Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/pBr9E3d67Nnrs14ocOpO5e0pdrU.roa
File:                     pBr9E3d67Nnrs14ocOpO5e0pdrU.roa (raw, json)
Hash identifier:          5Cr8G3YVaYIyREAvSiH3qlOwiulZg3OaFD80yUbIpOg=
Subject key identifier:   A4:1A:FD:13:77:7A:EC:D9:EB:B3:5E:28:70:EA:4E:E5:ED:29:76:B5
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       0192D2A404444B7E42879A49A8B1D7B73984
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/pBr9E3d67Nnrs14ocOpO5e0pdrU.roa
Signing time:             Mon 28 Oct 2024 10:20:17 +0000
ROA not before:           Mon 28 Oct 2024 10:20:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53356
IP address blocks:        79.135.128.0/19 maxlen: 22
                          80.254.208.0/20 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d2:a4:04:44:4b:7e:42:87:9a:49:a8:b1:d7:b7:39:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Oct 28 10:20:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a41afd13777aecd9ebb35e2870ea4ee5ed2976b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:13:b0:12:de:64:63:b6:6c:c1:76:c0:26:4f:
                    ff:25:72:9b:df:fa:6a:35:b3:ff:37:4c:46:68:87:
                    c4:e9:1d:79:5c:cd:28:38:be:4d:ad:ff:7e:00:f3:
                    1e:5b:9b:9d:e2:e6:12:2c:28:0e:cc:96:ef:33:80:
                    a1:64:36:42:1d:52:a9:c5:9d:12:a0:3d:7b:60:c3:
                    06:ad:b6:e9:9b:e6:2e:50:76:76:4b:1a:25:4c:38:
                    29:f5:61:d2:82:a5:f5:a4:42:c7:7c:6c:9b:0b:39:
                    28:b8:c9:2b:ac:0e:06:f7:90:f2:82:9d:c0:f3:2a:
                    25:59:a4:55:39:45:af:d9:6a:12:63:c0:41:0d:69:
                    b5:3a:99:0f:12:49:88:a7:46:6b:fe:b7:98:29:79:
                    8d:72:d5:9d:a2:ab:63:9f:43:61:1b:b6:9e:31:a6:
                    cf:0c:9b:72:09:5a:7b:78:24:2e:8d:17:60:f9:2f:
                    58:29:47:f3:a6:28:41:c2:1e:57:c0:6f:46:ea:71:
                    43:44:d8:c7:a3:44:3e:34:3a:4d:92:70:a2:34:f1:
                    38:a9:96:f1:b7:f6:68:65:38:64:9c:22:12:67:f3:
                    02:1e:d0:3e:17:1f:8e:c6:be:68:38:0f:42:50:e9:
                    f3:f1:bc:a1:9f:d2:ef:da:10:25:1d:a6:48:55:47:
                    d6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:1A:FD:13:77:7A:EC:D9:EB:B3:5E:28:70:EA:4E:E5:ED:29:76:B5
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/pBr9E3d67Nnrs14ocOpO5e0pdrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.135.128.0/19
                  80.254.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         95:30:37:78:62:a1:46:24:f6:8f:44:2e:94:b1:9f:56:7a:33:
         a2:98:c2:28:d2:96:5e:f2:a0:57:ba:76:22:de:24:4a:a6:f3:
         b3:e1:b0:82:27:ef:1e:e2:3b:60:e5:38:65:e6:38:20:5c:b9:
         30:16:18:61:90:6d:cf:bd:ce:0e:c8:30:da:43:4b:76:ed:76:
         f8:c6:22:58:c8:ee:35:62:0c:38:f2:0e:52:f2:be:99:6d:d5:
         4a:40:c6:88:9c:1b:31:8e:ba:9b:63:95:a3:f7:47:f0:38:03:
         da:ed:45:91:68:39:5d:c4:25:5b:d8:61:16:08:3c:15:7f:d7:
         d8:17:2e:31:33:9d:d6:af:39:91:fb:4b:fe:34:0a:5d:7e:d7:
         b0:f8:e4:c5:6b:43:14:49:d6:ea:4b:6f:6a:39:04:fa:fa:07:
         61:8c:e6:32:e8:bf:27:ae:b2:e3:1e:81:5b:29:c1:20:15:ab:
         cf:64:73:69:f4:50:86:db:78:ea:0d:72:30:68:79:a9:30:0d:
         92:4f:2b:c3:19:5f:bc:80:81:6e:c8:1f:f4:7b:39:17:3b:ba:
         dd:f0:80:9c:28:d9:36:c2:1f:72:bd:3f:55:2a:58:c2:83:a7:
         46:ab:f0:3f:ad:c8:79:f4:73:d8:50:14:27:72:70:c0:6a:18:
         4f:b6:ea:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLSpARES35Ch5pJqLHXtzmEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQxMDI4MTAyMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDFhZmQxMzc3N2FlY2Q5ZWJiMzVlMjg3MGVhNGVlNWVkMjk3NmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoROwEt5kY7ZswXbAJk//JXKb3/pq
NbP/N0xGaIfE6R15XM0oOL5Nrf9+APMeW5ud4uYSLCgOzJbvM4ChZDZCHVKpxZ0S
oD17YMMGrbbpm+YuUHZ2SxolTDgp9WHSgqX1pELHfGybCzkouMkrrA4G95Dygp3A
8yolWaRVOUWv2WoSY8BBDWm1OpkPEkmIp0Zr/reYKXmNctWdoqtjn0NhG7aeMabP
DJtyCVp7eCQujRdg+S9YKUfzpihBwh5XwG9G6nFDRNjHo0Q+NDpNknCiNPE4qZbx
t/ZoZThknCISZ/MCHtA+Fx+Oxr5oOA9CUOnz8byhn9Lv2hAlHaZIVUfWBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKQa/RN3euzZ67NeKHDqTuXtKXa1MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvcEJyOUUzZDY3Tm5yczE0b2NPcE81ZTBwZHJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFT4eAAwQE
UP7QMA0GCSqGSIb3DQEBCwUAA4IBAQCVMDd4YqFGJPaPRC6UsZ9WejOimMIo0pZe
8qBXunYi3iRKpvOz4bCCJ+8e4jtg5Thl5jggXLkwFhhhkG3Pvc4OyDDaQ0t27Xb4
xiJYyO41Ygw48g5S8r6ZbdVKQMaInBsxjrqbY5Wj90fwOAPa7UWRaDldxCVb2GEW
CDwVf9fYFy4xM53WrzmR+0v+NApdftew+OTFa0MUSdbqS29qOQT6+gdhjOYy6L8n
rrLjHoFbKcEgFavPZHNp9FCG23jqDXIwaHmpMA2STyvDGV+8gIFuyB/0ezkXO7rd
8ICcKNk2wh9yvT9VKljCg6dGq/A/rch59HPYUBQncnDAahhPturG
-----END CERTIFICATE-----