Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/5ad73b-db17-4322-ade5-b9a9d8ae9421/1/aFUd8c2M__7bNXkIsoVIigmJXqg.roa
File:                     aFUd8c2M__7bNXkIsoVIigmJXqg.roa (raw, json)
Hash identifier:          1SbX5bpUWFZphI1Dh/rnCQpQTzEJVXPaui7lfd63YYg=
Subject key identifier:   68:55:1D:F1:CD:8C:FF:FE:DB:35:79:08:B2:85:48:8A:09:89:5E:A8
Certificate issuer:       /CN=9b759ec9ff54de03a7ff3a65edbb2e0758e6878c
Certificate serial:       018CC64AC9873FAF1029B3528DE3E43D6029
Authority key identifier: 9B:75:9E:C9:FF:54:DE:03:A7:FF:3A:65:ED:BB:2E:07:58:E6:87:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m3Weyf9U3gOn_zpl7bsuB1jmh4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/5ad73b-db17-4322-ade5-b9a9d8ae9421/1/aFUd8c2M__7bNXkIsoVIigmJXqg.roa
Signing time:             Mon 01 Jan 2024 18:30:39 +0000
ROA not before:           Mon 01 Jan 2024 18:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        164.153.132.0/24 maxlen: 24
                          164.153.133.0/24 maxlen: 24
                          164.153.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/5ad73b-db17-4322-ade5-b9a9d8ae9421/1/m3Weyf9U3gOn_zpl7bsuB1jmh4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/5ad73b-db17-4322-ade5-b9a9d8ae9421/1/m3Weyf9U3gOn_zpl7bsuB1jmh4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m3Weyf9U3gOn_zpl7bsuB1jmh4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:c9:87:3f:af:10:29:b3:52:8d:e3:e4:3d:60:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b759ec9ff54de03a7ff3a65edbb2e0758e6878c
        Validity
            Not Before: Jan  1 18:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68551df1cd8cfffedb357908b285488a09895ea8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d4:27:ed:61:4d:f8:23:ff:f8:74:8c:ee:75:
                    da:f3:10:fd:f6:b6:65:19:a4:68:df:82:23:30:a8:
                    dc:90:01:98:21:70:f6:ca:c1:5f:91:ff:3a:ee:18:
                    d7:d7:64:df:76:6d:50:e4:41:0e:4e:31:c9:94:db:
                    1d:d8:cf:14:0e:92:be:a0:86:76:a7:a5:38:78:73:
                    6f:8d:ba:92:d8:59:9e:48:8d:1c:fa:be:74:9a:af:
                    95:0d:26:0b:c3:15:1c:96:88:e8:6a:2c:c2:85:dd:
                    7d:7d:a6:f7:27:0e:8f:ac:0c:7f:d8:7d:27:a8:46:
                    c0:d2:a5:11:c0:21:f6:85:58:30:3b:81:31:2c:2e:
                    16:6c:57:c1:1d:b2:a0:24:d6:0c:59:2d:96:20:3a:
                    b0:2c:48:16:d8:3f:20:4e:c3:b8:16:a9:3d:3b:17:
                    18:8c:f1:a4:ad:99:64:c3:e7:b1:b7:c1:56:46:a3:
                    57:ac:43:04:4d:08:a1:59:55:24:65:f1:64:bb:48:
                    82:34:92:7f:b1:c1:46:3b:07:a0:30:d2:c8:bb:d3:
                    4f:63:cc:4d:85:ec:9e:dd:99:99:0a:f6:83:aa:3d:
                    43:4a:80:9f:e9:57:ae:40:60:a8:29:05:a4:48:87:
                    cb:1b:f1:53:d6:8b:95:c2:12:fe:8a:8f:f2:fb:b9:
                    5e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:55:1D:F1:CD:8C:FF:FE:DB:35:79:08:B2:85:48:8A:09:89:5E:A8
            X509v3 Authority Key Identifier:
                keyid:9B:75:9E:C9:FF:54:DE:03:A7:FF:3A:65:ED:BB:2E:07:58:E6:87:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m3Weyf9U3gOn_zpl7bsuB1jmh4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/5ad73b-db17-4322-ade5-b9a9d8ae9421/1/aFUd8c2M__7bNXkIsoVIigmJXqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/5ad73b-db17-4322-ade5-b9a9d8ae9421/1/m3Weyf9U3gOn_zpl7bsuB1jmh4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.153.132.0-164.153.134.255

    Signature Algorithm: sha256WithRSAEncryption
         47:d8:26:4c:2d:5a:07:68:85:ed:d7:81:eb:24:3e:e2:32:3f:
         63:0b:49:dd:a3:8d:ab:98:c4:f8:18:7b:7f:34:48:35:eb:7c:
         4a:5b:5e:8c:77:fa:40:3b:d9:60:6b:54:e4:15:27:94:d7:43:
         0a:38:f4:76:a0:b4:92:5a:42:5d:44:cf:23:1d:66:07:94:ba:
         f5:97:6a:92:f4:1b:5a:77:62:1e:71:0a:58:0e:38:34:14:d2:
         ad:97:be:57:82:67:36:c1:c3:9b:8f:58:6f:42:f6:d1:7c:d6:
         1d:a6:46:8b:9a:75:cf:b7:83:f1:e6:cb:de:ed:c4:ac:5e:a5:
         7f:39:80:a1:57:b7:db:86:d7:57:e7:7a:05:ef:9d:9c:e6:1b:
         94:82:49:5e:a1:0f:bf:d0:9f:53:dc:24:16:86:7d:5b:f5:20:
         63:9d:cb:54:ff:28:81:a3:cf:90:9c:54:a3:f4:9d:69:6b:1c:
         07:5f:2b:35:7f:b3:6a:5f:e1:bb:71:51:36:a0:f3:b7:9a:fd:
         ae:b0:cd:87:49:40:84:e4:86:e2:c2:23:06:58:e3:02:9f:e3:
         eb:e9:36:f2:6a:1f:84:ee:f4:c9:f6:35:18:ae:e9:57:f6:48:
         6a:ec:ad:3b:66:a2:fc:7d:58:b1:d8:a5:66:56:e1:4d:8d:da:
         78:6c:17:9a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGSsmHP68QKbNSjePkPWApMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNzU5ZWM5ZmY1NGRlMDNhN2ZmM2E2NWVkYmIyZTA3NThl
Njg3OGMwHhcNMjQwMTAxMTgzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODU1MWRmMWNkOGNmZmZlZGIzNTc5MDhiMjg1NDg4YTA5ODk1ZWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtQn7WFN+CP/+HSM7nXa8xD99rZl
GaRo34IjMKjckAGYIXD2ysFfkf867hjX12Tfdm1Q5EEOTjHJlNsd2M8UDpK+oIZ2
p6U4eHNvjbqS2FmeSI0c+r50mq+VDSYLwxUclojoaizChd19fab3Jw6PrAx/2H0n
qEbA0qURwCH2hVgwO4ExLC4WbFfBHbKgJNYMWS2WIDqwLEgW2D8gTsO4Fqk9OxcY
jPGkrZlkw+ext8FWRqNXrEMETQihWVUkZfFku0iCNJJ/scFGOwegMNLIu9NPY8xN
heye3ZmZCvaDqj1DSoCf6VeuQGCoKQWkSIfLG/FT1ouVwhL+io/y+7le5QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGhVHfHNjP/+2zV5CLKFSIoJiV6oMB8GA1UdIwQY
MBaAFJt1nsn/VN4Dp/86Ze27LgdY5oeMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTNXZXlmOVUzZ09uX3pwbDdic3VCMWptaDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS81YWQ3M2ItZGIxNy00MzIyLWFkZTUt
YjlhOWQ4YWU5NDIxLzEvYUZVZDhjMk1fXzdiTlhrSXNvVklpZ21KWHFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS81YWQ3M2ItZGIxNy00MzIyLWFkZTUtYjlhOWQ4YWU5NDIx
LzEvbTNXZXlmOVUzZ09uX3pwbDdic3VCMWptaDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAKkmYQD
BACkmYYwDQYJKoZIhvcNAQELBQADggEBAEfYJkwtWgdohe3XgeskPuIyP2MLSd2j
jauYxPgYe380SDXrfEpbXox3+kA72WBrVOQVJ5TXQwo49HagtJJaQl1EzyMdZgeU
uvWXapL0G1p3Yh5xClgOODQU0q2XvleCZzbBw5uPWG9C9tF81h2mRouadc+3g/Hm
y97txKxepX85gKFXt9uG11fnegXvnZzmG5SCSV6hD7/Qn1PcJBaGfVv1IGOdy1T/
KIGjz5CcVKP0nWlrHAdfKzV/s2pf4btxUTag87ea/a6wzYdJQITkhuLCIwZY4wKf
4+vpNvJqH4Tu9Mn2NRiu6Vf2SGrsrTtmovx9WLHYpWZW4U2N2nhsF5o=
-----END CERTIFICATE-----