Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/1cf0b2-c51d-45f5-84dc-7499a8231f56/1/fC1NLkG8-JfmIgvbSa0VPs7QMZw.roa
File:                     fC1NLkG8-JfmIgvbSa0VPs7QMZw.roa (raw, json)
Hash identifier:          2CQFph6AubOOlduLinwqGG1xblMt8se3vToMLhiinn0=
Subject key identifier:   7C:2D:4D:2E:41:BC:F8:97:E6:22:0B:DB:49:AD:15:3E:CE:D0:31:9C
Certificate issuer:       /CN=450c581248b11ae2a46f552e5ca43c69d65e72a8
Certificate serial:       018E3D99FB47E05126AD595D40006D85DD72
Authority key identifier: 45:0C:58:12:48:B1:1A:E2:A4:6F:55:2E:5C:A4:3C:69:D6:5E:72:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RQxYEkixGuKkb1UuXKQ8adZecqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/1cf0b2-c51d-45f5-84dc-7499a8231f56/1/fC1NLkG8-JfmIgvbSa0VPs7QMZw.roa
Signing time:             Thu 14 Mar 2024 15:34:45 +0000
ROA not before:           Thu 14 Mar 2024 15:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15363
IP address blocks:        193.101.11.0/24 maxlen: 24
                          193.101.24.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/1cf0b2-c51d-45f5-84dc-7499a8231f56/1/RQxYEkixGuKkb1UuXKQ8adZecqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/1cf0b2-c51d-45f5-84dc-7499a8231f56/1/RQxYEkixGuKkb1UuXKQ8adZecqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RQxYEkixGuKkb1UuXKQ8adZecqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3d:99:fb:47:e0:51:26:ad:59:5d:40:00:6d:85:dd:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=450c581248b11ae2a46f552e5ca43c69d65e72a8
        Validity
            Not Before: Mar 14 15:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c2d4d2e41bcf897e6220bdb49ad153eced0319c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ea:0e:37:5d:23:48:85:9a:9b:c3:71:e4:d8:
                    04:8c:43:8f:34:f0:8f:d6:f0:ee:69:c6:97:4f:53:
                    11:65:03:63:e0:68:0d:22:36:96:39:db:2a:62:98:
                    01:77:5c:e5:4a:dd:ca:0f:4b:6e:5d:84:26:47:b1:
                    3f:f8:87:9e:1f:ac:80:7f:b7:f0:ee:cd:78:30:9b:
                    12:80:a5:0e:14:62:90:c6:07:df:44:7f:f0:33:34:
                    1f:a5:41:9b:c9:76:50:95:ab:bd:67:7a:c5:ad:fd:
                    9f:a1:3d:81:c9:17:91:0b:fb:ba:4f:f4:77:8e:a1:
                    07:28:20:51:3d:31:59:b4:d6:41:a9:6c:21:09:98:
                    ca:9c:09:d0:03:53:24:79:73:81:04:06:b9:b2:0e:
                    03:08:64:4d:bb:b8:bd:eb:ab:b7:72:8c:88:2d:63:
                    a6:0e:05:01:50:0f:e4:ea:72:b7:da:14:6f:bb:ff:
                    ed:d8:a4:6c:0a:73:1a:66:00:a4:eb:aa:48:1b:73:
                    f5:f4:85:e5:8f:1f:68:aa:21:bc:d9:0f:a6:49:e9:
                    a2:8f:69:58:0c:3d:b6:b4:6a:31:ac:fb:c0:48:a6:
                    86:02:92:6d:c0:5a:aa:97:3c:ea:3f:d2:d8:11:51:
                    80:75:e4:a2:f6:b7:0a:86:27:e9:17:cd:96:04:a7:
                    da:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:2D:4D:2E:41:BC:F8:97:E6:22:0B:DB:49:AD:15:3E:CE:D0:31:9C
            X509v3 Authority Key Identifier:
                keyid:45:0C:58:12:48:B1:1A:E2:A4:6F:55:2E:5C:A4:3C:69:D6:5E:72:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RQxYEkixGuKkb1UuXKQ8adZecqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/1cf0b2-c51d-45f5-84dc-7499a8231f56/1/fC1NLkG8-JfmIgvbSa0VPs7QMZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/1cf0b2-c51d-45f5-84dc-7499a8231f56/1/RQxYEkixGuKkb1UuXKQ8adZecqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.101.11.0/24
                  193.101.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0e:83:f2:e8:c6:27:f2:5e:28:81:f4:cd:28:4c:c1:5a:4a:2f:
         05:21:07:f5:d5:a5:3b:30:2f:59:0f:35:9f:4d:38:e6:eb:a0:
         1c:22:91:e6:a9:ab:b0:81:14:40:d9:3f:a3:70:da:ab:d9:2f:
         bc:91:21:5d:66:cd:6b:c2:47:d8:7d:73:7a:a8:d1:ed:d5:fe:
         d5:a7:db:fc:2f:f1:a8:b2:07:19:8d:c6:84:a2:0d:cd:ef:33:
         0f:83:37:34:3c:bf:c2:11:87:6b:da:c7:c8:ea:48:b4:09:a7:
         a6:ab:96:c0:96:82:75:49:ec:12:3e:5e:bf:16:2f:1f:db:0f:
         ac:d1:ed:d1:62:ee:cb:a1:8b:72:8e:20:ce:b3:ad:e1:67:f2:
         87:16:53:30:26:d5:8d:91:60:9f:4c:c8:d4:67:db:60:3f:63:
         95:03:7e:62:f8:e7:23:d3:60:1c:7d:67:b9:17:d5:c8:c7:f4:
         d5:5a:c3:a4:19:5a:34:1d:6d:2c:62:0f:ee:ed:0a:6c:28:03:
         47:2f:8f:d2:83:e6:d9:71:3d:d8:ef:22:9d:5a:3a:15:4a:53:
         7d:e0:6c:ec:87:8a:4e:4f:e9:42:52:49:ef:80:a6:f2:08:d5:
         57:9a:d2:39:0e:f4:b0:df:37:28:a7:8b:14:a7:56:ba:ac:b2:
         b7:45:dd:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY49mftH4FEmrVldQABthd1yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1MGM1ODEyNDhiMTFhZTJhNDZmNTUyZTVjYTQzYzY5ZDY1
ZTcyYTgwHhcNMjQwMzE0MTUzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzJkNGQyZTQxYmNmODk3ZTYyMjBiZGI0OWFkMTUzZWNlZDAzMTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAheoON10jSIWam8Nx5NgEjEOPNPCP
1vDuacaXT1MRZQNj4GgNIjaWOdsqYpgBd1zlSt3KD0tuXYQmR7E/+IeeH6yAf7fw
7s14MJsSgKUOFGKQxgffRH/wMzQfpUGbyXZQlau9Z3rFrf2foT2ByReRC/u6T/R3
jqEHKCBRPTFZtNZBqWwhCZjKnAnQA1MkeXOBBAa5sg4DCGRNu7i966u3coyILWOm
DgUBUA/k6nK32hRvu//t2KRsCnMaZgCk66pIG3P19IXljx9oqiG82Q+mSemij2lY
DD22tGoxrPvASKaGApJtwFqqlzzqP9LYEVGAdeSi9rcKhifpF82WBKfa/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHwtTS5BvPiX5iIL20mtFT7O0DGcMB8GA1UdIwQY
MBaAFEUMWBJIsRripG9VLlykPGnWXnKoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlF4WUVraXhHdUtrYjFVdVhLUThhZFplY3FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8xY2YwYjItYzUxZC00NWY1LTg0ZGMt
NzQ5OWE4MjMxZjU2LzEvZkMxTkxrRzgtSmZtSWd2YlNhMFZQczdRTVp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8xY2YwYjItYzUxZC00NWY1LTg0ZGMtNzQ5OWE4MjMxZjU2
LzEvUlF4WUVraXhHdUtrYjFVdVhLUThhZFplY3FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwWULAwQD
wWUYMA0GCSqGSIb3DQEBCwUAA4IBAQAOg/LoxifyXiiB9M0oTMFaSi8FIQf11aU7
MC9ZDzWfTTjm66AcIpHmqauwgRRA2T+jcNqr2S+8kSFdZs1rwkfYfXN6qNHt1f7V
p9v8L/GosgcZjcaEog3N7zMPgzc0PL/CEYdr2sfI6ki0Caemq5bAloJ1SewSPl6/
Fi8f2w+s0e3RYu7LoYtyjiDOs63hZ/KHFlMwJtWNkWCfTMjUZ9tgP2OVA35i+Ocj
02AcfWe5F9XIx/TVWsOkGVo0HW0sYg/u7QpsKANHL4/Sg+bZcT3Y7yKdWjoVSlN9
4Gzsh4pOT+lCUknvgKbyCNVXmtI5DvSw3zcop4sUp1a6rLK3Rd0t
-----END CERTIFICATE-----