Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/1bHoiqUesopG4S-BYFPLOQW2pCE.roa
File:                     1bHoiqUesopG4S-BYFPLOQW2pCE.roa (raw, json)
Hash identifier:          KjjqxXMXEJKUts7OPlp5wPXxUt3pNCvDjHVcbx644LM=
Subject key identifier:   D5:B1:E8:8A:A5:1E:B2:8A:46:E1:2F:81:60:53:CB:39:05:B6:A4:21
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       019155FA1B521484C3F3BE214562C9470FF9
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/1bHoiqUesopG4S-BYFPLOQW2pCE.roa
Signing time:             Thu 15 Aug 2024 12:18:59 +0000
ROA not before:           Thu 15 Aug 2024 12:18:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214767
IP address blocks:        194.140.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:55:fa:1b:52:14:84:c3:f3:be:21:45:62:c9:47:0f:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Aug 15 12:18:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5b1e88aa51eb28a46e12f816053cb3905b6a421
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a9:35:20:aa:e5:bc:b4:1a:0f:43:19:ec:17:
                    af:af:be:37:9b:2e:70:b5:b7:bf:fe:09:12:d3:d9:
                    64:7d:6c:76:ef:66:22:97:1c:a0:d3:c4:ad:dc:55:
                    6f:e8:ed:ff:1b:0e:52:78:f8:e8:a5:d9:c7:99:3f:
                    79:b6:83:ba:02:0f:a0:b9:46:e1:9c:60:28:ed:82:
                    3c:63:c6:f8:9d:36:c0:3e:00:f4:1b:a1:b3:10:e4:
                    fc:ea:32:00:14:6e:b1:d6:af:ac:10:48:11:80:95:
                    f5:54:02:10:04:46:2e:01:b0:87:1b:b7:d4:26:11:
                    ba:5b:0d:19:d7:8d:d7:1c:ca:f6:5d:eb:77:f3:61:
                    8e:e4:1b:39:e4:69:f8:a3:1f:37:fb:b8:a3:0f:a0:
                    26:de:b2:33:77:8d:3f:be:f3:bd:ac:62:b7:c5:92:
                    a3:a4:e1:e7:d4:df:72:36:73:9b:53:09:5f:bb:e4:
                    66:d9:51:18:bc:7a:5b:1c:e6:71:af:96:b2:c3:8a:
                    88:de:7e:dd:ef:47:c8:fd:df:77:5a:cd:81:a5:fe:
                    0f:81:59:7c:7e:56:c9:e8:ab:7c:ac:a7:c5:ee:b3:
                    40:bd:73:ec:2f:e4:30:2b:7b:c5:75:ad:99:74:2b:
                    25:74:7c:84:a7:02:47:71:1c:bd:83:7b:2d:f7:e1:
                    38:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:B1:E8:8A:A5:1E:B2:8A:46:E1:2F:81:60:53:CB:39:05:B6:A4:21
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/1bHoiqUesopG4S-BYFPLOQW2pCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.140.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:6e:f7:8d:d8:ff:ae:df:0d:7e:58:89:51:a5:a4:dd:57:0c:
         4e:e7:c8:63:9f:2f:c9:0c:5e:d8:c9:5e:ac:99:6b:93:94:6a:
         9a:ce:72:5e:8c:ac:dd:08:cb:25:60:2c:a5:8a:1d:59:76:cb:
         a6:19:72:96:6c:8b:3c:49:08:1b:58:12:f0:25:4e:b6:a1:71:
         fc:d9:d3:79:fc:7f:9a:58:14:4d:20:36:4f:c6:8c:7f:62:b5:
         84:c6:2b:44:9c:67:24:39:af:19:d9:dc:ad:00:fb:84:aa:ec:
         9c:69:22:91:b9:80:64:00:2e:db:22:30:9a:ea:ac:0d:2a:99:
         c1:78:fa:fc:f8:d3:13:ec:70:e8:99:90:ba:5a:0f:fc:ae:c3:
         99:f5:88:bc:5a:77:a1:c1:f9:8b:05:ca:8f:c7:7e:98:52:d4:
         91:a2:53:3d:7b:37:ea:24:0a:34:5e:7a:12:94:10:84:a6:78:
         7b:6e:62:4f:27:ec:5c:9c:c3:b2:6b:b7:82:36:69:fc:74:50:
         2b:b5:2a:dc:b3:5f:55:8c:4e:da:5e:75:73:9a:8c:e8:a8:cc:
         d6:69:fe:f4:bd:e8:aa:9a:08:6a:6c:64:89:db:c9:ec:cf:0f:
         4a:c1:74:ff:40:f6:88:c7:3b:90:f2:39:36:f0:bb:0c:ff:77:
         d9:ef:21:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFV+htSFITD874hRWLJRw/5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjQwODE1MTIxODU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWIxZTg4YWE1MWViMjhhNDZlMTJmODE2MDUzY2IzOTA1YjZhNDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqk1IKrlvLQaD0MZ7Bevr743my5w
tbe//gkS09lkfWx272Yilxyg08St3FVv6O3/Gw5SePjopdnHmT95toO6Ag+guUbh
nGAo7YI8Y8b4nTbAPgD0G6GzEOT86jIAFG6x1q+sEEgRgJX1VAIQBEYuAbCHG7fU
JhG6Ww0Z143XHMr2Xet382GO5Bs55Gn4ox83+7ijD6Am3rIzd40/vvO9rGK3xZKj
pOHn1N9yNnObUwlfu+Rm2VEYvHpbHOZxr5ayw4qI3n7d70fI/d93Ws2Bpf4PgVl8
flbJ6Kt8rKfF7rNAvXPsL+QwK3vFda2ZdCsldHyEpwJHcRy9g3st9+E4vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWx6IqlHrKKRuEvgWBTyzkFtqQhMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvMWJIb2lxVWVzb3BHNFMtQllGUExPUVcycENFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwozkMA0G
CSqGSIb3DQEBCwUAA4IBAQCAbveN2P+u3w1+WIlRpaTdVwxO58hjny/JDF7YyV6s
mWuTlGqaznJejKzdCMslYCylih1ZdsumGXKWbIs8SQgbWBLwJU62oXH82dN5/H+a
WBRNIDZPxox/YrWExitEnGckOa8Z2dytAPuEquycaSKRuYBkAC7bIjCa6qwNKpnB
ePr8+NMT7HDomZC6Wg/8rsOZ9Yi8WnehwfmLBcqPx36YUtSRolM9ezfqJAo0XnoS
lBCEpnh7bmJPJ+xcnMOya7eCNmn8dFArtSrcs19VjE7aXnVzmozoqMzWaf70veiq
mghqbGSJ28nszw9KwXT/QPaIxzuQ8jk28LsM/3fZ7yER
-----END CERTIFICATE-----