Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/csf4knCgnaEDLjkdXAYPqD-fPhc.roa
File:                     csf4knCgnaEDLjkdXAYPqD-fPhc.roa (raw, json)
Hash identifier:          B8Wiv2MqZ+S5as4zGH51Ukw80QLxGlpqbtdIijvXl/g=
Subject key identifier:   72:C7:F8:92:70:A0:9D:A1:03:2E:39:1D:5C:06:0F:A8:3F:9F:3E:17
Certificate issuer:       /CN=f0ff2c6229af763a99f5349a32510df4a4526143
Certificate serial:       018CC94D364B7EECC82FCE2C6E9F26706118
Authority key identifier: F0:FF:2C:62:29:AF:76:3A:99:F5:34:9A:32:51:0D:F4:A4:52:61:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/csf4knCgnaEDLjkdXAYPqD-fPhc.roa
Signing time:             Tue 02 Jan 2024 08:32:09 +0000
ROA not before:           Tue 02 Jan 2024 08:32:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213218
IP address blocks:        194.219.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:36:4b:7e:ec:c8:2f:ce:2c:6e:9f:26:70:61:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0ff2c6229af763a99f5349a32510df4a4526143
        Validity
            Not Before: Jan  2 08:32:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72c7f89270a09da1032e391d5c060fa83f9f3e17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ed:db:10:8d:40:00:b1:82:d9:97:56:70:08:
                    60:48:a9:26:d6:35:c4:59:73:44:48:ea:b9:ad:c5:
                    4b:92:67:04:f5:e3:f5:dc:50:0b:14:74:d5:80:f7:
                    63:57:92:fb:d9:86:71:80:66:2c:c9:73:de:65:99:
                    90:34:09:67:d8:05:03:78:bc:33:e7:21:96:92:67:
                    ed:e5:f2:d6:df:3b:95:f5:1d:67:db:52:15:89:29:
                    d6:79:21:07:c3:e6:35:de:e1:9f:e3:84:84:0c:3f:
                    19:92:17:43:76:71:6e:59:77:ec:35:97:f2:50:fa:
                    5c:ae:4c:2c:dd:59:cd:34:7b:56:7e:e3:c6:fc:34:
                    7c:30:fc:c2:13:26:64:f8:55:b0:95:09:d0:d6:d6:
                    e9:53:a5:94:b4:2a:1f:0c:c9:28:6f:53:9c:4b:37:
                    60:c7:d8:53:8d:ef:17:7a:c6:a3:25:bd:2e:93:4c:
                    ab:6a:7a:b1:fb:6e:14:3d:a6:cf:e9:4d:83:29:c2:
                    33:8f:47:31:a9:72:6a:4a:02:5d:34:4e:b4:c1:98:
                    82:ff:b2:9b:46:48:18:55:25:b7:20:ef:c8:a7:5e:
                    2a:1e:b4:5c:63:d9:8d:fb:53:49:99:87:ee:97:78:
                    1c:1a:8f:8a:d5:aa:a4:b5:44:ff:7b:3f:bf:80:b9:
                    d5:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:C7:F8:92:70:A0:9D:A1:03:2E:39:1D:5C:06:0F:A8:3F:9F:3E:17
            X509v3 Authority Key Identifier:
                keyid:F0:FF:2C:62:29:AF:76:3A:99:F5:34:9A:32:51:0D:F4:A4:52:61:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/csf4knCgnaEDLjkdXAYPqD-fPhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.219.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:33:bb:e2:8d:d7:f2:84:d8:f3:bf:80:f1:36:6d:4d:a0:70:
         45:dc:27:42:5b:a0:89:1e:c9:84:7c:74:49:14:81:0f:67:6d:
         43:2b:db:bb:12:9e:17:ff:7c:49:7d:c8:18:48:b0:23:36:95:
         ac:5a:aa:92:25:e4:66:3a:eb:7d:b5:7f:94:c6:8b:60:55:ab:
         b7:b3:65:63:d7:f2:55:64:ae:9b:5c:9a:ca:1e:5f:bc:b2:04:
         6f:d4:65:4d:b0:08:25:f5:24:ae:7f:d1:31:3c:ac:f3:c5:70:
         10:4b:a2:9c:c9:44:4a:b4:a4:b7:0f:7a:74:9e:9e:d3:3e:18:
         8b:c4:8f:5f:fa:44:60:1d:7d:a1:0b:8c:e7:4c:c0:af:df:6f:
         7d:14:32:5f:08:c0:3e:73:27:36:43:b4:bf:b7:04:d6:af:30:
         97:2e:48:b1:e1:79:94:e1:ae:ba:b1:d1:40:87:c7:13:02:18:
         7a:7c:cf:2b:56:5a:42:f8:73:83:c8:81:1c:54:fa:20:ba:6c:
         d2:e9:d1:66:e0:1c:56:48:94:38:7f:70:3c:c7:d7:00:34:15:
         ea:2b:e3:c1:d3:bb:9f:2c:56:be:97:6e:38:7f:b8:12:e4:96:
         17:97:90:72:2f:bf:04:62:fc:45:c0:56:19:14:17:16:2e:f4:
         91:a4:36:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTTZLfuzIL84sbp8mcGEYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZmYyYzYyMjlhZjc2M2E5OWY1MzQ5YTMyNTEwZGY0YTQ1
MjYxNDMwHhcNMjQwMTAyMDgzMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmM3Zjg5MjcwYTA5ZGExMDMyZTM5MWQ1YzA2MGZhODNmOWYzZTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhe3bEI1AALGC2ZdWcAhgSKkm1jXE
WXNESOq5rcVLkmcE9eP13FALFHTVgPdjV5L72YZxgGYsyXPeZZmQNAln2AUDeLwz
5yGWkmft5fLW3zuV9R1n21IViSnWeSEHw+Y13uGf44SEDD8ZkhdDdnFuWXfsNZfy
UPpcrkws3VnNNHtWfuPG/DR8MPzCEyZk+FWwlQnQ1tbpU6WUtCofDMkob1OcSzdg
x9hTje8XesajJb0uk0yranqx+24UPabP6U2DKcIzj0cxqXJqSgJdNE60wZiC/7Kb
RkgYVSW3IO/Ip14qHrRcY9mN+1NJmYful3gcGo+K1aqktUT/ez+/gLnVtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHLH+JJwoJ2hAy45HVwGD6g/nz4XMB8GA1UdIwQY
MBaAFPD/LGIpr3Y6mfU0mjJRDfSkUmFDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFA4c1lpbXZkanFaOVRTYU1sRU45S1JTWVVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTFmYTItYzU4MC00YTAyLWExODYt
ZTY5ZjdhNWQyZDkwLzEvY3NmNGtuQ2duYUVETGprZFhBWVBxRC1mUGhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTFmYTItYzU4MC00YTAyLWExODYtZTY5ZjdhNWQyZDkw
LzEvOFA4c1lpbXZkanFaOVRTYU1sRU45S1JTWVVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtsBMA0G
CSqGSIb3DQEBCwUAA4IBAQDAM7vijdfyhNjzv4DxNm1NoHBF3CdCW6CJHsmEfHRJ
FIEPZ21DK9u7Ep4X/3xJfcgYSLAjNpWsWqqSJeRmOut9tX+UxotgVau3s2Vj1/JV
ZK6bXJrKHl+8sgRv1GVNsAgl9SSuf9ExPKzzxXAQS6KcyURKtKS3D3p0np7TPhiL
xI9f+kRgHX2hC4znTMCv3299FDJfCMA+cyc2Q7S/twTWrzCXLkix4XmU4a66sdFA
h8cTAhh6fM8rVlpC+HODyIEcVPogumzS6dFm4BxWSJQ4f3A8x9cANBXqK+PB07uf
LFa+l244f7gS5JYXl5ByL78EYvxFwFYZFBcWLvSRpDYa
-----END CERTIFICATE-----