Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/fe1a8c-9585-4291-9df1-d9e6c5f0d288/1/FFEFwVRHWxZ-gnlHbEEIROqSgHY.roa
File:                     FFEFwVRHWxZ-gnlHbEEIROqSgHY.roa (raw, json)
Hash identifier:          KT2xc8fimoOSY4sXutXIPmmdSk8HxI5onhJKWM8iVIk=
Subject key identifier:   14:51:05:C1:54:47:5B:16:7E:82:79:47:6C:41:08:44:EA:92:80:76
Certificate issuer:       /CN=38d0438ab56d84217131bc06fe335e4c7843eb79
Certificate serial:       019276E8A90CDEABD166DAD35D697266C61E
Authority key identifier: 38:D0:43:8A:B5:6D:84:21:71:31:BC:06:FE:33:5E:4C:78:43:EB:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ONBDirVthCFxMbwG_jNeTHhD63k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/fe1a8c-9585-4291-9df1-d9e6c5f0d288/1/FFEFwVRHWxZ-gnlHbEEIROqSgHY.roa
Signing time:             Thu 10 Oct 2024 14:50:11 +0000
ROA not before:           Thu 10 Oct 2024 14:50:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58282
IP address blocks:        193.3.60.0/24 maxlen: 24
                          193.3.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/fe1a8c-9585-4291-9df1-d9e6c5f0d288/1/ONBDirVthCFxMbwG_jNeTHhD63k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/fe1a8c-9585-4291-9df1-d9e6c5f0d288/1/ONBDirVthCFxMbwG_jNeTHhD63k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ONBDirVthCFxMbwG_jNeTHhD63k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 14:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:76:e8:a9:0c:de:ab:d1:66:da:d3:5d:69:72:66:c6:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38d0438ab56d84217131bc06fe335e4c7843eb79
        Validity
            Not Before: Oct 10 14:50:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=145105c154475b167e8279476c410844ea928076
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:04:e5:f0:2a:d0:be:f0:c6:e9:d2:e0:24:3a:
                    97:46:c5:0f:82:b9:54:ac:dc:5d:88:65:89:ed:e4:
                    bd:21:ab:d9:03:5e:8f:c3:41:c4:a9:1c:3c:ea:3f:
                    f8:42:f5:91:3b:3b:5f:94:df:e2:db:eb:6c:5f:bd:
                    f1:86:02:88:0d:8f:6d:f2:d1:ea:6c:be:87:15:3d:
                    c1:4f:4e:ac:44:6d:c8:51:81:ab:e3:e1:a1:58:e3:
                    92:2f:70:50:d5:b4:4e:ae:6f:de:ee:b8:e9:2c:4d:
                    51:e7:38:9c:65:cb:cd:92:1d:07:60:15:6b:ec:66:
                    eb:4a:c7:1e:c8:a0:d5:ac:6c:78:e8:65:05:be:84:
                    ea:43:98:cd:6b:1d:c9:0b:57:ab:10:26:89:51:e8:
                    7e:d9:c1:3b:90:ab:85:5f:83:e1:31:2e:ff:7c:9f:
                    20:f9:d8:82:cd:b1:c6:ef:d1:fd:cb:ae:60:3a:9f:
                    84:8e:a0:a4:17:5c:6a:f9:10:e1:1f:e3:54:f8:c7:
                    69:6b:e3:38:28:11:b1:45:10:02:e5:ca:bb:1a:96:
                    ca:05:cf:3a:45:4a:c5:ad:3a:cb:45:56:ea:9e:c5:
                    c8:a9:1e:18:a6:9b:b1:9b:b0:48:bf:73:3c:b5:bd:
                    3b:ab:69:44:40:5c:36:98:26:c9:89:2e:57:c8:1d:
                    ee:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:51:05:C1:54:47:5B:16:7E:82:79:47:6C:41:08:44:EA:92:80:76
