Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/FGkzk06_iSowqkXQmSImJrk5GwU.roa
File:                     FGkzk06_iSowqkXQmSImJrk5GwU.roa (raw, json)
Hash identifier:          vOJi1qa3oyplHH3E5oHJ/L7+0HL6VgsiUuJPuSkscqs=
Subject key identifier:   14:69:33:93:4E:BF:89:2A:30:AA:45:D0:99:22:26:26:B9:39:1B:05
Certificate issuer:       /CN=852bc145c5b22394d6feae996bc0bb25254801c6
Certificate serial:       019320061641401C24A773CDD94649D4EB96
Authority key identifier: 85:2B:C1:45:C5:B2:23:94:D6:FE:AE:99:6B:C0:BB:25:25:48:01:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hSvBRcWyI5TW_q6Za8C7JSVIAcY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/FGkzk06_iSowqkXQmSImJrk5GwU.roa
Signing time:             Tue 12 Nov 2024 10:58:09 +0000
ROA not before:           Tue 12 Nov 2024 10:58:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34233
IP address blocks:        83.137.192.0/21 maxlen: 21
                          83.137.192.0/22 maxlen: 22
                          83.137.196.0/24 maxlen: 24
                          2a00:a0c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/hSvBRcWyI5TW_q6Za8C7JSVIAcY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/hSvBRcWyI5TW_q6Za8C7JSVIAcY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hSvBRcWyI5TW_q6Za8C7JSVIAcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:20:06:16:41:40:1c:24:a7:73:cd:d9:46:49:d4:eb:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=852bc145c5b22394d6feae996bc0bb25254801c6
        Validity
            Not Before: Nov 12 10:58:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=146933934ebf892a30aa45d099222626b9391b05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:33:9d:34:a2:bf:55:df:69:43:08:a8:7b:4a:
                    5b:f5:07:5c:97:d2:c3:29:ba:06:3f:cb:d1:0a:01:
                    4d:c5:4e:ac:12:85:05:03:84:83:47:19:9f:89:40:
                    1e:f9:be:f5:9a:87:b8:c8:0e:bb:97:c4:42:ec:5c:
                    dc:6c:6f:f1:3b:e8:1d:df:01:37:42:f5:a5:40:a3:
                    13:8d:28:9d:7d:bb:b7:7e:da:3c:40:03:cb:58:e2:
                    21:57:67:b6:2a:8d:b4:f5:7f:4c:84:ec:20:e8:58:
                    ee:5c:38:b4:6e:cb:5f:c8:cb:61:f9:86:cd:27:b2:
                    9f:f3:07:67:ec:02:d7:01:a8:f6:8f:f0:68:df:ad:
                    87:62:b4:54:54:3a:94:b5:2d:28:cf:47:f7:86:6e:
                    32:7d:9c:c2:f3:80:8d:b2:94:16:74:71:97:9d:e3:
                    c3:aa:5d:7a:b1:d9:0b:b7:65:d3:b9:b2:4a:a4:dc:
                    f0:c3:cf:38:85:9f:e2:38:95:bf:7c:77:97:73:e3:
                    18:99:cc:f6:0b:8d:14:e6:8b:72:2d:21:a4:83:23:
                    ba:34:b2:fa:e6:5d:43:ab:5a:c5:d4:c1:5d:42:e2:
                    ae:10:c3:e9:75:39:ec:0d:65:4c:2d:18:de:33:be:
                    3b:21:2f:86:7f:c0:24:c1:c2:0d:c3:2b:9b:b3:8a:
                    d7:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:69:33:93:4E:BF:89:2A:30:AA:45:D0:99:22:26:26:B9:39:1B:05
            X509v3 Authority Key Identifier:
