Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/H1r7wH6FADvuuQ06ZtWXOf2R33k.roa
File:                     H1r7wH6FADvuuQ06ZtWXOf2R33k.roa (raw, json)
Hash identifier:          O2loaRhs4Zf33Xpg2YsHOj7cXOsDDe/VhIAQfRiFhKs=
Subject key identifier:   1F:5A:FB:C0:7E:85:00:3B:EE:B9:0D:3A:66:D5:97:39:FD:91:DF:79
Certificate issuer:       /CN=66e92c341e769443fde1d27566044b4b65159060
Certificate serial:       018CD513B70630DD777C47388E40E43769EF
Authority key identifier: 66:E9:2C:34:1E:76:94:43:FD:E1:D2:75:66:04:4B:4B:65:15:90:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZuksNB52lEP94dJ1ZgRLS2UVkGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/H1r7wH6FADvuuQ06ZtWXOf2R33k.roa
Signing time:             Thu 04 Jan 2024 15:24:48 +0000
ROA not before:           Thu 04 Jan 2024 15:24:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53755
IP address blocks:        104.245.88.0/24 maxlen: 24
                          2a0d:da07::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/ZuksNB52lEP94dJ1ZgRLS2UVkGA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/ZuksNB52lEP94dJ1ZgRLS2UVkGA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZuksNB52lEP94dJ1ZgRLS2UVkGA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d5:13:b7:06:30:dd:77:7c:47:38:8e:40:e4:37:69:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66e92c341e769443fde1d27566044b4b65159060
        Validity
            Not Before: Jan  4 15:24:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f5afbc07e85003beeb90d3a66d59739fd91df79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:9c:61:61:09:bf:71:2c:9d:d2:bc:4b:a7:ea:
                    05:16:5f:33:e0:6c:36:97:b6:31:e9:b3:85:27:aa:
                    fc:ae:61:2c:39:3b:99:23:6c:f7:81:31:cf:e6:75:
                    c7:02:26:60:a4:c4:b8:0c:17:66:9e:2f:ec:d3:f9:
                    87:37:3b:3f:b3:2e:b1:44:a5:09:94:cb:46:42:75:
                    6d:af:f5:f7:aa:f1:2c:9f:2b:57:79:aa:0f:ac:1e:
                    82:e2:63:71:ea:41:7b:53:85:3a:01:92:f6:12:8b:
                    6f:4f:22:64:4d:35:cd:49:e5:3e:73:61:56:d5:77:
                    27:f0:11:bf:b8:9d:cb:b3:61:0a:fb:83:5d:7b:c2:
                    dd:e5:7c:62:a2:43:1c:2f:ce:2b:95:3c:23:a2:e5:
                    c5:f8:53:2b:e6:bf:06:29:eb:16:81:99:cf:1a:f7:
                    33:aa:bb:81:e1:7f:94:63:16:c6:46:e6:3b:3b:43:
                    87:2d:44:96:21:0d:f7:7e:5f:26:b9:91:77:d1:24:
                    a1:26:3a:01:f9:82:fe:6f:6e:ad:9d:55:d7:07:0c:
                    92:b8:1a:41:a9:24:38:00:e9:34:3b:5b:88:19:86:
                    e9:60:16:06:c2:3e:5e:93:a5:94:c4:07:6d:03:f4:
                    74:c1:6d:6e:de:64:b3:d3:7c:38:f8:f7:44:a2:f2:
                    e3:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:5A:FB:C0:7E:85:00:3B:EE:B9:0D:3A:66:D5:97:39:FD:91:DF:79
            X509v3 Authority Key Identifier:
