Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/f14721-2910-42de-b71e-46ce5c8241db/1/ghPFNTfsfPJZrYNXwnWgqBYQu9A.roa
File:                     ghPFNTfsfPJZrYNXwnWgqBYQu9A.roa (raw, json)
Hash identifier:          WbTt6l22ufEmfY4Mpdturl5+qw3R3pDameSu9Dr2tY0=
Subject key identifier:   82:13:C5:35:37:EC:7C:F2:59:AD:83:57:C2:75:A0:A8:16:10:BB:D0
Certificate issuer:       /CN=7eac66fc2231cb2656e75335a1fd66771f57a9cc
Certificate serial:       0192B40544A57CA9A1B83FE43D6386EC059C
Authority key identifier: 7E:AC:66:FC:22:31:CB:26:56:E7:53:35:A1:FD:66:77:1F:57:A9:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fqxm_CIxyyZW51M1of1mdx9Xqcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/f14721-2910-42de-b71e-46ce5c8241db/1/ghPFNTfsfPJZrYNXwnWgqBYQu9A.roa
Signing time:             Tue 22 Oct 2024 11:38:16 +0000
ROA not before:           Tue 22 Oct 2024 11:38:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203937
IP address blocks:        185.119.120.0/22 maxlen: 22
                          185.131.240.0/23 maxlen: 23
                          185.131.242.0/24 maxlen: 24
                          185.131.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/f14721-2910-42de-b71e-46ce5c8241db/1/fqxm_CIxyyZW51M1of1mdx9Xqcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/f14721-2910-42de-b71e-46ce5c8241db/1/fqxm_CIxyyZW51M1of1mdx9Xqcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fqxm_CIxyyZW51M1of1mdx9Xqcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b4:05:44:a5:7c:a9:a1:b8:3f:e4:3d:63:86:ec:05:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7eac66fc2231cb2656e75335a1fd66771f57a9cc
        Validity
            Not Before: Oct 22 11:38:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8213c53537ec7cf259ad8357c275a0a81610bbd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7c:34:aa:69:d6:41:c3:7a:50:1f:0d:18:a5:
                    6c:69:40:49:df:d2:56:34:e3:31:45:57:e3:35:07:
                    d7:06:1a:58:88:23:18:2d:ba:4a:04:9e:12:be:7c:
                    14:be:b0:c4:39:50:d5:77:84:c6:cf:5e:e5:ac:77:
                    7e:53:98:fe:27:d0:31:04:0e:4c:68:79:5d:c6:0f:
                    93:79:42:38:1b:a8:f0:07:49:c4:22:e4:10:78:28:
                    f5:0e:cf:ae:82:6c:fe:a5:60:55:d8:e1:cf:3d:3e:
                    d7:54:bd:9c:3a:21:6f:16:60:27:6d:ab:3d:3f:d2:
                    ba:7c:63:9c:2e:0e:e0:57:6f:f4:46:23:56:8a:19:
                    80:9a:86:17:6e:8e:22:5a:72:93:59:5a:82:67:16:
                    0a:26:5e:9a:81:11:48:6c:31:17:a3:24:69:d9:12:
                    1f:a3:e4:51:5c:44:10:ef:10:6b:c0:4e:09:5c:bf:
                    55:ae:fa:7a:2a:6a:7a:38:6a:bd:ba:ef:d1:21:58:
                    4c:53:46:d6:97:4b:64:7e:17:5c:d2:73:8d:7a:74:
                    74:45:9b:d8:70:01:7a:30:45:d5:8a:da:75:c7:23:
                    08:4d:1e:db:b2:1f:3e:57:18:a3:4e:1f:a2:87:60:
                    a2:c9:35:86:15:72:6e:c0:4e:1e:ac:80:42:aa:e2:
                    cb:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:13:C5:35:37:EC:7C:F2:59:AD:83:57:C2:75:A0:A8:16:10:BB:D0
            X509v3 Authority Key Identifier:
