Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/4fSc35-KPb9nY4G6LZ7wkIhUIPA.roa
File:                     4fSc35-KPb9nY4G6LZ7wkIhUIPA.roa (raw, json)
Hash identifier:          CV4Xk41RLllgbN+qXNRWJTG4N2s24LrvBUhMlDiKMNc=
Subject key identifier:   E1:F4:9C:DF:9F:8A:3D:BF:67:63:81:BA:2D:9E:F0:90:88:54:20:F0
Certificate issuer:       /CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
Certificate serial:       01911229F3A21A4CA172598D2F6A864EBDA4
Authority key identifier: F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/4fSc35-KPb9nY4G6LZ7wkIhUIPA.roa
Signing time:             Fri 02 Aug 2024 08:17:04 +0000
ROA not before:           Fri 02 Aug 2024 08:17:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        195.66.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:12:29:f3:a2:1a:4c:a1:72:59:8d:2f:6a:86:4e:bd:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
        Validity
            Not Before: Aug  2 08:17:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1f49cdf9f8a3dbf676381ba2d9ef090885420f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:db:52:69:de:dd:3f:7b:ad:22:c7:56:3c:f1:
                    2c:56:85:77:39:88:99:d1:f3:74:0b:06:0a:35:cc:
                    2e:1b:3c:eb:da:b0:e2:93:02:5f:05:4b:7f:ca:99:
                    1d:e7:3a:41:db:ad:34:fa:e0:ac:5a:f7:9c:1b:9b:
                    2f:6f:9a:6a:c9:e2:8d:e8:dd:06:3a:5a:2f:de:63:
                    63:6a:a6:f7:4d:91:d0:2b:9e:30:86:6d:70:f1:fb:
                    a3:17:5d:2a:c0:d0:b1:6a:c2:9d:9c:38:81:ab:17:
                    6e:ab:db:62:95:e8:65:37:53:1f:68:9e:6c:78:fe:
                    09:eb:c1:ab:db:df:1f:76:e4:46:9a:4a:8f:78:30:
                    bc:3b:bd:64:f3:73:d6:05:60:5b:50:4e:9f:70:8e:
                    e5:57:12:e5:98:96:97:91:bb:9d:01:65:ea:9d:64:
                    a4:ee:c7:89:63:04:3b:14:98:42:44:ef:7c:ec:1f:
                    68:d7:1a:09:13:7b:54:98:39:60:16:c0:ce:ad:37:
                    9c:b0:cc:f1:15:1f:98:bb:e7:d8:a0:50:d0:20:70:
                    56:65:dd:15:6f:6a:3a:b4:db:41:26:15:86:76:ef:
                    82:79:01:b3:91:7c:62:e0:95:a6:ab:13:0f:b0:3d:
                    64:c5:dc:d5:93:16:86:cf:0d:c9:49:0d:e0:78:76:
                    3b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:F4:9C:DF:9F:8A:3D:BF:67:63:81:BA:2D:9E:F0:90:88:54:20:F0
            X509v3 Authority Key Identifier:
                keyid:F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/4fSc35-KPb9nY4G6LZ7wkIhUIPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:16:cc:5c:bd:98:ae:2d:27:c4:ac:dc:43:d2:62:46:ee:a5:
         78:2a:fc:a3:f3:92:cb:5a:56:aa:34:d8:95:0f:a2:db:93:7f:
         cc:ad:97:e5:9f:f6:4a:69:89:e9:5c:5d:8f:14:f3:3a:94:2a:
         53:36:0f:b5:fd:70:42:46:1f:24:35:62:20:c6:0b:81:63:d3:
         46:16:b8:41:2b:1a:2f:8b:d0:a5:4c:bd:bd:af:56:94:07:75:
         ee:12:97:81:86:d5:dd:c8:76:a4:cb:a5:77:15:b4:ec:2f:0e:
         b4:ad:ab:7b:16:58:4a:1b:09:17:c3:40:21:66:47:3d:97:d4:
         23:54:04:cc:3c:6b:37:45:75:6c:c1:a2:4c:d5:23:7e:c2:c8:
         82:f4:c1:a8:60:7b:4f:9d:9b:6f:84:a6:94:ea:da:c0:f6:c6:
         9a:3c:98:75:de:2f:90:56:62:12:b5:f8:b6:e8:ac:06:12:a8:
         cd:3a:a2:b7:92:93:50:1f:15:69:0f:66:be:6b:20:9d:24:4f:
         49:05:4f:e8:df:d6:64:dd:57:e2:b1:55:24:aa:31:25:ee:ca:
         40:53:a1:ec:63:87:71:80:69:d8:bc:74:6a:84:00:8b:00:f7:
         b1:66:e2:f5:5a:50:92:c1:03:63:3d:4c:66:2f:df:1f:38:34:
         81:64:e8:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZESKfOiGkyhclmNL2qGTr2kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxOTkxOGVkMjE5ZTdkM2Q5MjI3MzdlY2RjNzMxZjBjYTYw
YTY4YjgwHhcNMjQwODAyMDgxNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWY0OWNkZjlmOGEzZGJmNjc2MzgxYmEyZDllZjA5MDg4NTQyMGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdtSad7dP3utIsdWPPEsVoV3OYiZ
0fN0CwYKNcwuGzzr2rDikwJfBUt/ypkd5zpB2600+uCsWvecG5svb5pqyeKN6N0G
Olov3mNjaqb3TZHQK54whm1w8fujF10qwNCxasKdnDiBqxduq9tilehlN1MfaJ5s
eP4J68Gr298fduRGmkqPeDC8O71k83PWBWBbUE6fcI7lVxLlmJaXkbudAWXqnWSk
7seJYwQ7FJhCRO987B9o1xoJE3tUmDlgFsDOrTecsMzxFR+Yu+fYoFDQIHBWZd0V
b2o6tNtBJhWGdu+CeQGzkXxi4JWmqxMPsD1kxdzVkxaGzw3JSQ3geHY71QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOH0nN+fij2/Z2OBui2e8JCIVCDwMB8GA1UdIwQY
MBaAFPGZGO0hnn09kic37NxzHwymCmi4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzIt
MzEzZWZlYjBiMTlkLzEvNGZTYzM1LUtQYjluWTRHNkxaN3drSWhVSVBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzItMzEzZWZlYjBiMTlk
LzEvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0JrMA0G
CSqGSIb3DQEBCwUAA4IBAQAqFsxcvZiuLSfErNxD0mJG7qV4Kvyj85LLWlaqNNiV
D6Lbk3/MrZfln/ZKaYnpXF2PFPM6lCpTNg+1/XBCRh8kNWIgxguBY9NGFrhBKxov
i9ClTL29r1aUB3XuEpeBhtXdyHaky6V3FbTsLw60rat7FlhKGwkXw0AhZkc9l9Qj
VATMPGs3RXVswaJM1SN+wsiC9MGoYHtPnZtvhKaU6trA9saaPJh13i+QVmIStfi2
6KwGEqjNOqK3kpNQHxVpD2a+ayCdJE9JBU/o39Zk3VfisVUkqjEl7spAU6HsY4dx
gGnYvHRqhACLAPexZuL1WlCSwQNjPUxmL98fODSBZOgt
-----END CERTIFICATE-----