Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/F_aLpoAt-c6GtAKeNPc_0E_KcPE.roa
File:                     F_aLpoAt-c6GtAKeNPc_0E_KcPE.roa (raw, json)
Hash identifier:          +onK5pEiiOlMECKsI0k6PzUOUKnip1tKRVqX1bI87YI=
Subject key identifier:   17:F6:8B:A6:80:2D:F9:CE:86:B4:02:9E:34:F7:3F:D0:4F:CA:70:F1
Certificate issuer:       /CN=ce56360624cc1b4c49da72bc325f5bb6ab4d8300
Certificate serial:       01934B56F56C9EB5144F3408BC986C59F76C
Authority key identifier: CE:56:36:06:24:CC:1B:4C:49:DA:72:BC:32:5F:5B:B6:AB:4D:83:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/F_aLpoAt-c6GtAKeNPc_0E_KcPE.roa
Signing time:             Wed 20 Nov 2024 20:50:10 +0000
ROA not before:           Wed 20 Nov 2024 20:50:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9123
IP address blocks:        185.171.80.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4b:56:f5:6c:9e:b5:14:4f:34:08:bc:98:6c:59:f7:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce56360624cc1b4c49da72bc325f5bb6ab4d8300
        Validity
            Not Before: Nov 20 20:50:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17f68ba6802df9ce86b4029e34f73fd04fca70f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:01:46:b3:02:d9:77:8e:e7:b8:48:64:f3:24:
                    3a:a1:e3:a9:4d:4d:22:c1:ab:35:5c:e2:09:a0:4a:
                    cd:b4:bf:e7:62:5f:09:65:d4:17:75:df:76:09:8b:
                    6d:e5:d6:fd:cb:70:a8:4d:97:ae:5f:fc:78:61:c8:
                    6a:56:27:41:0f:e8:85:c8:91:bb:2a:be:15:30:81:
                    28:d1:e0:d6:de:e2:4d:18:e8:6d:3f:28:69:59:2c:
                    1b:4d:a9:34:19:2a:41:da:fb:79:01:ab:08:31:0e:
                    14:a3:ad:6a:4d:87:e4:d4:3c:bb:59:f1:05:c0:ce:
                    6c:6a:d7:56:74:22:fc:03:dd:c2:41:77:c7:6d:b4:
                    07:b4:70:20:33:45:c9:24:a5:09:a8:13:e1:53:fd:
                    2d:a9:17:7a:e9:3c:3e:b5:70:1a:ce:cb:73:70:95:
                    e2:d7:cd:4c:eb:c0:f1:9c:09:d1:80:57:37:b6:c9:
                    e7:ad:f6:19:21:28:8e:94:bc:e5:b0:fe:4b:43:35:
                    76:b8:46:ed:08:a1:a7:25:67:3e:dc:f1:4e:c3:34:
                    fc:26:f3:cf:87:23:ba:61:96:4a:3f:4b:3d:d3:ee:
                    c9:42:a6:e8:97:00:94:1a:40:8f:ad:56:36:7c:f7:
                    4f:fe:d6:db:95:2b:73:a3:1a:38:ba:4d:1e:2b:d2:
                    2b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:F6:8B:A6:80:2D:F9:CE:86:B4:02:9E:34:F7:3F:D0:4F:CA:70:F1
            X509v3 Authority Key Identifier:
                keyid:CE:56:36:06:24:CC:1B:4C:49:DA:72:BC:32:5F:5B:B6:AB:4D:83:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/F_aLpoAt-c6GtAKeNPc_0E_KcPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/9577f8-b8b8-4994-b855-a98ef3008580/1/zlY2BiTMG0xJ2nK8Ml9btqtNgwA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:b4:70:57:64:c0:46:a5:2d:ef:d8:a9:af:21:2e:6d:a8:00:
