Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/1-3yzwFMc2ZB8Cz0VSUsEWDGz6gQ.roa
File:                     1-3yzwFMc2ZB8Cz0VSUsEWDGz6gQ.roa (raw, json)
Hash identifier:          VflV+DaJBSp3rGIumJ0P6EnRkL/IwCA7KbpPBB5uMHE=
Subject key identifier:   FB:7C:B3:C0:53:1C:D9:90:7C:0B:3D:15:49:4B:04:58:31:B3:EA:04
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       018F1586492001EE2B9FBBD3380DB58165DE
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/1-3yzwFMc2ZB8Cz0VSUsEWDGz6gQ.roa
Signing time:             Thu 25 Apr 2024 13:51:13 +0000
ROA not before:           Thu 25 Apr 2024 13:51:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215296
IP address blocks:        193.28.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 11:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:15:86:49:20:01:ee:2b:9f:bb:d3:38:0d:b5:81:65:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Apr 25 13:51:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb7cb3c0531cd9907c0b3d15494b045831b3ea04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:da:94:82:2b:90:ce:a3:fa:3f:f6:a0:26:d6:
                    dd:ef:c1:4c:ee:58:08:fa:4f:3f:4a:62:d4:80:53:
                    83:74:1c:7b:aa:17:c2:ce:60:03:3e:35:ef:1d:fb:
                    f4:c1:49:4c:c9:f3:d0:f6:8f:60:f8:da:67:27:4e:
                    72:9f:7b:83:c4:21:71:c4:39:fd:99:d5:a1:99:d3:
                    9f:65:80:5a:e7:9d:06:17:e8:22:39:69:97:45:2d:
                    5d:a8:e6:04:16:8b:db:19:8f:dd:f8:65:3f:e4:eb:
                    dd:9b:fe:0c:7c:6a:1c:a5:9a:94:92:0a:a0:89:fb:
                    29:39:26:9a:aa:a4:c0:ea:88:dd:fd:35:0b:1d:d9:
                    e3:0b:91:6e:2a:0d:25:66:19:23:d5:da:e7:a8:cf:
                    8b:23:c5:5a:cd:d7:dd:f4:82:4e:6c:77:5a:35:e4:
                    9c:97:22:70:e0:7b:33:0c:29:87:01:6a:2f:7b:38:
                    13:88:77:1d:b3:90:88:6b:19:9d:66:af:12:4f:53:
                    f6:59:a6:94:ff:63:24:19:da:29:c8:46:42:ef:cf:
                    30:c9:2e:c1:94:d2:c4:a7:84:ea:d8:ee:6a:63:82:
                    fc:a0:e7:80:68:ad:fe:69:16:f6:b9:df:31:7a:a3:
                    4a:09:7a:d8:4f:28:51:1b:5c:09:0c:ca:c6:88:3a:
                    c0:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:7C:B3:C0:53:1C:D9:90:7C:0B:3D:15:49:4B:04:58:31:B3:EA:04
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/1-3yzwFMc2ZB8Cz0VSUsEWDGz6gQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:c9:d4:85:b6:8d:36:a4:d7:6c:b2:7f:df:02:6c:07:c4:87:
         6e:2b:84:6f:bb:63:33:78:af:49:df:35:c2:51:86:88:2e:fc:
         04:cd:4f:d9:fb:29:bf:84:23:b0:4d:99:0f:12:f7:de:40:3d:
         9b:fc:b4:fe:f8:6a:3a:d4:73:41:30:55:26:cc:4e:ed:90:89:
         07:14:3a:1b:b7:d5:a1:92:f3:5e:34:43:5a:1e:6d:6e:1e:ee:
         8a:ec:ae:ef:a6:8b:b4:d0:e8:16:a9:a5:b9:35:a8:4e:25:49:
         8d:b2:73:e1:75:d9:32:75:83:1b:76:c0:b2:c5:e4:93:27:97:
         2b:9f:e8:fe:09:0f:1c:bb:6b:a5:34:ba:8c:05:44:56:42:f2:
         dd:82:d1:c4:8d:5c:aa:28:33:bd:f8:7b:c5:02:0a:bf:53:af:
         78:f0:4a:87:77:1b:85:af:31:80:7b:54:8b:b4:46:82:c6:bb:
         93:8a:52:0d:c4:a6:a9:35:a3:f8:03:c1:29:ff:1e:5e:f4:7a:
         e5:43:1c:de:aa:2e:0e:cf:82:ec:f3:01:48:40:a6:03:a0:8b:
         87:8e:31:ec:f7:05:5c:b1:d7:fe:54:8e:68:98:d1:aa:00:22:
         27:a5:fd:c0:de:3a:ae:36:60:62:6a:b5:af:b9:ff:f7:96:85:
         5f:98:8f:e1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8VhkkgAe4rn7vTOA21gWXeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjQwNDI1MTM1MTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjdjYjNjMDUzMWNkOTkwN2MwYjNkMTU0OTRiMDQ1ODMxYjNlYTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9qUgiuQzqP6P/agJtbd78FM7lgI
+k8/SmLUgFODdBx7qhfCzmADPjXvHfv0wUlMyfPQ9o9g+NpnJ05yn3uDxCFxxDn9
mdWhmdOfZYBa550GF+giOWmXRS1dqOYEFovbGY/d+GU/5Ovdm/4MfGocpZqUkgqg
ifspOSaaqqTA6ojd/TULHdnjC5FuKg0lZhkj1drnqM+LI8Vazdfd9IJObHdaNeSc
lyJw4HszDCmHAWovezgTiHcds5CIaxmdZq8ST1P2WaaU/2MkGdopyEZC788wyS7B
lNLEp4Tq2O5qY4L8oOeAaK3+aRb2ud8xeqNKCXrYTyhRG1wJDMrGiDrAwwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPt8s8BTHNmQfAs9FUlLBFgxs+oEMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvMS0zeXp3Rk1jMlpCOEN6MFZTVXNFV0RHejZnUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmEvYzVhOWUzLTY3MjItNGI2YS1iZTU4LWFkYTVjMjBlM2Y3
Yi8xL0hIclhkVWVWM2RZRjhvZzR1M3pEV2Q5Nkptby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEc5DAN
BgkqhkiG9w0BAQsFAAOCAQEAMMnUhbaNNqTXbLJ/3wJsB8SHbiuEb7tjM3ivSd81
wlGGiC78BM1P2fspv4QjsE2ZDxL33kA9m/y0/vhqOtRzQTBVJsxO7ZCJBxQ6G7fV
oZLzXjRDWh5tbh7uiuyu76aLtNDoFqmluTWoTiVJjbJz4XXZMnWDG3bAssXkkyeX
K5/o/gkPHLtrpTS6jAVEVkLy3YLRxI1cqigzvfh7xQIKv1OvePBKh3cbha8xgHtU
i7RGgsa7k4pSDcSmqTWj+APBKf8eXvR65UMc3qouDs+C7PMBSECmA6CLh44x7PcF
XLHX/lSOaJjRqgAiJ6X9wN46rjZgYmq1r7n/95aFX5iP4Q==
-----END CERTIFICATE-----