                keyid:66:E9:2C:34:1E:76:94:43:FD:E1:D2:75:66:04:4B:4B:65:15:90:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZuksNB52lEP94dJ1ZgRLS2UVkGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/H1r7wH6FADvuuQ06ZtWXOf2R33k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/ZuksNB52lEP94dJ1ZgRLS2UVkGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.245.88.0/24
                IPv6:
                  2a0d:da07::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:77:d7:5b:c7:77:b1:8a:20:ca:61:bc:40:71:92:a4:c7:92:
         da:62:5f:6f:02:6d:37:4d:c1:82:80:dd:6c:ea:02:37:d4:55:
         61:7a:bb:24:2c:69:df:fc:21:76:36:1d:0f:f0:a4:1c:d7:0b:
         90:7c:b2:f6:3b:19:3f:2e:81:38:38:e8:48:09:22:ce:d3:95:
         0d:6f:f9:46:ca:ef:f0:11:81:e1:a7:ae:8b:d4:dc:37:55:16:
         7f:dd:0a:ae:7b:c9:c2:c0:9a:9c:6c:93:e1:d2:c3:10:90:28:
         bd:b1:9f:dd:3a:f9:97:df:66:e4:2b:61:28:de:85:8e:0a:1b:
         ee:8c:1f:4f:19:69:a1:3d:ef:4e:15:e0:1f:b6:d8:93:51:05:
         a3:40:45:c2:cc:31:79:9e:69:52:19:28:5e:79:71:a6:10:1e:
         17:bf:fd:f1:5c:ea:66:a6:b5:2a:94:11:79:f4:52:38:b0:30:
         67:34:b4:39:37:20:41:4e:04:ac:c7:bd:ac:92:a1:45:93:15:
         04:6e:1e:7a:f0:4a:11:76:f2:47:da:44:1f:93:f3:7a:8a:68:
         e4:96:7c:16:7b:98:d9:3a:0f:1d:76:80:d0:b1:66:77:e0:f9:
         60:25:1f:be:67:eb:08:64:f2:c1:af:8a:0c:7d:20:86:de:c6:
         cd:91:6e:c6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzVE7cGMN13fEc4jkDkN2nvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZTkyYzM0MWU3Njk0NDNmZGUxZDI3NTY2MDQ0YjRiNjUx
NTkwNjAwHhcNMjQwMTA0MTUyNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjVhZmJjMDdlODUwMDNiZWViOTBkM2E2NmQ1OTczOWZkOTFkZjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJxhYQm/cSyd0rxLp+oFFl8z4Gw2
l7Yx6bOFJ6r8rmEsOTuZI2z3gTHP5nXHAiZgpMS4DBdmni/s0/mHNzs/sy6xRKUJ
lMtGQnVtr/X3qvEsnytXeaoPrB6C4mNx6kF7U4U6AZL2EotvTyJkTTXNSeU+c2FW
1Xcn8BG/uJ3Ls2EK+4Nde8Ld5XxiokMcL84rlTwjouXF+FMr5r8GKesWgZnPGvcz
qruB4X+UYxbGRuY7O0OHLUSWIQ33fl8muZF30SShJjoB+YL+b26tnVXXBwySuBpB
qSQ4AOk0O1uIGYbpYBYGwj5ek6WUxAdtA/R0wW1u3mSz03w4+PdEovLjnwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB9a+8B+hQA77rkNOmbVlzn9kd95MB8GA1UdIwQY
MBaAFGbpLDQedpRD/eHSdWYES0tlFZBgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnVrc05CNTJsRVA5NGRKMVpnUkxTMlVWa0dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS84ZjE5NjgtYTc5YS00YTA3LWFjZTYt
YzFkMjk2ZjhmZDA3LzEvSDFyN3dINkZBRHZ1dVEwNlp0V1hPZjJSMzNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS84ZjE5NjgtYTc5YS00YTA3LWFjZTYtYzFkMjk2ZjhmZDA3
LzEvWnVrc05CNTJsRVA5NGRKMVpnUkxTMlVWa0dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAaPVYMA0E
AgACMAcDBQAqDdoHMA0GCSqGSIb3DQEBCwUAA4IBAQAwd9dbx3exiiDKYbxAcZKk
x5LaYl9vAm03TcGCgN1s6gI31FVherskLGnf/CF2Nh0P8KQc1wuQfLL2Oxk/LoE4
OOhICSLO05UNb/lGyu/wEYHhp66L1Nw3VRZ/3Qque8nCwJqcbJPh0sMQkCi9sZ/d
OvmX32bkK2Eo3oWOChvujB9PGWmhPe9OFeAfttiTUQWjQEXCzDF5nmlSGSheeXGm
EB4Xv/3xXOpmprUqlBF59FI4sDBnNLQ5NyBBTgSsx72skqFFkxUEbh568EoRdvJH
2kQfk/N6imjklnwWe5jZOg8ddoDQsWZ34PlgJR++Z+sIZPLBr4oMfSCG3sbNkW7G
-----END CERTIFICATE-----