Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/PfkY9wZeJ3tQ_LkjGMKV21_mX0Y.roa
File:                     PfkY9wZeJ3tQ_LkjGMKV21_mX0Y.roa (raw, json)
Hash identifier:          my9ndy476JnOgNta/Q2p4htrGNdaBQpiCpfzGnA4y2Q=
Subject key identifier:   3D:F9:18:F7:06:5E:27:7B:50:FC:B9:23:18:C2:95:DB:5F:E6:5F:46
Certificate issuer:       /CN=54a31ab033cfd2dee6852fa9d8bf5a4a0e352414
Certificate serial:       01913242CE46AB102449F335BE311F347480
Authority key identifier: 54:A3:1A:B0:33:CF:D2:DE:E6:85:2F:A9:D8:BF:5A:4A:0E:35:24:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VKMasDPP0t7mhS-p2L9aSg41JBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/PfkY9wZeJ3tQ_LkjGMKV21_mX0Y.roa
Signing time:             Thu 08 Aug 2024 13:52:04 +0000
ROA not before:           Thu 08 Aug 2024 13:52:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209726
IP address blocks:        87.121.168.0/24 maxlen: 24
                          87.121.169.0/24 maxlen: 24
                          87.121.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/VKMasDPP0t7mhS-p2L9aSg41JBQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/VKMasDPP0t7mhS-p2L9aSg41JBQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VKMasDPP0t7mhS-p2L9aSg41JBQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:32:42:ce:46:ab:10:24:49:f3:35:be:31:1f:34:74:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54a31ab033cfd2dee6852fa9d8bf5a4a0e352414
        Validity
            Not Before: Aug  8 13:52:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3df918f7065e277b50fcb92318c295db5fe65f46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:89:ff:a4:41:1e:6e:8c:41:7b:2f:2b:9e:39:
                    fb:8a:1f:5a:ec:50:3e:3b:8a:c7:82:d4:7e:15:f8:
                    7f:f6:a1:6d:27:85:b1:8d:b4:33:04:eb:46:5f:77:
                    22:e6:e1:d7:14:c7:dd:50:7b:b8:a3:88:48:26:e5:
                    38:5b:79:bf:37:03:e2:36:a2:f0:cf:ef:5b:04:6b:
                    83:af:28:26:6c:1d:51:6c:1a:b2:d1:5b:0a:b1:65:
                    0e:74:9e:e1:b9:3a:69:c8:98:e7:57:ef:fe:af:fd:
                    97:64:ad:bf:de:4b:11:b3:20:2a:2a:a8:f2:29:06:
                    bd:02:99:88:48:9c:f4:10:92:65:09:0f:19:82:4e:
                    52:94:5f:0d:7f:2c:7c:b4:86:7c:fb:3c:fa:53:32:
                    95:19:d0:54:e0:34:33:8a:f1:93:82:c8:dd:1b:2c:
                    01:af:d5:ab:e5:6e:17:bf:5a:ad:76:b2:09:27:e5:
                    dc:c3:b9:f6:5a:d1:54:21:71:88:71:47:56:25:31:
                    69:3f:0b:0d:ec:a7:b5:18:0e:f5:4f:06:3b:43:63:
                    cf:3e:22:eb:2c:d7:23:df:b1:35:47:b0:3b:94:84:
                    a8:40:19:94:8b:38:a7:3d:8b:49:a4:75:f5:b4:21:
                    1f:da:5f:55:f5:f9:dd:3c:3f:43:5a:a0:70:50:66:
                    69:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:F9:18:F7:06:5E:27:7B:50:FC:B9:23:18:C2:95:DB:5F:E6:5F:46
            X509v3 Authority Key Identifier:
                keyid:54:A3:1A:B0:33:CF:D2:DE:E6:85:2F:A9:D8:BF:5A:4A:0E:35:24:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VKMasDPP0t7mhS-p2L9aSg41JBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/PfkY9wZeJ3tQ_LkjGMKV21_mX0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/080361-1bbe-4763-800b-619c26194168/1/VKMasDPP0t7mhS-p2L9aSg41JBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.168.0-87.121.170.255

    Signature Algorithm: sha256WithRSAEncryption
         19:e2:24:e1:5a:61:e5:c0:ea:65:69:e1:0a:68:03:c0:d0:8f:
         da:83:e4:ce:0a:de:0d:bd:b3:78:90:52:96:d4:07:a2:81:8f:
         44:7a:8f:15:73:62:b0:cd:fb:f2:34:83:7f:f6:b9:53:f9:0f:
         b9:2e:38:c7:ea:76:65:aa:a9:51:ea:9e:64:89:c3:0e:c7:c2:
         05:d6:1f:42:b4:3c:ea:a7:aa:65:70:0a:dd:01:62:7a:b5:75:
         a0:0f:45:24:16:2e:1c:9e:97:82:72:f8:32:12:87:48:07:2d:
         eb:0a:55:4a:22:1b:21:7f:57:bf:a6:dd:12:63:2f:ee:4d:4a:
         3e:61:2a:3b:ea:14:13:27:af:85:0f:e3:f6:dc:52:b3:f4:ba:
         47:1d:f9:11:ec:73:76:33:d7:47:15:a1:76:f8:41:d0:67:c6:
         f8:cf:d4:95:82:bc:c5:b8:73:f1:3d:b9:7a:5c:88:5f:ef:31:
         c7:5b:76:aa:ab:27:ce:2c:dd:51:ae:a3:5a:a2:85:2c:a5:6b:
         eb:58:9d:9f:dc:20:1a:8a:fd:30:11:b9:9f:69:17:47:bf:90:
         99:e9:43:82:d7:6f:25:9b:c9:f4:ab:cc:4a:d3:ac:8d:4b:4b:
         f6:a4:df:88:11:00:48:33:14:80:41:52:e8:c3:52:a3:c7:26:
         0c:2c:f9:47
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZEyQs5GqxAkSfM1vjEfNHSAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0YTMxYWIwMzNjZmQyZGVlNjg1MmZhOWQ4YmY1YTRhMGUz
NTI0MTQwHhcNMjQwODA4MTM1MjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGY5MThmNzA2NWUyNzdiNTBmY2I5MjMxOGMyOTVkYjVmZTY1ZjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4n/pEEeboxBey8rnjn7ih9a7FA+
O4rHgtR+Ffh/9qFtJ4WxjbQzBOtGX3ci5uHXFMfdUHu4o4hIJuU4W3m/NwPiNqLw
z+9bBGuDrygmbB1RbBqy0VsKsWUOdJ7huTppyJjnV+/+r/2XZK2/3ksRsyAqKqjy
KQa9ApmISJz0EJJlCQ8Zgk5SlF8Nfyx8tIZ8+zz6UzKVGdBU4DQzivGTgsjdGywB
r9Wr5W4Xv1qtdrIJJ+Xcw7n2WtFUIXGIcUdWJTFpPwsN7Ke1GA71TwY7Q2PPPiLr
LNcj37E1R7A7lISoQBmUizinPYtJpHX1tCEf2l9V9fndPD9DWqBwUGZpswIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFD35GPcGXid7UPy5IxjCldtf5l9GMB8GA1UdIwQY
MBaAFFSjGrAzz9Le5oUvqdi/WkoONSQUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVktNYXNEUFAwdDdtaFMtcDJMOWFTZzQxSkJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wODAzNjEtMWJiZS00NzYzLTgwMGIt
NjE5YzI2MTk0MTY4LzEvUGZrWTl3WmVKM3RRX0xrakdNS1YyMV9tWDBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wODAzNjEtMWJiZS00NzYzLTgwMGItNjE5YzI2MTk0MTY4
LzEvVktNYXNEUFAwdDdtaFMtcDJMOWFTZzQxSkJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBANXeagD
BABXeaowDQYJKoZIhvcNAQELBQADggEBABniJOFaYeXA6mVp4QpoA8DQj9qD5M4K
3g29s3iQUpbUB6KBj0R6jxVzYrDN+/I0g3/2uVP5D7kuOMfqdmWqqVHqnmSJww7H
wgXWH0K0POqnqmVwCt0BYnq1daAPRSQWLhyel4Jy+DISh0gHLesKVUoiGyF/V7+m
3RJjL+5NSj5hKjvqFBMnr4UP4/bcUrP0ukcd+RHsc3Yz10cVoXb4QdBnxvjP1JWC
vMW4c/E9uXpciF/vMcdbdqqrJ84s3VGuo1qihSyla+tYnZ/cIBqK/TARuZ9pF0e/
kJnpQ4LXbyWbyfSrzErTrI1LS/ak34gRAEgzFIBBUujDUqPHJgws+Uc=
-----END CERTIFICATE-----