                keyid:7E:AC:66:FC:22:31:CB:26:56:E7:53:35:A1:FD:66:77:1F:57:A9:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fqxm_CIxyyZW51M1of1mdx9Xqcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/f14721-2910-42de-b71e-46ce5c8241db/1/ghPFNTfsfPJZrYNXwnWgqBYQu9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/f14721-2910-42de-b71e-46ce5c8241db/1/fqxm_CIxyyZW51M1of1mdx9Xqcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.120.0/22
                  185.131.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:92:9b:23:77:5c:60:31:4d:98:ab:68:c4:02:af:4d:b6:c8:
         f3:01:d7:17:2a:5f:26:a7:a0:ab:ef:24:fe:11:a7:0e:6b:d0:
         94:ad:f7:c1:1b:e1:4a:2f:f7:cc:be:d2:99:3b:d6:83:6a:e9:
         9f:ae:05:b0:56:82:46:2e:04:3b:91:35:57:35:e1:e4:28:b4:
         75:46:fe:10:65:2e:2f:85:39:f7:3f:e7:a1:5b:7e:89:21:30:
         81:14:93:a5:80:ba:ac:53:6d:16:af:fb:1a:d1:db:02:fb:c9:
         17:a9:57:3f:d3:1b:eb:15:b7:84:2e:47:c1:e7:1f:85:6c:79:
         17:d0:05:69:4d:10:99:bb:8d:76:25:5d:58:d7:05:2a:d0:73:
         e9:72:bb:c0:22:1f:fb:52:ab:37:92:32:4b:c7:ac:9f:83:28:
         88:42:4c:44:2b:b4:ad:6f:79:d4:99:76:63:61:a0:b6:ec:fc:
         96:2f:47:03:92:fc:c1:cc:f0:36:65:6e:10:6e:b7:c3:6b:a8:
         3e:40:8c:f5:03:b2:f2:d9:c2:7f:64:86:35:ed:6c:be:31:dc:
         3c:99:81:b8:ff:3b:7c:2d:9a:45:68:f7:d3:20:e9:5d:41:b3:
         f4:a0:fa:00:7a:46:37:7e:a8:fb:4e:f4:91:15:fb:77:d0:f8:
         59:0f:a6:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZK0BUSlfKmhuD/kPWOG7AWcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlYWM2NmZjMjIzMWNiMjY1NmU3NTMzNWExZmQ2Njc3MWY1
N2E5Y2MwHhcNMjQxMDIyMTEzODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjEzYzUzNTM3ZWM3Y2YyNTlhZDgzNTdjMjc1YTBhODE2MTBiYmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3w0qmnWQcN6UB8NGKVsaUBJ39JW
NOMxRVfjNQfXBhpYiCMYLbpKBJ4SvnwUvrDEOVDVd4TGz17lrHd+U5j+J9AxBA5M
aHldxg+TeUI4G6jwB0nEIuQQeCj1Ds+ugmz+pWBV2OHPPT7XVL2cOiFvFmAnbas9
P9K6fGOcLg7gV2/0RiNWihmAmoYXbo4iWnKTWVqCZxYKJl6agRFIbDEXoyRp2RIf
o+RRXEQQ7xBrwE4JXL9Vrvp6Kmp6OGq9uu/RIVhMU0bWl0tkfhdc0nONenR0RZvY
cAF6MEXVitp1xyMITR7bsh8+VxijTh+ih2CiyTWGFXJuwE4erIBCquLLGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIITxTU37HzyWa2DV8J1oKgWELvQMB8GA1UdIwQY
MBaAFH6sZvwiMcsmVudTNaH9ZncfV6nMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnF4bV9DSXh5eVpXNTFNMW9mMW1keDlYcWN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9mMTQ3MjEtMjkxMC00MmRlLWI3MWUt
NDZjZTVjODI0MWRiLzEvZ2hQRk5UZnNmUEpacllOWHduV2dxQllRdTlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9mMTQ3MjEtMjkxMC00MmRlLWI3MWUtNDZjZTVjODI0MWRi
LzEvZnF4bV9DSXh5eVpXNTFNMW9mMW1keDlYcWN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuXd4AwQC
uYPwMA0GCSqGSIb3DQEBCwUAA4IBAQAakpsjd1xgMU2Yq2jEAq9NtsjzAdcXKl8m
p6Cr7yT+EacOa9CUrffBG+FKL/fMvtKZO9aDaumfrgWwVoJGLgQ7kTVXNeHkKLR1
Rv4QZS4vhTn3P+ehW36JITCBFJOlgLqsU20Wr/sa0dsC+8kXqVc/0xvrFbeELkfB
5x+FbHkX0AVpTRCZu412JV1Y1wUq0HPpcrvAIh/7Uqs3kjJLx6yfgyiIQkxEK7St
b3nUmXZjYaC27PyWL0cDkvzBzPA2ZW4QbrfDa6g+QIz1A7Ly2cJ/ZIY17Wy+Mdw8
mYG4/zt8LZpFaPfTIOldQbP0oPoAekY3fqj7TvSRFft30PhZD6ag
-----END CERTIFICATE-----