Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/e55jkyoq3A5qdfDXRJ-pWTQObgY.roa
File:                     e55jkyoq3A5qdfDXRJ-pWTQObgY.roa (raw, json)
Hash identifier:          kfwkavduL56MhhBsZ44rKoLub8yEUw2xiinPHZA1ivI=
Subject key identifier:   7B:9E:63:93:2A:2A:DC:0E:6A:75:F0:D7:44:9F:A9:59:34:0E:6E:06
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       0192E89F85BFE94DFE2D648A8D7030241018
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/e55jkyoq3A5qdfDXRJ-pWTQObgY.roa
Signing time:             Fri 01 Nov 2024 16:47:01 +0000
ROA not before:           Fri 01 Nov 2024 16:47:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205733
IP address blocks:        213.145.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e8:9f:85:bf:e9:4d:fe:2d:64:8a:8d:70:30:24:10:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Nov  1 16:47:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b9e63932a2adc0e6a75f0d7449fa959340e6e06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a3:e0:2a:00:14:10:bf:f9:ca:0c:1d:32:63:
                    cd:8c:a3:d1:5c:6e:89:a9:91:83:9e:ba:59:e0:55:
                    b0:fa:1a:ba:03:25:4d:cc:e8:5f:2e:ae:7c:50:bd:
                    09:31:50:d4:28:a3:90:92:97:3f:73:fe:a2:94:a0:
                    84:80:87:52:ec:a8:c5:8c:e6:80:c5:42:0a:a4:51:
                    bb:33:64:91:ed:1f:9c:05:1a:55:49:98:62:79:ea:
                    bb:52:7b:9a:14:0d:b1:b1:35:b3:21:e5:0d:94:d3:
                    6f:7b:e7:eb:a4:de:58:71:67:be:c0:3b:72:b5:01:
                    e1:97:9f:1e:12:d7:f5:52:aa:68:95:ca:8b:51:03:
                    88:f3:17:ff:77:e5:18:a1:ad:8a:05:0d:50:c3:0a:
                    08:f1:7b:c9:8e:85:ed:1a:d2:73:7f:13:ca:67:b3:
                    46:ef:04:61:09:8b:80:4c:9a:c1:7c:4b:2b:07:f4:
                    ff:8e:dd:2a:f6:a5:5d:5b:14:2f:c0:0e:c3:58:d9:
                    5d:20:a5:06:03:40:92:9d:a9:a9:29:1c:bb:29:70:
                    99:2a:7b:59:b5:a9:5d:70:27:70:de:a1:9c:04:59:
                    fb:3d:3d:29:4c:5b:5a:ea:52:f4:c0:00:45:0e:86:
                    f8:28:24:31:04:00:31:4f:10:35:e9:64:ab:d7:d5:
                    65:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:9E:63:93:2A:2A:DC:0E:6A:75:F0:D7:44:9F:A9:59:34:0E:6E:06
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/e55jkyoq3A5qdfDXRJ-pWTQObgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:22:73:9e:f4:1e:c7:17:0c:d0:a4:39:5f:51:4f:3b:e8:2d:
         63:00:49:29:87:c0:d2:a6:a2:c1:0e:f2:d5:e1:db:92:6a:ee:
         83:5a:27:52:58:cc:c9:bd:a5:e7:51:c0:08:78:bf:45:1b:82:
         f2:b7:d8:36:7f:d5:04:5e:a6:09:9e:7d:c5:22:a9:ec:3b:f4:
         4b:45:43:2c:dc:10:5d:1f:3c:c6:e1:4e:f9:39:83:24:70:52:
         0e:0f:e5:81:16:0d:94:b9:ce:4d:55:c3:de:aa:9e:1c:47:db:
         b6:92:ab:ed:6f:c8:68:ff:b3:e8:7d:60:da:ab:30:a4:b7:06:
         a2:36:44:f4:8c:93:d2:6e:fb:7d:0a:89:26:e9:a5:1b:d6:1c:
         24:4d:c2:88:d0:fe:76:d7:f5:62:76:cf:ab:87:ce:d8:2d:26:
         65:7e:7f:cc:10:cc:33:1e:d5:e9:b6:c4:78:82:6d:a5:4f:fa:
         4b:bf:ee:52:8a:82:cb:9d:5c:5e:6d:eb:af:ae:75:62:4d:ab:
         be:85:75:2b:68:35:da:f7:a9:cc:43:f8:f9:03:72:fe:23:c1:
         81:ec:d4:d1:2b:21:40:0f:fb:0a:86:29:09:22:bc:e1:c5:ae:
         7a:9d:75:58:0c:16:72:83:d4:ea:a6:5c:a4:f3:0d:f6:28:d5:
         16:a4:09:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLon4W/6U3+LWSKjXAwJBAYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjQxMTAxMTY0NzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjllNjM5MzJhMmFkYzBlNmE3NWYwZDc0NDlmYTk1OTM0MGU2ZTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqPgKgAUEL/5ygwdMmPNjKPRXG6J
qZGDnrpZ4FWw+hq6AyVNzOhfLq58UL0JMVDUKKOQkpc/c/6ilKCEgIdS7KjFjOaA
xUIKpFG7M2SR7R+cBRpVSZhieeq7UnuaFA2xsTWzIeUNlNNve+frpN5YcWe+wDty
tQHhl58eEtf1UqpolcqLUQOI8xf/d+UYoa2KBQ1QwwoI8XvJjoXtGtJzfxPKZ7NG
7wRhCYuATJrBfEsrB/T/jt0q9qVdWxQvwA7DWNldIKUGA0CSnampKRy7KXCZKntZ
taldcCdw3qGcBFn7PT0pTFta6lL0wABFDob4KCQxBAAxTxA16WSr19VlVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHueY5MqKtwOanXw10SfqVk0Dm4GMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvZTU1amt5b3EzQTVxZGZEWFJKLXBXVFFPYmdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZFUMA0G
CSqGSIb3DQEBCwUAA4IBAQAaInOe9B7HFwzQpDlfUU876C1jAEkph8DSpqLBDvLV
4duSau6DWidSWMzJvaXnUcAIeL9FG4Lyt9g2f9UEXqYJnn3FIqnsO/RLRUMs3BBd
HzzG4U75OYMkcFIOD+WBFg2Uuc5NVcPeqp4cR9u2kqvtb8ho/7PofWDaqzCktwai
NkT0jJPSbvt9Cokm6aUb1hwkTcKI0P521/Vids+rh87YLSZlfn/MEMwzHtXptsR4
gm2lT/pLv+5SioLLnVxebeuvrnViTau+hXUraDXa96nMQ/j5A3L+I8GB7NTRKyFA
D/sKhikJIrzhxa56nXVYDBZyg9Tqplyk8w32KNUWpAlC
-----END CERTIFICATE-----