Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/320395-70c0-4002-a362-ed3e98c656e1/1/AVBXVLQ64kD2W8lOwEgIKSFrvCo.roa
File:                     AVBXVLQ64kD2W8lOwEgIKSFrvCo.roa (raw, json)
Hash identifier:          D8ZIdsPcuT1SAIAilxJJTB2VI5iqUxpaXxtvRZyGvTY=
Subject key identifier:   01:50:57:54:B4:3A:E2:40:F6:5B:C9:4E:C0:48:08:29:21:6B:BC:2A
Certificate issuer:       /CN=8568407047a62e648300c5182a29353ff58eb05f
Certificate serial:       0191E583B2FD78A39E46B90CBDAC79E993B4
Authority key identifier: 85:68:40:70:47:A6:2E:64:83:00:C5:18:2A:29:35:3F:F5:8E:B0:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hWhAcEemLmSDAMUYKik1P_WOsF8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/320395-70c0-4002-a362-ed3e98c656e1/1/AVBXVLQ64kD2W8lOwEgIKSFrvCo.roa
Signing time:             Thu 12 Sep 2024 09:14:59 +0000
ROA not before:           Thu 12 Sep 2024 09:14:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60609
IP address blocks:        185.232.48.0/24 maxlen: 24
                          185.232.49.0/24 maxlen: 24
                          185.232.50.0/24 maxlen: 24
                          185.232.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/320395-70c0-4002-a362-ed3e98c656e1/1/hWhAcEemLmSDAMUYKik1P_WOsF8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/320395-70c0-4002-a362-ed3e98c656e1/1/hWhAcEemLmSDAMUYKik1P_WOsF8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hWhAcEemLmSDAMUYKik1P_WOsF8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e5:83:b2:fd:78:a3:9e:46:b9:0c:bd:ac:79:e9:93:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8568407047a62e648300c5182a29353ff58eb05f
        Validity
            Not Before: Sep 12 09:14:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01505754b43ae240f65bc94ec0480829216bbc2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:53:e2:b8:f9:e3:2b:bd:61:f2:2e:ee:d1:e0:
                    a1:b0:fc:53:7c:15:10:5e:2b:53:5c:13:91:0e:e7:
                    94:61:5b:d8:2a:74:22:f5:1e:74:6d:53:80:17:79:
                    87:29:a1:c2:4d:8d:19:c7:c6:1e:97:c6:0d:ee:00:
                    9a:d7:91:cd:22:74:ed:63:13:8a:2c:a6:63:c0:6d:
                    ae:26:1e:4c:70:3b:4d:af:d3:1f:1e:78:04:0f:d8:
                    c3:ed:31:a4:1a:86:27:84:1a:e5:45:ae:2b:eb:ca:
                    f9:47:96:98:71:06:d0:c4:8d:ea:6b:d7:03:78:ba:
                    3b:f3:d6:74:6a:79:89:b7:12:c6:d5:44:d2:0f:e5:
                    bd:14:85:56:71:62:28:76:0f:73:bb:1e:24:80:8b:
                    71:b3:42:da:04:ff:d0:14:7d:00:58:d1:c4:96:e0:
                    82:4d:55:4c:24:c0:36:b1:97:ed:3d:f6:7c:3c:16:
                    a2:06:5f:4f:96:01:3f:5c:4e:b3:19:eb:a2:f2:c1:
                    24:73:e0:4b:ad:dd:87:6d:0e:6e:5f:f9:39:b9:f0:
                    14:99:46:94:7c:d0:b9:fb:cc:20:46:3a:40:51:ec:
                    f6:b4:0c:13:e1:5b:12:d7:55:fc:56:bb:49:dd:41:
                    a4:76:5c:f5:df:95:82:b8:fd:dc:08:e3:b3:b5:ed:
                    eb:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:50:57:54:B4:3A:E2:40:F6:5B:C9:4E:C0:48:08:29:21:6B:BC:2A