            X509v3 Authority Key Identifier:
                keyid:38:D0:43:8A:B5:6D:84:21:71:31:BC:06:FE:33:5E:4C:78:43:EB:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ONBDirVthCFxMbwG_jNeTHhD63k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/fe1a8c-9585-4291-9df1-d9e6c5f0d288/1/FFEFwVRHWxZ-gnlHbEEIROqSgHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/fe1a8c-9585-4291-9df1-d9e6c5f0d288/1/ONBDirVthCFxMbwG_jNeTHhD63k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:f0:55:ce:7f:25:9f:4b:11:6a:00:e3:62:59:53:7b:f7:54:
         4b:1c:ed:a2:1c:46:92:cc:ac:53:31:ec:64:8f:5e:ff:06:4e:
         53:1b:0a:0f:f6:c1:25:07:de:f4:09:4a:e6:8a:90:7e:36:ec:
         2d:f6:88:42:91:64:87:c3:09:40:d0:f0:01:c5:d7:4c:6d:85:
         bd:c5:d7:d7:79:28:ed:88:c1:70:d8:21:02:63:51:e7:9b:9f:
         5b:d0:77:19:29:fb:89:23:87:db:b8:d5:74:2d:48:cd:b1:53:
         d8:e2:db:b1:85:c2:be:1a:b1:85:23:ff:dd:8a:6e:50:8f:59:
         41:7d:a3:5d:e1:5b:4f:6f:10:9f:ed:bb:e8:b1:7d:75:9e:6f:
         83:65:6f:4f:59:8f:d6:70:f0:49:2f:6f:5f:2e:96:1d:49:ae:
         75:91:b7:c4:d9:45:fd:fd:87:fa:ba:fc:40:ac:2b:1c:07:07:
         1f:fd:01:40:bf:31:e9:42:19:52:23:59:15:63:89:8b:d5:a2:
         79:cc:8f:a5:3b:47:b6:55:c2:56:e8:f0:a9:35:57:2b:92:62:
         94:42:b6:92:d3:db:08:7b:07:a1:33:cf:1d:7f:4a:f3:4f:52:
         b7:32:8e:08:8b:b3:85:3f:1e:d7:90:f4:22:f6:e3:89:00:01:
         e1:db:68:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ26KkM3qvRZtrTXWlyZsYeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ZDA0MzhhYjU2ZDg0MjE3MTMxYmMwNmZlMzM1ZTRjNzg0
M2ViNzkwHhcNMjQxMDEwMTQ1MDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDUxMDVjMTU0NDc1YjE2N2U4Mjc5NDc2YzQxMDg0NGVhOTI4MDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ATl8CrQvvDG6dLgJDqXRsUPgrlU
rNxdiGWJ7eS9IavZA16Pw0HEqRw86j/4QvWROztflN/i2+tsX73xhgKIDY9t8tHq
bL6HFT3BT06sRG3IUYGr4+GhWOOSL3BQ1bROrm/e7rjpLE1R5zicZcvNkh0HYBVr
7GbrSsceyKDVrGx46GUFvoTqQ5jNax3JC1erECaJUeh+2cE7kKuFX4PhMS7/fJ8g
+diCzbHG79H9y65gOp+EjqCkF1xq+RDhH+NU+Mdpa+M4KBGxRRAC5cq7GpbKBc86
RUrFrTrLRVbqnsXIqR4Yppuxm7BIv3M8tb07q2lEQFw2mCbJiS5XyB3uwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRRBcFUR1sWfoJ5R2xBCETqkoB2MB8GA1UdIwQY
MBaAFDjQQ4q1bYQhcTG8Bv4zXkx4Q+t5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT05CRGlyVnRoQ0Z4TWJ3R19qTmVUSGhENjNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9mZTFhOGMtOTU4NS00MjkxLTlkZjEt
ZDllNmM1ZjBkMjg4LzEvRkZFRndWUkhXeFotZ25sSGJFRUlST3FTZ0hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9mZTFhOGMtOTU4NS00MjkxLTlkZjEtZDllNmM1ZjBkMjg4
LzEvT05CRGlyVnRoQ0Z4TWJ3R19qTmVUSGhENjNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwQM8MA0G
CSqGSIb3DQEBCwUAA4IBAQBr8FXOfyWfSxFqAONiWVN791RLHO2iHEaSzKxTMexk
j17/Bk5TGwoP9sElB970CUrmipB+Nuwt9ohCkWSHwwlA0PABxddMbYW9xdfXeSjt
iMFw2CECY1Hnm59b0HcZKfuJI4fbuNV0LUjNsVPY4tuxhcK+GrGFI//dim5Qj1lB
faNd4VtPbxCf7bvosX11nm+DZW9PWY/WcPBJL29fLpYdSa51kbfE2UX9/Yf6uvxA
rCscBwcf/QFAvzHpQhlSI1kVY4mL1aJ5zI+lO0e2VcJW6PCpNVcrkmKUQraS09sI
ewehM88df0rzT1K3Mo4Ii7OFPx7XkPQi9uOJAAHh22g1
-----END CERTIFICATE-----