:       01903C30920F2117A1D2A76BD7EC59238B44
Authority key identifier: F5:23:2E:E8:05:F7:8E:59:2E:FF:2C:CA:61:53:91:09:E5:A3:46:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9SMu6AX3jlku_yzKYVORCeWjRn0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/f0fd3d-c0fe-4c5d-b4d1-7db53c657c29/1/1-FYvMC6ph_CcKlep5DWb8ylHlyg.roa
Signing time:             Fri 21 Jun 2024 19:05:34 +0000
ROA not before:           Fri 21 Jun 2024 19:05:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214649
IP address blocks:        212.102.112.0/24 maxlen: 24
                          2a10:5e00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/f0fd3d-c0fe-4c5d-b4d1-7db53c657c29/1/9SMu6AX3jlku_yzKYVORCeWjRn0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/f0fd3d-c0fe-4c5d-b4d1-7db53c657c29/1/9SMu6AX3jlku_yzKYVORCeWjRn0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9SMu6AX3jlku_yzKYVORCeWjRn0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3c:30:92:0f:21:17:a1:d2:a7:6b:d7:ec:59:23:8b:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5232ee805f78e592eff2cca61539109e5a3467d
        Validity
            Not Before: Jun 21 19:05:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8562f302ea987f09c2a57a9e4359bf329479728
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:e7:f6:a5:c0:94:f3:dc:60:c3:24:1a:89:12:
                    9c:c4:a3:3b:06:01:ea:48:9b:ff:09:8b:0b:22:1d:
                    e9:62:8a:8e:ac:ac:b0:95:2b:90:49:e1:04:cd:96:
                    86:97:e4:2e:d3:17:e1:3b:d3:8c:22:90:93:20:ac:
                    35:f8:39:34:16:18:3a:da:78:02:db:75:42:78:1e:
                    42:68:cb:fa:2a:18:f7:99:84:53:e1:f8:0a:8d:9b:
                    64:3d:a3:cc:ea:cd:08:9f:96:01:41:49:d4:07:76:
                    7c:60:c2:8d:8d:fd:35:1d:37:4d:c0:e0:2c:76:91:
                    b0:42:87:18:52:f0:37:85:d1:2a:cd:52:c2:ec:b7:
                    fb:10:f5:8b:1e:a8:13:b2:47:9d:de:3c:41:30:ba:
                    3c:04:07:82:6c:0d:ca:3a:dc:c5:b3:cc:d9:5c:89:
                    72:20:35:44:4b:1c:e6:de:bb:79:54:1d:a8:ab:4b:
                    88:dc:7d:e7:17:80:2e:f6:91:84:29:c5:00:70:c1:
                    72:cf:14:7a:fa:32:0d:c9:cc:3f:a4:5a:40:cf:bd:
                    bb:7e:22:05:73:f6:7c:9b:2a:b1:51:fc:ca:9c:6f:
                    b7:01:81:80:8c:f9:ab:cd:76:02:49:99:70:36:60:
                    4c:6e:c4:68:c2:0b:9a:8d:2d:b4:ff:8d:fe:9d:b3:
                    dd:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:56:2F:30:2E:A9:87:F0:9C:2A:57:A9:E4:35:9B:F3:29:47:97:28
            X509v3 Authority Key Identifier:
                keyid:F5:23:2E:E8:05:F7:8E:59:2E:FF:2C:CA:61:53:91:09:E5:A3:46:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9SMu6AX3jlku_yzKYVORCeWjRn0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/f0fd3d-c0fe-4c5d-b4d1-7db53c657c29/1/1-FYvMC6ph_CcKlep5DWb8ylHlyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/f0fd3d-c0fe-4c5d-b4d1-7db53c657c29/1/9SMu6AX3jlku_yzKYVORCeWjRn0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.102.112.0/24
