Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/a01f82-9193-4199-95a8-83ae5d9c832f/1/Ff0wTrfLYQZTsnYLnCNlXChEv3s.roa
File:                     Ff0wTrfLYQZTsnYLnCNlXChEv3s.roa (raw, json)
Hash identifier:          gYEY0vSmUQ48UCslhyK66qDtltu8OJgzX/F2G04eSNs=
Subject key identifier:   15:FD:30:4E:B7:CB:61:06:53:B2:76:0B:9C:23:65:5C:28:44:BF:7B
Certificate issuer:       /CN=a59ac8323ebb6be20fae89d098ca24138f8c9005
Certificate serial:       018CC8012E558E5F688509C3539CB70CF4E0
Authority key identifier: A5:9A:C8:32:3E:BB:6B:E2:0F:AE:89:D0:98:CA:24:13:8F:8C:90:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pZrIMj67a-IPronQmMokE4-MkAU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/a01f82-9193-4199-95a8-83ae5d9c832f/1/Ff0wTrfLYQZTsnYLnCNlXChEv3s.roa
Signing time:             Tue 02 Jan 2024 02:29:29 +0000
ROA not before:           Tue 02 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24595
IP address blocks:        85.159.96.0/21 maxlen: 21
                          185.94.120.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/a01f82-9193-4199-95a8-83ae5d9c832f/1/pZrIMj67a-IPronQmMokE4-MkAU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/a01f82-9193-4199-95a8-83ae5d9c832f/1/pZrIMj67a-IPronQmMokE4-MkAU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pZrIMj67a-IPronQmMokE4-MkAU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:2e:55:8e:5f:68:85:09:c3:53:9c:b7:0c:f4:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a59ac8323ebb6be20fae89d098ca24138f8c9005
        Validity
            Not Before: Jan  2 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15fd304eb7cb610653b2760b9c23655c2844bf7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:73:ff:41:77:87:ce:8e:e1:49:d8:be:5e:54:
                    bb:b8:4e:b8:d3:1b:62:4a:36:72:6d:c9:eb:bb:ed:
                    ce:da:23:ca:78:ff:98:a0:0f:de:d6:c9:d9:c6:c4:
                    32:b1:7f:88:09:28:ef:c5:e2:ed:28:0e:93:c9:ca:
                    5f:a2:a1:a4:f8:e4:77:9d:25:e3:70:ac:1b:ab:5c:
                    01:33:74:97:55:48:98:de:b8:5f:43:ad:01:5f:b2:
                    4f:77:1d:d8:c1:2c:9f:cc:d8:c8:13:40:28:ae:e0:
                    24:87:a3:0e:d3:df:d0:c3:cf:72:c7:c8:d6:63:e8:
                    de:d0:6b:7a:8a:03:5b:b7:e7:40:e7:0c:51:2e:01:
                    ed:46:7a:a8:11:af:2f:38:62:4f:ce:cb:a9:b9:ed:
                    56:7c:d3:7b:ba:ab:7c:16:ad:4d:54:fc:2a:54:d9:
                    80:de:13:41:52:f5:46:d0:f6:ca:8e:2c:84:f1:7d:
                    9d:29:01:a2:31:ee:9e:da:87:13:87:f9:a0:61:d4:
                    00:de:9b:ad:64:5e:ae:cb:82:4c:a0:b5:23:34:75:
                    e2:b6:da:d2:9a:13:3b:fa:71:50:c9:3f:a0:e9:5d:
                    56:f6:04:5f:63:e9:c1:7e:22:dc:bd:02:ae:81:c6:
                    65:a4:a9:7d:97:92:1e:ca:d3:a2:bd:58:ce:45:59:
                    e6:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:FD:30:4E:B7:CB:61:06:53:B2:76:0B:9C:23:65:5C:28:44:BF:7B
            X509v3 Authority Key Identifier:
                keyid:A5:9A:C8:32:3E:BB:6B:E2:0F:AE:89:D0:98:CA:24:13:8F:8C:90:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pZrIMj67a-IPronQmMokE4-MkAU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/a01f82-9193-4199-95a8-83ae5d9c832f/1/Ff0wTrfLYQZTsnYLnCNlXChEv3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/a01f82-9193-4199-95a8-83ae5d9c832f/1/pZrIMj67a-IPronQmMokE4-MkAU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.159.96.0/21
                  185.94.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         91:fc:b2:30:1c:27:1e:26:8c:1d:32:9d:ac:78:f8:9c:aa:00:
         c6:5e:74:89:be:97:58:0a:7a:c1:1f:0f:10:7a:df:4c:e1:3d:
         07:a5:e9:20:5b:8b:b6:c6:08:f5:21:29:5e:43:69:f1:cc:d0:
         d2:8d:dc:9e:08:38:8f:06:b5:8f:e2:0f:ef:f5:87:b0:3c:07:
         b8:7b:42:c2:26:b6:32:4d:95:ca:93:c1:3b:7c:21:70:61:ea:
         98:a8:b4:8c:65:41:f1:42:42:00:c5:65:61:f5:1e:34:06:b1:
         0f:2f:2d:fa:b1:33:63:8f:f4:70:6f:6b:f2:97:8a:79:de:64:
         92:82:8f:99:0f:1b:07:03:05:69:26:e1:44:dd:a2:06:40:c5:
         70:bc:6b:34:8a:32:86:88:b8:69:93:0a:c5:5a:11:56:6e:76:
         94:fb:e8:ca:82:1c:f2:c8:dd:a8:2f:05:e8:84:1f:69:05:14:
         0f:7c:71:01:00:0f:81:2d:48:e5:ce:41:4d:08:f1:8e:6d:a6:
         04:7f:11:b1:83:ea:87:0f:87:22:00:45:89:6d:9d:c1:ac:bf:
         f9:b3:bd:0d:2d:98:55:7a:72:81:75:50:3c:36:60:d6:6f:07:
         4a:f4:c9:a1:37:e8:9c:f3:30:3e:ea:60:98:ae:64:79:c4:0f:
         b2:e1:22:73
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAS5Vjl9ohQnDU5y3DPTgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1OWFjODMyM2ViYjZiZTIwZmFlODlkMDk4Y2EyNDEzOGY4
YzkwMDUwHhcNMjQwMTAyMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWZkMzA0ZWI3Y2I2MTA2NTNiMjc2MGI5YzIzNjU1YzI4NDRiZjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHP/QXeHzo7hSdi+XlS7uE640xti
SjZybcnru+3O2iPKeP+YoA/e1snZxsQysX+ICSjvxeLtKA6TycpfoqGk+OR3nSXj
cKwbq1wBM3SXVUiY3rhfQ60BX7JPdx3YwSyfzNjIE0AoruAkh6MO09/Qw89yx8jW
Y+je0Gt6igNbt+dA5wxRLgHtRnqoEa8vOGJPzsupue1WfNN7uqt8Fq1NVPwqVNmA
3hNBUvVG0PbKjiyE8X2dKQGiMe6e2ocTh/mgYdQA3putZF6uy4JMoLUjNHXittrS
mhM7+nFQyT+g6V1W9gRfY+nBfiLcvQKugcZlpKl9l5IeytOivVjORVnmLwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBX9ME63y2EGU7J2C5wjZVwoRL97MB8GA1UdIwQY
MBaAFKWayDI+u2viD66J0JjKJBOPjJAFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFpySU1qNjdhLUlQcm9uUW1Nb2tFNC1Na0FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9hMDFmODItOTE5My00MTk5LTk1YTgt
ODNhZTVkOWM4MzJmLzEvRmYwd1RyZkxZUVpUc25ZTG5DTmxYQ2hFdjNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9hMDFmODItOTE5My00MTk5LTk1YTgtODNhZTVkOWM4MzJm
LzEvcFpySU1qNjdhLUlQcm9uUW1Nb2tFNC1Na0FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDVZ9gAwQC
uV54MA0GCSqGSIb3DQEBCwUAA4IBAQCR/LIwHCceJowdMp2sePicqgDGXnSJvpdY
CnrBHw8Qet9M4T0HpekgW4u2xgj1ISleQ2nxzNDSjdyeCDiPBrWP4g/v9YewPAe4
e0LCJrYyTZXKk8E7fCFwYeqYqLSMZUHxQkIAxWVh9R40BrEPLy36sTNjj/Rwb2vy
l4p53mSSgo+ZDxsHAwVpJuFE3aIGQMVwvGs0ijKGiLhpkwrFWhFWbnaU++jKghzy
yN2oLwXohB9pBRQPfHEBAA+BLUjlzkFNCPGObaYEfxGxg+qHD4ciAEWJbZ3BrL/5
s70NLZhVenKBdVA8NmDWbwdK9MmhN+ic8zA+6mCYrmR5xA+y4SJz
-----END CERTIFICATE-----