Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/66Fetc6opG5f3o9gsKuYABh6z7w.roa
File:                     66Fetc6opG5f3o9gsKuYABh6z7w.roa (raw, json)
Hash identifier:          tgclufu3obPlFS+W5jgF7fp5X+me2/Jgin6BBpNoCAg=
Subject key identifier:   EB:A1:5E:B5:CE:A8:A4:6E:5F:DE:8F:60:B0:AB:98:00:18:7A:CF:BC
Certificate issuer:       /CN=5a376c8008d6abd962341563dd2a4dccaf153cba
Certificate serial:       019294DBE4BD13905964A13A77E80CD46E1E
Authority key identifier: 5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/66Fetc6opG5f3o9gsKuYABh6z7w.roa
Signing time:             Wed 16 Oct 2024 10:24:51 +0000
ROA not before:           Wed 16 Oct 2024 10:24:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203854
IP address blocks:        185.122.4.0/22 maxlen: 22
                          2a05:7e40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:94:db:e4:bd:13:90:59:64:a1:3a:77:e8:0c:d4:6e:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a376c8008d6abd962341563dd2a4dccaf153cba
        Validity
            Not Before: Oct 16 10:24:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eba15eb5cea8a46e5fde8f60b0ab9800187acfbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:db:5a:b2:5f:a3:a2:96:d7:f0:28:e6:42:09:
                    27:c0:cc:e3:c5:cd:34:5c:df:68:ae:42:d4:a6:13:
                    54:fe:17:66:84:7f:7e:70:89:19:f5:c6:23:13:f9:
                    cb:12:19:7f:89:30:8c:ac:9d:6d:91:d0:88:fd:33:
                    ca:7a:7b:32:53:24:cb:b2:9b:92:bb:8b:aa:ec:15:
                    ea:08:9d:ae:56:3c:52:21:95:e7:c0:fd:05:7e:c8:
                    df:c3:0f:06:3d:58:8f:b5:42:c7:f6:f9:af:5b:d3:
                    26:c6:80:50:b6:3a:20:60:39:5e:f5:a6:5c:97:5f:
                    0f:f7:b9:49:72:be:da:5e:5b:09:16:2a:18:40:b4:
                    70:4e:aa:a9:1e:cd:bd:88:43:63:8b:a7:7d:a9:87:
                    d8:07:64:7a:ad:1d:f9:3f:b0:e4:84:69:14:e1:a1:
                    81:f1:af:e6:a5:6c:09:cf:03:2c:f5:33:ba:f4:3d:
                    51:b9:13:83:5d:b9:5a:e9:dc:79:ce:3a:c3:99:e9:
                    b7:18:57:6f:23:e6:73:07:b8:c9:14:f9:3a:42:71:
                    2f:fa:82:60:29:e6:0e:ce:0c:44:f3:5e:4e:a1:4b:
                    b7:f4:09:29:5f:fa:e7:f5:46:a2:34:f7:b3:9b:b4:
                    9a:60:cb:d2:1d:28:6d:4e:68:07:32:44:05:f0:35:
                    19:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:A1:5E:B5:CE:A8:A4:6E:5F:DE:8F:60:B0:AB:98:00:18:7A:CF:BC
            X509v3 Authority Key Identifier:
                keyid:5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/66Fetc6opG5f3o9gsKuYABh6z7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.4.0/22
                IPv6:
