Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/5fffde-48c4-4140-84fc-19dbd6b42fb5/1/iRrC0Sw0Gud3aFWIYExGz8eivns.roa
File:                     iRrC0Sw0Gud3aFWIYExGz8eivns.roa (raw, json)
Hash identifier:          cn4QghMqqkQU+FaaDjuGy5NsrWJXqfbB3ZwPQmGWq2I=
Subject key identifier:   89:1A:C2:D1:2C:34:1A:E7:77:68:55:88:60:4C:46:CF:C7:A2:BE:7B
Certificate issuer:       /CN=f9645c918ab294add19b267f48f3c7beb9fa0ceb
Certificate serial:       018D698B58349264BE924966D782893D52AD
Authority key identifier: F9:64:5C:91:8A:B2:94:AD:D1:9B:26:7F:48:F3:C7:BE:B9:FA:0C:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-WRckYqylK3RmyZ_SPPHvrn6DOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/5fffde-48c4-4140-84fc-19dbd6b42fb5/1/iRrC0Sw0Gud3aFWIYExGz8eivns.roa
Signing time:             Fri 02 Feb 2024 11:19:16 +0000
ROA not before:           Fri 02 Feb 2024 11:19:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9145
IP address blocks:        194.127.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/5fffde-48c4-4140-84fc-19dbd6b42fb5/1/1-WRckYqylK3RmyZ_SPPHvrn6DOs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/5fffde-48c4-4140-84fc-19dbd6b42fb5/1/1-WRckYqylK3RmyZ_SPPHvrn6DOs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-WRckYqylK3RmyZ_SPPHvrn6DOs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:8b:58:34:92:64:be:92:49:66:d7:82:89:3d:52:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9645c918ab294add19b267f48f3c7beb9fa0ceb
        Validity
            Not Before: Feb  2 11:19:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=891ac2d12c341ae777685588604c46cfc7a2be7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:17:57:86:1e:29:e3:16:40:d6:be:80:4f:11:
                    73:2d:6f:01:f0:78:c9:0f:a2:86:53:92:8c:4b:40:
                    e8:59:95:24:0b:7c:a8:37:44:7c:4d:24:68:7e:19:
                    c0:fd:a3:84:bf:8b:a6:bd:9f:0e:43:80:0b:92:46:
                    96:18:68:32:79:a3:bd:9a:2e:22:a4:67:f5:ca:dc:
                    fa:bd:20:b8:08:83:1b:19:cc:d1:f9:68:42:8f:c6:
                    0d:d5:8b:82:de:87:73:b5:7a:08:5e:8d:d2:a5:c0:
                    18:f6:84:38:30:64:67:ba:57:79:2d:64:4f:fe:b8:
                    1f:0d:0d:ad:02:7b:8a:59:bb:c6:ea:52:7a:e9:7a:
                    d7:d3:93:52:51:a3:a8:8f:3c:34:8b:82:8f:c5:98:
                    5b:a4:ec:65:ac:4f:39:a4:4c:31:49:e7:5e:78:04:
                    93:32:bf:10:a5:8d:3f:84:e3:5e:dc:b9:e9:e4:d1:
                    95:d0:52:2b:4d:e2:36:c5:61:b6:45:c5:a7:4d:48:
                    7a:31:6a:a2:c3:ca:b8:e5:b2:a5:09:4a:9b:61:68:
                    96:d8:ca:db:c4:d8:0d:ee:7e:b7:4f:2c:23:5f:27:
                    72:71:26:66:17:e7:76:33:9b:ca:62:99:2c:68:36:
                    1e:de:4e:54:ae:2a:ea:2a:da:1d:07:8b:76:1a:37:
                    f5:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:1A:C2:D1:2C:34:1A:E7:77:68:55:88:60:4C:46:CF:C7:A2:BE:7B
            X509v3 Authority Key Identifier:
                keyid:F9:64:5C:91:8A:B2:94:AD:D1:9B:26:7F:48:F3:C7:BE:B9:FA:0C:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-WRckYqylK3RmyZ_SPPHvrn6DOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/5fffde-48c4-4140-84fc-19dbd6b42fb5/1/iRrC0Sw0Gud3aFWIYExGz8eivns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/5fffde-48c4-4140-84fc-19dbd6b42fb5/1/1-WRckYqylK3RmyZ_SPPHvrn6DOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:6d:e3:75:2a:52:b4:bf:66:18:f6:fd:7d:60:a1:1e:20:c6:
         20:d4:3a:10:a2:04:b7:d6:81:1b:9c:64:2b:41:01:30:66:b0:
         ad:a2:fe:b6:72:b2:98:5c:97:34:12:b8:aa:93:60:98:5d:1c:
         d2:ea:d9:20:70:86:c8:26:97:03:b5:5a:86:a9:ff:c8:cb:ce:
         f4:ba:c1:e1:c6:e5:d5:3b:f5:92:db:7a:2b:6f:44:9e:09:1c:
         5a:1a:fa:a5:20:a7:37:6a:f4:37:18:69:6a:56:cb:82:ea:3f:
         19:4e:39:22:05:13:49:10:da:1c:ff:8e:74:86:5a:47:4b:70:
         98:64:6b:5e:54:c3:cf:86:68:a4:31:f5:9a:05:7d:d5:ff:f9:
         a7:5d:5f:7c:06:03:e1:45:d8:f3:b9:da:95:94:ee:76:2d:73:
         83:37:a9:bf:6b:f7:69:8d:46:69:68:28:ec:2c:6e:c8:98:af:
         7f:3c:f9:8b:d8:45:01:46:cd:fd:6d:e7:11:f8:28:c5:35:1e:
         d1:ac:1b:9e:1a:37:af:0c:04:a4:eb:c8:f6:7e:b6:d1:ad:fd:
         7f:50:fd:27:df:8d:26:d4:97:84:30:a7:5e:ad:8c:c7:be:16:
         89:a7:bb:d6:5c:b2:45:fc:0d:0e:3e:4d:b1:5a:d2:e7:63:90:
         2b:02:d5:26
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY1pi1g0kmS+kklm14KJPVKtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NjQ1YzkxOGFiMjk0YWRkMTliMjY3ZjQ4ZjNjN2JlYjlm
YTBjZWIwHhcNMjQwMjAyMTExOTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTFhYzJkMTJjMzQxYWU3Nzc2ODU1ODg2MDRjNDZjZmM3YTJiZTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBdXhh4p4xZA1r6ATxFzLW8B8HjJ
D6KGU5KMS0DoWZUkC3yoN0R8TSRofhnA/aOEv4umvZ8OQ4ALkkaWGGgyeaO9mi4i
pGf1ytz6vSC4CIMbGczR+WhCj8YN1YuC3odztXoIXo3SpcAY9oQ4MGRnuld5LWRP
/rgfDQ2tAnuKWbvG6lJ66XrX05NSUaOojzw0i4KPxZhbpOxlrE85pEwxSedeeAST
Mr8QpY0/hONe3Lnp5NGV0FIrTeI2xWG2RcWnTUh6MWqiw8q45bKlCUqbYWiW2Mrb
xNgN7n63TywjXydycSZmF+d2M5vKYpksaDYe3k5UrirqKtodB4t2Gjf1TwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIkawtEsNBrnd2hViGBMRs/Hor57MB8GA1UdIwQY
MBaAFPlkXJGKspSt0Zsmf0jzx765+gzrMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1XUmNrWXF5bEszUm15Wl9TUFBIdnJuNkRPcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWQvNWZmZmRlLTQ4YzQtNDE0MC04NGZj
LTE5ZGJkNmI0MmZiNS8xL2lSckMwU3cwR3VkM2FGV0lZRXhHejhlaXZucy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYWQvNWZmZmRlLTQ4YzQtNDE0MC04NGZjLTE5ZGJkNmI0MmZi
NS8xLzEtV1Jja1lxeWxLM1JteVpfU1BQSHZybjZET3MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCf2cw
DQYJKoZIhvcNAQELBQADggEBAE1t43UqUrS/Zhj2/X1goR4gxiDUOhCiBLfWgRuc
ZCtBATBmsK2i/rZysphclzQSuKqTYJhdHNLq2SBwhsgmlwO1Woap/8jLzvS6weHG
5dU79ZLbeitvRJ4JHFoa+qUgpzdq9DcYaWpWy4LqPxlOOSIFE0kQ2hz/jnSGWkdL
cJhka15Uw8+GaKQx9ZoFfdX/+addX3wGA+FF2PO52pWU7nYtc4M3qb9r92mNRmlo
KOwsbsiYr388+YvYRQFGzf1t5xH4KMU1HtGsG54aN68MBKTryPZ+ttGt/X9Q/Sff
jSbUl4Qwp16tjMe+Fomnu9ZcskX8DQ4+TbFa0udjkCsC1SY=
-----END CERTIFICATE-----