Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/1r1TlCoK3PkrugIyGvPIwz3Kexc.roa
File:                     1r1TlCoK3PkrugIyGvPIwz3Kexc.roa (raw, json)
Hash identifier:          aIKN+RJjBg7YzoMPBGxxJufBNITnQ+Sbes2AgrjMYaM=
Subject key identifier:   D6:BD:53:94:2A:0A:DC:F9:2B:BA:02:32:1A:F3:C8:C3:3D:CA:7B:17
Certificate issuer:       /CN=f2e2810f49b36fdd641c326bd1de4e42d128b046
Certificate serial:       018CCA29BA5C2C510E24A2BEDD7A138F6A68
Authority key identifier: F2:E2:81:0F:49:B3:6F:DD:64:1C:32:6B:D1:DE:4E:42:D1:28:B0:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/1r1TlCoK3PkrugIyGvPIwz3Kexc.roa
Signing time:             Tue 02 Jan 2024 12:33:01 +0000
ROA not before:           Tue 02 Jan 2024 12:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39715
IP address blocks:        83.145.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:ba:5c:2c:51:0e:24:a2:be:dd:7a:13:8f:6a:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2e2810f49b36fdd641c326bd1de4e42d128b046
        Validity
            Not Before: Jan  2 12:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6bd53942a0adcf92bba02321af3c8c33dca7b17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:62:93:35:48:aa:0d:33:6f:7d:3d:be:02:79:
                    9c:ba:d7:35:8f:0b:21:97:3f:5f:7d:a0:c5:5d:be:
                    e3:9f:d9:5f:10:5a:92:51:d7:13:a1:0d:fe:e9:0d:
                    e3:b1:10:d3:99:ae:97:65:c1:f0:87:17:1c:5e:c2:
                    97:d7:2c:20:3b:b5:2d:57:88:0e:fb:38:ba:78:fc:
                    42:d5:79:bc:8d:61:ef:6a:c4:d5:d6:cb:13:8b:81:
                    a4:a9:e2:b3:f8:f3:7a:f9:89:cb:da:69:62:3f:26:
                    31:17:43:1f:f3:29:78:53:e5:bf:13:ab:30:89:63:
                    8c:21:a1:65:1c:be:7d:59:15:58:b6:23:a6:29:e1:
                    c9:0b:4a:f1:35:8d:71:3f:50:8d:9c:38:19:a3:0a:
                    61:3e:7c:6c:55:cd:7a:92:9f:6a:4b:3b:e6:f5:1d:
                    ae:da:11:09:73:ff:90:c2:4d:86:a8:40:14:71:fb:
                    63:f0:21:05:1c:73:4e:8f:40:9e:2f:06:6f:94:cf:
                    bd:cc:e2:cd:5f:54:59:0d:1f:65:78:68:3c:05:a6:
                    e8:ec:df:59:fc:b1:34:40:0e:4d:33:02:ef:f9:96:
                    a7:66:bb:92:b3:73:25:92:62:6b:86:0f:94:0a:c7:
                    b0:0a:76:23:69:19:dc:71:1e:ac:d6:0d:1f:65:ec:
                    cd:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:BD:53:94:2A:0A:DC:F9:2B:BA:02:32:1A:F3:C8:C3:3D:CA:7B:17
            X509v3 Authority Key Identifier:
                keyid:F2:E2:81:0F:49:B3:6F:DD:64:1C:32:6B:D1:DE:4E:42:D1:28:B0:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/1r1TlCoK3PkrugIyGvPIwz3Kexc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.145.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:bd:b5:30:6f:74:85:05:6d:9f:da:76:97:d9:7a:b4:15:6a:
