Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/b50110-02b0-4235-984f-2d80cb25579a/1/FreDDf36fJJHnja659K6kzZ0CIU.roa
File:                     FreDDf36fJJHnja659K6kzZ0CIU.roa (raw, json)
Hash identifier:          dVYLTCBe7Vrz2RX/SNd12KGY0gacz9YnKarFiNi8tAM=
Subject key identifier:   16:B7:83:0D:FD:FA:7C:92:47:9E:36:BA:E7:D2:BA:93:36:74:08:85
Certificate issuer:       /CN=966015578c948f31bf74a1e1fffd7fa3e3460206
Certificate serial:       018CC9BC8A3EB58DD8D0230A3892D6A751E7
Authority key identifier: 96:60:15:57:8C:94:8F:31:BF:74:A1:E1:FF:FD:7F:A3:E3:46:02:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lmAVV4yUjzG_dKHh__1_o-NGAgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/b50110-02b0-4235-984f-2d80cb25579a/1/FreDDf36fJJHnja659K6kzZ0CIU.roa
Signing time:             Tue 02 Jan 2024 10:33:45 +0000
ROA not before:           Tue 02 Jan 2024 10:33:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44909
IP address blocks:        195.66.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/b50110-02b0-4235-984f-2d80cb25579a/1/lmAVV4yUjzG_dKHh__1_o-NGAgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/b50110-02b0-4235-984f-2d80cb25579a/1/lmAVV4yUjzG_dKHh__1_o-NGAgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lmAVV4yUjzG_dKHh__1_o-NGAgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:8a:3e:b5:8d:d8:d0:23:0a:38:92:d6:a7:51:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=966015578c948f31bf74a1e1fffd7fa3e3460206
        Validity
            Not Before: Jan  2 10:33:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16b7830dfdfa7c92479e36bae7d2ba9336740885
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:7d:33:22:d5:d8:e0:f6:0f:d2:cf:69:25:9b:
                    98:7e:cb:ca:0a:76:ca:a3:e7:3a:3d:aa:29:f1:96:
                    d7:c6:78:d0:40:c4:7f:c7:09:4b:b6:67:1d:72:c8:
                    7c:be:aa:f0:4f:a9:e7:98:ff:a4:59:84:61:d3:ff:
                    e8:8d:40:93:63:57:5c:02:09:82:0d:d0:aa:6e:82:
                    aa:b5:b8:a0:c3:17:ef:86:25:8f:07:56:7a:23:03:
                    5c:b3:77:c6:73:58:bc:9a:e7:c8:24:9d:66:ac:c1:
                    83:b2:e0:81:8a:85:31:53:29:5d:66:04:2f:89:53:
                    e7:d5:b5:f2:3c:17:c6:51:83:3b:57:c6:e0:63:0e:
                    13:9c:e0:f0:d2:40:ec:b7:ed:d8:22:a2:5c:cd:dd:
                    5e:be:5a:80:b7:75:26:2f:c5:91:80:ed:5b:f7:a3:
                    6c:43:c8:06:42:0a:bb:49:45:60:fc:36:a3:04:d9:
                    ab:04:ad:33:ff:35:a0:84:0d:65:ca:47:e0:ba:3c:
                    d8:95:bc:c6:bf:c5:db:11:c9:3d:b4:d4:b5:ea:22:
                    c5:aa:c0:e9:bf:99:d1:15:e8:8c:2a:7e:0a:71:09:
                    34:e2:59:32:3d:a0:d6:fe:29:d6:6c:4c:1e:74:17:
                    19:34:57:42:2a:5e:fb:d0:c6:48:72:ce:54:21:58:
                    06:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:B7:83:0D:FD:FA:7C:92:47:9E:36:BA:E7:D2:BA:93:36:74:08:85
            X509v3 Authority Key Identifier:
                keyid:96:60:15:57:8C:94:8F:31:BF:74:A1:E1:FF:FD:7F:A3:E3:46:02:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lmAVV4yUjzG_dKHh__1_o-NGAgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/b50110-02b0-4235-984f-2d80cb25579a/1/FreDDf36fJJHnja659K6kzZ0CIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/b50110-02b0-4235-984f-2d80cb25579a/1/lmAVV4yUjzG_dKHh__1_o-NGAgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:cc:ee:ab:26:25:8c:fa:99:b1:fd:43:8c:c1:0b:b5:34:68:
         d1:9e:8c:f1:bc:7f:49:de:2f:3a:f5:dd:88:90:e4:1c:aa:86:
         66:63:d7:f4:60:ce:56:81:66:b0:f9:ee:75:8f:3e:c2:7c:78:
         85:48:97:8c:71:48:30:28:45:ea:0d:44:51:15:40:33:f8:95:
         33:3f:b5:6c:ba:81:e7:8c:cd:0b:07:d0:3c:f3:99:05:1b:28:
         26:6d:be:a1:d5:70:30:54:97:1a:5d:a9:8b:bf:6d:91:6c:8c:
         5b:4b:60:2e:36:4a:d4:ef:e0:a5:b5:71:29:3f:41:89:a6:b8:
         d0:0b:04:f7:f5:b0:dd:6d:5f:d9:55:39:f0:dd:86:80:a0:a9:
         df:08:fb:09:6b:fc:5b:8c:13:28:4a:51:1c:f9:a1:72:fc:f5:
         0f:82:80:3f:ef:42:19:40:86:ef:8f:2a:33:b0:09:43:a1:8a:
         91:b6:3a:34:d8:76:0d:c8:df:40:c0:de:6c:de:b7:09:9c:a6:
         9a:d6:f1:14:2c:21:ae:b5:f5:b9:0d:5b:64:50:da:ff:68:2e:
         17:f6:51:2d:9b:01:df:b3:93:fe:a5:b1:31:9f:95:39:68:4b:
         32:98:1b:d8:ad:81:65:96:e0:86:57:a0:e8:ca:a7:24:4f:3a:
         b0:b3:c3:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvIo+tY3Y0CMKOJLWp1HnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2NjAxNTU3OGM5NDhmMzFiZjc0YTFlMWZmZmQ3ZmEzZTM0
NjAyMDYwHhcNMjQwMTAyMTAzMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmI3ODMwZGZkZmE3YzkyNDc5ZTM2YmFlN2QyYmE5MzM2NzQwODg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAin0zItXY4PYP0s9pJZuYfsvKCnbK
o+c6Paop8ZbXxnjQQMR/xwlLtmcdcsh8vqrwT6nnmP+kWYRh0//ojUCTY1dcAgmC
DdCqboKqtbigwxfvhiWPB1Z6IwNcs3fGc1i8mufIJJ1mrMGDsuCBioUxUyldZgQv
iVPn1bXyPBfGUYM7V8bgYw4TnODw0kDst+3YIqJczd1evlqAt3UmL8WRgO1b96Ns
Q8gGQgq7SUVg/DajBNmrBK0z/zWghA1lykfgujzYlbzGv8XbEck9tNS16iLFqsDp
v5nRFeiMKn4KcQk04lkyPaDW/inWbEwedBcZNFdCKl770MZIcs5UIVgGKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBa3gw39+nySR542uufSupM2dAiFMB8GA1UdIwQY
MBaAFJZgFVeMlI8xv3Sh4f/9f6PjRgIGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbG1BVlY0eVVqekdfZEtIaF9fMV9vLU5HQWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9iNTAxMTAtMDJiMC00MjM1LTk4NGYt
MmQ4MGNiMjU1NzlhLzEvRnJlRERmMzZmSkpIbmphNjU5SzZrelowQ0lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9iNTAxMTAtMDJiMC00MjM1LTk4NGYtMmQ4MGNiMjU1Nzlh
LzEvbG1BVlY0eVVqekdfZEtIaF9fMV9vLU5HQWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0J8MA0G
CSqGSIb3DQEBCwUAA4IBAQBAzO6rJiWM+pmx/UOMwQu1NGjRnozxvH9J3i869d2I
kOQcqoZmY9f0YM5WgWaw+e51jz7CfHiFSJeMcUgwKEXqDURRFUAz+JUzP7VsuoHn
jM0LB9A885kFGygmbb6h1XAwVJcaXamLv22RbIxbS2AuNkrU7+CltXEpP0GJprjQ
CwT39bDdbV/ZVTnw3YaAoKnfCPsJa/xbjBMoSlEc+aFy/PUPgoA/70IZQIbvjyoz
sAlDoYqRtjo02HYNyN9AwN5s3rcJnKaa1vEULCGutfW5DVtkUNr/aC4X9lEtmwHf
s5P+pbExn5U5aEsymBvYrYFlluCGV6DoyqckTzqws8Pj
-----END CERTIFICATE-----