Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/9IdusFjg1y30SB4XJA3lHy6ecVk.roa
File:                     9IdusFjg1y30SB4XJA3lHy6ecVk.roa (raw, json)
Hash identifier:          pDy/NSC4sBVO0D2sGRmuyHZfl01J4RsWEzLLw88M9Dk=
Subject key identifier:   F4:87:6E:B0:58:E0:D7:2D:F4:48:1E:17:24:0D:E5:1F:2E:9E:71:59
Certificate issuer:       /CN=e760126dce78bc16e66c2e6e7635848ac46846af
Certificate serial:       01917A3114B2DE571328BF1878B9A2507BF7
Authority key identifier: E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/9IdusFjg1y30SB4XJA3lHy6ecVk.roa
Signing time:             Thu 22 Aug 2024 13:05:22 +0000
ROA not before:           Thu 22 Aug 2024 13:05:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31715
IP address blocks:        146.247.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7a:31:14:b2:de:57:13:28:bf:18:78:b9:a2:50:7b:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e760126dce78bc16e66c2e6e7635848ac46846af
        Validity
            Not Before: Aug 22 13:05:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4876eb058e0d72df4481e17240de51f2e9e7159
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:99:48:5c:c1:09:a5:f3:0b:eb:7e:35:7b:0b:
                    e3:3c:40:71:97:6d:a3:92:73:80:bd:f2:d4:a1:f3:
                    ea:5a:fb:79:e5:de:bf:92:e0:79:25:92:90:80:11:
                    62:13:49:2a:38:28:78:aa:88:40:8c:65:5b:c3:be:
                    28:87:f6:af:47:bf:8e:cf:a1:28:04:30:1e:69:56:
                    a0:8a:b7:03:ba:52:f9:00:09:bf:d8:21:a2:7d:3b:
                    32:1f:5a:b4:e5:ce:92:51:d2:d1:bb:35:11:f5:77:
                    12:70:27:ea:8c:cb:13:68:d0:83:11:55:15:22:67:
                    af:34:ba:b4:57:45:67:2e:f2:24:ea:40:79:57:35:
                    1f:3f:52:4f:f9:44:6f:1a:04:55:71:15:bd:99:19:
                    0c:9e:01:f7:14:63:ea:14:68:98:60:57:15:85:65:
                    d7:59:75:ea:13:70:d8:19:05:38:98:70:06:0e:5d:
                    ed:3f:77:db:21:87:c3:47:e9:49:53:a7:4a:3d:80:
                    f8:d5:f0:d9:8d:9b:cb:15:89:ef:40:2f:c5:e8:62:
                    2b:f9:bd:95:3b:cf:c2:37:17:34:e4:29:16:8e:17:
                    cf:f4:c1:40:07:75:2d:cd:17:ff:96:c0:d7:c3:69:
                    9a:7f:28:ec:74:1d:13:e8:18:ed:3e:70:4d:dd:f5:
                    e3:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:87:6E:B0:58:E0:D7:2D:F4:48:1E:17:24:0D:E5:1F:2E:9E:71:59
            X509v3 Authority Key Identifier:
                keyid:E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/9IdusFjg1y30SB4XJA3lHy6ecVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:41:f3:ce:a2:a9:23:89:cf:01:db:33:12:f2:c3:80:c4:da:
         d1:2f:c3:d9:d4:99:ce:b8:2b:70:d7:09:c1:16:5e:08:3d:2f:
         ca:bc:bb:f2:df:69:d5:b5:08:55:90:c4:db:b7:c7:cf:4a:7a:
         81:56:7e:9b:4d:45:76:46:78:49:39:29:b9:3d:a5:b9:2c:20:
         47:1c:cf:b2:56:b8:2f:a7:fb:3f:a7:64:e8:8e:76:fc:0e:e8:
         a8:18:7f:a8:d1:31:e8:00:a1:f8:1e:83:f4:71:ec:fd:58:42:
         76:90:72:dc:69:fd:0d:72:c7:68:64:7a:48:0c:74:f9:f8:17:
         66:e3:2b:3c:8f:7d:23:5f:91:5a:50:31:aa:84:2a:70:a7:ec:
         22:b3:e7:a3:24:da:8d:68:7d:5d:46:8e:d8:aa:ed:88:d2:fa:
         98:6c:27:bf:2e:b8:0d:85:5e:e5:20:bd:58:8d:48:c3:5f:15:
         c3:00:11:a0:03:8c:d5:d7:a8:72:62:30:59:0c:18:94:a6:28:
         45:a4:06:7c:62:46:ef:00:7f:dc:09:c0:6e:c8:61:9e:d2:46:
         af:5c:14:b9:2a:8e:35:fd:5f:61:06:3f:29:80:96:76:0f:60:
         37:7b:88:0d:3f:51:9f:35:75:4e:fb:14:3e:e0:62:c5:e1:e8:
         b1:d2:ae:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF6MRSy3lcTKL8YeLmiUHv3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NjAxMjZkY2U3OGJjMTZlNjZjMmU2ZTc2MzU4NDhhYzQ2
ODQ2YWYwHhcNMjQwODIyMTMwNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDg3NmViMDU4ZTBkNzJkZjQ0ODFlMTcyNDBkZTUxZjJlOWU3MTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5lIXMEJpfML6341ewvjPEBxl22j
knOAvfLUofPqWvt55d6/kuB5JZKQgBFiE0kqOCh4qohAjGVbw74oh/avR7+Oz6Eo
BDAeaVagircDulL5AAm/2CGifTsyH1q05c6SUdLRuzUR9XcScCfqjMsTaNCDEVUV
ImevNLq0V0VnLvIk6kB5VzUfP1JP+URvGgRVcRW9mRkMngH3FGPqFGiYYFcVhWXX
WXXqE3DYGQU4mHAGDl3tP3fbIYfDR+lJU6dKPYD41fDZjZvLFYnvQC/F6GIr+b2V
O8/CNxc05CkWjhfP9MFAB3UtzRf/lsDXw2mafyjsdB0T6BjtPnBN3fXj3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPSHbrBY4Nct9EgeFyQN5R8unnFZMB8GA1UdIwQY
MBaAFOdgEm3OeLwW5mwubnY1hIrEaEavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3Yjgt
ZDI0ZjU2MmRlZGQyLzEvOUlkdXNGamcxeTMwU0I0WEpBM2xIeTZlY1ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3YjgtZDI0ZjU2MmRlZGQy
LzEvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkvdlMA0G
CSqGSIb3DQEBCwUAA4IBAQClQfPOoqkjic8B2zMS8sOAxNrRL8PZ1JnOuCtw1wnB
Fl4IPS/KvLvy32nVtQhVkMTbt8fPSnqBVn6bTUV2RnhJOSm5PaW5LCBHHM+yVrgv
p/s/p2Tojnb8DuioGH+o0THoAKH4HoP0cez9WEJ2kHLcaf0NcsdoZHpIDHT5+Bdm
4ys8j30jX5FaUDGqhCpwp+wis+ejJNqNaH1dRo7Yqu2I0vqYbCe/LrgNhV7lIL1Y
jUjDXxXDABGgA4zV16hyYjBZDBiUpihFpAZ8YkbvAH/cCcBuyGGe0kavXBS5Ko41
/V9hBj8pgJZ2D2A3e4gNP1GfNXVO+xQ+4GLF4eix0q6X
-----END CERTIFICATE-----