            X509v3 Authority Key Identifier:
                keyid:85:68:40:70:47:A6:2E:64:83:00:C5:18:2A:29:35:3F:F5:8E:B0:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hWhAcEemLmSDAMUYKik1P_WOsF8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/320395-70c0-4002-a362-ed3e98c656e1/1/AVBXVLQ64kD2W8lOwEgIKSFrvCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/320395-70c0-4002-a362-ed3e98c656e1/1/hWhAcEemLmSDAMUYKik1P_WOsF8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:6f:46:00:02:47:bc:25:b1:36:52:80:74:c7:ee:e9:4d:f9:
         00:4b:1a:13:e7:09:09:b9:bf:8e:36:5e:7e:1d:22:d4:b3:99:
         bd:d5:66:99:05:7d:06:3a:85:a4:8c:3d:b0:f1:1a:1a:8c:b3:
         bc:d2:bb:bf:6a:26:4b:2c:46:10:a2:3a:55:cb:f0:56:38:1c:
         bb:a1:39:ea:38:82:9d:d5:f8:ca:d7:38:d6:71:2c:19:a5:85:
         33:5b:ac:a9:60:b6:37:1a:36:69:8b:cf:f3:c3:b4:9e:fa:bd:
         87:94:75:38:49:38:cb:e5:ae:dc:ed:91:02:d6:54:c2:c5:64:
         2b:69:df:2a:f1:f5:7b:c1:c3:89:7f:6e:39:4e:b6:c0:3f:61:
         6b:d3:6f:ec:fd:cf:37:4e:8a:1c:7f:91:92:59:0f:9f:f3:e8:
         1c:ef:a0:82:d8:33:09:7f:b2:fc:50:5f:e0:9f:dc:53:f1:5e:
         18:0d:dc:27:4e:20:8c:de:0d:b6:fb:66:08:5d:21:c9:e7:84:
         48:e8:0c:36:44:5c:38:8c:48:62:b3:83:be:78:c1:59:38:20:
         17:95:83:ad:be:1e:82:3b:8c:29:57:f0:65:09:e7:e5:7f:b7:
         48:11:fc:84:67:f6:17:f1:3c:d0:a6:e9:17:98:21:14:ce:28:
         8b:ff:55:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHlg7L9eKOeRrkMvax56ZO0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1Njg0MDcwNDdhNjJlNjQ4MzAwYzUxODJhMjkzNTNmZjU4
ZWIwNWYwHhcNMjQwOTEyMDkxNDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTUwNTc1NGI0M2FlMjQwZjY1YmM5NGVjMDQ4MDgyOTIxNmJiYzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFPiuPnjK71h8i7u0eChsPxTfBUQ
XitTXBORDueUYVvYKnQi9R50bVOAF3mHKaHCTY0Zx8Yel8YN7gCa15HNInTtYxOK
LKZjwG2uJh5McDtNr9MfHngED9jD7TGkGoYnhBrlRa4r68r5R5aYcQbQxI3qa9cD
eLo789Z0anmJtxLG1UTSD+W9FIVWcWIodg9zux4kgItxs0LaBP/QFH0AWNHEluCC
TVVMJMA2sZftPfZ8PBaiBl9PlgE/XE6zGeui8sEkc+BLrd2HbQ5uX/k5ufAUmUaU
fNC5+8wgRjpAUez2tAwT4VsS11X8VrtJ3UGkdlz135WCuP3cCOOzte3rKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFQV1S0OuJA9lvJTsBICCkha7wqMB8GA1UdIwQY
MBaAFIVoQHBHpi5kgwDFGCopNT/1jrBfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFdoQWNFZW1MbVNEQU1VWUtpazFQX1dPc0Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8zMjAzOTUtNzBjMC00MDAyLWEzNjIt
ZWQzZTk4YzY1NmUxLzEvQVZCWFZMUTY0a0QyVzhsT3dFZ0lLU0ZydkNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8zMjAzOTUtNzBjMC00MDAyLWEzNjItZWQzZTk4YzY1NmUx
LzEvaFdoQWNFZW1MbVNEQU1VWUtpazFQX1dPc0Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuegwMA0G
CSqGSIb3DQEBCwUAA4IBAQBob0YAAke8JbE2UoB0x+7pTfkASxoT5wkJub+ONl5+
HSLUs5m91WaZBX0GOoWkjD2w8RoajLO80ru/aiZLLEYQojpVy/BWOBy7oTnqOIKd
1fjK1zjWcSwZpYUzW6ypYLY3GjZpi8/zw7Se+r2HlHU4STjL5a7c7ZEC1lTCxWQr
ad8q8fV7wcOJf245TrbAP2Fr02/s/c83Toocf5GSWQ+f8+gc76CC2DMJf7L8UF/g
n9xT8V4YDdwnTiCM3g22+2YIXSHJ54RI6Aw2RFw4jEhis4O+eMFZOCAXlYOtvh6C
O4wpV/BlCeflf7dIEfyEZ/YX8TzQpukXmCEUziiL/1XR
-----END CERTIFICATE-----