Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/1-QNb7L1HRbo3wxPihiDu-SruilI.roa
File:                     1-QNb7L1HRbo3wxPihiDu-SruilI.roa (raw, json)
Hash identifier:          jTcZo5s/xdIu+5ZHLxjeVcxpA4Flno/wVc8CcVO6fBg=
Subject key identifier:   F9:03:5B:EC:BD:47:45:BA:37:C3:13:E2:86:20:EE:F9:2A:EE:8A:52
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       019006B8858CE182859EE6831BA169401ED1
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/1-QNb7L1HRbo3wxPihiDu-SruilI.roa
Signing time:             Tue 11 Jun 2024 09:54:34 +0000
ROA not before:           Tue 11 Jun 2024 09:54:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35533
IP address blocks:        193.138.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:06:b8:85:8c:e1:82:85:9e:e6:83:1b:a1:69:40:1e:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jun 11 09:54:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9035becbd4745ba37c313e28620eef92aee8a52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d0:60:59:2c:ee:c8:29:00:46:fa:2d:7c:83:
                    38:9b:70:08:f6:02:b6:b5:df:7d:3f:9e:4e:8f:c9:
                    9c:1e:be:63:52:60:9a:23:0a:f0:90:f9:96:d0:ac:
                    42:8e:7c:83:d3:ad:86:21:bf:4c:8e:e2:6c:96:ab:
                    f3:25:b5:60:cf:34:e0:67:da:2f:dc:42:5a:76:70:
                    2c:cc:83:14:a6:53:43:e0:1c:e2:a9:75:ae:7e:b4:
                    8b:c8:bc:a1:1b:4e:41:7a:46:1d:94:c4:82:c9:dc:
                    94:b8:a8:a7:20:06:fa:0d:3a:ad:29:60:fe:e0:f9:
                    9a:09:4c:6c:72:8f:c0:d4:9a:f4:a1:ae:ad:25:83:
                    70:6d:39:0e:99:64:44:e2:47:4f:53:f5:54:c5:f4:
                    72:6a:82:1c:0f:b1:1b:5f:5c:3d:ab:f2:93:af:53:
                    f7:43:10:83:b9:a2:e5:56:6f:eb:17:a1:7f:ca:c7:
                    a4:9c:49:97:c9:a1:e4:60:0a:bc:d0:49:6f:a1:31:
                    47:84:54:7b:cb:ac:3a:85:cc:37:d9:52:cf:85:f9:
                    2b:48:1b:e0:51:69:f7:c7:07:5f:71:fe:13:dc:aa:
                    b8:b4:c4:d4:12:1b:12:9a:0a:7d:4e:11:81:1c:57:
                    a3:89:3c:3a:4e:cb:b1:1c:5b:39:00:f2:90:17:14:
                    5d:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:03:5B:EC:BD:47:45:BA:37:C3:13:E2:86:20:EE:F9:2A:EE:8A:52
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/1-QNb7L1HRbo3wxPihiDu-SruilI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:33:29:a0:9a:8c:20:3f:5b:23:9f:d6:78:14:64:a7:15:e2:
         55:4b:c9:b6:3d:ee:04:50:ac:c1:dc:af:a7:1a:75:a8:d3:a0:
         59:33:d7:f9:bc:04:56:18:89:93:c4:27:71:71:80:b5:ac:8b:
         d8:38:2e:03:f9:ed:a8:10:fb:e1:56:45:c4:c0:5d:06:a7:ca:
         44:be:91:c8:b1:b6:98:5b:98:23:1e:e4:7c:88:ad:8c:43:f2:
         b7:ae:a6:c3:cf:d6:38:b5:06:89:eb:9c:9c:28:5a:29:9d:e8:
         90:18:dc:03:22:2f:16:68:25:9e:e3:04:c7:86:5d:2c:5f:d9:
         e8:1c:99:2e:4c:88:bb:bb:19:e9:83:25:9a:2b:46:0f:19:a7:
         cd:1b:c2:de:7b:a7:7f:3f:ce:2f:c5:b9:ab:83:c9:a6:25:bb:
         2c:ef:10:39:b2:2a:95:6c:b8:38:22:66:00:0e:e1:da:80:fa:
         e3:d3:07:ff:2f:f4:72:34:2a:67:fb:3d:9e:3f:f8:50:16:b7:
         11:7a:19:6e:cf:aa:09:27:01:36:33:52:ea:d3:a7:c9:e7:a8:
         f8:ed:3d:fd:61:47:9f:0b:3d:a9:84:50:a1:40:9b:50:3e:20:
         1d:ce:82:50:94:03:9f:a5:48:6f:df:09:8b:b3:f5:c9:f3:f3:
         fa:c7:ec:68
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZAGuIWM4YKFnuaDG6FpQB7RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjQwNjExMDk1NDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTAzNWJlY2JkNDc0NWJhMzdjMzEzZTI4NjIwZWVmOTJhZWU4YTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdBgWSzuyCkARvotfIM4m3AI9gK2
td99P55Oj8mcHr5jUmCaIwrwkPmW0KxCjnyD062GIb9MjuJslqvzJbVgzzTgZ9ov
3EJadnAszIMUplND4BziqXWufrSLyLyhG05BekYdlMSCydyUuKinIAb6DTqtKWD+
4PmaCUxsco/A1Jr0oa6tJYNwbTkOmWRE4kdPU/VUxfRyaoIcD7EbX1w9q/KTr1P3
QxCDuaLlVm/rF6F/yseknEmXyaHkYAq80ElvoTFHhFR7y6w6hcw32VLPhfkrSBvg
UWn3xwdfcf4T3Kq4tMTUEhsSmgp9ThGBHFejiTw6TsuxHFs5APKQFxRdowIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPkDW+y9R0W6N8MT4oYg7vkq7opSMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvMS1RTmI3TDFIUmJvM3d4UGloaUR1LVNydWlsSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmYvZTU3ODlhLTE2MGQtNDg5Ni1hMjVhLThkZjM2MzM3ZTZi
Yy8xL3p4MzJabjJqamxlaVd4bEYta0Rsay1XdC1nQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMGKVDAN
BgkqhkiG9w0BAQsFAAOCAQEAPDMpoJqMID9bI5/WeBRkpxXiVUvJtj3uBFCswdyv
pxp1qNOgWTPX+bwEVhiJk8QncXGAtayL2DguA/ntqBD74VZFxMBdBqfKRL6RyLG2
mFuYIx7kfIitjEPyt66mw8/WOLUGieucnChaKZ3okBjcAyIvFmglnuMEx4ZdLF/Z
6ByZLkyIu7sZ6YMlmitGDxmnzRvC3nunfz/OL8W5q4PJpiW7LO8QObIqlWy4OCJm
AA7h2oD649MH/y/0cjQqZ/s9nj/4UBa3EXoZbs+qCScBNjNS6tOnyeeo+O09/WFH
nws9qYRQoUCbUD4gHc6CUJQDn6VIb98Ji7P1yfPz+sfsaA==
-----END CERTIFICATE-----