Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/Y1gEJGFkTesUOCEpHIW-clM49z4.roa
File:                     Y1gEJGFkTesUOCEpHIW-clM49z4.roa (raw, json)
Hash identifier:          xastalsFHV6sEhMyzqBwU2cbxLE7KGbnfhBZRsMmEQg=
Subject key identifier:   63:58:04:24:61:64:4D:EB:14:38:21:29:1C:85:BE:72:53:38:F7:3E
Certificate issuer:       /CN=c15e7d7bb69efacb0c73902972c74d72d29bf77f
Certificate serial:       0191C71FE851C32897FD7D0C0BA3826A0606
Authority key identifier: C1:5E:7D:7B:B6:9E:FA:CB:0C:73:90:29:72:C7:4D:72:D2:9B:F7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wV59e7ae-ssMc5ApcsdNctKb938.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/Y1gEJGFkTesUOCEpHIW-clM49z4.roa
Signing time:             Fri 06 Sep 2024 11:37:22 +0000
ROA not before:           Fri 06 Sep 2024 11:37:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60798
IP address blocks:        185.102.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/wV59e7ae-ssMc5ApcsdNctKb938.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/wV59e7ae-ssMc5ApcsdNctKb938.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wV59e7ae-ssMc5ApcsdNctKb938.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c7:1f:e8:51:c3:28:97:fd:7d:0c:0b:a3:82:6a:06:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c15e7d7bb69efacb0c73902972c74d72d29bf77f
        Validity
            Not Before: Sep  6 11:37:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6358042461644deb143821291c85be725338f73e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9c:96:54:a3:e8:31:9e:28:19:0b:94:6c:21:
                    89:c6:61:32:40:1f:41:78:f9:c5:cc:de:c3:a3:27:
                    e7:12:25:75:63:13:00:d4:2d:4f:d5:95:81:01:8a:
                    9f:9e:16:09:72:ef:33:c0:4f:f6:63:83:ca:e9:1b:
                    89:72:ee:0c:3f:d7:dc:f9:93:e6:01:98:03:be:e8:
                    48:51:c2:1d:f3:b6:fc:30:cb:04:ac:f5:85:56:a9:
                    0b:f6:20:61:96:cc:89:3b:59:3f:24:67:b1:ae:43:
                    b8:25:75:db:24:89:61:27:a7:4d:28:ad:e8:14:28:
                    19:c9:98:c9:9e:ac:2c:b8:9e:b2:d8:2e:4e:4e:22:
                    2d:42:58:fb:bd:01:12:0b:27:42:12:99:c6:28:6f:
                    31:93:cb:58:9d:de:58:86:03:5c:f6:cd:f9:57:37:
                    c6:8c:65:53:92:6d:d6:33:ed:13:7b:32:03:b1:92:
                    e2:25:0d:c7:da:e0:fe:f3:ec:d6:c6:e4:32:f3:c2:
                    46:e6:f5:aa:d0:49:84:a1:4a:e2:4c:5f:22:1c:ea:
                    13:f7:4f:d5:d1:d9:0d:20:e7:25:f1:5a:09:b5:34:
                    5b:c2:2b:f5:25:06:eb:1d:ed:60:44:b6:56:3d:db:
                    2f:0c:2f:fb:17:6c:49:56:0c:23:0d:e9:76:b2:b6:
                    9e:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:58:04:24:61:64:4D:EB:14:38:21:29:1C:85:BE:72:53:38:F7:3E
            X509v3 Authority Key Identifier:
                keyid:C1:5E:7D:7B:B6:9E:FA:CB:0C:73:90:29:72:C7:4D:72:D2:9B:F7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wV59e7ae-ssMc5ApcsdNctKb938.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/Y1gEJGFkTesUOCEpHIW-clM49z4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/wV59e7ae-ssMc5ApcsdNctKb938.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:a6:d1:bc:f9:6d:85:d0:18:fb:5b:47:a7:8f:36:20:46:2e:
         58:b6:9c:71:68:6e:a3:1e:84:06:54:da:92:ba:d8:cc:ae:68:
         f4:86:5f:75:66:e5:18:ef:7b:93:42:84:dd:f4:0f:01:f6:92:
         71:70:aa:d5:de:a0:0c:b3:d2:d5:88:33:82:cb:e5:7c:9e:63:
         46:8b:67:10:30:41:ad:95:8e:23:8c:39:91:63:3f:18:8d:00:
         e9:1e:ca:fb:08:9d:00:4b:1b:44:fe:bb:db:a9:9b:81:b6:9c:
         7a:06:2d:ad:39:9d:9b:2b:8b:bc:a7:07:4b:5c:49:9e:cd:1c:
         14:00:dc:a8:89:76:83:17:79:7e:a5:49:52:c2:df:db:70:a1:
         51:8b:b9:e7:bf:34:d7:ea:a2:98:c0:4b:2b:fc:18:02:2c:6c:
         1e:f4:88:07:4e:9e:39:d4:01:f2:f7:aa:5e:06:16:8c:16:97:
         ca:f6:e8:2a:e6:20:5c:ea:ee:51:25:d0:00:84:f5:35:bc:01:
         06:a4:f7:82:8d:d4:33:0c:e1:de:d7:75:37:9a:7a:e3:8d:46:
         6b:ac:90:8c:c5:77:e4:ac:0b:bd:6f:1c:2a:ca:37:cc:7b:57:
         92:5c:41:1c:44:4c:44:13:c0:22:8e:54:08:ac:74:10:44:31:
         dc:26:25:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHHH+hRwyiX/X0MC6OCagYGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxNWU3ZDdiYjY5ZWZhY2IwYzczOTAyOTcyYzc0ZDcyZDI5
YmY3N2YwHhcNMjQwOTA2MTEzNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzU4MDQyNDYxNjQ0ZGViMTQzODIxMjkxYzg1YmU3MjUzMzhmNzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5yWVKPoMZ4oGQuUbCGJxmEyQB9B
ePnFzN7DoyfnEiV1YxMA1C1P1ZWBAYqfnhYJcu8zwE/2Y4PK6RuJcu4MP9fc+ZPm
AZgDvuhIUcId87b8MMsErPWFVqkL9iBhlsyJO1k/JGexrkO4JXXbJIlhJ6dNKK3o
FCgZyZjJnqwsuJ6y2C5OTiItQlj7vQESCydCEpnGKG8xk8tYnd5YhgNc9s35VzfG
jGVTkm3WM+0TezIDsZLiJQ3H2uD+8+zWxuQy88JG5vWq0EmEoUriTF8iHOoT90/V
0dkNIOcl8VoJtTRbwiv1JQbrHe1gRLZWPdsvDC/7F2xJVgwjDel2sraegQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGNYBCRhZE3rFDghKRyFvnJTOPc+MB8GA1UdIwQY
MBaAFMFefXu2nvrLDHOQKXLHTXLSm/d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1Y1OWU3YWUtc3NNYzVBcGNzZE5jdEtiOTM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9lYTQwMmEtMGZmNi00N2Q5LTljZDAt
MzQ3YTBmN2M1YjA4LzEvWTFnRUpHRmtUZXNVT0NFcEhJVy1jbE00OXo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9lYTQwMmEtMGZmNi00N2Q5LTljZDAtMzQ3YTBmN2M1YjA4
LzEvd1Y1OWU3YWUtc3NNYzVBcGNzZE5jdEtiOTM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWapMA0G
CSqGSIb3DQEBCwUAA4IBAQA1ptG8+W2F0Bj7W0enjzYgRi5YtpxxaG6jHoQGVNqS
utjMrmj0hl91ZuUY73uTQoTd9A8B9pJxcKrV3qAMs9LViDOCy+V8nmNGi2cQMEGt
lY4jjDmRYz8YjQDpHsr7CJ0ASxtE/rvbqZuBtpx6Bi2tOZ2bK4u8pwdLXEmezRwU
ANyoiXaDF3l+pUlSwt/bcKFRi7nnvzTX6qKYwEsr/BgCLGwe9IgHTp451AHy96pe
BhaMFpfK9ugq5iBc6u5RJdAAhPU1vAEGpPeCjdQzDOHe13U3mnrjjUZrrJCMxXfk
rAu9bxwqyjfMe1eSXEEcRExEE8AijlQIrHQQRDHcJiXX
-----END CERTIFICATE-----