Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/1sU3HBlZGb9hnUcUrHLmAV6icZA.roa
File:                     1sU3HBlZGb9hnUcUrHLmAV6icZA.roa (raw, json)
Hash identifier:          iPTti0E3kOAKWU6bLMhO1MJIFhXc2iMyScr9g78F2fM=
Subject key identifier:   D6:C5:37:1C:19:59:19:BF:61:9D:47:14:AC:72:E6:01:5E:A2:71:90
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019266D998404B2772DF4252D7D3D4B07A8A
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/1sU3HBlZGb9hnUcUrHLmAV6icZA.roa
Signing time:             Mon 07 Oct 2024 11:59:49 +0000
ROA not before:           Mon 07 Oct 2024 11:59:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214231
IP address blocks:        194.67.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:66:d9:98:40:4b:27:72:df:42:52:d7:d3:d4:b0:7a:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Oct  7 11:59:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6c5371c195919bf619d4714ac72e6015ea27190
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d2:25:88:2c:c8:fd:17:86:3b:1c:3f:eb:9e:
                    30:0b:8e:26:32:1f:62:85:8b:34:f4:45:45:ff:88:
                    81:2c:7f:e9:c6:7e:91:dd:63:99:cb:2a:6a:ef:2c:
                    19:91:c2:b8:a7:33:a7:d2:27:07:2a:3d:31:69:2b:
                    b2:08:a7:de:97:27:e4:2b:cb:53:83:c6:cb:ef:30:
                    01:c1:81:ba:4a:99:90:dc:95:c5:22:63:dc:1f:78:
                    43:db:02:5c:d4:d9:6a:bd:a7:33:e1:ed:e3:40:8a:
                    6f:ca:da:3a:1e:98:81:1f:6a:fc:10:04:94:7d:84:
                    7e:27:8b:ff:56:71:9c:df:ae:6a:a9:4b:ac:26:1e:
                    58:7e:ea:d4:0f:3e:33:fb:7a:79:74:b7:fd:02:37:
                    39:fe:29:48:30:b0:76:f6:15:ca:d7:f0:82:b9:70:
                    81:47:f6:cf:56:cf:d3:56:ef:10:59:c1:42:98:25:
                    de:07:b5:48:15:73:a0:d1:f0:9d:2e:26:49:7d:db:
                    6e:db:15:c1:d8:84:67:0b:2c:a9:84:36:01:1a:9f:
                    44:8c:a2:f4:2e:2c:a0:51:18:7c:78:30:4d:cf:f9:
                    20:56:5d:14:e4:56:39:ff:cc:ed:29:46:22:52:c7:
                    04:b6:05:53:66:f5:9c:30:aa:dc:62:fa:31:6d:b6:
                    1a:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:C5:37:1C:19:59:19:BF:61:9D:47:14:AC:72:E6:01:5E:A2:71:90
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/1sU3HBlZGb9hnUcUrHLmAV6icZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.67.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:b1:83:3c:65:b2:d0:13:62:c5:ee:f9:d2:84:7b:5e:68:b5:
         09:0e:47:9a:5f:cf:85:03:c4:f9:9f:41:fd:46:cf:59:f5:63:
         5a:18:7b:52:35:f1:35:d1:34:f3:01:e7:92:95:ae:cd:ce:0e:
         1d:2e:43:dd:a4:4b:24:1f:a3:e1:bb:19:fb:9c:a6:8c:bf:ff:
         a1:d6:a0:f8:15:af:57:e0:d6:d4:ac:33:6c:40:20:cd:bf:56:
         4a:0e:4e:97:d0:e6:e9:28:7c:80:26:bf:c0:1b:88:2d:d1:20:
         a2:c3:0e:13:91:1e:63:b7:5a:25:b7:bd:4c:1b:5b:ea:5f:4c:
         fe:3a:f1:8a:66:4c:b3:bd:e2:c0:34:c9:d9:14:f1:14:54:d5:
         bf:c3:c8:b1:78:27:39:a8:01:85:64:13:10:eb:ad:a6:cb:f3:
         25:76:5f:be:64:7e:2a:29:73:40:e6:8f:ab:86:19:8f:1c:eb:
         53:b3:d9:8a:99:8e:b9:02:37:e9:3f:59:3f:3b:68:ae:f5:de:
         89:5b:06:ec:76:2b:02:98:08:22:1c:d9:44:32:3b:e7:91:67:
         97:3f:8a:c1:d6:06:9b:e8:35:c2:07:d2:0e:06:25:3b:fc:27:
         b7:5e:af:ad:76:e5:7a:05:62:16:15:f6:08:64:f4:28:e8:d2:
         7c:72:15:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJm2ZhASydy30JS19PUsHqKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQxMDA3MTE1OTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmM1MzcxYzE5NTkxOWJmNjE5ZDQ3MTRhYzcyZTYwMTVlYTI3MTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9IliCzI/ReGOxw/654wC44mMh9i
hYs09EVF/4iBLH/pxn6R3WOZyypq7ywZkcK4pzOn0icHKj0xaSuyCKfelyfkK8tT
g8bL7zABwYG6SpmQ3JXFImPcH3hD2wJc1Nlqvacz4e3jQIpvyto6HpiBH2r8EASU
fYR+J4v/VnGc365qqUusJh5YfurUDz4z+3p5dLf9Ajc5/ilIMLB29hXK1/CCuXCB
R/bPVs/TVu8QWcFCmCXeB7VIFXOg0fCdLiZJfdtu2xXB2IRnCyyphDYBGp9EjKL0
LiygURh8eDBNz/kgVl0U5FY5/8ztKUYiUscEtgVTZvWcMKrcYvoxbbYaHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbFNxwZWRm/YZ1HFKxy5gFeonGQMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvMXNVM0hCbFpHYjloblVjVXJITG1BVjZpY1pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkPBMA0G
CSqGSIb3DQEBCwUAA4IBAQCZsYM8ZbLQE2LF7vnShHteaLUJDkeaX8+FA8T5n0H9
Rs9Z9WNaGHtSNfE10TTzAeeSla7Nzg4dLkPdpEskH6Phuxn7nKaMv/+h1qD4Fa9X
4NbUrDNsQCDNv1ZKDk6X0ObpKHyAJr/AG4gt0SCiww4TkR5jt1olt71MG1vqX0z+
OvGKZkyzveLANMnZFPEUVNW/w8ixeCc5qAGFZBMQ662my/Mldl++ZH4qKXNA5o+r
hhmPHOtTs9mKmY65AjfpP1k/O2iu9d6JWwbsdisCmAgiHNlEMjvnkWeXP4rB1gab
6DXCB9IOBiU7/Ce3Xq+tduV6BWIWFfYIZPQo6NJ8chVa
-----END CERTIFICATE-----