Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/3c034f-c243-4a88-9070-6879cc26d7b6/1/1-kVxXKCX8r8lEHzLjoF0WJoOyhU.roa
File:                     1-kVxXKCX8r8lEHzLjoF0WJoOyhU.roa (raw, json)
Hash identifier:          QY7hcpGbjIGkN2W6J6pHKJ8xn7x7OPaCHqIDQ+bYo3I=
Subject key identifier:   FA:45:71:5C:A0:97:F2:BF:25:10:7C:CB:8E:81:74:58:9A:0E:CA:15
Certificate issuer:       /CN=9c3cfcde13b660b5c831dafbe1bfbf68df9fbe39
Certificate serial:       018F2AD5246347089AEAC748D6DC3353A793
Authority key identifier: 9C:3C:FC:DE:13:B6:60:B5:C8:31:DA:FB:E1:BF:BF:68:DF:9F:BE:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nDz83hO2YLXIMdr74b-_aN-fvjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/3c034f-c243-4a88-9070-6879cc26d7b6/1/1-kVxXKCX8r8lEHzLjoF0WJoOyhU.roa
Signing time:             Mon 29 Apr 2024 17:09:22 +0000
ROA not before:           Mon 29 Apr 2024 17:09:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398355
IP address blocks:        176.97.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/3c034f-c243-4a88-9070-6879cc26d7b6/1/nDz83hO2YLXIMdr74b-_aN-fvjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/3c034f-c243-4a88-9070-6879cc26d7b6/1/nDz83hO2YLXIMdr74b-_aN-fvjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nDz83hO2YLXIMdr74b-_aN-fvjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2a:d5:24:63:47:08:9a:ea:c7:48:d6:dc:33:53:a7:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c3cfcde13b660b5c831dafbe1bfbf68df9fbe39
        Validity
            Not Before: Apr 29 17:09:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa45715ca097f2bf25107ccb8e8174589a0eca15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:47:73:88:29:de:e1:77:61:b6:92:d9:de:a6:
                    3a:a6:72:6c:4e:29:c5:86:ac:95:65:10:a7:f8:30:
                    07:b8:13:fb:da:a3:8a:78:3e:76:63:92:8e:9f:d6:
                    5f:06:72:17:33:e7:30:20:57:0c:96:79:d7:70:b6:
                    e3:31:3b:29:25:25:9b:37:91:81:c2:de:41:05:72:
                    9d:31:21:4d:5b:1d:a1:2f:26:1f:1d:03:ad:9d:57:
                    f6:2b:29:86:5c:51:21:b2:e2:1a:5c:5c:e4:64:2d:
                    9c:dd:19:90:43:ee:26:b0:6e:31:ba:77:e7:c4:27:
                    73:e3:5b:4f:98:47:e7:a8:cb:a7:1c:76:6d:d2:18:
                    8d:8f:17:dc:3c:ba:a8:1d:92:29:d9:63:d2:0c:47:
                    31:33:50:bd:66:c1:a6:0f:f3:e4:31:81:fd:e5:4c:
                    06:8e:1a:75:20:50:2e:ce:e3:d2:cd:4a:71:e1:8a:
                    44:6d:54:27:f8:b4:83:c3:e3:d9:21:f5:68:e5:bb:
                    1e:6a:26:66:ff:ac:d1:88:d8:c8:6d:52:cf:8e:34:
                    5b:11:7d:f0:52:fd:e3:f6:9a:97:c8:bf:40:7e:01:
                    27:13:dc:ee:fd:16:28:03:31:31:72:3b:1c:41:62:
                    e7:10:0f:fd:0b:6b:b4:f0:c5:6b:74:e2:71:00:95:
                    d2:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:45:71:5C:A0:97:F2:BF:25:10:7C:CB:8E:81:74:58:9A:0E:CA:15
            X509v3 Authority Key Identifier:
                keyid:9C:3C:FC:DE:13:B6:60:B5:C8:31:DA:FB:E1:BF:BF:68:DF:9F:BE:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nDz83hO2YLXIMdr74b-_aN-fvjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/3c034f-c243-4a88-9070-6879cc26d7b6/1/1-kVxXKCX8r8lEHzLjoF0WJoOyhU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/3c034f-c243-4a88-9070-6879cc26d7b6/1/nDz83hO2YLXIMdr74b-_aN-fvjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:8b:82:99:83:30:a5:c2:a1:e3:e1:9d:a6:25:b7:c5:8d:fa:
         7e:1c:13:8b:fd:d8:27:43:30:e1:df:4a:6f:ee:2b:15:23:50:
         d0:1c:4e:dc:8b:48:76:31:ac:18:b6:5e:39:6f:88:62:41:3f:
         38:b5:6c:95:c7:41:58:26:b3:f8:fa:f6:da:fe:5a:55:a5:f9:
         8d:20:5e:31:9c:25:c9:ee:d4:18:fd:a8:23:27:70:e4:8b:d3:
         cc:33:31:70:9d:eb:9f:f2:0c:4d:7a:a6:4d:7b:62:fd:21:b3:
         02:bd:f8:d4:1a:07:a4:ea:6b:4f:3c:9e:c5:65:42:9c:5c:e6:
         31:8e:f1:d8:d2:69:a9:9b:4f:6d:38:34:1f:80:32:00:57:fb:
         04:15:1f:64:1e:29:7b:af:36:9b:92:b6:8a:62:55:9d:46:8a:
         bb:56:2a:b1:71:3c:4a:a7:43:a8:7c:0c:b8:2a:af:81:5a:b9:
         6e:5a:c3:7e:cb:00:df:cb:da:eb:08:b3:3f:43:e7:c0:11:fb:
         24:45:c6:67:60:37:fe:ac:66:9a:48:83:99:aa:61:67:5f:d3:
         87:ed:7f:c0:c7:5e:67:40:d8:b1:3a:ed:0f:ec:90:15:9d:5f:
         68:df:b5:a3:3f:a8:7c:12:dc:af:b6:94:5b:0a:7d:46:8e:d6:
         fa:25:cb:b5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8q1SRjRwia6sdI1twzU6eTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljM2NmY2RlMTNiNjYwYjVjODMxZGFmYmUxYmZiZjY4ZGY5
ZmJlMzkwHhcNMjQwNDI5MTcwOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTQ1NzE1Y2EwOTdmMmJmMjUxMDdjY2I4ZTgxNzQ1ODlhMGVjYTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0dziCne4XdhtpLZ3qY6pnJsTinF
hqyVZRCn+DAHuBP72qOKeD52Y5KOn9ZfBnIXM+cwIFcMlnnXcLbjMTspJSWbN5GB
wt5BBXKdMSFNWx2hLyYfHQOtnVf2KymGXFEhsuIaXFzkZC2c3RmQQ+4msG4xunfn
xCdz41tPmEfnqMunHHZt0hiNjxfcPLqoHZIp2WPSDEcxM1C9ZsGmD/PkMYH95UwG
jhp1IFAuzuPSzUpx4YpEbVQn+LSDw+PZIfVo5bseaiZm/6zRiNjIbVLPjjRbEX3w
Uv3j9pqXyL9AfgEnE9zu/RYoAzExcjscQWLnEA/9C2u08MVrdOJxAJXStwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPpFcVygl/K/JRB8y46BdFiaDsoVMB8GA1UdIwQY
MBaAFJw8/N4TtmC1yDHa++G/v2jfn745MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkR6ODNoTzJZTFhJTWRyNzRiLV9hTi1mdmprLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8zYzAzNGYtYzI0My00YTg4LTkwNzAt
Njg3OWNjMjZkN2I2LzEvMS1rVnhYS0NYOHI4bEVIekxqb0YwV0pvT3loVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTIvM2MwMzRmLWMyNDMtNGE4OC05MDcwLTY4NzljYzI2ZDdi
Ni8xL25EejgzaE8yWUxYSU1kcjc0Yi1fYU4tZnZqay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALBh1DAN
BgkqhkiG9w0BAQsFAAOCAQEAYouCmYMwpcKh4+GdpiW3xY36fhwTi/3YJ0Mw4d9K
b+4rFSNQ0BxO3ItIdjGsGLZeOW+IYkE/OLVslcdBWCaz+Pr22v5aVaX5jSBeMZwl
ye7UGP2oIydw5IvTzDMxcJ3rn/IMTXqmTXti/SGzAr341BoHpOprTzyexWVCnFzm
MY7x2NJpqZtPbTg0H4AyAFf7BBUfZB4pe682m5K2imJVnUaKu1YqsXE8SqdDqHwM
uCqvgVq5blrDfssA38va6wizP0PnwBH7JEXGZ2A3/qxmmkiDmaphZ1/Th+1/wMde
Z0DYsTrtD+yQFZ1faN+1oz+ofBLcr7aUWwp9Ro7W+iXLtQ==
-----END CERTIFICATE-----