Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/51b31a-7e50-4a1e-9f69-16d3a0ea49ae/1/fTQtuqnvzbQofexf6Vy0PR4THCQ.roa
File:                     fTQtuqnvzbQofexf6Vy0PR4THCQ.roa (raw, json)
Hash identifier:          NgKH22ELDpRmEb09PISAiShdA1TINAw5wCC+/Qvzzsk=
Subject key identifier:   7D:34:2D:BA:A9:EF:CD:B4:28:7D:EC:5F:E9:5C:B4:3D:1E:13:1C:24
Certificate issuer:       /CN=edeb4424abd86d6ef48db9e7646f539c6d10c886
Certificate serial:       018CC9BC4BBBFBCC64AB3A91D042B8EF0A6E
Authority key identifier: ED:EB:44:24:AB:D8:6D:6E:F4:8D:B9:E7:64:6F:53:9C:6D:10:C8:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7etEJKvYbW70jbnnZG9TnG0QyIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/51b31a-7e50-4a1e-9f69-16d3a0ea49ae/1/fTQtuqnvzbQofexf6Vy0PR4THCQ.roa
Signing time:             Tue 02 Jan 2024 10:33:29 +0000
ROA not before:           Tue 02 Jan 2024 10:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15663
IP address blocks:        212.39.0.0/19 maxlen: 24
                          185.203.76.0/22 maxlen: 22
                          2a00:aa00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/51b31a-7e50-4a1e-9f69-16d3a0ea49ae/1/7etEJKvYbW70jbnnZG9TnG0QyIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/51b31a-7e50-4a1e-9f69-16d3a0ea49ae/1/7etEJKvYbW70jbnnZG9TnG0QyIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7etEJKvYbW70jbnnZG9TnG0QyIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Nov 2024 01:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:4b:bb:fb:cc:64:ab:3a:91:d0:42:b8:ef:0a:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edeb4424abd86d6ef48db9e7646f539c6d10c886
        Validity
            Not Before: Jan  2 10:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d342dbaa9efcdb4287dec5fe95cb43d1e131c24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:ad:45:2b:ee:f0:63:39:fb:62:2e:13:5a:20:
                    a7:09:44:38:77:47:ac:73:83:f7:e4:0c:6b:db:2d:
                    38:98:0a:64:a5:57:53:b5:bf:e8:d1:7c:60:97:8a:
                    5f:6f:3a:1b:da:99:16:11:5a:af:a5:9b:72:0c:ba:
                    b7:f2:a0:e9:69:ca:9b:43:5d:6f:ab:36:34:ce:b1:
                    32:44:16:1c:a7:e5:66:f8:41:f0:b2:4d:20:d0:47:
                    db:29:66:e8:d4:39:19:c2:54:ab:32:0d:40:f2:71:
                    bd:43:05:40:27:e0:6c:3d:e2:da:b6:c1:03:eb:8b:
                    c9:66:97:09:39:6b:89:32:20:f3:90:4f:55:2b:84:
                    d4:9d:db:19:56:86:5a:e4:c2:04:7c:a5:1d:95:94:
                    01:99:c9:7f:1b:ab:f3:98:98:86:85:a7:c3:df:f6:
                    b6:a9:ba:10:c0:c0:ac:a0:46:23:98:8e:55:69:0c:
                    52:15:d8:5f:ef:f4:bd:ee:cc:dc:d4:ce:ae:09:dd:
                    2c:77:25:83:b7:19:2c:72:62:da:4c:f6:7d:81:b8:
                    f8:cf:f0:2a:50:32:c0:50:3c:09:cd:21:4a:78:11:
                    ae:54:96:b7:99:29:35:2f:31:22:d4:0c:36:38:e3:
                    04:6f:56:39:da:78:68:50:cd:07:f6:f2:8b:0a:d3:
                    1c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:34:2D:BA:A9:EF:CD:B4:28:7D:EC:5F:E9:5C:B4:3D:1E:13:1C:24
            X509v3 Authority Key Identifier:
                keyid:ED:EB:44:24:AB:D8:6D:6E:F4:8D:B9:E7:64:6F:53:9C:6D:10:C8:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7etEJKvYbW70jbnnZG9TnG0QyIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/51b31a-7e50-4a1e-9f69-16d3a0ea49ae/1/fTQtuqnvzbQofexf6Vy0PR4THCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/51b31a-7e50-4a1e-9f69-16d3a0ea49ae/1/7etEJKvYbW70jbnnZG9TnG0QyIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.76.0/22
                  212.39.0.0/19
                IPv6:
                  2a00:aa00::/32

    Signature Algorithm: sha256WithRSAEncryption
         2f:8d:ab:80:c9:50:fb:1a:15:a5:de:f6:66:d6:c6:7e:6e:46:
         69:a9:51:85:c0:8c:4f:7b:34:cd:1a:ff:ab:c1:18:03:5e:67:
         9d:3e:04:b7:f0:c4:68:1f:34:db:d3:d5:6b:6a:62:e7:4d:a3:
         8f:6f:f7:ca:14:4f:1c:d4:1d:0d:8c:20:d8:d0:63:ea:a3:b0:
         d7:b0:fc:d8:68:e7:82:f5:3c:8d:8c:78:f6:95:33:9c:3e:41:
         f5:26:03:10:0f:80:02:b5:f0:2c:12:8e:c9:84:b3:26:2f:e9:
         b9:c8:4f:a1:b9:d2:cd:b3:45:97:c9:2a:98:cc:b8:ce:d0:d7:
         3e:3e:b9:3b:14:4e:57:25:1f:ff:48:5d:89:e5:fd:07:ea:5e:
         75:92:15:82:d7:24:89:82:55:08:20:3f:27:9b:a6:8c:66:0b:
         6d:0d:bb:21:7b:65:2c:82:cc:08:87:38:17:46:64:0c:78:92:
         68:74:e0:09:e3:60:d6:0e:81:7a:8b:4d:2b:34:fd:1f:5f:a8:
         e1:11:b0:2b:d4:c5:21:a4:42:8b:74:7f:4c:09:81:cd:c3:63:
         25:5d:04:2c:97:fb:22:57:d3:cb:0e:3b:48:5e:67:88:f8:b8:
         d3:c0:89:90:5b:af:bf:ea:80:bf:e4:61:21:56:4c:18:48:ef:
         6f:98:9e:7a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJvEu7+8xkqzqR0EK47wpuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkZWI0NDI0YWJkODZkNmVmNDhkYjllNzY0NmY1MzljNmQx
MGM4ODYwHhcNMjQwMTAyMTAzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDM0MmRiYWE5ZWZjZGI0Mjg3ZGVjNWZlOTVjYjQzZDFlMTMxYzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgK1FK+7wYzn7Yi4TWiCnCUQ4d0es
c4P35Axr2y04mApkpVdTtb/o0Xxgl4pfbzob2pkWEVqvpZtyDLq38qDpacqbQ11v
qzY0zrEyRBYcp+Vm+EHwsk0g0EfbKWbo1DkZwlSrMg1A8nG9QwVAJ+BsPeLatsED
64vJZpcJOWuJMiDzkE9VK4TUndsZVoZa5MIEfKUdlZQBmcl/G6vzmJiGhafD3/a2
qboQwMCsoEYjmI5VaQxSFdhf7/S97szc1M6uCd0sdyWDtxkscmLaTPZ9gbj4z/Aq
UDLAUDwJzSFKeBGuVJa3mSk1LzEi1Aw2OOMEb1Y52nhoUM0H9vKLCtMcOwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFH00Lbqp7820KH3sX+lctD0eExwkMB8GA1UdIwQY
MBaAFO3rRCSr2G1u9I2552RvU5xtEMiGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2V0RUpLdlliVzcwamJublpHOVRuRzBReUlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi81MWIzMWEtN2U1MC00YTFlLTlmNjkt
MTZkM2EwZWE0OWFlLzEvZlRRdHVxbnZ6YlFvZmV4ZjZWeTBQUjRUSENRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi81MWIzMWEtN2U1MC00YTFlLTlmNjktMTZkM2EwZWE0OWFl
LzEvN2V0RUpLdlliVzcwamJublpHOVRuRzBReUlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuctMAwQF
1CcAMA0EAgACMAcDBQAqAKoAMA0GCSqGSIb3DQEBCwUAA4IBAQAvjauAyVD7GhWl
3vZm1sZ+bkZpqVGFwIxPezTNGv+rwRgDXmedPgS38MRoHzTb09VramLnTaOPb/fK
FE8c1B0NjCDY0GPqo7DXsPzYaOeC9TyNjHj2lTOcPkH1JgMQD4ACtfAsEo7JhLMm
L+m5yE+hudLNs0WXySqYzLjO0Nc+Prk7FE5XJR//SF2J5f0H6l51khWC1ySJglUI
ID8nm6aMZgttDbshe2UsgswIhzgXRmQMeJJodOAJ42DWDoF6i00rNP0fX6jhEbAr
1MUhpEKLdH9MCYHNw2MlXQQsl/siV9PLDjtIXmeI+LjTwImQW6+/6oC/5GEhVkwY
SO9vmJ56
-----END CERTIFICATE-----