         00:53:ba:70:a9:a5:3e:4c:31:fd:fc:af:ab:77:a7:92:14:25:
         f6:d3:57:e6:58:24:20:39:c6:52:25:5c:37:1f:97:bd:33:81:
         f9:3b:e0:29:69:a1:f9:ea:e3:2d:6d:db:3f:70:8c:09:55:cd:
         5e:83:e8:a3:22:cc:2a:c1:ff:f1:45:a0:8e:1b:9d:1a:b6:ee:
         b5:8b:f8:9b:21:92:f3:fc:74:6f:2e:32:7f:f4:fd:7d:2e:aa:
         99:e0:ff:7f:16:72:ad:63:c4:41:07:27:d5:f5:98:8a:e4:18:
         10:52:70:0a:4c:12:30:ca:55:ac:b7:93:d6:da:15:c9:79:ce:
         b4:b4:e2:cf:9b:c2:03:98:e9:b4:11:29:0e:8f:ae:de:cb:e9:
         ae:bb:78:51:88:3a:85:d4:64:74:a5:fd:ec:15:79:a7:6e:9d:
         b9:6a:ab:d2:8c:b8:03:a5:00:c4:43:c4:ca:a6:ba:ee:13:6f:
         16:8c:ea:6a:89:ca:ab:42:24:ec:0e:55:90:ef:c5:ef:48:86:
         43:26:7d:d6:be:74:11:90:b3:ed:f3:f3:c5:5d:38:aa:b6:26:
         64:0e:76:a2:a6:bd:86:d6:7e:1b:cf:8f:91:c2:be:f6:f0:c5:
         d3:18:11:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNLVvVsnrUUTzQIvJhsWfdsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNTYzNjA2MjRjYzFiNGM0OWRhNzJiYzMyNWY1YmI2YWI0
ZDgzMDAwHhcNMjQxMTIwMjA1MDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2Y2OGJhNjgwMmRmOWNlODZiNDAyOWUzNGY3M2ZkMDRmY2E3MGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAFGswLZd47nuEhk8yQ6oeOpTU0i
was1XOIJoErNtL/nYl8JZdQXdd92CYtt5db9y3CoTZeuX/x4YchqVidBD+iFyJG7
Kr4VMIEo0eDW3uJNGOhtPyhpWSwbTak0GSpB2vt5AasIMQ4Uo61qTYfk1Dy7WfEF
wM5satdWdCL8A93CQXfHbbQHtHAgM0XJJKUJqBPhU/0tqRd66Tw+tXAazstzcJXi
181M68DxnAnRgFc3tsnnrfYZISiOlLzlsP5LQzV2uEbtCKGnJWc+3PFOwzT8JvPP
hyO6YZZKP0s90+7JQqbolwCUGkCPrVY2fPdP/tbblStzoxo4uk0eK9IrVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBf2i6aALfnOhrQCnjT3P9BPynDxMB8GA1UdIwQY
MBaAFM5WNgYkzBtMSdpyvDJfW7arTYMAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemxZMkJpVE1HMHhKMm5LOE1sOWJ0cXROZ3dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi85NTc3ZjgtYjhiOC00OTk0LWI4NTUt
YTk4ZWYzMDA4NTgwLzEvRl9hTHBvQXQtYzZHdEFLZU5QY18wRV9LY1BFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi85NTc3ZjgtYjhiOC00OTk0LWI4NTUtYTk4ZWYzMDA4NTgw
LzEvemxZMkJpVE1HMHhKMm5LOE1sOWJ0cXROZ3dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuatQMA0G
CSqGSIb3DQEBCwUAA4IBAQBitHBXZMBGpS3v2KmvIS5tqAAAU7pwqaU+TDH9/K+r
d6eSFCX201fmWCQgOcZSJVw3H5e9M4H5O+ApaaH56uMtbds/cIwJVc1eg+ijIswq
wf/xRaCOG50atu61i/ibIZLz/HRvLjJ/9P19LqqZ4P9/FnKtY8RBByfV9ZiK5BgQ
UnAKTBIwylWst5PW2hXJec60tOLPm8IDmOm0ESkOj67ey+muu3hRiDqF1GR0pf3s
FXmnbp25aqvSjLgDpQDEQ8TKprruE28WjOpqicqrQiTsDlWQ78XvSIZDJn3WvnQR
kLPt8/PFXTiqtiZkDnaipr2G1n4bz4+Rwr728MXTGBGf
-----END CERTIFICATE-----