Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/leYTYCy3aogj89mep7XJJoBKGW4.roa
File:                     leYTYCy3aogj89mep7XJJoBKGW4.roa (raw, json)
Hash identifier:          UkMAKVigxaaz3RN/hYrVZvsSmJeYkaHUAQpMEo0AYq8=
Subject key identifier:   95:E6:13:60:2C:B7:6A:88:23:F3:D9:9E:A7:B5:C9:26:80:4A:19:6E
Certificate issuer:       /CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
Certificate serial:       018CC94CF04AE3BEE5CE5CCD0D9F6CF1B920
Authority key identifier: 11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/leYTYCy3aogj89mep7XJJoBKGW4.roa
Signing time:             Tue 02 Jan 2024 08:31:51 +0000
ROA not before:           Tue 02 Jan 2024 08:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212968
IP address blocks:        155.133.126.0/24 maxlen: 24
                          2a06:1e00:2d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:f0:4a:e3:be:e5:ce:5c:cd:0d:9f:6c:f1:b9:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
        Validity
            Not Before: Jan  2 08:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95e613602cb76a8823f3d99ea7b5c926804a196e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:e4:de:e7:7b:af:33:76:1c:07:25:de:d4:7f:
                    e9:6c:65:15:c6:32:45:b6:fd:98:3c:db:0c:dc:44:
                    8d:8e:71:dc:fc:eb:0a:74:f7:75:43:93:33:9f:8c:
                    26:3e:c3:a7:26:db:28:1c:30:8f:24:11:0b:42:f5:
                    15:b2:af:83:ef:41:92:c5:3a:75:37:bd:d8:ed:14:
                    ec:f9:0f:1d:11:c9:fe:e4:b0:ee:fb:9e:2a:7d:85:
                    11:47:4e:a8:83:a4:b1:66:d4:9b:ba:40:08:6b:44:
                    75:59:f8:c8:76:5c:04:22:77:89:b3:61:0f:6b:c0:
                    21:4e:a4:89:82:39:d2:85:57:8d:ef:45:ec:84:44:
                    f9:b8:a5:34:b7:2d:5f:d8:d4:fc:c6:d4:fb:6a:d3:
                    59:b8:9a:24:c9:3d:fd:eb:42:02:99:fa:01:6e:5f:
                    73:f3:f6:e6:9d:66:7c:36:cc:07:3a:2d:2b:30:fa:
                    e5:e7:ca:35:00:fd:0d:10:65:3a:8f:98:35:1e:bb:
                    d0:2e:49:40:93:ae:f5:cb:39:dd:14:bd:73:24:ed:
                    d6:31:bc:c9:7e:c4:0c:c9:ad:8e:79:10:b1:9c:18:
                    1a:12:a8:25:ea:eb:2b:7b:d4:82:24:00:93:17:26:
                    45:01:8f:a8:23:5b:dd:d4:82:98:7d:22:ea:30:29:
                    96:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:E6:13:60:2C:B7:6A:88:23:F3:D9:9E:A7:B5:C9:26:80:4A:19:6E
            X509v3 Authority Key Identifier:
                keyid:11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/leYTYCy3aogj89mep7XJJoBKGW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.133.126.0/24
                IPv6:
                  2a06:1e00:2d::/48

    Signature Algorithm: sha256WithRSAEncryption
         c3:ae:83:d6:3c:0c:9b:36:8a:c5:86:62:3c:ef:60:e4:a3:de:
         d6:c7:65:a2:83:1d:65:eb:99:a2:42:d9:b8:e9:d4:cc:41:0f:
         ec:71:a2:e3:bd:d3:0c:b3:c5:84:f6:e9:cb:d2:7f:0d:d5:ce:
         6e:27:60:00:7b:31:ec:10:de:af:b5:27:40:21:ae:df:e3:ce:
         68:12:c0:d5:da:b1:0f:9e:ec:11:3a:32:8d:43:8e:7d:38:40:
         f7:d5:59:b4:3e:ee:0d:c8:ea:77:5e:ae:8a:18:e5:71:3c:d7:
         11:d5:25:68:2b:e2:92:6e:bb:c4:3f:12:a2:cc:64:6a:d5:df:
         5d:62:9a:0d:78:70:e6:4d:e9:a5:a1:a7:54:4f:d8:2a:15:75:
         6a:13:a9:6b:78:75:1a:46:a3:9e:fe:f4:79:c7:a0:bd:2c:77:
         5c:50:ec:f4:88:85:88:aa:65:d5:fb:03:bb:9f:f5:70:96:31:
         13:d3:83:e1:2b:4a:15:21:63:ca:21:a6:f7:4d:ff:58:39:67:
         0d:c8:9b:1d:f1:44:7c:83:30:69:c6:7b:d9:ec:e1:75:43:df:
         32:e8:bb:49:5c:b1:f6:55:1d:6c:c5:0e:90:a6:6f:90:49:34:
         d5:f5:ca:c9:20:03:bb:63:66:10:ab:42:f8:f7:54:41:63:dd:
         30:ea:a6:66
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJTPBK477lzlzNDZ9s8bkgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWQ2ODE0Mzc1MjcxZDFhM2NiZDEyMTU1ZGIxMWQyYmQ0
MWE4ZDMwHhcNMjQwMTAyMDgzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWU2MTM2MDJjYjc2YTg4MjNmM2Q5OWVhN2I1YzkyNjgwNGExOTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+Te53uvM3YcByXe1H/pbGUVxjJF
tv2YPNsM3ESNjnHc/OsKdPd1Q5Mzn4wmPsOnJtsoHDCPJBELQvUVsq+D70GSxTp1
N73Y7RTs+Q8dEcn+5LDu+54qfYURR06og6SxZtSbukAIa0R1WfjIdlwEIneJs2EP
a8AhTqSJgjnShVeN70XshET5uKU0ty1f2NT8xtT7atNZuJokyT3960ICmfoBbl9z
8/bmnWZ8NswHOi0rMPrl58o1AP0NEGU6j5g1HrvQLklAk671yzndFL1zJO3WMbzJ
fsQMya2OeRCxnBgaEqgl6usre9SCJACTFyZFAY+oI1vd1IKYfSLqMCmWfwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJXmE2Ast2qII/PZnqe1ySaAShluMB8GA1UdIwQY
MBaAFBEdaBQ3UnHRo8vRIVXbEdK9QajTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVIxb0ZEZFNjZEdqeTlFaFZkc1IwcjFCcU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9hOGIxNGItZmIyNS00N2Y4LThiMGQt
MjcxZDI1ZTIwNTc0LzEvbGVZVFlDeTNhb2dqODltZXA3WEpKb0JLR1c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9hOGIxNGItZmIyNS00N2Y4LThiMGQtMjcxZDI1ZTIwNTc0
LzEvRVIxb0ZEZFNjZEdqeTlFaFZkc1IwcjFCcU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAm4V+MA8E
AgACMAkDBwAqBh4AAC0wDQYJKoZIhvcNAQELBQADggEBAMOug9Y8DJs2isWGYjzv
YOSj3tbHZaKDHWXrmaJC2bjp1MxBD+xxouO90wyzxYT26cvSfw3Vzm4nYAB7MewQ
3q+1J0Ahrt/jzmgSwNXasQ+e7BE6Mo1Djn04QPfVWbQ+7g3I6nderooY5XE81xHV
JWgr4pJuu8Q/EqLMZGrV311img14cOZN6aWhp1RP2CoVdWoTqWt4dRpGo57+9HnH
oL0sd1xQ7PSIhYiqZdX7A7uf9XCWMRPTg+ErShUhY8ohpvdN/1g5Zw3Imx3xRHyD
MGnGe9ns4XVD3zLou0lcsfZVHWzFDpCmb5BJNNX1yskgA7tjZhCrQvj3VEFj3TDq
pmY=
-----END CERTIFICATE-----