Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/lPHp7geGjOe64XivF2ocXaH2CeA.roa
File:                     lPHp7geGjOe64XivF2ocXaH2CeA.roa (raw, json)
Hash identifier:          572jk2DkcrKgkPA6m2eci3Uzw/pAFYhsYIxNGsdjVZk=
Subject key identifier:   94:F1:E9:EE:07:86:8C:E7:BA:E1:78:AF:17:6A:1C:5D:A1:F6:09:E0
Certificate issuer:       /CN=f2e2810f49b36fdd641c326bd1de4e42d128b046
Certificate serial:       018CCA29B9912EF8A1D0398E8975E4E81420
Authority key identifier: F2:E2:81:0F:49:B3:6F:DD:64:1C:32:6B:D1:DE:4E:42:D1:28:B0:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/lPHp7geGjOe64XivF2ocXaH2CeA.roa
Signing time:             Tue 02 Jan 2024 12:33:01 +0000
ROA not before:           Tue 02 Jan 2024 12:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30741
IP address blocks:        83.145.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:b9:91:2e:f8:a1:d0:39:8e:89:75:e4:e8:14:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2e2810f49b36fdd641c326bd1de4e42d128b046
        Validity
            Not Before: Jan  2 12:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94f1e9ee07868ce7bae178af176a1c5da1f609e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:e7:7e:f8:61:7d:d3:8d:88:0b:17:a4:d7:5e:
                    73:2b:01:a7:a7:bb:24:40:28:b4:a4:11:e9:c8:0f:
                    39:aa:1c:34:74:70:21:d2:c4:87:25:b2:e6:cf:17:
                    dd:8e:c1:d8:0b:87:d6:93:b1:58:91:86:55:de:0a:
                    b4:26:39:f9:e0:6b:aa:a6:d9:2f:8c:4f:37:e9:61:
                    e0:cf:d8:04:9a:74:f0:ee:85:1a:92:15:06:a3:fa:
                    43:87:60:3d:8b:12:05:35:83:42:b0:71:c7:22:a4:
                    a6:8c:aa:74:bb:be:01:ba:9a:7b:79:03:cb:52:9e:
                    b0:a1:a3:3a:65:5f:7f:65:35:79:3f:5f:58:2c:c9:
                    e3:c0:4d:16:9c:64:23:90:d4:d0:2a:39:7e:bb:e3:
                    2e:fa:e2:57:b2:ee:62:93:c7:4b:db:b2:8d:9c:3e:
                    5d:70:e7:fc:46:9e:30:f1:5f:b7:08:d4:aa:05:c0:
                    9c:32:78:56:0a:af:f8:45:7f:62:29:4b:f5:87:0b:
                    2a:fb:2d:27:f3:4c:3a:e7:31:85:2e:3a:21:48:51:
                    de:6d:fb:51:10:d8:de:6e:6d:42:5f:13:3e:c8:b4:
                    92:63:23:91:f3:05:b0:28:f6:1b:2c:e5:52:38:48:
                    28:16:26:83:89:d8:5f:dc:be:ad:f5:37:aa:c0:24:
                    8b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:F1:E9:EE:07:86:8C:E7:BA:E1:78:AF:17:6A:1C:5D:A1:F6:09:E0
            X509v3 Authority Key Identifier:
                keyid:F2:E2:81:0F:49:B3:6F:DD:64:1C:32:6B:D1:DE:4E:42:D1:28:B0:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/lPHp7geGjOe64XivF2ocXaH2CeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.145.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:f3:90:af:d7:6c:15:6b:34:95:c5:57:a0:3b:a2:4d:95:6a:
         da:b5:e6:0d:0f:79:d6:01:c3:2d:11:82:24:ae:32:c9:94:a3:
         df:09:dc:a9:87:bf:27:d5:d4:bd:ed:f5:f5:b3:f2:b3:d9:ac:
         de:28:66:d2:10:19:e1:88:0e:bb:b0:d5:af:2b:0f:32:43:f9:
         f6:8b:6c:f6:aa:ef:7e:8e:dc:d1:f4:a8:2d:c5:e4:56:68:8c:
         ea:36:87:16:18:9d:54:46:aa:c7:8b:0d:f9:c4:dc:d3:6f:c0:
         5c:9a:58:67:55:62:27:4e:61:66:4c:50:e4:9e:41:65:62:ef:
         c6:f9:f3:15:d1:fd:6a:29:65:9e:12:1d:5a:b6:ab:3c:7e:3e:
         49:c0:ad:e2:d8:49:96:cb:f8:df:a1:15:ec:ba:56:b9:4c:6d:
         57:32:5f:85:fc:d1:fe:32:8d:7f:4d:d7:06:09:71:fc:c2:ed:
         b2:ea:cb:1a:51:11:a9:b8:64:76:6e:d2:f0:aa:0a:bc:79:a7:
         41:10:61:bb:43:c4:e3:41:0d:ae:e9:29:17:98:d7:4b:56:77:
         6c:9d:ad:23:52:a3:30:87:fe:92:99:88:f5:24:9a:07:97:3e:
         69:ed:bc:b5:de:77:9b:ec:43:e2:36:bb:17:8b:f1:f7:1d:02:
         dd:7a:00:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKbmRLvih0DmOiXXk6BQgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZTI4MTBmNDliMzZmZGQ2NDFjMzI2YmQxZGU0ZTQyZDEy
OGIwNDYwHhcNMjQwMTAyMTIzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGYxZTllZTA3ODY4Y2U3YmFlMTc4YWYxNzZhMWM1ZGExZjYwOWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhud++GF9042ICxek115zKwGnp7sk
QCi0pBHpyA85qhw0dHAh0sSHJbLmzxfdjsHYC4fWk7FYkYZV3gq0Jjn54Guqptkv
jE836WHgz9gEmnTw7oUakhUGo/pDh2A9ixIFNYNCsHHHIqSmjKp0u74Bupp7eQPL
Up6woaM6ZV9/ZTV5P19YLMnjwE0WnGQjkNTQKjl+u+Mu+uJXsu5ik8dL27KNnD5d
cOf8Rp4w8V+3CNSqBcCcMnhWCq/4RX9iKUv1hwsq+y0n80w65zGFLjohSFHebftR
ENjebm1CXxM+yLSSYyOR8wWwKPYbLOVSOEgoFiaDidhf3L6t9TeqwCSLLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJTx6e4HhoznuuF4rxdqHF2h9gngMB8GA1UdIwQY
MBaAFPLigQ9Js2/dZBwya9HeTkLRKLBGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHVLQkQwbXpiOTFrSERKcjBkNU9RdEVvc0VZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi83OWU5MDUtZmIwZC00YjhiLTkzOTAt
NTBkMmI3MGJjZjMxLzEvbFBIcDdnZUdqT2U2NFhpdkYyb2NYYUgyQ2VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi83OWU5MDUtZmIwZC00YjhiLTkzOTAtNTBkMmI3MGJjZjMx
LzEvOHVLQkQwbXpiOTFrSERKcjBkNU9RdEVvc0VZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU5F/MA0G
CSqGSIb3DQEBCwUAA4IBAQA+85Cv12wVazSVxVegO6JNlWrateYND3nWAcMtEYIk
rjLJlKPfCdyph78n1dS97fX1s/Kz2azeKGbSEBnhiA67sNWvKw8yQ/n2i2z2qu9+
jtzR9KgtxeRWaIzqNocWGJ1URqrHiw35xNzTb8BcmlhnVWInTmFmTFDknkFlYu/G
+fMV0f1qKWWeEh1atqs8fj5JwK3i2EmWy/jfoRXsula5TG1XMl+F/NH+Mo1/TdcG
CXH8wu2y6ssaURGpuGR2btLwqgq8eadBEGG7Q8TjQQ2u6SkXmNdLVndsna0jUqMw
h/6SmYj1JJoHlz5p7by13neb7EPiNrsXi/H3HQLdegCu
-----END CERTIFICATE-----