Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/fyJpjVHwxslDAhrT-c1VgERQ8ts.roa
File:                     fyJpjVHwxslDAhrT-c1VgERQ8ts.roa (raw, json)
Hash identifier:          8/puWur2BCVKhPjwEXmkdqc2XweeAM2JatZb9RQkNvg=
Subject key identifier:   7F:22:69:8D:51:F0:C6:C9:43:02:1A:D3:F9:CD:55:80:44:50:F2:DB
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       018E7B121032AB0E7004C0CD571B63A3EE1F
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/fyJpjVHwxslDAhrT-c1VgERQ8ts.roa
Signing time:             Tue 26 Mar 2024 14:02:45 +0000
ROA not before:           Tue 26 Mar 2024 14:02:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212384
IP address blocks:        87.254.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 15:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7b:12:10:32:ab:0e:70:04:c0:cd:57:1b:63:a3:ee:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Mar 26 14:02:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f22698d51f0c6c943021ad3f9cd55804450f2db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e7:a4:09:3c:70:e3:ca:fa:8e:db:e9:f5:b3:
                    8c:3d:73:5c:04:92:76:70:ae:9e:04:3c:55:c5:94:
                    d1:8f:a0:05:af:eb:dd:22:d8:af:c4:f6:0d:75:91:
                    d6:09:6f:84:73:44:90:d9:a9:64:3d:ae:63:90:29:
                    1e:81:9c:ed:bb:79:ad:95:e2:be:33:3c:08:78:c8:
                    f7:07:7d:20:94:35:05:81:00:bd:36:03:0f:76:99:
                    db:e9:ea:a8:97:4b:8d:a7:a9:23:0b:82:20:41:5d:
                    c8:cb:49:4b:e6:c0:25:b0:84:a9:1b:f8:6a:92:45:
                    d3:93:05:09:9c:07:e9:2a:8a:12:8f:32:1b:56:fd:
                    14:d6:ab:17:a5:56:04:fc:71:f2:67:6a:a1:de:a0:
                    d0:b1:df:8b:77:e7:c3:10:b3:58:19:ab:bf:f1:d2:
                    bb:c9:76:65:fa:9b:8d:c4:bf:ae:78:28:0d:00:7e:
                    64:21:f1:be:e5:9b:7e:f7:25:58:93:35:cd:bc:d7:
                    ba:43:04:0b:c3:5a:b4:99:5d:23:00:14:57:4c:21:
                    de:c6:3a:18:4b:b9:46:02:b0:5d:b4:be:2c:ab:a1:
                    6a:42:9d:83:7a:da:12:34:19:2a:d9:f2:b7:a6:05:
                    09:a1:3a:14:df:fe:37:ff:70:26:75:80:08:b3:a6:
                    af:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:22:69:8D:51:F0:C6:C9:43:02:1A:D3:F9:CD:55:80:44:50:F2:DB
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/fyJpjVHwxslDAhrT-c1VgERQ8ts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:45:6e:46:c9:46:7d:82:83:57:f8:b3:21:0b:bb:75:15:d0:
         b0:23:30:cf:6a:97:ca:a5:b1:fe:0d:cf:ce:37:1e:a9:45:fb:
         8f:da:7d:de:61:a2:83:32:78:c4:40:6b:c7:00:56:dc:2c:cd:
         cc:4b:60:39:e6:e6:9b:9b:a1:2a:6c:2f:31:c1:f7:12:ed:68:
         bf:04:76:dc:45:e4:bc:dc:31:61:db:02:11:84:8f:5d:b0:c3:
         eb:9c:50:56:3a:c0:4b:ba:e6:40:b1:fd:c6:6d:df:cb:02:c3:
         f9:55:65:3e:48:f4:da:a2:e0:7e:c9:48:41:49:97:55:09:f5:
         d0:bb:3e:94:a9:76:98:b4:60:24:06:fd:39:c5:e0:35:38:00:
         25:0b:6b:2f:5c:b4:1d:bf:3f:fc:c4:f8:f7:0a:1e:09:38:62:
         0a:7b:d3:c8:29:a6:d5:39:e9:c8:26:d8:fa:f3:1d:58:d1:cf:
         23:ee:1f:a7:ea:cc:d7:b3:7f:08:63:ab:03:d9:57:2a:e5:49:
         94:06:ec:d5:8c:12:cf:32:d1:b9:be:7b:bf:38:b8:f6:1f:d0:
         0b:e5:96:a1:0c:b7:4c:70:ff:b2:ef:4c:82:99:c6:1e:dd:d2:
         32:0e:88:a8:97:33:fb:e7:5e:f7:ff:d5:c2:57:5a:4f:f0:b4:
         d3:9f:44:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY57EhAyqw5wBMDNVxtjo+4fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjQwMzI2MTQwMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjIyNjk4ZDUxZjBjNmM5NDMwMjFhZDNmOWNkNTU4MDQ0NTBmMmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAteekCTxw48r6jtvp9bOMPXNcBJJ2
cK6eBDxVxZTRj6AFr+vdItivxPYNdZHWCW+Ec0SQ2alkPa5jkCkegZztu3mtleK+
MzwIeMj3B30glDUFgQC9NgMPdpnb6eqol0uNp6kjC4IgQV3Iy0lL5sAlsISpG/hq
kkXTkwUJnAfpKooSjzIbVv0U1qsXpVYE/HHyZ2qh3qDQsd+Ld+fDELNYGau/8dK7
yXZl+puNxL+ueCgNAH5kIfG+5Zt+9yVYkzXNvNe6QwQLw1q0mV0jABRXTCHexjoY
S7lGArBdtL4sq6FqQp2DetoSNBkq2fK3pgUJoToU3/43/3AmdYAIs6avKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8iaY1R8MbJQwIa0/nNVYBEUPLbMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvZnlKcGpWSHd4c2xEQWhyVC1jMVZnRVJROHRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/4fMA0G
CSqGSIb3DQEBCwUAA4IBAQBbRW5GyUZ9goNX+LMhC7t1FdCwIzDPapfKpbH+Dc/O
Nx6pRfuP2n3eYaKDMnjEQGvHAFbcLM3MS2A55uabm6EqbC8xwfcS7Wi/BHbcReS8
3DFh2wIRhI9dsMPrnFBWOsBLuuZAsf3Gbd/LAsP5VWU+SPTaouB+yUhBSZdVCfXQ
uz6UqXaYtGAkBv05xeA1OAAlC2svXLQdvz/8xPj3Ch4JOGIKe9PIKabVOenIJtj6
8x1Y0c8j7h+n6szXs38IY6sD2Vcq5UmUBuzVjBLPMtG5vnu/OLj2H9AL5ZahDLdM
cP+y70yCmcYe3dIyDoiolzP75173/9XCV1pP8LTTn0RY
-----END CERTIFICATE-----