Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/8dad1a-f2ce-4939-8b0f-2fc16d2c0016/1/fVQfFyiWl3jMN7CfZeZTd19Nfqo.roa
File:                     fVQfFyiWl3jMN7CfZeZTd19Nfqo.roa (raw, json)
Hash identifier:          QTwyeff7EIHQH1mrpSEI6XtcZgxkmonoEnwlTSXGEF0=
Subject key identifier:   7D:54:1F:17:28:96:97:78:CC:37:B0:9F:65:E6:53:77:5F:4D:7E:AA
Certificate issuer:       /CN=a3afe48bfdad69e35c83d3130d35897ccfc5efcf
Certificate serial:       018CC86F3A6A9CFF96A0D1638E34A924B1CD
Authority key identifier: A3:AF:E4:8B:FD:AD:69:E3:5C:83:D3:13:0D:35:89:7C:CF:C5:EF:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o6_ki_2taeNcg9MTDTWJfM_F788.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/8dad1a-f2ce-4939-8b0f-2fc16d2c0016/1/fVQfFyiWl3jMN7CfZeZTd19Nfqo.roa
Signing time:             Tue 02 Jan 2024 04:29:41 +0000
ROA not before:           Tue 02 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51088
IP address blocks:        185.63.244.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/8dad1a-f2ce-4939-8b0f-2fc16d2c0016/1/o6_ki_2taeNcg9MTDTWJfM_F788.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/8dad1a-f2ce-4939-8b0f-2fc16d2c0016/1/o6_ki_2taeNcg9MTDTWJfM_F788.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o6_ki_2taeNcg9MTDTWJfM_F788.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:3a:6a:9c:ff:96:a0:d1:63:8e:34:a9:24:b1:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3afe48bfdad69e35c83d3130d35897ccfc5efcf
        Validity
            Not Before: Jan  2 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d541f1728969778cc37b09f65e653775f4d7eaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:41:df:e3:dd:9f:43:41:52:91:f1:f1:ad:9a:
                    9a:cd:e5:b4:65:ad:88:8e:4c:ba:14:36:1d:65:59:
                    6e:f1:ec:aa:ae:78:4d:7b:93:b3:fd:7c:16:2d:d2:
                    ab:ed:8b:8f:1f:ac:3d:ab:24:96:ef:e4:dd:53:00:
                    8b:f2:eb:bc:9a:f8:63:42:62:32:80:8c:dd:a0:25:
                    e1:50:ab:9d:7c:5a:ed:3f:0c:13:ba:39:b2:b8:37:
                    1e:2b:5a:a2:ad:2c:3d:b4:fd:af:47:ee:f7:89:d0:
                    d5:ff:2f:0a:eb:85:45:34:67:fd:54:f6:cc:ec:62:
                    38:98:28:7a:24:47:a0:a7:5f:ff:c5:0a:3b:95:7e:
                    f3:51:b9:0f:10:a6:a4:8d:4e:27:45:f8:02:cf:16:
                    5e:5a:1b:1f:09:81:e7:74:b4:62:fb:51:3d:f7:07:
                    6a:05:c3:a8:58:dd:5f:af:04:09:51:f9:19:79:5e:
                    e2:77:7e:7b:77:eb:d6:a2:88:8f:f2:6c:e6:fe:fa:
                    c0:21:30:bf:c1:0c:8b:2d:84:ee:9f:ee:39:c2:36:
                    d4:cb:55:c2:43:87:65:c0:43:63:79:5b:d4:41:ad:
                    a8:ec:eb:a0:3f:a1:76:98:45:d9:eb:86:7e:cb:4f:
                    42:f3:a7:6d:84:b4:21:7f:9c:26:53:f2:53:72:12:
                    f4:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:54:1F:17:28:96:97:78:CC:37:B0:9F:65:E6:53:77:5F:4D:7E:AA
            X509v3 Authority Key Identifier:
