Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/1-fRxkG-O0T-wEmMmQy7Vr7mPc6Q.roa
File:                     1-fRxkG-O0T-wEmMmQy7Vr7mPc6Q.roa (raw, json)
Hash identifier:          8HUiuetDhRqXSedMgv3R7qb+SUQbc0iyzNkk87QWysM=
Subject key identifier:   F9:F4:71:90:6F:8E:D1:3F:B0:12:63:26:43:2E:D5:AF:B9:8F:73:A4
Certificate issuer:       /CN=43c16595966afb0bacf1d7937f245d6a052221a3
Certificate serial:       019146E293F16CEB4F3ADC5B55690AE91534
Authority key identifier: 43:C1:65:95:96:6A:FB:0B:AC:F1:D7:93:7F:24:5D:6A:05:22:21:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q8FllZZq-wus8deTfyRdagUiIaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/1-fRxkG-O0T-wEmMmQy7Vr7mPc6Q.roa
Signing time:             Mon 12 Aug 2024 13:58:59 +0000
ROA not before:           Mon 12 Aug 2024 13:58:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60542
IP address blocks:        194.50.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/Q8FllZZq-wus8deTfyRdagUiIaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/Q8FllZZq-wus8deTfyRdagUiIaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q8FllZZq-wus8deTfyRdagUiIaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:46:e2:93:f1:6c:eb:4f:3a:dc:5b:55:69:0a:e9:15:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43c16595966afb0bacf1d7937f245d6a052221a3
        Validity
            Not Before: Aug 12 13:58:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9f471906f8ed13fb0126326432ed5afb98f73a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:79:2a:c2:fb:b7:1d:05:58:c9:9b:a5:cb:1f:
                    95:62:10:2b:d8:5b:65:6d:98:0b:3a:44:77:07:4b:
                    f7:f6:3f:6b:84:eb:12:0b:b1:82:91:51:90:54:ae:
                    e8:99:5e:91:01:90:df:c0:d9:d7:8f:65:6c:58:9a:
                    5c:be:a9:e9:e0:cb:15:36:47:c8:e9:ae:39:86:36:
                    7c:ab:06:6c:87:20:46:64:43:38:e0:4e:82:67:a0:
                    c3:4f:a0:48:55:9d:6c:2b:ab:17:ca:4b:3b:a8:5f:
                    9e:74:c4:f2:ee:89:21:2c:dd:8f:46:8b:15:06:34:
                    7e:f6:f9:51:47:96:93:0b:a5:41:03:a2:27:42:a9:
                    45:9e:2c:ad:a0:5b:97:5d:8c:35:49:ae:96:be:65:
                    70:73:05:f7:d6:d3:e6:74:0a:ba:2d:c4:b8:71:f0:
                    4c:15:16:cd:24:1d:a8:fc:64:7e:44:06:17:4e:59:
                    04:06:0f:ff:42:8c:0e:26:3e:3f:6f:74:9e:14:e9:
                    8e:7d:e3:dd:5f:ff:52:80:62:9a:a8:79:5e:1e:d2:
                    39:45:46:1b:c8:22:e4:e8:20:3d:9b:8a:50:a5:f8:
                    c8:7e:e6:07:fd:c0:77:0e:df:4c:d3:45:14:93:b0:
                    ea:26:54:de:a2:fb:4b:30:e6:2d:5a:12:ed:66:0b:
                    65:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:F4:71:90:6F:8E:D1:3F:B0:12:63:26:43:2E:D5:AF:B9:8F:73:A4
            X509v3 Authority Key Identifier:
                keyid:43:C1:65:95:96:6A:FB:0B:AC:F1:D7:93:7F:24:5D:6A:05:22:21:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q8FllZZq-wus8deTfyRdagUiIaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/1-fRxkG-O0T-wEmMmQy7Vr7mPc6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/Q8FllZZq-wus8deTfyRdagUiIaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:be:47:59:05:10:1a:34:bc:01:e1:ba:22:f6:33:73:03:d7:
         fd:40:f2:06:6d:f8:0d:45:7a:ea:7b:62:ed:ba:b7:8b:54:c9:
         e1:a7:ad:d9:e7:ed:14:d6:0d:1b:e3:ba:bc:01:89:f5:5e:c3:
         b2:54:9e:c0:a4:e2:22:a1:e5:ae:79:00:7e:39:25:13:7c:09:
         62:80:84:d7:48:85:ee:38:13:fb:51:25:fa:ef:f7:79:fe:37:
         04:2e:56:ad:cb:c7:9d:25:08:90:27:08:d4:cf:ee:78:fe:c6:
         e4:8d:3d:ab:83:10:88:7a:c4:c7:9b:ad:08:e7:b1:7d:f4:ce:
         47:47:69:99:d8:87:31:fb:44:20:9e:81:5e:63:49:22:1a:e6:
         11:db:d5:ef:61:1b:1f:de:dc:a9:cb:51:d8:71:fc:97:a6:10:
         2e:78:5e:d1:b8:49:4c:d3:86:f8:a1:a9:78:f3:30:3c:4d:28:
         5f:33:c9:88:df:b3:b2:09:35:c2:1f:0f:42:e4:c2:de:9f:8d:
         55:cc:48:42:75:f2:23:60:9e:14:da:d1:e3:68:d3:05:8e:b0:
         8e:20:94:d3:b2:db:95:94:af:18:92:e6:c4:8a:77:00:f8:7e:
         1d:6f:57:51:a3:24:ad:0c:f7:9c:2e:c5:3e:b3:4e:f3:f1:8e:
         1c:18:9c:da
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZFG4pPxbOtPOtxbVWkK6RU0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYzE2NTk1OTY2YWZiMGJhY2YxZDc5MzdmMjQ1ZDZhMDUy
MjIxYTMwHhcNMjQwODEyMTM1ODU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWY0NzE5MDZmOGVkMTNmYjAxMjYzMjY0MzJlZDVhZmI5OGY3M2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3kqwvu3HQVYyZulyx+VYhAr2Ftl
bZgLOkR3B0v39j9rhOsSC7GCkVGQVK7omV6RAZDfwNnXj2VsWJpcvqnp4MsVNkfI
6a45hjZ8qwZshyBGZEM44E6CZ6DDT6BIVZ1sK6sXyks7qF+edMTy7okhLN2PRosV
BjR+9vlRR5aTC6VBA6InQqlFniytoFuXXYw1Sa6WvmVwcwX31tPmdAq6LcS4cfBM
FRbNJB2o/GR+RAYXTlkEBg//QowOJj4/b3SeFOmOfePdX/9SgGKaqHleHtI5RUYb
yCLk6CA9m4pQpfjIfuYH/cB3Dt9M00UUk7DqJlTeovtLMOYtWhLtZgtlywIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPn0cZBvjtE/sBJjJkMu1a+5j3OkMB8GA1UdIwQY
MBaAFEPBZZWWavsLrPHXk38kXWoFIiGjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUThGbGxaWnEtd3VzOGRlVGZ5UmRhZ1VpSWFNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9kOTI5MTktOTYyYi00NDhkLTk4ZGIt
NTk5MGVhNThlMDMwLzEvMS1mUnhrRy1PMFQtd0VtTW1ReTdWcjdtUGM2US5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTEvZDkyOTE5LTk2MmItNDQ4ZC05OGRiLTU5OTBlYTU4ZTAz
MC8xL1E4RmxsWlpxLXd1czhkZVRmeVJkYWdVaUlhTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIyxTAN
BgkqhkiG9w0BAQsFAAOCAQEAC75HWQUQGjS8AeG6IvYzcwPX/UDyBm34DUV66nti
7bq3i1TJ4aet2eftFNYNG+O6vAGJ9V7DslSewKTiIqHlrnkAfjklE3wJYoCE10iF
7jgT+1El+u/3ef43BC5WrcvHnSUIkCcI1M/ueP7G5I09q4MQiHrEx5utCOexffTO
R0dpmdiHMftEIJ6BXmNJIhrmEdvV72EbH97cqctR2HH8l6YQLnhe0bhJTNOG+KGp
ePMwPE0oXzPJiN+zsgk1wh8PQuTC3p+NVcxIQnXyI2CeFNrR42jTBY6wjiCU07Lb
lZSvGJLmxIp3APh+HW9XUaMkrQz3nC7FPrNO8/GOHBic2g==
-----END CERTIFICATE-----