Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/a94dea-2ffc-408d-aa9d-1ae36a4469fd/1/DiORFY4CEGoRtiKQl2Y1yFQm1Ks.roa
File:                     DiORFY4CEGoRtiKQl2Y1yFQm1Ks.roa (raw, json)
Hash identifier:          mW0TlhU+KjDBSizFF7bKGQz/6VzX6HD0y9rd1WyhrZI=
Subject key identifier:   0E:23:91:15:8E:02:10:6A:11:B6:22:90:97:66:35:C8:54:26:D4:AB
Certificate issuer:       /CN=ab06c8f2247d22041c82e555667881e50f9154ab
Certificate serial:       018CC87137A447652D25A0792614D520E06D
Authority key identifier: AB:06:C8:F2:24:7D:22:04:1C:82:E5:55:66:78:81:E5:0F:91:54:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwbI8iR9IgQcguVVZniB5Q-RVKs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/a94dea-2ffc-408d-aa9d-1ae36a4469fd/1/DiORFY4CEGoRtiKQl2Y1yFQm1Ks.roa
Signing time:             Tue 02 Jan 2024 04:31:52 +0000
ROA not before:           Tue 02 Jan 2024 04:31:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205112
IP address blocks:        185.138.54.0/24 maxlen: 24
                          2a07:a40:c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/a94dea-2ffc-408d-aa9d-1ae36a4469fd/1/qwbI8iR9IgQcguVVZniB5Q-RVKs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/a94dea-2ffc-408d-aa9d-1ae36a4469fd/1/qwbI8iR9IgQcguVVZniB5Q-RVKs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwbI8iR9IgQcguVVZniB5Q-RVKs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:37:a4:47:65:2d:25:a0:79:26:14:d5:20:e0:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab06c8f2247d22041c82e555667881e50f9154ab
        Validity
            Not Before: Jan  2 04:31:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e2391158e02106a11b62290976635c85426d4ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:69:e9:0a:c1:0e:6a:75:2d:4a:30:4a:19:48:
                    f1:8b:69:1e:38:35:a3:b9:48:34:a3:ca:76:d8:a2:
                    99:2c:f9:64:2a:d7:6e:1f:46:a6:08:93:3d:a4:cf:
                    b9:09:be:3d:6f:0a:9e:c3:69:a0:a3:26:b4:45:2d:
                    7b:90:c6:f3:d4:eb:9d:32:06:0e:6b:7b:7b:97:73:
                    0c:ce:94:32:d1:fe:a3:fc:51:99:35:01:85:cf:1d:
                    6c:ce:f8:98:36:70:dd:ee:1d:bf:2b:45:4a:a8:7a:
                    b8:aa:8b:a6:58:f6:2f:f6:b0:4b:96:d5:e8:4f:61:
                    6b:f0:a3:67:03:21:84:f4:8f:3c:5b:dc:e5:9a:6f:
                    fa:92:3b:12:80:dd:95:04:eb:92:f9:98:df:6d:b0:
                    bf:85:5d:4f:16:8d:ca:bb:bf:af:01:e9:00:9b:ce:
                    be:d9:9a:09:96:a4:91:82:b2:d5:70:4e:b6:8f:f9:
                    47:bd:ed:db:c9:ce:7a:24:95:de:92:06:fe:8a:fe:
                    dd:3e:35:3f:5c:cb:6c:11:05:41:38:8a:25:e7:6b:
                    be:f5:ab:9e:a9:3e:e7:8e:5e:49:be:b8:b7:77:3a:
                    91:52:fa:7d:24:2f:64:e0:85:71:0c:97:42:ae:bd:
                    78:72:80:df:62:e0:72:c5:c6:a5:ce:fc:ba:1f:e7:
                    4f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:23:91:15:8E:02:10:6A:11:B6:22:90:97:66:35:C8:54:26:D4:AB
            X509v3 Authority Key Identifier:
