Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/fsRdpH_dXRpfLcGx7GM4omw1UoU.roa
File:                     fsRdpH_dXRpfLcGx7GM4omw1UoU.roa (raw, json)
Hash identifier:          PqCC+NpS3shM2T7ZOUlASYLsmSDoc91ZS+CbaG6kdc0=
Subject key identifier:   7E:C4:5D:A4:7F:DD:5D:1A:5F:2D:C1:B1:EC:63:38:A2:6C:35:52:85
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       01912CBD3D4BB1E3D5863A440DE42E591F73
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/fsRdpH_dXRpfLcGx7GM4omw1UoU.roa
Signing time:             Wed 07 Aug 2024 12:08:05 +0000
ROA not before:           Wed 07 Aug 2024 12:08:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        188.64.176.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2c:bd:3d:4b:b1:e3:d5:86:3a:44:0d:e4:2e:59:1f:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Aug  7 12:08:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ec45da47fdd5d1a5f2dc1b1ec6338a26c355285
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:6c:df:03:7c:0f:dd:05:3c:d6:a8:4b:c8:a7:
                    56:4d:1b:c8:fa:30:cd:fa:84:28:3c:6e:9a:bc:b8:
                    5c:b6:5f:88:5c:28:6c:34:34:34:2e:8a:c4:0e:e3:
                    f6:fc:35:c4:93:45:c4:44:bd:79:0e:b7:2c:14:58:
                    22:8f:d3:3e:46:20:42:07:b0:3c:9c:b8:87:1a:45:
                    4e:49:4c:2d:e3:56:86:65:15:ed:b0:f9:a3:f6:39:
                    2c:ca:f0:f4:b7:13:5b:3e:37:62:3d:bc:49:40:cd:
                    ee:8b:5d:00:f1:da:86:b4:96:d7:97:de:d7:2a:f6:
                    1d:f7:06:3f:8c:3e:2d:2e:69:d4:10:b2:9b:1e:9a:
                    ff:51:66:e8:96:bd:87:12:33:13:dd:db:25:b4:9d:
                    3c:fb:6a:3c:0e:c4:c2:83:5c:dd:96:83:67:39:8b:
                    82:d5:43:2c:ef:d1:0b:9e:83:39:de:47:63:bb:27:
                    03:3b:81:55:64:eb:77:42:01:e3:bd:b1:e2:18:fb:
                    fc:c5:a8:14:98:83:d4:51:6d:93:10:26:d1:51:4d:
                    b5:77:6b:aa:3d:f3:85:43:8d:e2:46:40:45:18:fb:
                    8d:40:42:92:da:38:f7:3e:0a:f5:da:c4:27:91:da:
                    ef:d5:af:8b:ba:80:fc:1a:ed:5c:0d:5a:f4:01:e5:
                    9a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:C4:5D:A4:7F:DD:5D:1A:5F:2D:C1:B1:EC:63:38:A2:6C:35:52:85
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/fsRdpH_dXRpfLcGx7GM4omw1UoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.64.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         04:61:70:33:ed:1f:e6:65:a3:9b:fe:8e:74:ff:ea:7d:03:00:
         0e:25:13:e8:ca:3f:57:42:c7:70:8e:f2:bc:58:4c:76:62:a1:
         6e:fd:a6:00:1f:a9:90:0a:27:37:79:a2:03:40:ab:6e:1b:f6:
         9d:52:89:bb:e9:ec:17:77:7f:39:0b:2c:15:7d:1c:1a:25:8f:
         29:0d:8d:4d:be:80:c4:1f:57:fe:aa:ec:f5:98:0e:aa:87:cb:
         2a:40:22:9f:a1:ce:e8:70:3f:6f:16:f9:e3:5e:6d:7a:64:74:
         dc:b2:26:56:cb:03:1c:a5:0f:12:4f:8a:d3:c8:9e:f8:dc:8b:
         dd:b4:d2:0d:19:a0:63:80:e2:b8:f8:3b:35:ea:90:be:bb:c9:
         56:ab:09:84:c3:70:60:4e:4b:04:2d:4a:ed:cf:ca:6a:ca:29:
         47:14:47:e6:5e:0a:a6:93:16:31:6a:5d:36:62:ec:fc:1c:d5:
         bc:d5:04:5a:df:42:b9:f4:11:a5:da:ba:b6:c9:a3:bd:69:66:
         e4:b4:9a:97:19:e4:38:87:35:5e:d0:b4:d2:1d:73:2f:10:aa:
         1f:d9:96:9a:1e:dd:77:20:31:54:70:28:5f:ee:08:d0:72:64:
         83:d9:9b:f9:e1:b3:30:b6:79:21:0e:2a:21:f0:10:12:4d:27:
         02:c5:1c:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEsvT1LsePVhjpEDeQuWR9zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwODA3MTIwODA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWM0NWRhNDdmZGQ1ZDFhNWYyZGMxYjFlYzYzMzhhMjZjMzU1Mjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA32zfA3wP3QU81qhLyKdWTRvI+jDN
+oQoPG6avLhctl+IXChsNDQ0LorEDuP2/DXEk0XERL15DrcsFFgij9M+RiBCB7A8
nLiHGkVOSUwt41aGZRXtsPmj9jksyvD0txNbPjdiPbxJQM3ui10A8dqGtJbXl97X
KvYd9wY/jD4tLmnUELKbHpr/UWbolr2HEjMT3dsltJ08+2o8DsTCg1zdloNnOYuC
1UMs79ELnoM53kdjuycDO4FVZOt3QgHjvbHiGPv8xagUmIPUUW2TECbRUU21d2uq
PfOFQ43iRkBFGPuNQEKS2jj3Pgr12sQnkdrv1a+LuoD8Gu1cDVr0AeWaewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7EXaR/3V0aXy3BsexjOKJsNVKFMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvZnNSZHBIX2RYUnBmTGNHeDdHTTRvbXcxVW9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDvECwMA0G
CSqGSIb3DQEBCwUAA4IBAQAEYXAz7R/mZaOb/o50/+p9AwAOJRPoyj9XQsdwjvK8
WEx2YqFu/aYAH6mQCic3eaIDQKtuG/adUom76ewXd385CywVfRwaJY8pDY1NvoDE
H1f+quz1mA6qh8sqQCKfoc7ocD9vFvnjXm16ZHTcsiZWywMcpQ8ST4rTyJ743Ivd
tNINGaBjgOK4+Ds16pC+u8lWqwmEw3BgTksELUrtz8pqyilHFEfmXgqmkxYxal02
Yuz8HNW81QRa30K59BGl2rq2yaO9aWbktJqXGeQ4hzVe0LTSHXMvEKof2ZaaHt13
IDFUcChf7gjQcmSD2Zv54bMwtnkhDioh8BASTScCxRw+
-----END CERTIFICATE-----