Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/cb87b5-923f-4f7f-ab30-347f16db6d90/1/1-nYE43vPPUgR7xEwH5h0Jk6pTOI.roa
File:                     1-nYE43vPPUgR7xEwH5h0Jk6pTOI.roa (raw, json)
Hash identifier:          L/7PxDwI33eArfGWG89XSDD3LJeRnWyazuXOPYHVYJU=
Subject key identifier:   FA:76:04:E3:7B:CF:3D:48:11:EF:11:30:1F:98:74:26:4E:A9:4C:E2
Certificate issuer:       /CN=b96b6fba8acb78b28717d75eb6a2925e4b689a10
Certificate serial:       018CCFA8E13547503D4BFAC4951A3261E79C
Authority key identifier: B9:6B:6F:BA:8A:CB:78:B2:87:17:D7:5E:B6:A2:92:5E:4B:68:9A:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uWtvuorLeLKHF9detqKSXktomhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/cb87b5-923f-4f7f-ab30-347f16db6d90/1/1-nYE43vPPUgR7xEwH5h0Jk6pTOI.roa
Signing time:             Wed 03 Jan 2024 14:10:00 +0000
ROA not before:           Wed 03 Jan 2024 14:10:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56485
IP address blocks:        193.104.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/cb87b5-923f-4f7f-ab30-347f16db6d90/1/uWtvuorLeLKHF9detqKSXktomhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/cb87b5-923f-4f7f-ab30-347f16db6d90/1/uWtvuorLeLKHF9detqKSXktomhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uWtvuorLeLKHF9detqKSXktomhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:cf:a8:e1:35:47:50:3d:4b:fa:c4:95:1a:32:61:e7:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b96b6fba8acb78b28717d75eb6a2925e4b689a10
        Validity
            Not Before: Jan  3 14:10:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa7604e37bcf3d4811ef11301f9874264ea94ce2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:5e:0d:da:0b:0e:28:22:52:81:f8:ea:8e:9b:
                    82:73:cf:ad:e2:d9:6e:14:27:a5:20:c2:60:09:c1:
                    e4:55:64:b7:e7:34:b4:de:34:35:f3:ec:bd:7f:7a:
                    50:ef:4f:42:d1:5b:33:46:0f:23:13:db:bd:b9:0f:
                    d2:51:27:b6:e7:8b:f1:c7:24:09:a0:a7:f9:d6:0f:
                    2f:97:38:8e:2f:96:19:ca:82:5e:24:81:a1:e1:54:
                    3b:36:b9:9b:f2:8d:cb:d6:25:d7:23:62:df:a9:3b:
                    2f:a2:75:50:93:81:ed:62:4e:5c:9f:89:64:65:86:
                    e6:f9:e4:a1:b0:3c:b1:27:f1:4a:59:26:b9:a9:cc:
                    7e:e8:cc:0a:19:63:5e:72:c5:2b:91:08:73:3e:77:
                    b8:dd:71:79:26:bc:c8:89:13:32:5e:a0:03:12:c7:
                    03:cc:57:d1:95:8b:68:38:46:fb:be:2d:61:d9:41:
                    d9:c5:34:82:58:49:86:a1:5a:39:08:5e:62:3b:95:
                    0f:28:a6:38:b2:2e:36:b4:fd:b9:4f:1a:ec:e4:fa:
                    33:d6:72:19:b2:4b:83:e9:55:b3:34:7a:43:9a:61:
                    9a:49:88:ef:d1:da:e3:f1:c8:f9:65:fe:db:86:69:
                    4b:eb:f5:a7:5e:0b:5c:76:7a:b3:4f:f9:0d:a5:a0:
                    53:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:76:04:E3:7B:CF:3D:48:11:EF:11:30:1F:98:74:26:4E:A9:4C:E2
            X509v3 Authority Key Identifier:
                keyid:B9:6B:6F:BA:8A:CB:78:B2:87:17:D7:5E:B6:A2:92:5E:4B:68:9A:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uWtvuorLeLKHF9detqKSXktomhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/cb87b5-923f-4f7f-ab30-347f16db6d90/1/1-nYE43vPPUgR7xEwH5h0Jk6pTOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/cb87b5-923f-4f7f-ab30-347f16db6d90/1/uWtvuorLeLKHF9detqKSXktomhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:2c:1c:16:8d:a0:7e:52:12:a6:bd:60:70:c2:6b:ee:a9:df:
         96:9d:95:d6:5a:01:6f:63:4b:f1:03:35:90:dd:f6:8d:cf:2c:
         ce:d6:6c:60:f6:fd:82:18:10:56:fc:13:de:c7:fd:29:e1:c4:
         2c:89:8e:78:1f:46:81:91:b5:32:2f:f5:6a:cc:52:b6:93:d2:
         38:44:c9:0c:e2:ab:19:ee:00:a4:a1:08:af:81:8c:01:12:4c:
         1b:ae:b3:f6:18:38:28:01:66:bd:eb:db:1e:f1:f1:16:d7:1f:
         34:9f:c1:0e:16:f6:23:06:17:83:1e:63:06:7b:31:7e:e2:1a:
         82:27:3c:ad:c8:a7:91:05:81:6d:aa:be:b9:4a:c4:78:5b:0b:
         88:f7:10:13:9b:cb:81:33:4f:2b:20:b6:97:07:fd:ea:ac:ac:
         96:89:86:1c:f7:aa:42:9e:64:d8:7a:d4:df:7f:11:53:67:18:
         76:6e:00:40:f5:48:36:0a:ba:27:e4:dc:d5:c2:74:88:9f:2e:
         b3:11:bd:d9:6e:e0:8f:6e:82:97:2b:d0:51:a8:ab:7c:aa:4a:
         f0:7e:9b:84:9c:2c:71:33:ed:87:da:9f:e3:b7:ad:4a:67:ad:
         6f:44:a9:50:e4:a2:0c:e8:21:51:16:75:f4:92:05:3f:be:bf:
         92:82:e3:29
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzPqOE1R1A9S/rElRoyYeecMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NmI2ZmJhOGFjYjc4YjI4NzE3ZDc1ZWI2YTI5MjVlNGI2
ODlhMTAwHhcNMjQwMTAzMTQxMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTc2MDRlMzdiY2YzZDQ4MTFlZjExMzAxZjk4NzQyNjRlYTk0Y2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlV4N2gsOKCJSgfjqjpuCc8+t4tlu
FCelIMJgCcHkVWS35zS03jQ18+y9f3pQ709C0VszRg8jE9u9uQ/SUSe254vxxyQJ
oKf51g8vlziOL5YZyoJeJIGh4VQ7Nrmb8o3L1iXXI2LfqTsvonVQk4HtYk5cn4lk
ZYbm+eShsDyxJ/FKWSa5qcx+6MwKGWNecsUrkQhzPne43XF5JrzIiRMyXqADEscD
zFfRlYtoOEb7vi1h2UHZxTSCWEmGoVo5CF5iO5UPKKY4si42tP25Txrs5Poz1nIZ
skuD6VWzNHpDmmGaSYjv0drj8cj5Zf7bhmlL6/WnXgtcdnqzT/kNpaBTKwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPp2BON7zz1IEe8RMB+YdCZOqUziMB8GA1UdIwQY
MBaAFLlrb7qKy3iyhxfXXraikl5LaJoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVd0dnVvckxlTEtIRjlkZXRxS1NYa3RvbWhBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9jYjg3YjUtOTIzZi00ZjdmLWFiMzAt
MzQ3ZjE2ZGI2ZDkwLzEvMS1uWUU0M3ZQUFVnUjd4RXdINWgwSms2cFRPSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWUvY2I4N2I1LTkyM2YtNGY3Zi1hYjMwLTM0N2YxNmRiNmQ5
MC8xL3VXdHZ1b3JMZUxLSEY5ZGV0cUtTWGt0b21oQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMFoNTAN
BgkqhkiG9w0BAQsFAAOCAQEAbywcFo2gflISpr1gcMJr7qnflp2V1loBb2NL8QM1
kN32jc8sztZsYPb9ghgQVvwT3sf9KeHELImOeB9GgZG1Mi/1asxStpPSOETJDOKr
Ge4ApKEIr4GMARJMG66z9hg4KAFmvevbHvHxFtcfNJ/BDhb2IwYXgx5jBnsxfuIa
gic8rcinkQWBbaq+uUrEeFsLiPcQE5vLgTNPKyC2lwf96qyslomGHPeqQp5k2HrU
338RU2cYdm4AQPVINgq6J+Tc1cJ0iJ8usxG92W7gj26ClyvQUairfKpK8H6bhJws
cTPth9qf47etSmetb0SpUOSiDOghURZ19JIFP76/koLjKQ==
-----END CERTIFICATE-----