                keyid:A3:AF:E4:8B:FD:AD:69:E3:5C:83:D3:13:0D:35:89:7C:CF:C5:EF:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o6_ki_2taeNcg9MTDTWJfM_F788.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8dad1a-f2ce-4939-8b0f-2fc16d2c0016/1/fVQfFyiWl3jMN7CfZeZTd19Nfqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8dad1a-f2ce-4939-8b0f-2fc16d2c0016/1/o6_ki_2taeNcg9MTDTWJfM_F788.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:05:d2:c8:ab:f3:60:d3:39:53:fa:c9:e6:d7:96:c9:77:cf:
         50:64:a7:fb:5a:bc:4e:27:4f:48:0e:6b:c3:6b:db:a7:53:db:
         5f:9b:43:15:ab:33:5e:77:71:c7:58:11:6b:d1:f8:5a:c7:74:
         72:32:a0:60:5b:9e:60:ab:98:bd:29:d6:30:8d:c1:2b:22:4d:
         cb:15:c4:af:ce:5b:7f:41:61:86:99:14:90:95:2f:a3:6f:bc:
         8b:bb:b7:61:75:76:c3:d2:e5:3b:b1:b7:17:ad:7b:0a:7a:5c:
         c4:28:9f:c6:79:be:8a:5e:a5:cf:de:8d:eb:ea:48:e2:5e:3c:
         9e:38:a7:31:02:06:11:45:c8:b9:09:09:1e:0f:cf:4a:71:09:
         ba:a8:d8:90:75:c8:df:ac:8d:d8:8f:1d:24:8b:e7:3b:a8:a7:
         b9:5c:cc:56:9e:64:f2:05:6f:5f:13:ba:71:1b:d8:9b:c7:ad:
         c7:6a:c6:9b:01:69:bd:01:39:47:e6:50:dd:34:ea:c2:d0:78:
         09:45:6a:cb:ce:42:a2:74:80:a3:b2:2e:78:d0:44:13:96:b9:
         33:70:9d:e7:ff:1f:1c:82:68:c2:f6:34:91:32:2d:dc:56:47:
         65:77:87:ff:7f:dc:f0:13:ec:dc:06:a0:ca:bf:bb:0f:40:6a:
         3b:66:30:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbzpqnP+WoNFjjjSpJLHNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzYWZlNDhiZmRhZDY5ZTM1YzgzZDMxMzBkMzU4OTdjY2Zj
NWVmY2YwHhcNMjQwMTAyMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDU0MWYxNzI4OTY5Nzc4Y2MzN2IwOWY2NWU2NTM3NzVmNGQ3ZWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0Hf492fQ0FSkfHxrZqazeW0Za2I
jky6FDYdZVlu8eyqrnhNe5Oz/XwWLdKr7YuPH6w9qySW7+TdUwCL8uu8mvhjQmIy
gIzdoCXhUKudfFrtPwwTujmyuDceK1qirSw9tP2vR+73idDV/y8K64VFNGf9VPbM
7GI4mCh6JEegp1//xQo7lX7zUbkPEKakjU4nRfgCzxZeWhsfCYHndLRi+1E99wdq
BcOoWN1frwQJUfkZeV7id357d+vWooiP8mzm/vrAITC/wQyLLYTun+45wjbUy1XC
Q4dlwENjeVvUQa2o7OugP6F2mEXZ64Z+y09C86dthLQhf5wmU/JTchL0mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH1UHxcolpd4zDewn2XmU3dfTX6qMB8GA1UdIwQY
MBaAFKOv5Iv9rWnjXIPTEw01iXzPxe/PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzZfa2lfMnRhZU5jZzlNVERUV0pmTV9GNzg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni84ZGFkMWEtZjJjZS00OTM5LThiMGYt
MmZjMTZkMmMwMDE2LzEvZlZRZkZ5aVdsM2pNTjdDZlplWlRkMTlOZnFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni84ZGFkMWEtZjJjZS00OTM5LThiMGYtMmZjMTZkMmMwMDE2
LzEvbzZfa2lfMnRhZU5jZzlNVERUV0pmTV9GNzg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuT/0MA0G
CSqGSIb3DQEBCwUAA4IBAQAQBdLIq/Ng0zlT+snm15bJd89QZKf7WrxOJ09IDmvD
a9unU9tfm0MVqzNed3HHWBFr0fhax3RyMqBgW55gq5i9KdYwjcErIk3LFcSvzlt/
QWGGmRSQlS+jb7yLu7dhdXbD0uU7sbcXrXsKelzEKJ/Geb6KXqXP3o3r6kjiXjye
OKcxAgYRRci5CQkeD89KcQm6qNiQdcjfrI3Yjx0ki+c7qKe5XMxWnmTyBW9fE7px
G9ibx63HasabAWm9ATlH5lDdNOrC0HgJRWrLzkKidICjsi540EQTlrkzcJ3n/x8c
gmjC9jSRMi3cVkdld4f/f9zwE+zcBqDKv7sPQGo7ZjAA
-----END CERTIFICATE-----