Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/FgFzuhNVaV5UcM49lsvPMAsZCg4.roa
File:                     FgFzuhNVaV5UcM49lsvPMAsZCg4.roa (raw, json)
Hash identifier:          cDY0wZvLObaI4uXeRP3+PLwEmy4+zjWMQ9IkXMSLOlU=
Subject key identifier:   16:01:73:BA:13:55:69:5E:54:70:CE:3D:96:CB:CF:30:0B:19:0A:0E
Certificate issuer:       /CN=d914da56e1a934649da02964ac12eba34c5cb84f
Certificate serial:       019320AAE1661EA6687558D6098479295C55
Authority key identifier: D9:14:DA:56:E1:A9:34:64:9D:A0:29:64:AC:12:EB:A3:4C:5C:B8:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2RTaVuGpNGSdoClkrBLro0xcuE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/FgFzuhNVaV5UcM49lsvPMAsZCg4.roa
Signing time:             Tue 12 Nov 2024 13:58:09 +0000
ROA not before:           Tue 12 Nov 2024 13:58:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44066
IP address blocks:        79.174.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/2RTaVuGpNGSdoClkrBLro0xcuE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/2RTaVuGpNGSdoClkrBLro0xcuE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2RTaVuGpNGSdoClkrBLro0xcuE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:20:aa:e1:66:1e:a6:68:75:58:d6:09:84:79:29:5c:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d914da56e1a934649da02964ac12eba34c5cb84f
        Validity
            Not Before: Nov 12 13:58:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=160173ba1355695e5470ce3d96cbcf300b190a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:11:7c:6a:d3:b1:f2:6f:00:c6:ed:2d:17:f1:
                    6a:e4:14:e4:98:ed:b6:9f:75:43:3a:15:f3:cc:e7:
                    6a:34:ed:11:a7:07:45:d7:a2:74:5d:d3:2a:d9:79:
                    e0:e3:28:44:d6:7a:ea:b1:c6:49:0f:6b:29:10:d9:
                    3a:1c:dc:b8:e9:f1:2b:df:85:04:e7:9b:2f:4c:d4:
                    f1:18:5f:42:1f:00:cd:1d:16:c3:dc:d8:92:ec:2f:
                    89:f8:77:27:1a:63:25:1a:b2:c0:15:0c:94:50:ab:
                    68:f8:5e:ff:fa:04:80:cf:67:59:58:53:7e:35:ef:
                    4f:2c:b1:24:4e:e0:8a:0e:3c:1f:af:d5:d3:45:37:
                    11:f4:08:d1:2b:a1:3a:f0:f9:4b:6a:bf:3c:74:b4:
                    9d:09:10:e2:29:3b:79:22:9f:fa:b2:6b:61:c9:3e:
                    84:0e:0a:8a:2b:c4:77:4c:c4:b6:2f:ae:f1:48:37:
                    c5:2e:42:4f:6e:ad:63:70:6c:59:72:91:a4:5b:70:
                    e5:83:08:40:2a:5e:58:54:89:07:3e:28:8d:8e:b4:
                    eb:87:15:64:b8:29:be:f0:c0:b5:37:a1:6d:e6:e3:
                    0e:b5:9f:cc:99:8b:94:a2:5b:9c:00:09:ff:54:c7:
                    e8:0d:9a:b3:51:37:32:89:7f:e7:45:65:9f:4e:d7:
                    d0:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:01:73:BA:13:55:69:5E:54:70:CE:3D:96:CB:CF:30:0B:19:0A:0E
            X509v3 Authority Key Identifier:
                keyid:D9:14:DA:56:E1:A9:34:64:9D:A0:29:64:AC:12:EB:A3:4C:5C:B8:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2RTaVuGpNGSdoClkrBLro0xcuE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/FgFzuhNVaV5UcM49lsvPMAsZCg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/2RTaVuGpNGSdoClkrBLro0xcuE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.174.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:d7:a7:07:c7:79:ca:0d:3f:52:c3:1b:81:88:71:7a:b0:6d:
         30:be:65:3d:79:05:6f:e2:5d:a0:e2:83:27:b3:40:22:dc:64:
         61:f4:17:53:e5:a5:9c:c1:94:c7:5a:5b:c3:5c:5e:fb:67:e7:
         ff:eb:31:ec:c8:ab:c0:8e:38:68:fa:40:f5:54:d7:b5:e5:bb:
         81:7a:f6:b8:e4:7b:c5:e1:c4:31:86:76:e2:f9:b9:0c:21:53:
         1a:a2:3c:1e:54:a1:dd:56:18:a9:81:08:a0:1c:61:b2:f8:c4:
         27:0e:cd:a5:cd:b3:3d:e0:8e:f3:03:89:15:73:41:cc:66:68:
         75:09:0f:b3:37:3d:0e:7b:b6:20:2f:51:76:84:1c:0b:43:49:
         dd:98:aa:b4:a7:0a:4a:50:bd:5e:05:21:54:96:3b:b4:27:03:
         15:b6:d2:53:4c:14:e1:19:b3:dd:ca:91:ae:51:2c:8d:da:6d:
         eb:bd:53:35:81:ae:1f:45:93:38:22:39:53:83:43:a2:d7:17:
         72:c1:9b:25:46:4a:e0:c9:66:23:c4:c7:d5:04:95:ae:80:8f:
         93:21:65:95:a3:26:bc:3b:2e:7f:e2:a1:6b:a5:37:0b:05:78:
         42:aa:5b:f3:de:98:df:9a:55:e7:9a:c1:af:71:3f:34:e4:af:
         da:22:8f:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMgquFmHqZodVjWCYR5KVxVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MTRkYTU2ZTFhOTM0NjQ5ZGEwMjk2NGFjMTJlYmEzNGM1
Y2I4NGYwHhcNMjQxMTEyMTM1ODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjAxNzNiYTEzNTU2OTVlNTQ3MGNlM2Q5NmNiY2YzMDBiMTkwYTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hF8atOx8m8Axu0tF/Fq5BTkmO22
n3VDOhXzzOdqNO0RpwdF16J0XdMq2Xng4yhE1nrqscZJD2spENk6HNy46fEr34UE
55svTNTxGF9CHwDNHRbD3NiS7C+J+HcnGmMlGrLAFQyUUKto+F7/+gSAz2dZWFN+
Ne9PLLEkTuCKDjwfr9XTRTcR9AjRK6E68PlLar88dLSdCRDiKTt5Ip/6smthyT6E
DgqKK8R3TMS2L67xSDfFLkJPbq1jcGxZcpGkW3DlgwhAKl5YVIkHPiiNjrTrhxVk
uCm+8MC1N6Ft5uMOtZ/MmYuUolucAAn/VMfoDZqzUTcyiX/nRWWfTtfQZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYBc7oTVWleVHDOPZbLzzALGQoOMB8GA1UdIwQY
MBaAFNkU2lbhqTRknaApZKwS66NMXLhPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlJUYVZ1R3BOR1Nkb0Nsa3JCTHJvMHhjdUU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS83YTExYjUtYTQwNS00MWNiLTgxY2It
ZjZiY2NmMWU1MzFmLzEvRmdGenVoTlZhVjVVY000OWxzdlBNQXNaQ2c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS83YTExYjUtYTQwNS00MWNiLTgxY2ItZjZiY2NmMWU1MzFm
LzEvMlJUYVZ1R3BOR1Nkb0Nsa3JCTHJvMHhjdUU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT64DMA0G
CSqGSIb3DQEBCwUAA4IBAQCW16cHx3nKDT9SwxuBiHF6sG0wvmU9eQVv4l2g4oMn
s0Ai3GRh9BdT5aWcwZTHWlvDXF77Z+f/6zHsyKvAjjho+kD1VNe15buBeva45HvF
4cQxhnbi+bkMIVMaojweVKHdVhipgQigHGGy+MQnDs2lzbM94I7zA4kVc0HMZmh1
CQ+zNz0Oe7YgL1F2hBwLQ0ndmKq0pwpKUL1eBSFUlju0JwMVttJTTBThGbPdypGu
USyN2m3rvVM1ga4fRZM4IjlTg0Oi1xdywZslRkrgyWYjxMfVBJWugI+TIWWVoya8
Oy5/4qFrpTcLBXhCqlvz3pjfmlXnmsGvcT805K/aIo8E
-----END CERTIFICATE-----