Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/iwfWWtgox8qcV4q-oY9df9ePkJk.roa
File:                     iwfWWtgox8qcV4q-oY9df9ePkJk.roa (raw, json)
Hash identifier:          wvZUb4xHBU3yTd72sjISxWXalHKpPByN4rolNUsyfnU=
Subject key identifier:   8B:07:D6:5A:D8:28:C7:CA:9C:57:8A:BE:A1:8F:5D:7F:D7:8F:90:99
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       019427B67F797B09A5A21C8C6ABE4F0C89A3
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/iwfWWtgox8qcV4q-oY9df9ePkJk.roa
Signing time:             Thu 02 Jan 2025 15:50:59 +0000
ROA not before:           Thu 02 Jan 2025 15:50:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197171
IP address blocks:        195.246.124.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:7f:79:7b:09:a5:a2:1c:8c:6a:be:4f:0c:89:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  2 15:50:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b07d65ad828c7ca9c578abea18f5d7fd78f9099
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:50:08:90:48:37:30:5a:81:95:10:20:d6:31:
                    49:50:d7:82:eb:30:01:c4:83:08:5b:d0:b4:f0:43:
                    91:76:09:70:6a:11:ec:1d:40:35:9a:e7:1d:06:9a:
                    58:0a:d9:db:da:82:c4:2f:85:b8:65:e7:95:e4:55:
                    45:08:08:7c:6b:12:93:ff:70:71:02:44:1c:76:40:
                    5e:f0:5e:c4:e7:5a:f9:84:6c:b3:a2:b4:97:c7:05:
                    6e:d7:fd:f8:80:60:16:00:1f:b0:9d:c2:a5:74:49:
                    79:51:07:56:99:62:70:73:37:68:5f:95:78:c1:29:
                    ed:21:bf:b9:40:69:c2:04:b3:82:de:38:ca:6f:33:
                    b1:c0:57:3f:86:c8:96:54:03:aa:f6:21:d9:0b:f1:
                    37:55:37:9c:bf:d4:98:8b:b0:d5:42:9f:d2:be:75:
                    09:a8:6e:f5:4f:48:77:76:ad:aa:3f:b1:79:7b:08:
                    6e:d3:bf:44:b0:f5:99:0c:4d:b1:69:71:37:b9:a0:
                    a7:08:f6:98:7b:c6:d6:f2:9a:9b:29:85:3c:06:8f:
                    7f:5a:ae:44:ad:28:b0:cb:9a:34:91:bc:8d:2c:81:
                    18:87:2d:bd:d5:00:e8:d5:fd:d5:68:72:1d:e4:f3:
                    01:e1:3c:e6:27:d6:f6:a9:8e:41:37:70:58:a9:4e:
                    a4:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:07:D6:5A:D8:28:C7:CA:9C:57:8A:BE:A1:8F:5D:7F:D7:8F:90:99
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/iwfWWtgox8qcV4q-oY9df9ePkJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.246.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:5f:09:9e:27:3e:3b:3f:ca:13:90:42:96:a9:dd:8d:c0:83:
         f6:be:7b:71:9a:83:4c:12:0a:2d:ef:fa:a2:69:dd:60:99:89:
         fa:a1:e6:98:5f:d6:82:5a:6b:a5:c0:9b:f4:d7:34:a7:d2:69:
         ce:0f:7a:41:bf:1d:29:ec:c1:3c:a7:17:5f:05:85:44:11:5e:
         31:77:34:02:bc:25:46:f5:97:1d:f0:98:fc:9c:72:a9:6b:a9:
         1e:3c:73:14:af:e2:ca:4a:f2:f1:fa:e2:b3:96:f6:42:04:6b:
         eb:ba:d9:e0:89:6a:50:4a:bd:90:66:43:8b:63:f9:0c:80:bb:
         c0:62:3f:ba:3b:76:f0:b8:6b:6c:0a:c1:d7:fe:46:30:a5:79:
         88:c5:29:fd:ec:d7:e8:41:dd:dc:81:7a:ed:34:85:c6:ee:56:
         ee:27:4f:72:eb:6f:de:2c:3d:98:3e:86:c4:30:71:74:e3:5b:
         be:e1:11:0a:4b:76:b8:23:12:48:f8:46:8a:92:e7:b8:dc:41:
         71:27:53:5f:af:37:e8:02:fc:af:7d:bd:ea:2a:54:76:31:57:
         1b:92:a8:16:d3:64:cb:28:8c:d9:68:5b:b3:c2:31:40:d7:dc:
         fd:18:5b:f2:43:d1:e9:54:9c:15:20:58:a3:fd:51:19:f3:8f:
         d3:1e:0a:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntn95ewmlohyMar5PDImjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjUwMTAyMTU1MDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjA3ZDY1YWQ4MjhjN2NhOWM1NzhhYmVhMThmNWQ3ZmQ3OGY5MDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlAIkEg3MFqBlRAg1jFJUNeC6zAB
xIMIW9C08EORdglwahHsHUA1mucdBppYCtnb2oLEL4W4ZeeV5FVFCAh8axKT/3Bx
AkQcdkBe8F7E51r5hGyzorSXxwVu1/34gGAWAB+wncKldEl5UQdWmWJwczdoX5V4
wSntIb+5QGnCBLOC3jjKbzOxwFc/hsiWVAOq9iHZC/E3VTecv9SYi7DVQp/SvnUJ
qG71T0h3dq2qP7F5ewhu079EsPWZDE2xaXE3uaCnCPaYe8bW8pqbKYU8Bo9/Wq5E
rSiwy5o0kbyNLIEYhy291QDo1f3VaHId5PMB4TzmJ9b2qY5BN3BYqU6k1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIsH1lrYKMfKnFeKvqGPXX/Xj5CZMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvaXdmV1d0Z294OHFjVjRxLW9ZOWRmOWVQa0prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/Z8MA0G
CSqGSIb3DQEBCwUAA4IBAQBVXwmeJz47P8oTkEKWqd2NwIP2vntxmoNMEgot7/qi
ad1gmYn6oeaYX9aCWmulwJv01zSn0mnOD3pBvx0p7ME8pxdfBYVEEV4xdzQCvCVG
9Zcd8Jj8nHKpa6kePHMUr+LKSvLx+uKzlvZCBGvrutngiWpQSr2QZkOLY/kMgLvA
Yj+6O3bwuGtsCsHX/kYwpXmIxSn97NfoQd3cgXrtNIXG7lbuJ09y62/eLD2YPobE
MHF041u+4REKS3a4IxJI+EaKkue43EFxJ1NfrzfoAvyvfb3qKlR2MVcbkqgW02TL
KIzZaFuzwjFA19z9GFvyQ9HpVJwVIFij/VEZ84/THgoN
-----END CERTIFICATE-----