Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/389ed2-1b82-45c9-a70a-025a0e6f05ae/1/1-rpUgw0W3sKSFdW3yshaE1HCCc0.roa
File:                     1-rpUgw0W3sKSFdW3yshaE1HCCc0.roa (raw, json)
Hash identifier:          c/Tt5N/pZWiN2mpptC/U9LHYusWW/dCE4lcNMT3U+WE=
Subject key identifier:   FA:BA:54:83:0D:16:DE:C2:92:15:D5:B7:CA:C8:5A:13:51:C2:09:CD
Certificate issuer:       /CN=a1628e39f471addc75e71a391b82dd925c7f081d
Certificate serial:       019420D5D1AE21ED584F9054B28B232EF8B0
Authority key identifier: A1:62:8E:39:F4:71:AD:DC:75:E7:1A:39:1B:82:DD:92:5C:7F:08:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oWKOOfRxrdx15xo5G4Ldklx_CB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/389ed2-1b82-45c9-a70a-025a0e6f05ae/1/1-rpUgw0W3sKSFdW3yshaE1HCCc0.roa
Signing time:             Wed 01 Jan 2025 07:47:51 +0000
ROA not before:           Wed 01 Jan 2025 07:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215372
IP address blocks:        193.239.244.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/389ed2-1b82-45c9-a70a-025a0e6f05ae/1/oWKOOfRxrdx15xo5G4Ldklx_CB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/389ed2-1b82-45c9-a70a-025a0e6f05ae/1/oWKOOfRxrdx15xo5G4Ldklx_CB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oWKOOfRxrdx15xo5G4Ldklx_CB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:d1:ae:21:ed:58:4f:90:54:b2:8b:23:2e:f8:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1628e39f471addc75e71a391b82dd925c7f081d
        Validity
            Not Before: Jan  1 07:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=faba54830d16dec29215d5b7cac85a1351c209cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:c9:63:91:b3:a7:2c:ec:62:6f:23:13:1a:74:
                    19:14:de:d3:33:b8:2c:90:0c:84:24:a0:b4:b0:5b:
                    a2:0c:a8:45:2a:73:4d:37:b1:4c:17:e8:ae:43:d0:
                    0d:bf:7f:87:16:66:f0:01:a2:8e:5e:19:c1:93:79:
                    df:6c:2c:7c:8a:2c:9a:34:c9:b8:7e:62:1d:77:21:
                    74:04:2d:37:57:a4:02:e7:35:2a:40:7e:dd:a5:4d:
                    63:86:e6:bd:7d:c9:99:35:d7:a0:4f:44:38:96:c2:
                    f9:77:f3:57:ed:3b:15:28:f2:7c:29:dc:df:8f:74:
                    fc:63:52:cc:78:d8:60:27:7e:a3:60:7e:ab:c5:47:
                    15:ab:c3:28:0d:10:67:85:12:cb:64:3a:c3:2f:b5:
                    c5:ec:35:fc:c1:fd:85:8b:6d:97:bb:d7:4c:c0:10:
                    64:b3:8b:45:7c:78:16:d6:8c:c2:14:ac:ac:24:56:
                    1b:51:96:ea:45:a6:c4:ff:75:8f:2a:73:2f:20:03:
                    da:2b:d2:bd:c5:25:60:2c:f9:f3:45:7c:98:0f:d1:
                    7d:7d:a9:1c:ef:85:da:cf:45:62:15:3f:a2:c0:ef:
                    21:93:9e:f5:1c:c5:49:95:09:9a:87:dc:63:a3:6b:
                    82:f1:ac:0a:62:d9:da:05:39:3d:95:56:46:74:c1:
                    68:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:BA:54:83:0D:16:DE:C2:92:15:D5:B7:CA:C8:5A:13:51:C2:09:CD
            X509v3 Authority Key Identifier:
                keyid:A1:62:8E:39:F4:71:AD:DC:75:E7:1A:39:1B:82:DD:92:5C:7F:08:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oWKOOfRxrdx15xo5G4Ldklx_CB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/389ed2-1b82-45c9-a70a-025a0e6f05ae/1/1-rpUgw0W3sKSFdW3yshaE1HCCc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/389ed2-1b82-45c9-a70a-025a0e6f05ae/1/oWKOOfRxrdx15xo5G4Ldklx_CB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9d:bb:74:c1:b1:d2:e3:57:74:6b:d0:37:09:4b:aa:0d:72:9b:
         4e:bf:cc:80:56:ce:5e:20:fd:5f:44:ea:6c:b6:9c:ce:12:04:
         77:ef:2d:22:98:0a:37:cb:12:86:de:a0:d6:c0:c2:0d:37:6d:
         88:54:c4:74:1c:53:fb:73:8a:38:42:82:c7:bc:34:fc:cd:1b:
         76:a5:58:00:1e:5b:6e:9b:03:a2:2b:27:42:d2:67:f4:76:f4:
         56:db:cf:db:e0:2d:be:0a:75:65:d3:07:3e:e9:4f:65:ff:e7:
         4b:6e:68:ee:c0:bd:8c:1d:96:13:ea:67:47:51:5a:41:27:0a:
         ce:e9:77:a5:48:0c:f5:dc:f7:9d:9e:b0:d1:da:da:9d:e7:8c:
         69:20:d2:04:b9:7f:b4:2b:5d:42:62:9f:c4:99:1b:99:2a:59:
         8b:b3:27:d1:1f:a2:25:d1:3c:1a:3d:8b:22:e8:66:2b:97:2e:
         67:b1:23:82:0b:4a:6f:19:4e:d0:c7:e3:38:6e:99:26:f8:8a:
         93:55:c6:e4:98:91:c8:55:92:64:96:d2:f5:10:88:f0:e8:65:
         f6:e6:25:03:1f:95:41:0d:72:aa:fa:5f:64:70:71:2a:0e:72:
         98:e7:f8:dd:26:22:dd:4c:0d:a9:85:a6:ae:47:70:ad:11:a6:
         4e:53:45:5d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQg1dGuIe1YT5BUsosjLviwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNjI4ZTM5ZjQ3MWFkZGM3NWU3MWEzOTFiODJkZDkyNWM3
ZjA4MWQwHhcNMjUwMTAxMDc0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWJhNTQ4MzBkMTZkZWMyOTIxNWQ1YjdjYWM4NWExMzUxYzIwOWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA38ljkbOnLOxibyMTGnQZFN7TM7gs
kAyEJKC0sFuiDKhFKnNNN7FMF+iuQ9ANv3+HFmbwAaKOXhnBk3nfbCx8iiyaNMm4
fmIddyF0BC03V6QC5zUqQH7dpU1jhua9fcmZNdegT0Q4lsL5d/NX7TsVKPJ8Kdzf
j3T8Y1LMeNhgJ36jYH6rxUcVq8MoDRBnhRLLZDrDL7XF7DX8wf2Fi22Xu9dMwBBk
s4tFfHgW1ozCFKysJFYbUZbqRabE/3WPKnMvIAPaK9K9xSVgLPnzRXyYD9F9fakc
74Xaz0ViFT+iwO8hk571HMVJlQmah9xjo2uC8awKYtnaBTk9lVZGdMFoGQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPq6VIMNFt7CkhXVt8rIWhNRwgnNMB8GA1UdIwQY
MBaAFKFijjn0ca3cdecaORuC3ZJcfwgdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1dLT09mUnhyZHgxNXhvNUc0TGRrbHhfQ0IwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8zODllZDItMWI4Mi00NWM5LWE3MGEt
MDI1YTBlNmYwNWFlLzEvMS1ycFVndzBXM3NLU0ZkVzN5c2hhRTFIQ0NjMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmQvMzg5ZWQyLTFiODItNDVjOS1hNzBhLTAyNWEwZTZmMDVh
ZS8xL29XS09PZlJ4cmR4MTV4bzVHNExka2x4X0NCMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcHv9DAN
BgkqhkiG9w0BAQsFAAOCAQEAnbt0wbHS41d0a9A3CUuqDXKbTr/MgFbOXiD9X0Tq
bLaczhIEd+8tIpgKN8sSht6g1sDCDTdtiFTEdBxT+3OKOEKCx7w0/M0bdqVYAB5b
bpsDoisnQtJn9Hb0VtvP2+Atvgp1ZdMHPulPZf/nS25o7sC9jB2WE+pnR1FaQScK
zul3pUgM9dz3nZ6w0draneeMaSDSBLl/tCtdQmKfxJkbmSpZi7Mn0R+iJdE8Gj2L
IuhmK5cuZ7EjggtKbxlO0MfjOG6ZJviKk1XG5JiRyFWSZJbS9RCI8Ohl9uYlAx+V
QQ1yqvpfZHBxKg5ymOf43SYi3UwNqYWmrkdwrRGmTlNFXQ==
-----END CERTIFICATE-----