                keyid:AB:06:C8:F2:24:7D:22:04:1C:82:E5:55:66:78:81:E5:0F:91:54:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwbI8iR9IgQcguVVZniB5Q-RVKs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a94dea-2ffc-408d-aa9d-1ae36a4469fd/1/DiORFY4CEGoRtiKQl2Y1yFQm1Ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a94dea-2ffc-408d-aa9d-1ae36a4469fd/1/qwbI8iR9IgQcguVVZniB5Q-RVKs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.54.0/24
                IPv6:
                  2a07:a40:c::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:87:16:7f:5b:50:3f:84:42:a9:b7:50:7a:42:ac:b1:4d:44:
         33:7e:e1:26:87:7f:8c:a8:c9:35:6f:7a:44:85:03:67:57:b6:
         b9:45:cb:a9:e6:bd:88:10:01:fa:2e:a3:c5:c8:c1:90:86:98:
         8f:05:92:ec:f7:96:75:72:40:95:f5:14:a6:40:9c:6c:85:21:
         1a:58:40:08:69:f8:40:5a:a9:25:d3:65:19:6c:95:88:e8:a0:
         f5:2b:62:97:18:64:bd:12:12:50:99:44:4d:23:d5:08:0c:e5:
         69:d6:6e:62:f6:2a:dc:b7:57:9d:df:20:20:6a:cb:ad:68:15:
         4f:2a:5e:81:72:e9:dc:89:ce:6c:0a:c2:15:ec:2a:65:c0:91:
         b1:bf:f2:84:2b:a5:92:69:83:48:d4:bc:b2:da:5e:0e:89:75:
         64:cb:61:58:db:b3:64:4b:6a:e6:8a:aa:e5:82:05:88:32:61:
         0c:4c:5a:21:da:99:c2:5a:91:e0:29:06:66:4a:b7:51:76:5f:
         f8:2e:06:dc:5d:0e:86:93:a9:0a:c0:18:7b:bf:68:8f:9d:0d:
         1c:a2:b2:bb:82:fe:68:ae:01:83:ab:f5:54:43:15:f7:b3:08:
         d5:95:9d:6b:c0:32:04:4e:56:48:41:bc:8a:51:de:c4:e9:ff:
         e9:aa:07:7e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIcTekR2UtJaB5JhTVIOBtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDZjOGYyMjQ3ZDIyMDQxYzgyZTU1NTY2Nzg4MWU1MGY5
MTU0YWIwHhcNMjQwMTAyMDQzMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTIzOTExNThlMDIxMDZhMTFiNjIyOTA5NzY2MzVjODU0MjZkNGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2npCsEOanUtSjBKGUjxi2keODWj
uUg0o8p22KKZLPlkKtduH0amCJM9pM+5Cb49bwqew2mgoya0RS17kMbz1OudMgYO
a3t7l3MMzpQy0f6j/FGZNQGFzx1szviYNnDd7h2/K0VKqHq4qoumWPYv9rBLltXo
T2Fr8KNnAyGE9I88W9zlmm/6kjsSgN2VBOuS+ZjfbbC/hV1PFo3Ku7+vAekAm86+
2ZoJlqSRgrLVcE62j/lHve3byc56JJXekgb+iv7dPjU/XMtsEQVBOIol52u+9aue
qT7njl5Jvri3dzqRUvp9JC9k4IVxDJdCrr14coDfYuByxcalzvy6H+dPgwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFA4jkRWOAhBqEbYikJdmNchUJtSrMB8GA1UdIwQY
MBaAFKsGyPIkfSIEHILlVWZ4geUPkVSrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdiSThpUjlJZ1FjZ3VWVlpuaUI1US1SVktzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9hOTRkZWEtMmZmYy00MDhkLWFhOWQt
MWFlMzZhNDQ2OWZkLzEvRGlPUkZZNENFR29SdGlLUWwyWTF5RlFtMUtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9hOTRkZWEtMmZmYy00MDhkLWFhOWQtMWFlMzZhNDQ2OWZk
LzEvcXdiSThpUjlJZ1FjZ3VWVlpuaUI1US1SVktzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuYo2MA8E
AgACMAkDBwAqBwpAAAwwDQYJKoZIhvcNAQELBQADggEBAG+HFn9bUD+EQqm3UHpC
rLFNRDN+4SaHf4yoyTVvekSFA2dXtrlFy6nmvYgQAfouo8XIwZCGmI8Fkuz3lnVy
QJX1FKZAnGyFIRpYQAhp+EBaqSXTZRlslYjooPUrYpcYZL0SElCZRE0j1QgM5WnW
bmL2Kty3V53fICBqy61oFU8qXoFy6dyJzmwKwhXsKmXAkbG/8oQrpZJpg0jUvLLa
Xg6JdWTLYVjbs2RLauaKquWCBYgyYQxMWiHamcJakeApBmZKt1F2X/guBtxdDoaT
qQrAGHu/aI+dDRyisruC/miuAYOr9VRDFfezCNWVnWvAMgROVkhBvIpR3sTp/+mq
B34=
-----END CERTIFICATE-----