Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/bF_AztaW8uBxIScLJr4ynDQT-VE.roa
File:                     bF_AztaW8uBxIScLJr4ynDQT-VE.roa (raw, json)
Hash identifier:          VUI15Pc9TEmSppS1E2A5QgubXBtBsWbSEbPDZpgnwsQ=
Subject key identifier:   6C:5F:C0:CE:D6:96:F2:E0:71:21:27:0B:26:BE:32:9C:34:13:F9:51
Certificate issuer:       /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial:       018DFA9A8A513DA367E84BA19B565E2AC966
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/bF_AztaW8uBxIScLJr4ynDQT-VE.roa
Signing time:             Fri 01 Mar 2024 15:20:48 +0000
ROA not before:           Fri 01 Mar 2024 15:20:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213183
IP address blocks:        194.42.98.0/23 maxlen: 23
                          194.147.93.0/24 maxlen: 24
                          194.147.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:fa:9a:8a:51:3d:a3:67:e8:4b:a1:9b:56:5e:2a:c9:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
        Validity
            Not Before: Mar  1 15:20:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c5fc0ced696f2e07121270b26be329c3413f951
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:d1:32:8a:f5:4a:be:19:31:07:5c:1a:b7:db:
                    38:3d:02:f5:22:6b:a6:dd:e6:4a:80:67:20:e4:88:
                    d3:8b:08:59:9a:6a:b7:e4:a2:1d:fb:72:74:8e:e3:
                    43:5d:5b:58:12:ee:73:7a:8d:d4:b4:f5:dd:17:d9:
                    47:5b:f3:cb:43:9d:78:cb:0b:b5:ac:80:48:0c:1a:
                    ff:4a:bb:bd:4c:ff:37:50:91:87:84:99:ed:6a:09:
                    cc:90:41:4f:45:c8:57:88:e9:aa:86:92:81:aa:d5:
                    a3:32:04:cc:a1:5e:fd:c0:58:87:d9:4b:88:40:24:
                    8b:41:2f:ba:e4:c3:4e:2e:a7:33:b8:81:f3:e1:f4:
                    09:4a:5e:f0:85:43:7f:7c:2c:00:f4:ce:ab:43:41:
                    76:f4:6a:5c:9c:29:be:8c:ce:49:bb:8d:f1:03:e2:
                    31:b9:86:7d:76:43:c2:72:f8:25:ee:ee:e5:89:e7:
                    ce:ca:c1:0a:70:23:9d:01:f1:31:0e:2d:73:14:33:
                    ea:46:06:e9:9e:a1:67:1a:d2:50:70:6e:d3:00:cd:
                    55:41:a2:cd:52:d0:f8:c8:48:82:96:4d:21:c2:e2:
                    08:9c:9b:38:42:d3:29:5c:d0:3a:76:08:2a:b8:2f:
                    4e:b4:ff:c8:cf:96:fb:cb:bb:d2:e1:a2:ed:d9:cf:
                    d7:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:5F:C0:CE:D6:96:F2:E0:71:21:27:0B:26:BE:32:9C:34:13:F9:51
            X509v3 Authority Key Identifier:
                keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/bF_AztaW8uBxIScLJr4ynDQT-VE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.42.98.0/23
                  194.147.93.0-194.147.94.255

    Signature Algorithm: sha256WithRSAEncryption
         88:a9:9e:f9:be:a6:c8:3a:e2:f9:a8:be:2e:d5:2a:cd:7d:32:
         f8:67:b7:8e:5f:bc:93:70:40:66:24:65:a8:ac:79:12:97:f2:
         e1:ac:30:a4:b0:23:53:8c:38:b0:53:38:bc:66:82:9a:f7:49:
         c3:e6:8e:21:21:a4:5e:db:1b:33:11:78:9d:07:9c:c2:bb:bb:
         0a:fe:71:af:d4:22:92:9b:8b:67:34:66:eb:ab:c0:7d:61:b9:
         40:2c:12:e7:46:b8:7f:90:30:ac:16:39:09:2b:11:f1:92:1d:
         93:1f:b0:70:e7:ca:bc:2e:5e:72:c1:fc:af:ef:36:98:31:05:
         1c:d0:a4:50:a2:48:0a:ac:2a:04:b5:20:1a:64:df:5a:ea:4a:
         a2:82:d0:5c:35:7a:f8:b7:20:45:36:1f:69:cd:35:87:45:98:
         12:dd:21:dd:aa:24:97:94:3c:29:a1:86:5c:a0:d9:38:d0:22:
         03:47:c9:96:77:f5:b2:05:e4:51:3c:b8:c3:9b:60:30:c3:df:
         32:3b:b3:22:32:a0:16:6e:b3:63:9c:9a:a0:63:d8:25:5c:6e:
         4e:55:b4:9e:0e:ef:f5:93:89:24:0c:25:f9:4e:ec:f6:86:d6:
         95:3d:42:1c:48:dc:20:69:81:e2:08:40:cf:96:03:be:3d:d0:
         f8:4f:08:3f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY36mopRPaNn6Euhm1ZeKslmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjQwMzAxMTUyMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzVmYzBjZWQ2OTZmMmUwNzEyMTI3MGIyNmJlMzI5YzM0MTNmOTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3tEyivVKvhkxB1wat9s4PQL1Imum
3eZKgGcg5IjTiwhZmmq35KId+3J0juNDXVtYEu5zeo3UtPXdF9lHW/PLQ514ywu1
rIBIDBr/Sru9TP83UJGHhJntagnMkEFPRchXiOmqhpKBqtWjMgTMoV79wFiH2UuI
QCSLQS+65MNOLqczuIHz4fQJSl7whUN/fCwA9M6rQ0F29GpcnCm+jM5Ju43xA+Ix
uYZ9dkPCcvgl7u7liefOysEKcCOdAfExDi1zFDPqRgbpnqFnGtJQcG7TAM1VQaLN
UtD4yEiClk0hwuIInJs4QtMpXNA6dggquC9OtP/Iz5b7y7vS4aLt2c/XZwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGxfwM7WlvLgcSEnCya+Mpw0E/lRMB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvYkZfQXp0YVc4dUJ4SVNjTEpyNHluRFFULVZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBwipiMAwD
BADCk10DBADCk14wDQYJKoZIhvcNAQELBQADggEBAIipnvm+psg64vmovi7VKs19
Mvhnt45fvJNwQGYkZaiseRKX8uGsMKSwI1OMOLBTOLxmgpr3ScPmjiEhpF7bGzMR
eJ0HnMK7uwr+ca/UIpKbi2c0ZuurwH1huUAsEudGuH+QMKwWOQkrEfGSHZMfsHDn
yrwuXnLB/K/vNpgxBRzQpFCiSAqsKgS1IBpk31rqSqKC0Fw1evi3IEU2H2nNNYdF
mBLdId2qJJeUPCmhhlyg2TjQIgNHyZZ39bIF5FE8uMObYDDD3zI7syIyoBZus2Oc
mqBj2CVcbk5VtJ4O7/WTiSQMJflO7PaG1pU9QhxI3CBpgeIIQM+WA7490PhPCD8=
-----END CERTIFICATE-----