         43:32:9c:49:a9:e6:f3:36:25:b5:b7:bd:6e:58:e8:d4:9e:fa:
         be:f6:20:f7:07:31:37:e4:9c:88:5d:0b:87:8b:4f:dc:56:0a:
         a5:d7:5d:ae:9c:33:c9:2d:a6:56:4b:c9:73:40:63:ea:81:e5:
         06:fe:3a:d7:d3:66:46:7b:6a:de:3a:d7:8e:a8:fe:f8:e2:60:
         47:68:d1:cd:24:ea:5e:b0:4b:6d:d4:3d:f3:75:fc:4e:2c:e3:
         73:f9:52:4f:24:02:23:05:27:f4:6b:a0:d3:ed:26:fa:d9:88:
         dc:be:e9:32:db:b9:40:d7:bf:b8:4d:17:6b:f5:85:91:fb:44:
         0f:83:b6:da:f6:30:9b:70:d8:28:b3:05:b4:36:80:2f:cc:57:
         71:22:cd:6d:32:b7:44:f0:cb:66:88:9a:d4:15:fa:4b:52:9f:
         72:61:fa:e9:01:e4:8a:7e:b4:f1:e0:1f:3f:13:c4:0b:7c:2f:
         58:bb:20:18:7e:9f:71:44:39:a8:97:35:0d:22:d5:42:a7:24:
         28:7e:40:90:3a:97:9e:fd:63:4e:1d:cb:5f:27:90:1c:18:c6:
         cc:f4:cd:b5:4e:60:ff:75:60:b5:9e:91:b2:d7:65:47:e2:aa:
         d1:10:d0:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKbpcLFEOJKK+3XoTj2poMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZTI4MTBmNDliMzZmZGQ2NDFjMzI2YmQxZGU0ZTQyZDEy
OGIwNDYwHhcNMjQwMTAyMTIzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmJkNTM5NDJhMGFkY2Y5MmJiYTAyMzIxYWYzYzhjMzNkY2E3YjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2KTNUiqDTNvfT2+Anmcutc1jwsh
lz9ffaDFXb7jn9lfEFqSUdcToQ3+6Q3jsRDTma6XZcHwhxccXsKX1ywgO7UtV4gO
+zi6ePxC1Xm8jWHvasTV1ssTi4GkqeKz+PN6+YnL2mliPyYxF0Mf8yl4U+W/E6sw
iWOMIaFlHL59WRVYtiOmKeHJC0rxNY1xP1CNnDgZowphPnxsVc16kp9qSzvm9R2u
2hEJc/+Qwk2GqEAUcftj8CEFHHNOj0CeLwZvlM+9zOLNX1RZDR9leGg8Babo7N9Z
/LE0QA5NMwLv+ZanZruSs3MlkmJrhg+UCsewCnYjaRnccR6s1g0fZezN1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNa9U5QqCtz5K7oCMhrzyMM9ynsXMB8GA1UdIwQY
MBaAFPLigQ9Js2/dZBwya9HeTkLRKLBGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHVLQkQwbXpiOTFrSERKcjBkNU9RdEVvc0VZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi83OWU5MDUtZmIwZC00YjhiLTkzOTAt
NTBkMmI3MGJjZjMxLzEvMXIxVGxDb0szUGtydWdJeUd2UEl3ejNLZXhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi83OWU5MDUtZmIwZC00YjhiLTkzOTAtNTBkMmI3MGJjZjMx
LzEvOHVLQkQwbXpiOTFrSERKcjBkNU9RdEVvc0VZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU5FfMA0G
CSqGSIb3DQEBCwUAA4IBAQCKvbUwb3SFBW2f2naX2Xq0FWpDMpxJqebzNiW1t71u
WOjUnvq+9iD3BzE35JyIXQuHi0/cVgql112unDPJLaZWS8lzQGPqgeUG/jrX02ZG
e2reOteOqP744mBHaNHNJOpesEtt1D3zdfxOLONz+VJPJAIjBSf0a6DT7Sb62Yjc
vuky27lA17+4TRdr9YWR+0QPg7ba9jCbcNgoswW0NoAvzFdxIs1tMrdE8MtmiJrU
FfpLUp9yYfrpAeSKfrTx4B8/E8QLfC9YuyAYfp9xRDmolzUNItVCpyQofkCQOpee
/WNOHctfJ5AcGMbM9M21TmD/dWC1npGy12VH4qrRENCi
-----END CERTIFICATE-----