                keyid:85:2B:C1:45:C5:B2:23:94:D6:FE:AE:99:6B:C0:BB:25:25:48:01:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hSvBRcWyI5TW_q6Za8C7JSVIAcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/FGkzk06_iSowqkXQmSImJrk5GwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/hSvBRcWyI5TW_q6Za8C7JSVIAcY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.192.0/21
                IPv6:
                  2a00:a0c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:c7:9d:79:da:d8:b2:3d:52:70:fe:81:17:0d:43:6f:7f:cb:
         0e:5e:26:17:42:0c:8d:d8:5d:53:1b:be:b7:80:26:0e:b4:da:
         9c:a1:38:89:83:e0:9d:6f:4d:0a:69:6f:55:60:51:90:aa:98:
         d2:34:96:72:1a:e5:99:80:eb:46:93:ee:5c:ed:8e:82:87:e8:
         b6:37:ce:4d:3b:84:7a:10:6d:ba:1a:e4:d5:84:8b:62:3a:06:
         a2:78:6f:06:d3:df:60:31:d0:79:0c:f5:f6:c4:8f:eb:d7:50:
         32:e3:f9:16:46:03:d2:f6:aa:12:1f:a9:36:54:53:0b:d8:82:
         6b:1f:a9:f7:91:5c:7f:4b:f3:b5:25:52:55:29:0c:dc:e9:bd:
         e4:5d:7c:ea:20:72:8c:07:e5:d5:4c:1e:c2:d0:fd:4c:5c:ae:
         54:de:82:e6:02:8e:db:be:f5:3d:b8:ad:f5:2b:b2:f0:c7:c8:
         1a:b7:80:8d:35:73:3f:0c:8c:82:2a:28:0c:91:dc:5b:d0:3c:
         ae:24:85:a3:8d:0f:33:49:3b:ba:7c:b1:d6:41:81:d8:c6:22:
         6c:28:bf:2e:1c:56:a8:f2:f2:48:e5:14:99:d9:33:97:cb:34:
         d6:6f:a5:a2:34:6a:f4:44:2e:07:9f:87:df:28:7e:3a:64:b5:
         e6:39:89:c3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZMgBhZBQBwkp3PN2UZJ1OuWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MmJjMTQ1YzViMjIzOTRkNmZlYWU5OTZiYzBiYjI1MjU0
ODAxYzYwHhcNMjQxMTEyMTA1ODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDY5MzM5MzRlYmY4OTJhMzBhYTQ1ZDA5OTIyMjYyNmI5MzkxYjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTOdNKK/Vd9pQwioe0pb9Qdcl9LD
KboGP8vRCgFNxU6sEoUFA4SDRxmfiUAe+b71moe4yA67l8RC7FzcbG/xO+gd3wE3
QvWlQKMTjSidfbu3fto8QAPLWOIhV2e2Ko209X9MhOwg6FjuXDi0bstfyMth+YbN
J7Kf8wdn7ALXAaj2j/Bo362HYrRUVDqUtS0oz0f3hm4yfZzC84CNspQWdHGXnePD
ql16sdkLt2XTubJKpNzww884hZ/iOJW/fHeXc+MYmcz2C40U5otyLSGkgyO6NLL6
5l1Dq1rF1MFdQuKuEMPpdTnsDWVMLRjeM747IS+Gf8AkwcINwyubs4rXRwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBRpM5NOv4kqMKpF0JkiJia5ORsFMB8GA1UdIwQY
MBaAFIUrwUXFsiOU1v6umWvAuyUlSAHGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFN2QlJjV3lJNVRXX3E2WmE4QzdKU1ZJQWNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9jYTRmZjUtNDhhOC00ZWNjLWJhNzMt
OGQwNzEwZjNkMjc2LzEvRkdremswNl9pU293cWtYUW1TSW1Kcms1R3dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9jYTRmZjUtNDhhOC00ZWNjLWJhNzMtOGQwNzEwZjNkMjc2
LzEvaFN2QlJjV3lJNVRXX3E2WmE4QzdKU1ZJQWNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDU4nAMA0E
AgACMAcDBQAqAKDAMA0GCSqGSIb3DQEBCwUAA4IBAQAox5152tiyPVJw/oEXDUNv
f8sOXiYXQgyN2F1TG763gCYOtNqcoTiJg+Cdb00KaW9VYFGQqpjSNJZyGuWZgOtG
k+5c7Y6Ch+i2N85NO4R6EG26GuTVhItiOgaieG8G099gMdB5DPX2xI/r11Ay4/kW
RgPS9qoSH6k2VFML2IJrH6n3kVx/S/O1JVJVKQzc6b3kXXzqIHKMB+XVTB7C0P1M
XK5U3oLmAo7bvvU9uK31K7Lwx8gat4CNNXM/DIyCKigMkdxb0DyuJIWjjQ8zSTu6
fLHWQYHYxiJsKL8uHFao8vJI5RSZ2TOXyzTWb6WiNGr0RC4Hn4ffKH46ZLXmOYnD
-----END CERTIFICATE-----