                  2a05:7e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         a7:8c:48:3e:76:e5:22:0f:bd:92:ab:d5:a7:aa:83:21:ed:10:
         2d:92:63:e3:a2:88:5e:0f:30:27:47:5b:60:11:48:9f:29:83:
         eb:d9:41:66:4b:5d:f2:cf:ee:c7:0d:ae:c9:07:ea:55:5e:f8:
         c5:68:80:c9:9f:e2:6d:ea:3e:d5:f4:51:7b:80:1e:ab:a1:97:
         32:ae:3b:be:a8:8f:60:e6:7a:63:1f:d4:e4:f2:6a:e5:d1:7b:
         cb:7d:ec:bd:c9:0a:0e:f2:d0:64:09:28:49:e8:8f:99:8c:51:
         39:6c:a4:03:0f:91:52:3b:ea:86:8d:b3:f8:7c:67:69:1c:99:
         55:82:36:1e:00:ba:e5:a3:61:9d:72:51:37:ab:4d:b3:1b:38:
         22:12:50:ca:b0:88:15:da:d1:3b:28:cc:8b:65:34:35:8a:fd:
         6a:e7:79:82:e2:04:ea:1e:c2:c6:dd:d9:41:7c:28:d0:02:7e:
         1f:e9:14:1d:07:80:68:12:16:df:bc:3f:f2:f3:10:95:60:e4:
         69:4f:c6:6e:de:4c:66:47:bc:c2:04:e9:e2:50:ac:2c:9b:86:
         12:1f:24:2d:ae:b7:46:b3:3b:4f:dc:cc:71:1f:d0:4b:66:e3:
         db:b9:14:1d:93:60:bb:a3:8c:6a:2d:f4:3c:c0:94:4c:a4:62:
         73:51:8b:57
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZKU2+S9E5BZZKE6d+gM1G4eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMzc2YzgwMDhkNmFiZDk2MjM0MTU2M2RkMmE0ZGNjYWYx
NTNjYmEwHhcNMjQxMDE2MTAyNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmExNWViNWNlYThhNDZlNWZkZThmNjBiMGFiOTgwMDE4N2FjZmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdtasl+jopbX8CjmQgknwMzjxc00
XN9orkLUphNU/hdmhH9+cIkZ9cYjE/nLEhl/iTCMrJ1tkdCI/TPKensyUyTLspuS
u4uq7BXqCJ2uVjxSIZXnwP0Ffsjfww8GPViPtULH9vmvW9MmxoBQtjogYDle9aZc
l18P97lJcr7aXlsJFioYQLRwTqqpHs29iENji6d9qYfYB2R6rR35P7DkhGkU4aGB
8a/mpWwJzwMs9TO69D1RuRODXbla6dx5zjrDmem3GFdvI+ZzB7jJFPk6QnEv+oJg
KeYOzgxE815OoUu39AkpX/rn9UaiNPezm7SaYMvSHShtTmgHMkQF8DUZ+QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOuhXrXOqKRuX96PYLCrmAAYes+8MB8GA1UdIwQY
MBaAFFo3bIAI1qvZYjQVY90qTcyvFTy6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2pkc2dBaldxOWxpTkJWajNTcE56SzhWUExvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9jYWE3NDMtMWMxMy00YTI1LTlmNmEt
NjViZTU1MDMxNjVkLzEvNjZGZXRjNm9wRzVmM285Z3NLdVlBQmg2ejd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9jYWE3NDMtMWMxMy00YTI1LTlmNmEtNjViZTU1MDMxNjVk
LzEvV2pkc2dBaldxOWxpTkJWajNTcE56SzhWUExvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXoEMA0E
AgACMAcDBQMqBX5AMA0GCSqGSIb3DQEBCwUAA4IBAQCnjEg+duUiD72Sq9WnqoMh
7RAtkmPjooheDzAnR1tgEUifKYPr2UFmS13yz+7HDa7JB+pVXvjFaIDJn+Jt6j7V
9FF7gB6roZcyrju+qI9g5npjH9Tk8mrl0XvLfey9yQoO8tBkCShJ6I+ZjFE5bKQD
D5FSO+qGjbP4fGdpHJlVgjYeALrlo2GdclE3q02zGzgiElDKsIgV2tE7KMyLZTQ1
iv1q53mC4gTqHsLG3dlBfCjQAn4f6RQdB4BoEhbfvD/y8xCVYORpT8Zu3kxmR7zC
BOniUKwsm4YSHyQtrrdGsztP3MxxH9BLZuPbuRQdk2C7o4xqLfQ8wJRMpGJzUYtX
-----END CERTIFICATE-----