Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/9b1d85-7198-4af6-a632-d0cfe43016de/1/sIaDdsZJEvm_c44vEArnSsIW8Lo.roa
File:                     sIaDdsZJEvm_c44vEArnSsIW8Lo.roa (raw, json)
Hash identifier:          S4g+5qoU9iun0KQiKxL2Cc3dpDSIu/LsVJtvvs6H7a0=
Subject key identifier:   B0:86:83:76:C6:49:12:F9:BF:73:8E:2F:10:0A:E7:4A:C2:16:F0:BA
Certificate issuer:       /CN=52411e52dab7d0be2674313b6b5d2e74bd11360e
Certificate serial:       019247F9D74C2D236E8C8BD765C84DD85F71
Authority key identifier: 52:41:1E:52:DA:B7:D0:BE:26:74:31:3B:6B:5D:2E:74:BD:11:36:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UkEeUtq30L4mdDE7a10udL0RNg4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/9b1d85-7198-4af6-a632-d0cfe43016de/1/sIaDdsZJEvm_c44vEArnSsIW8Lo.roa
Signing time:             Tue 01 Oct 2024 12:06:48 +0000
ROA not before:           Tue 01 Oct 2024 12:06:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201299
IP address blocks:        217.198.189.0/24 maxlen: 24
                          2a11:ffc0::/29 maxlen: 42

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/9b1d85-7198-4af6-a632-d0cfe43016de/1/UkEeUtq30L4mdDE7a10udL0RNg4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/9b1d85-7198-4af6-a632-d0cfe43016de/1/UkEeUtq30L4mdDE7a10udL0RNg4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UkEeUtq30L4mdDE7a10udL0RNg4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:47:f9:d7:4c:2d:23:6e:8c:8b:d7:65:c8:4d:d8:5f:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52411e52dab7d0be2674313b6b5d2e74bd11360e
        Validity
            Not Before: Oct  1 12:06:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0868376c64912f9bf738e2f100ae74ac216f0ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:df:42:3c:6e:49:6e:5b:2b:19:7b:fd:b7:2a:
                    03:20:55:40:f3:43:bc:3f:b1:13:90:6e:5e:23:3f:
                    c2:b4:5a:05:fe:62:4e:cc:8d:a8:41:4e:39:d1:4b:
                    75:83:de:cd:34:34:0b:9a:4e:7a:b6:5f:2c:c5:fb:
                    84:df:58:e1:ca:93:92:5c:f0:54:61:2b:b0:a4:60:
                    49:fc:9e:b3:0a:ca:e0:38:14:01:14:1b:33:d9:de:
                    21:bc:0c:24:80:cd:81:11:9f:ec:97:0c:8f:7c:bb:
                    03:c5:92:fd:ea:22:6b:9e:71:33:05:29:84:85:6a:
                    95:ec:8f:8e:45:56:66:6f:ef:15:ef:bd:35:15:ef:
                    f4:27:76:1a:79:50:e7:ca:76:2f:2e:40:ec:b9:b0:
                    f5:48:50:12:0d:37:24:cc:af:65:11:a5:11:08:c7:
                    7d:4b:01:53:b3:ba:73:dd:ba:5d:10:eb:97:e2:99:
                    73:7f:7b:dd:d6:48:d9:56:d3:29:30:db:6c:62:55:
                    17:18:cd:dd:eb:40:2b:61:ba:4f:f5:0c:ee:f6:70:
                    e5:19:91:d4:28:69:08:76:29:6f:fc:32:93:f0:74:
                    f2:d6:5d:8a:d5:30:e2:86:1b:51:b1:a9:27:64:85:
                    57:3b:81:45:7c:ff:5a:93:9c:11:b6:fc:83:4a:94:
                    19:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:86:83:76:C6:49:12:F9:BF:73:8E:2F:10:0A:E7:4A:C2:16:F0:BA
            X509v3 Authority Key Identifier:
                keyid:52:41:1E:52:DA:B7:D0:BE:26:74:31:3B:6B:5D:2E:74:BD:11:36:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UkEeUtq30L4mdDE7a10udL0RNg4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/9b1d85-7198-4af6-a632-d0cfe43016de/1/sIaDdsZJEvm_c44vEArnSsIW8Lo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/9b1d85-7198-4af6-a632-d0cfe43016de/1/UkEeUtq30L4mdDE7a10udL0RNg4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.198.189.0/24
                IPv6:
                  2a11:ffc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0e:81:36:9f:65:a0:7e:4c:18:99:57:c3:d1:24:c0:97:af:b6:
         ce:fd:4d:e5:39:ff:5f:07:a3:bc:85:e6:47:b0:66:65:6e:59:
         cd:98:85:af:78:85:74:24:da:be:46:32:04:34:d5:1a:c6:d9:
         8a:2e:52:3c:85:6d:ac:b5:29:13:75:56:17:1c:e0:10:b0:0b:
         d4:3d:50:e7:75:6c:ae:2e:68:c7:a2:45:5b:5e:3d:40:23:6a:
         9a:a3:90:4b:14:e1:24:be:35:13:33:7c:f0:01:a0:83:7f:af:
         60:18:1d:29:f6:ce:86:a9:ec:02:06:53:18:b5:3f:ef:dc:19:
         bd:e6:1f:f6:8d:9a:c0:61:b1:d2:30:82:7d:d6:fb:96:1e:7c:
         39:25:fd:87:4d:42:c2:e0:53:20:6a:25:e9:71:b7:c0:81:1d:
         8e:e7:4b:60:2b:0b:9a:6c:60:17:b7:de:62:7e:a9:d1:69:7f:
         3e:64:8f:68:0b:94:86:bc:f6:8b:bd:b3:00:c9:1d:7d:05:82:
         32:52:c6:32:af:de:51:83:f3:a3:1c:b5:fc:27:63:65:9f:2b:
         ab:88:ac:18:91:60:0d:75:bc:9a:a5:5d:e5:4f:fa:eb:5d:4d:
         af:7c:13:cd:7a:5b:00:a2:e4:d7:d9:33:7a:34:48:c4:e7:95:
         df:d4:73:32
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZJH+ddMLSNujIvXZchN2F9xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNDExZTUyZGFiN2QwYmUyNjc0MzEzYjZiNWQyZTc0YmQx
MTM2MGUwHhcNMjQxMDAxMTIwNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDg2ODM3NmM2NDkxMmY5YmY3MzhlMmYxMDBhZTc0YWMyMTZmMGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2d9CPG5JblsrGXv9tyoDIFVA80O8
P7ETkG5eIz/CtFoF/mJOzI2oQU450Ut1g97NNDQLmk56tl8sxfuE31jhypOSXPBU
YSuwpGBJ/J6zCsrgOBQBFBsz2d4hvAwkgM2BEZ/slwyPfLsDxZL96iJrnnEzBSmE
hWqV7I+ORVZmb+8V7701Fe/0J3YaeVDnynYvLkDsubD1SFASDTckzK9lEaURCMd9
SwFTs7pz3bpdEOuX4plzf3vd1kjZVtMpMNtsYlUXGM3d60ArYbpP9Qzu9nDlGZHU
KGkIdilv/DKT8HTy1l2K1TDihhtRsaknZIVXO4FFfP9ak5wRtvyDSpQZawIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLCGg3bGSRL5v3OOLxAK50rCFvC6MB8GA1UdIwQY
MBaAFFJBHlLat9C+JnQxO2tdLnS9ETYOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWtFZVV0cTMwTDRtZERFN2ExMHVkTDBSTmc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi85YjFkODUtNzE5OC00YWY2LWE2MzIt
ZDBjZmU0MzAxNmRlLzEvc0lhRGRzWkpFdm1fYzQ0dkVBcm5Tc0lXOExvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi85YjFkODUtNzE5OC00YWY2LWE2MzItZDBjZmU0MzAxNmRl
LzEvVWtFZVV0cTMwTDRtZERFN2ExMHVkTDBSTmc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA2ca9MA0E
AgACMAcDBQMqEf/AMA0GCSqGSIb3DQEBCwUAA4IBAQAOgTafZaB+TBiZV8PRJMCX
r7bO/U3lOf9fB6O8heZHsGZlblnNmIWveIV0JNq+RjIENNUaxtmKLlI8hW2stSkT
dVYXHOAQsAvUPVDndWyuLmjHokVbXj1AI2qao5BLFOEkvjUTM3zwAaCDf69gGB0p
9s6GqewCBlMYtT/v3Bm95h/2jZrAYbHSMIJ91vuWHnw5Jf2HTULC4FMgaiXpcbfA
gR2O50tgKwuabGAXt95ifqnRaX8+ZI9oC5SGvPaLvbMAyR19BYIyUsYyr95Rg/Oj
HLX8J2NlnyuriKwYkWANdbyapV3lT/rrXU2vfBPNelsAouTX2TN6NEjE55Xf1HMy
-----END CERTIFICATE-----