Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/1-1oBeXXzjbs7qfhZPsB3V3Bu7sI.roa
File:                     1-1oBeXXzjbs7qfhZPsB3V3Bu7sI.roa (raw, json)
Hash identifier:          Y+A+lvylGyuMgIBusXiJmvb61QKuz/oDDKFD3AYfD0g=
Subject key identifier:   FB:5A:01:79:75:F3:8D:BB:3B:A9:F8:59:3E:C0:77:57:70:6E:EE:C2
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       0190DF476F90D4DA956F37C215E7A5CD8F36
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/1-1oBeXXzjbs7qfhZPsB3V3Bu7sI.roa
Signing time:             Tue 23 Jul 2024 11:08:39 +0000
ROA not before:           Tue 23 Jul 2024 11:08:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52053
IP address blocks:        185.255.112.0/24 maxlen: 24
                          193.38.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:df:47:6f:90:d4:da:95:6f:37:c2:15:e7:a5:cd:8f:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Jul 23 11:08:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb5a017975f38dbb3ba9f8593ec07757706eeec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:5a:20:8f:ed:2b:10:84:01:87:d1:9e:7e:ea:
                    70:1a:d8:0b:c2:a3:dd:24:85:c8:84:f6:76:92:f9:
                    32:45:fc:df:62:c2:34:d3:31:88:8a:7c:aa:95:26:
                    f7:4b:e8:8e:ee:36:25:c9:f8:72:a5:eb:2b:43:11:
                    bd:26:d7:cc:c1:b9:32:e5:ab:64:61:3b:25:ce:cb:
                    d1:d6:8e:73:ff:4c:f7:be:1a:05:82:eb:4a:30:36:
                    62:28:b9:fe:af:2f:96:3d:7e:2b:22:3b:d6:9b:67:
                    44:65:6d:00:22:76:e4:d0:27:0e:7a:02:a8:47:b0:
                    30:b9:ac:3c:97:b1:1e:1d:8c:db:5c:6d:44:00:bd:
                    10:32:59:6c:06:85:e0:b7:26:7d:9a:b8:b0:77:76:
                    7e:a5:9a:18:b5:c8:6d:ad:99:d6:e2:43:74:f1:ac:
                    c2:8b:60:ce:5d:46:fe:b6:51:69:60:3b:b7:c7:c4:
                    8b:f0:6d:9d:87:91:43:ed:71:47:af:ed:59:18:e9:
                    f3:97:d2:5b:46:6e:87:1c:84:63:be:79:63:68:23:
                    82:b5:3b:ac:8a:77:89:39:d6:d3:e5:5e:54:6b:ab:
                    14:95:08:f8:c4:e9:87:ab:5b:2f:51:0c:c8:1b:e3:
                    b0:39:80:5d:94:26:67:9b:6e:20:14:8c:2c:5d:e0:
                    bd:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:5A:01:79:75:F3:8D:BB:3B:A9:F8:59:3E:C0:77:57:70:6E:EE:C2
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/1-1oBeXXzjbs7qfhZPsB3V3Bu7sI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.112.0/24
                  193.38.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:61:01:05:33:80:f6:7f:57:da:e5:0a:86:84:81:79:8e:77:
         ad:fe:43:51:11:30:1d:e5:f3:94:9f:7f:3e:25:7c:ab:c8:b1:
         0c:c2:e5:56:fa:39:ef:6f:d1:69:21:38:b4:4e:25:e9:a0:cc:
         a0:f8:94:76:a7:e7:b0:5f:a9:59:d6:34:23:3a:1d:85:ed:32:
         1d:6f:26:fe:ec:34:54:50:64:6a:7f:e9:ac:12:51:8f:5a:6b:
         16:7a:81:c4:1d:db:fe:09:63:31:1b:59:76:93:1c:3a:7e:ee:
         4b:e4:b5:be:d7:e0:d8:ad:41:c0:8d:ac:35:5a:8b:9d:ba:48:
         c9:5c:18:20:87:a1:c6:7d:8f:20:4b:10:33:7a:0f:c2:d9:84:
         31:0b:a6:8f:ba:4e:5b:ad:d6:e6:c8:e5:b5:4d:aa:2b:df:dc:
         75:ae:fb:1e:e7:73:04:28:82:66:8c:c4:ba:a7:9b:01:5b:c7:
         81:73:95:16:19:e1:d3:3c:dd:d5:f7:7d:5d:d1:9f:4f:ef:9f:
         1c:9b:d5:2a:0d:cc:7f:87:73:f7:2d:c8:e3:49:cc:57:75:ae:
         25:63:8e:f1:00:87:88:27:17:de:51:46:2a:a9:8a:f9:5d:73:
         80:46:e0:b2:97:f5:b6:88:79:3f:11:22:ef:81:e8:c2:63:d9:
         e8:e4:60:f5
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZDfR2+Q1NqVbzfCFeelzY82MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjQwNzIzMTEwODM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjVhMDE3OTc1ZjM4ZGJiM2JhOWY4NTkzZWMwNzc1NzcwNmVlZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1ogj+0rEIQBh9GefupwGtgLwqPd
JIXIhPZ2kvkyRfzfYsI00zGIinyqlSb3S+iO7jYlyfhypesrQxG9JtfMwbky5atk
YTslzsvR1o5z/0z3vhoFgutKMDZiKLn+ry+WPX4rIjvWm2dEZW0AInbk0CcOegKo
R7Awuaw8l7EeHYzbXG1EAL0QMllsBoXgtyZ9mriwd3Z+pZoYtchtrZnW4kN08azC
i2DOXUb+tlFpYDu3x8SL8G2dh5FD7XFHr+1ZGOnzl9JbRm6HHIRjvnljaCOCtTus
ineJOdbT5V5Ua6sUlQj4xOmHq1svUQzIG+OwOYBdlCZnm24gFIwsXeC95wIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPtaAXl18427O6n4WT7Ad1dwbu7CMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvMS0xb0JlWFh6amJzN3FmaFpQc0IzVjNCdTdzSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTUvZWI3MGEzLTE3ZTEtNGQ4Ni04YjllLTYwODA5NTJmMGUw
NC8xL1Q0cnFMd0pmU1Z2cXp1Zk9Xb2dnVVozYUUzQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEALn/cAME
AMEm+jANBgkqhkiG9w0BAQsFAAOCAQEAH2EBBTOA9n9X2uUKhoSBeY53rf5DUREw
HeXzlJ9/PiV8q8ixDMLlVvo572/RaSE4tE4l6aDMoPiUdqfnsF+pWdY0Izodhe0y
HW8m/uw0VFBkan/prBJRj1prFnqBxB3b/gljMRtZdpMcOn7uS+S1vtfg2K1BwI2s
NVqLnbpIyVwYIIehxn2PIEsQM3oPwtmEMQumj7pOW63W5sjltU2qK9/cda77Hudz
BCiCZozEuqebAVvHgXOVFhnh0zzd1fd9XdGfT++fHJvVKg3Mf4dz9y3I40nMV3Wu
JWOO8QCHiCcX3lFGKqmK+V1zgEbgspf1toh5PxEi74HowmPZ6ORg9Q==
-----END CERTIFICATE-----