Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/1-fvmXOue4Wgc-XvKyP70nZY0SMs.roa
File:                     1-fvmXOue4Wgc-XvKyP70nZY0SMs.roa (raw, json)
Hash identifier:          QKHnXkt2bseVLft51HsIAvdUlqSJ/Hd4+j7VFqvw+Aw=
Subject key identifier:   F9:FB:E6:5C:EB:9E:E1:68:1C:F9:7B:CA:C8:FE:F4:9D:96:34:48:CB
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       0191D0279D50724B7770192C8C694E8051D5
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/1-fvmXOue4Wgc-XvKyP70nZY0SMs.roa
Signing time:             Sun 08 Sep 2024 05:42:22 +0000
ROA not before:           Sun 08 Sep 2024 05:42:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396356
IP address blocks:        213.145.85.0/24 maxlen: 24
                          213.145.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d0:27:9d:50:72:4b:77:70:19:2c:8c:69:4e:80:51:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Sep  8 05:42:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9fbe65ceb9ee1681cf97bcac8fef49d963448cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:1c:5e:36:f3:4f:fd:e8:4a:7c:0f:92:a1:03:
                    b6:17:87:01:7a:e2:be:11:6a:14:18:89:45:e7:e6:
                    e6:ac:3b:84:d7:2a:e8:31:d6:4b:54:00:f8:0a:0c:
                    c4:78:c0:20:c2:c6:ee:9b:87:08:9b:ce:67:5f:04:
                    5b:a0:34:bf:c9:d3:68:aa:c4:39:af:0b:27:aa:cf:
                    3a:2d:19:bd:bd:0a:3a:08:00:5a:35:77:1a:f2:72:
                    fb:d0:0c:3a:b1:54:a5:61:fc:03:a9:ae:5f:e5:35:
                    ea:3f:15:ca:ef:e8:cd:6e:a2:a8:f6:3f:06:68:07:
                    bd:d6:9f:b4:88:d0:ae:1e:6e:f6:83:c1:fc:0f:72:
                    23:60:3c:48:1d:37:ea:18:bf:04:1f:ae:79:d7:9c:
                    57:a2:20:e2:39:22:0a:a1:62:35:ca:33:0e:b8:0a:
                    36:02:38:5c:2f:3b:7a:f9:6d:f0:c8:c3:97:f2:ca:
                    70:94:73:d5:75:10:c2:9b:a7:bf:a4:f1:b3:fa:05:
                    53:df:fe:3d:64:dc:22:46:70:2d:48:c4:46:05:cb:
                    88:b1:25:a6:6e:89:02:1f:58:6b:a1:d2:66:6e:2f:
                    00:85:b0:4c:83:96:a6:d0:24:ce:31:5d:1e:96:21:
                    98:e5:7d:ba:a1:6e:a5:e9:ff:fb:82:77:67:c6:d0:
                    c5:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:FB:E6:5C:EB:9E:E1:68:1C:F9:7B:CA:C8:FE:F4:9D:96:34:48:CB
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/1-fvmXOue4Wgc-XvKyP70nZY0SMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.85.0-213.145.86.255

    Signature Algorithm: sha256WithRSAEncryption
         76:a8:ac:f4:ee:a1:65:bf:f2:88:4b:18:6a:a7:a0:f1:45:ba:
         f4:2f:de:bc:31:4f:c6:01:32:83:81:06:2a:8f:3a:00:a7:95:
         42:30:5e:27:27:53:2b:88:5a:af:6f:e4:cf:66:0c:ae:9f:8c:
         04:46:78:9b:68:01:a3:0e:21:69:bd:d0:4d:ca:b8:26:4e:7e:
         cd:23:83:75:b5:a9:82:63:28:1f:e6:04:cb:2b:c7:c6:3d:48:
         54:9b:52:79:3d:a5:ee:36:ad:a7:dd:fa:0b:ed:c9:2d:c6:8d:
         32:98:82:8c:e5:e7:41:2d:61:d6:40:14:fd:8a:61:48:f1:9f:
         7a:e1:5d:53:fe:22:48:41:52:82:bb:35:34:0d:7d:e9:ca:84:
         14:6e:b0:d8:7b:47:e2:e4:f3:1c:f9:c1:1c:23:28:6a:52:0f:
         57:16:cc:ac:d8:d8:0f:41:57:c0:b9:f1:6a:0e:d1:de:e7:69:
         f3:70:2f:8e:36:5b:94:d8:15:52:c2:80:82:5e:6f:22:f5:1e:
         7a:72:5b:56:13:ba:d6:ab:94:97:8c:88:c7:d9:17:b5:5e:be:
         a4:c9:ee:46:ab:c0:08:5a:fc:37:04:92:56:e9:78:c5:95:47:
         39:7b:5d:d7:1a:b8:67:2a:b4:ac:12:5c:5c:8e:b0:3c:4a:d1:
         42:c6:7d:c2
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZHQJ51Qckt3cBksjGlOgFHVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjQwOTA4MDU0MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWZiZTY1Y2ViOWVlMTY4MWNmOTdiY2FjOGZlZjQ5ZDk2MzQ0OGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRxeNvNP/ehKfA+SoQO2F4cBeuK+
EWoUGIlF5+bmrDuE1yroMdZLVAD4CgzEeMAgwsbum4cIm85nXwRboDS/ydNoqsQ5
rwsnqs86LRm9vQo6CABaNXca8nL70Aw6sVSlYfwDqa5f5TXqPxXK7+jNbqKo9j8G
aAe91p+0iNCuHm72g8H8D3IjYDxIHTfqGL8EH65515xXoiDiOSIKoWI1yjMOuAo2
AjhcLzt6+W3wyMOX8spwlHPVdRDCm6e/pPGz+gVT3/49ZNwiRnAtSMRGBcuIsSWm
bokCH1hrodJmbi8AhbBMg5am0CTOMV0eliGY5X26oW6l6f/7gndnxtDF6wIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFPn75lzrnuFoHPl7ysj+9J2WNEjLMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvMS1mdm1YT3VlNFdnYy1Ydkt5UDcwblpZMFNNcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjcvN2YyMzkzLWQwMWEtNDFmNy1hNTJlLWQyNDJiNmYzYThh
MS8xL0w2RnFzR0FnQm5kQXBNSDdSNmtTWWk4ZEJ5SS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAnBggrBgEFBQcBBwEB/wQYMBYwFAQCAAEwDjAMAwQA1ZFV
AwQA1ZFWMA0GCSqGSIb3DQEBCwUAA4IBAQB2qKz07qFlv/KISxhqp6DxRbr0L968
MU/GATKDgQYqjzoAp5VCMF4nJ1MriFqvb+TPZgyun4wERnibaAGjDiFpvdBNyrgm
Tn7NI4N1tamCYygf5gTLK8fGPUhUm1J5PaXuNq2n3foL7cktxo0ymIKM5edBLWHW
QBT9imFI8Z964V1T/iJIQVKCuzU0DX3pyoQUbrDYe0fi5PMc+cEcIyhqUg9XFsys
2NgPQVfAufFqDtHe52nzcC+ONluU2BVSwoCCXm8i9R56cltWE7rWq5SXjIjH2Re1
Xr6kye5Gq8AIWvw3BJJW6XjFlUc5e13XGrhnKrSsElxcjrA8StFCxn3C
-----END CERTIFICATE-----