                IPv6:
                  2a10:5e00::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:67:dd:ce:03:20:4d:dc:06:18:12:81:b5:fe:3a:29:8c:37:
         7f:28:98:15:b0:d7:08:44:55:1b:97:88:26:a3:38:49:0a:d1:
         f6:a8:c5:b4:16:0c:08:f6:8a:f6:b0:4b:92:db:3a:8d:91:fd:
         8a:99:b5:e0:d8:f4:96:eb:35:94:84:80:24:4a:7e:84:d6:4a:
         03:e6:36:33:9f:bf:2d:04:58:65:e6:1e:cd:5b:39:51:1c:59:
         53:66:53:04:54:d4:b1:17:46:12:f5:1d:96:df:67:ef:d7:0b:
         5d:a1:7e:97:33:d1:06:f8:43:66:32:7c:b5:7f:17:b8:e2:4c:
         f8:b2:60:36:50:7c:19:58:59:e0:a3:09:49:7c:ca:20:b5:32:
         33:fb:6c:41:3c:7a:51:19:57:f2:2e:0d:98:ac:50:5c:f9:bd:
         84:75:bb:14:1b:d3:2a:81:1a:9f:ba:4b:54:7a:a5:a5:dd:a4:
         f3:9c:0a:fe:13:be:df:9f:e2:bc:5c:6a:b8:78:21:7a:8e:47:
         d2:51:9f:00:92:95:13:b2:a2:39:b3:b2:54:bd:f6:98:84:70:
         a3:0c:e3:f3:79:5c:e6:0b:5b:f4:13:1d:8f:e6:66:9b:08:a8:
         47:f9:52:3d:38:2b:a2:30:fb:1a:64:c2:43:98:f7:d1:90:a3:
         f5:1a:ec:49
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZA8MJIPIReh0qdr1+xZI4tEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MjMyZWU4MDVmNzhlNTkyZWZmMmNjYTYxNTM5MTA5ZTVh
MzQ2N2QwHhcNMjQwNjIxMTkwNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODU2MmYzMDJlYTk4N2YwOWMyYTU3YTllNDM1OWJmMzI5NDc5NzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1uf2pcCU89xgwyQaiRKcxKM7BgHq
SJv/CYsLIh3pYoqOrKywlSuQSeEEzZaGl+Qu0xfhO9OMIpCTIKw1+Dk0Fhg62ngC
23VCeB5CaMv6Khj3mYRT4fgKjZtkPaPM6s0In5YBQUnUB3Z8YMKNjf01HTdNwOAs
dpGwQocYUvA3hdEqzVLC7Lf7EPWLHqgTsked3jxBMLo8BAeCbA3KOtzFs8zZXIly
IDVESxzm3rt5VB2oq0uI3H3nF4Au9pGEKcUAcMFyzxR6+jINycw/pFpAz727fiIF
c/Z8myqxUfzKnG+3AYGAjPmrzXYCSZlwNmBMbsRowguajS20/43+nbPdLQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPhWLzAuqYfwnCpXqeQ1m/MpR5coMB8GA1UdIwQY
MBaAFPUjLugF945ZLv8symFTkQnlo0Z9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVNNdTZBWDNqbGt1X3l6S1lWT1JDZVdqUm4wLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9mMGZkM2QtYzBmZS00YzVkLWI0ZDEt
N2RiNTNjNjU3YzI5LzEvMS1GWXZNQzZwaF9DY0tsZXA1RFdiOHlsSGx5Zy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTMvZjBmZDNkLWMwZmUtNGM1ZC1iNGQxLTdkYjUzYzY1N2My
OS8xLzlTTXU2QVgzamxrdV95ektZVk9SQ2VXalJuMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEANRmcDAP
BAIAAjAJAwcAKhBeAAAAMA0GCSqGSIb3DQEBCwUAA4IBAQB3Z93OAyBN3AYYEoG1
/jopjDd/KJgVsNcIRFUbl4gmozhJCtH2qMW0FgwI9or2sEuS2zqNkf2KmbXg2PSW
6zWUhIAkSn6E1koD5jYzn78tBFhl5h7NWzlRHFlTZlMEVNSxF0YS9R2W32fv1wtd
oX6XM9EG+ENmMny1fxe44kz4smA2UHwZWFngowlJfMogtTIz+2xBPHpRGVfyLg2Y
rFBc+b2EdbsUG9MqgRqfuktUeqWl3aTznAr+E77fn+K8XGq4eCF6jkfSUZ8AkpUT
sqI5s7JUvfaYhHCjDOPzeVzmC1v0Ex2P5mabCKhH+VI9OCuiMPsaZMJDmPfRkKP1
GuxJ
-----END CERTIFICATE-----