Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/75fpuPwl7ESXSICg7auB3PXWSWk.roa
File:                     75fpuPwl7ESXSICg7auB3PXWSWk.roa (raw, json)
Hash identifier:          bk6ZYNIwuD4y1rzr8o0d6Cnbmi/kOWAZE5XQBKT+kjM=
Subject key identifier:   EF:97:E9:B8:FC:25:EC:44:97:48:80:A0:ED:AB:81:DC:F5:D6:49:69
Certificate issuer:       /CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
Certificate serial:       0192BF77DFA7C696876B8A3620948E18CF4A
Authority key identifier: 97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/75fpuPwl7ESXSICg7auB3PXWSWk.roa
Signing time:             Thu 24 Oct 2024 16:59:17 +0000
ROA not before:           Thu 24 Oct 2024 16:59:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200333
IP address blocks:        194.156.248.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:bf:77:df:a7:c6:96:87:6b:8a:36:20:94:8e:18:cf:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
        Validity
            Not Before: Oct 24 16:59:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef97e9b8fc25ec44974880a0edab81dcf5d64969
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d4:71:d1:e6:60:59:73:a8:ac:b0:1b:62:c1:
                    21:ce:15:7e:81:0f:24:8b:da:7b:47:99:2c:86:a0:
                    d0:30:95:d8:72:96:70:61:37:7f:5c:7f:66:0f:90:
                    c6:56:1c:26:4e:d2:8a:11:61:35:f1:b6:c8:77:54:
                    a0:28:d8:a2:7d:4c:dd:e3:f2:cf:a0:9f:81:4d:00:
                    b5:e0:b1:d2:d3:d3:81:58:6d:36:f9:3d:1f:f9:9b:
                    26:b3:33:32:c1:7e:9b:25:ad:86:ee:70:3a:36:7e:
                    5c:06:68:61:24:6c:05:e1:e4:f5:8a:df:82:2b:a1:
                    b7:e3:10:d4:8f:3c:f8:ff:92:77:80:5b:14:9d:c9:
                    8a:6d:ec:be:e9:0d:41:6a:24:9c:43:c3:fb:61:bf:
                    c8:c0:95:89:2c:63:e1:aa:f2:32:cb:e5:64:7c:e6:
                    17:24:ca:df:f9:91:5b:5d:c7:35:b7:94:b1:9b:b7:
                    02:48:0a:c8:6a:de:8c:61:82:ca:1f:71:68:d5:78:
                    4e:14:45:1e:17:01:30:da:ee:27:1b:ed:e7:1e:53:
                    60:fb:c8:88:12:69:01:c4:a3:42:46:b2:06:bb:6c:
                    a4:f8:ce:dc:ea:23:1c:57:84:3f:c7:cd:a2:bf:ce:
                    b3:96:c4:71:a7:b1:d1:d4:e3:0d:11:f6:1b:46:74:
                    f1:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:97:E9:B8:FC:25:EC:44:97:48:80:A0:ED:AB:81:DC:F5:D6:49:69
            X509v3 Authority Key Identifier:
                keyid:97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/75fpuPwl7ESXSICg7auB3PXWSWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d7:14:94:85:12:39:54:57:b0:d7:a3:b4:a3:28:06:00:19:74:
         ec:27:9c:88:7d:ac:f3:95:b9:4a:5d:8d:b0:2a:0e:fd:67:77:
         c4:86:a2:0b:3e:e2:0f:04:57:ae:e3:f8:c8:4a:b0:93:11:dc:
         7b:76:bd:47:e9:35:e0:a9:d3:0d:a2:2e:0b:ae:df:e4:01:35:
         66:5e:4b:0a:43:30:ee:80:1c:12:24:46:9b:e5:65:03:4d:d5:
         80:d1:cd:9b:39:71:5d:fa:82:7b:be:95:a3:0d:0e:f9:cf:9a:
         71:b9:07:d6:d6:58:82:de:18:94:3d:08:c0:d0:02:e6:81:d2:
         fe:de:5b:4a:d9:37:76:2f:5a:6d:97:04:45:89:c3:d9:9b:14:
         0d:ea:4d:42:cd:11:7a:41:ee:78:72:f8:13:10:f6:5e:d0:22:
         41:ad:6a:f1:10:89:3b:13:17:a7:09:70:51:3f:b7:1d:ed:d2:
         a5:21:f7:b7:75:f1:63:90:cf:de:be:3e:dd:94:7d:d6:84:37:
         1f:cc:1c:97:ba:25:58:a6:8b:a0:82:26:54:2f:c3:05:1b:f7:
         df:bc:29:3b:25:d7:90:11:c9:2b:fa:0e:50:bb:ba:b6:b9:11:
         9f:03:6b:c0:26:a4:c3:ba:2d:e6:27:a3:89:0c:25:27:d5:05:
         f7:9d:07:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK/d9+nxpaHa4o2IJSOGM9KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MDI0ZmZjNDkyN2JmZTM1Mjg5NDM1ZDlkMDI4MDQyMGI4
ZWNkY2IwHhcNMjQxMDI0MTY1OTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjk3ZTliOGZjMjVlYzQ0OTc0ODgwYTBlZGFiODFkY2Y1ZDY0OTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdRx0eZgWXOorLAbYsEhzhV+gQ8k
i9p7R5kshqDQMJXYcpZwYTd/XH9mD5DGVhwmTtKKEWE18bbId1SgKNiifUzd4/LP
oJ+BTQC14LHS09OBWG02+T0f+ZsmszMywX6bJa2G7nA6Nn5cBmhhJGwF4eT1it+C
K6G34xDUjzz4/5J3gFsUncmKbey+6Q1BaiScQ8P7Yb/IwJWJLGPhqvIyy+VkfOYX
JMrf+ZFbXcc1t5Sxm7cCSArIat6MYYLKH3Fo1XhOFEUeFwEw2u4nG+3nHlNg+8iI
EmkBxKNCRrIGu2yk+M7c6iMcV4Q/x82iv86zlsRxp7HR1OMNEfYbRnTxvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+X6bj8JexEl0iAoO2rgdz11klpMB8GA1UdIwQY
MBaAFJcCT/xJJ7/jUolDXZ0CgEILjs3LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDkt
NDAxYmRhNDQ3N2I1LzEvNzVmcHVQd2w3RVNYU0lDZzdhdUIzUFhXU1drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDktNDAxYmRhNDQ3N2I1
LzEvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwpz4MA0G
CSqGSIb3DQEBCwUAA4IBAQDXFJSFEjlUV7DXo7SjKAYAGXTsJ5yIfazzlblKXY2w
Kg79Z3fEhqILPuIPBFeu4/jISrCTEdx7dr1H6TXgqdMNoi4Lrt/kATVmXksKQzDu
gBwSJEab5WUDTdWA0c2bOXFd+oJ7vpWjDQ75z5pxuQfW1liC3hiUPQjA0ALmgdL+
3ltK2Td2L1ptlwRFicPZmxQN6k1CzRF6Qe54cvgTEPZe0CJBrWrxEIk7ExenCXBR
P7cd7dKlIfe3dfFjkM/evj7dlH3WhDcfzByXuiVYpouggiZUL8MFG/ffvCk7JdeQ
Eckr+g5Qu7q2uRGfA2vAJqTDui3mJ6OJDCUn1QX3nQeA
-----END CERTIFICATE-----