Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/130a65-1b7a-4575-b280-90c3cce569f0/1/ffIXUQgNnNxkun86gvscnN9T0cI.roa
File:                     ffIXUQgNnNxkun86gvscnN9T0cI.roa (raw, json)
Hash identifier:          VW5SzImNSTB3Slsj3lqEAsmeeuKYUrnsLBc5k+WJ/m8=
Subject key identifier:   7D:F2:17:51:08:0D:9C:DC:64:BA:7F:3A:82:FB:1C:9C:DF:53:D1:C2
Certificate issuer:       /CN=2f3eaf4ec754f4a0e3d84ca253ad406ee9c7de15
Certificate serial:       019424B287EE91DD993D95764C5C89A44766
Authority key identifier: 2F:3E:AF:4E:C7:54:F4:A0:E3:D8:4C:A2:53:AD:40:6E:E9:C7:DE:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lz6vTsdU9KDj2EyiU61AbunH3hU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/130a65-1b7a-4575-b280-90c3cce569f0/1/ffIXUQgNnNxkun86gvscnN9T0cI.roa
Signing time:             Thu 02 Jan 2025 01:47:47 +0000
ROA not before:           Thu 02 Jan 2025 01:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        193.219.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/130a65-1b7a-4575-b280-90c3cce569f0/1/Lz6vTsdU9KDj2EyiU61AbunH3hU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/130a65-1b7a-4575-b280-90c3cce569f0/1/Lz6vTsdU9KDj2EyiU61AbunH3hU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lz6vTsdU9KDj2EyiU61AbunH3hU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:87:ee:91:dd:99:3d:95:76:4c:5c:89:a4:47:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f3eaf4ec754f4a0e3d84ca253ad406ee9c7de15
        Validity
            Not Before: Jan  2 01:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7df21751080d9cdc64ba7f3a82fb1c9cdf53d1c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d7:c2:6c:54:92:3f:c5:ba:a4:5c:ab:19:6c:
                    7a:09:fe:7b:dc:13:aa:a3:57:eb:66:05:cf:2f:49:
                    37:48:ee:a2:60:ac:19:96:7d:c5:a3:a6:c7:0e:a8:
                    ae:2a:22:0e:60:87:c8:53:4b:0f:1c:d7:dd:a7:64:
                    81:a0:e9:9b:26:9d:dc:7c:cb:89:77:6c:5b:2a:a7:
                    3f:f3:5e:20:86:0c:32:35:98:34:42:31:4c:1f:56:
                    e5:2d:54:72:41:93:79:6c:bc:2f:42:c2:08:84:81:
                    44:ef:14:e4:fb:5e:03:94:dc:3d:a7:b9:44:9e:92:
                    62:6b:15:0f:d8:b9:5f:62:8e:7e:8b:12:62:ef:8a:
                    1a:36:f0:66:33:b2:3c:a8:44:0d:0f:9a:f0:a3:c8:
                    d3:01:bb:d7:25:16:2b:8b:9c:1a:e0:43:31:95:bf:
                    a2:14:24:94:42:ef:2b:e0:6f:23:91:04:07:1d:82:
                    ed:fd:f7:ee:97:6b:e2:40:06:0e:19:31:45:25:13:
                    3d:e7:e4:96:29:30:5e:50:99:f0:c6:55:8a:c0:d2:
                    1a:80:92:06:57:3d:9d:4f:78:1b:21:1d:b8:ce:25:
                    2a:26:6c:86:85:a7:63:90:4b:c5:f9:1f:46:69:6a:
                    93:d8:be:12:05:9a:6c:cc:9b:18:8f:9b:9b:20:64:
                    e8:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:F2:17:51:08:0D:9C:DC:64:BA:7F:3A:82:FB:1C:9C:DF:53:D1:C2
            X509v3 Authority Key Identifier:
                keyid:2F:3E:AF:4E:C7:54:F4:A0:E3:D8:4C:A2:53:AD:40:6E:E9:C7:DE:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lz6vTsdU9KDj2EyiU61AbunH3hU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/130a65-1b7a-4575-b280-90c3cce569f0/1/ffIXUQgNnNxkun86gvscnN9T0cI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/130a65-1b7a-4575-b280-90c3cce569f0/1/Lz6vTsdU9KDj2EyiU61AbunH3hU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.219.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:a5:af:d3:be:cc:40:5f:ba:c4:79:0b:ee:27:2e:26:41:ba:
         27:a9:62:90:80:9d:3b:bd:af:c7:c8:88:8d:7f:a6:7a:3d:c3:
         94:19:84:f7:e3:9b:84:69:45:25:b2:58:5f:8d:b1:58:f1:95:
         2f:14:cb:4c:25:ae:8f:33:79:b7:21:a1:f7:95:83:dc:ce:30:
         dd:9f:c0:76:74:4d:d3:cb:be:f2:71:70:3d:36:70:0a:06:f8:
         13:81:4d:97:8a:3d:7f:60:9f:f9:14:33:58:29:3e:26:7a:62:
         3c:34:a5:85:51:41:9a:e9:75:05:7f:c3:ba:af:de:b7:e4:d7:
         b8:3c:90:44:21:59:61:e3:29:60:49:b3:ff:10:60:0a:c0:9a:
         b6:20:30:e9:aa:ce:a3:20:c2:4d:4b:65:6d:e9:b7:e4:ce:be:
         e2:29:fd:0c:20:1a:af:45:fb:0e:14:d6:da:6d:94:00:ac:1d:
         cb:a7:0c:73:69:4b:69:92:dc:12:da:13:d7:4c:b7:ba:32:78:
         c0:82:54:3e:59:9d:b4:85:cd:74:73:91:14:fe:fb:b8:5e:21:
         87:38:b1:52:1a:7b:ba:62:b2:65:9d:14:41:4b:40:87:e1:6a:
         3f:e0:44:0e:70:c0:80:f1:af:79:0a:26:47:9b:42:1a:04:7a:
         98:ab:a8:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksofukd2ZPZV2TFyJpEdmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmM2VhZjRlYzc1NGY0YTBlM2Q4NGNhMjUzYWQ0MDZlZTlj
N2RlMTUwHhcNMjUwMTAyMDE0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGYyMTc1MTA4MGQ5Y2RjNjRiYTdmM2E4MmZiMWM5Y2RmNTNkMWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudfCbFSSP8W6pFyrGWx6Cf573BOq
o1frZgXPL0k3SO6iYKwZln3Fo6bHDqiuKiIOYIfIU0sPHNfdp2SBoOmbJp3cfMuJ
d2xbKqc/814ghgwyNZg0QjFMH1blLVRyQZN5bLwvQsIIhIFE7xTk+14DlNw9p7lE
npJiaxUP2LlfYo5+ixJi74oaNvBmM7I8qEQND5rwo8jTAbvXJRYri5wa4EMxlb+i
FCSUQu8r4G8jkQQHHYLt/fful2viQAYOGTFFJRM95+SWKTBeUJnwxlWKwNIagJIG
Vz2dT3gbIR24ziUqJmyGhadjkEvF+R9GaWqT2L4SBZpszJsYj5ubIGTo2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3yF1EIDZzcZLp/OoL7HJzfU9HCMB8GA1UdIwQY
MBaAFC8+r07HVPSg49hMolOtQG7px94VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHo2dlRzZFU5S0RqMkV5aVU2MUFidW5IM2hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS8xMzBhNjUtMWI3YS00NTc1LWIyODAt
OTBjM2NjZTU2OWYwLzEvZmZJWFVRZ05uTnhrdW44Nmd2c2NuTjlUMGNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS8xMzBhNjUtMWI3YS00NTc1LWIyODAtOTBjM2NjZTU2OWYw
LzEvTHo2dlRzZFU5S0RqMkV5aVU2MUFidW5IM2hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwdtwMA0G
CSqGSIb3DQEBCwUAA4IBAQCcpa/TvsxAX7rEeQvuJy4mQbonqWKQgJ07va/HyIiN
f6Z6PcOUGYT345uEaUUlslhfjbFY8ZUvFMtMJa6PM3m3IaH3lYPczjDdn8B2dE3T
y77ycXA9NnAKBvgTgU2Xij1/YJ/5FDNYKT4memI8NKWFUUGa6XUFf8O6r9635Ne4
PJBEIVlh4ylgSbP/EGAKwJq2IDDpqs6jIMJNS2Vt6bfkzr7iKf0MIBqvRfsOFNba
bZQArB3LpwxzaUtpktwS2hPXTLe6MnjAglQ+WZ20hc10c5EU/vu4XiGHOLFSGnu6
YrJlnRRBS0CH4Wo/4EQOcMCA8a95CiZHm0IaBHqYq6gr
-----END CERTIFICATE-----