Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/_fHcdXZ-C8LmPe8AVxORvaYJSro.roa
File:                     _fHcdXZ-C8LmPe8AVxORvaYJSro.roa (raw, json)
Hash identifier:          aMO7+ZDHkKQMFj6B/gZfNBK3afl7zCitfjMxrgvjewo=
Subject key identifier:   FD:F1:DC:75:76:7E:0B:C2:E6:3D:EF:00:57:13:91:BD:A6:09:4A:BA
Certificate issuer:       /CN=006b06b5d0ff1000e10c4276eea0880af209d7a2
Certificate serial:       018CC2DB1FB51E1834EDFA0247225DF50A72
Authority key identifier: 00:6B:06:B5:D0:FF:10:00:E1:0C:42:76:EE:A0:88:0A:F2:09:D7:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AGsGtdD_EADhDEJ27qCICvIJ16I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/_fHcdXZ-C8LmPe8AVxORvaYJSro.roa
Signing time:             Mon 01 Jan 2024 02:29:49 +0000
ROA not before:           Mon 01 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49477
IP address blocks:        193.169.66.0/23 maxlen: 23
                          185.22.116.0/22 maxlen: 22
                          2a04:1f40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/AGsGtdD_EADhDEJ27qCICvIJ16I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/AGsGtdD_EADhDEJ27qCICvIJ16I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AGsGtdD_EADhDEJ27qCICvIJ16I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 22:03:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1f:b5:1e:18:34:ed:fa:02:47:22:5d:f5:0a:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=006b06b5d0ff1000e10c4276eea0880af209d7a2
        Validity
            Not Before: Jan  1 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdf1dc75767e0bc2e63def00571391bda6094aba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6d:bc:3c:b9:9f:21:73:07:35:93:4f:d6:e3:
                    3b:81:39:1e:35:3f:c1:7a:e1:a2:c7:90:b6:04:3a:
                    26:bd:c9:c1:a5:ce:d8:10:6d:e1:2c:37:ee:30:6f:
                    04:66:15:4c:07:f8:3f:f9:da:9e:de:a5:6f:93:23:
                    31:3f:d2:82:31:0a:da:d4:04:48:eb:8f:2e:0b:59:
                    fc:66:e2:8b:b8:40:47:d0:4d:bf:38:f8:41:92:e1:
                    53:27:7c:3b:13:61:de:2c:b7:8a:3f:d9:d6:39:65:
                    eb:59:9a:38:5d:af:42:64:af:ac:9d:ea:20:c1:3e:
                    62:d9:48:05:a7:f9:1e:a2:75:8c:7c:eb:04:b7:2b:
                    55:0a:ae:96:1b:76:cf:95:23:85:15:0d:38:d7:05:
                    8e:0e:af:1c:6b:3e:b5:c2:02:9a:89:b9:7f:12:af:
                    3d:b3:c2:af:b1:f4:3d:2b:9e:c7:e0:94:0e:25:57:
                    53:5f:27:db:8f:f1:98:43:a1:a2:e7:81:18:42:dc:
                    4b:5b:a1:5c:b1:6b:9f:cf:5d:62:0b:49:85:c5:f1:
                    d6:96:26:b5:e5:3b:90:e3:6c:1c:98:61:22:6f:c9:
                    ae:6b:9d:0d:1a:ee:cf:00:23:15:11:04:6b:24:d4:
                    33:20:54:14:12:07:7b:a3:94:66:2c:a8:ab:8e:94:
                    0c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:F1:DC:75:76:7E:0B:C2:E6:3D:EF:00:57:13:91:BD:A6:09:4A:BA
            X509v3 Authority Key Identifier:
                keyid:00:6B:06:B5:D0:FF:10:00:E1:0C:42:76:EE:A0:88:0A:F2:09:D7:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AGsGtdD_EADhDEJ27qCICvIJ16I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/_fHcdXZ-C8LmPe8AVxORvaYJSro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/AGsGtdD_EADhDEJ27qCICvIJ16I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.116.0/22
                  193.169.66.0/23
                IPv6:
                  2a04:1f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:ba:2d:df:5e:38:06:70:7b:41:e4:99:ee:da:dd:9b:fc:6c:
         a8:8b:d6:68:11:2b:11:e6:4f:ad:f9:e3:bd:fe:49:cc:d1:e6:
         db:cc:93:64:81:40:e3:2e:3b:52:ff:1e:bc:77:25:d0:db:43:
         a9:30:f0:c6:a5:7c:12:41:18:b5:53:15:84:f5:2e:91:3c:90:
         9e:d9:a8:62:fc:0a:2b:d1:3e:7b:0f:42:02:19:04:46:0e:53:
         41:53:f0:bb:21:5e:76:71:36:37:86:1f:2f:40:0e:46:ef:19:
         fa:4c:2e:5c:aa:be:dc:df:e7:74:b0:ee:a5:3a:b7:ff:b2:eb:
         70:42:49:a7:21:d1:70:19:87:9e:eb:5f:c6:be:cc:91:e5:98:
         98:96:eb:da:bc:70:37:c9:75:28:5d:0e:4c:c1:63:81:dd:11:
         1e:7b:97:37:73:06:51:09:0f:ac:d1:c1:6e:b9:1e:ab:17:7f:
         4f:c5:14:7b:f1:7e:67:91:2d:be:5b:ee:74:8f:15:13:47:ac:
         35:88:5a:07:53:aa:1c:1d:e0:bc:bb:9a:21:fb:3c:17:ea:0e:
         4b:9a:6f:f1:1e:c4:85:51:61:37:74:07:da:a7:af:5c:f1:2b:
         01:1a:64:a6:f6:8c:2d:90:da:cc:dc:84:cf:00:bf:ff:2a:db:
         74:9a:c7:19
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzC2x+1Hhg07foCRyJd9QpyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNmIwNmI1ZDBmZjEwMDBlMTBjNDI3NmVlYTA4ODBhZjIw
OWQ3YTIwHhcNMjQwMTAxMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGYxZGM3NTc2N2UwYmMyZTYzZGVmMDA1NzEzOTFiZGE2MDk0YWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApW28PLmfIXMHNZNP1uM7gTkeNT/B
euGix5C2BDomvcnBpc7YEG3hLDfuMG8EZhVMB/g/+dqe3qVvkyMxP9KCMQra1ARI
648uC1n8ZuKLuEBH0E2/OPhBkuFTJ3w7E2HeLLeKP9nWOWXrWZo4Xa9CZK+sneog
wT5i2UgFp/keonWMfOsEtytVCq6WG3bPlSOFFQ041wWODq8caz61wgKaibl/Eq89
s8KvsfQ9K57H4JQOJVdTXyfbj/GYQ6Gi54EYQtxLW6FcsWufz11iC0mFxfHWlia1
5TuQ42wcmGEib8mua50NGu7PACMVEQRrJNQzIFQUEgd7o5RmLKirjpQMLwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFP3x3HV2fgvC5j3vAFcTkb2mCUq6MB8GA1UdIwQY
MBaAFABrBrXQ/xAA4QxCdu6giAryCdeiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUdzR3RkRF9FQURoREVKMjdxQ0lDdklKMTZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80NzM3YzktZTI2My00NGU3LThmZWQt
NTdjOTU1YzljODVkLzEvX2ZIY2RYWi1DOExtUGU4QVZ4T1J2YVlKU3JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80NzM3YzktZTI2My00NGU3LThmZWQtNTdjOTU1YzljODVk
LzEvQUdzR3RkRF9FQURoREVKMjdxQ0lDdklKMTZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuRZ0AwQB
walCMA0EAgACMAcDBQMqBB9AMA0GCSqGSIb3DQEBCwUAA4IBAQA8ui3fXjgGcHtB
5Jnu2t2b/Gyoi9ZoESsR5k+t+eO9/knM0ebbzJNkgUDjLjtS/x68dyXQ20OpMPDG
pXwSQRi1UxWE9S6RPJCe2ahi/Aor0T57D0ICGQRGDlNBU/C7IV52cTY3hh8vQA5G
7xn6TC5cqr7c3+d0sO6lOrf/sutwQkmnIdFwGYee61/GvsyR5ZiYluvavHA3yXUo
XQ5MwWOB3REee5c3cwZRCQ+s0cFuuR6rF39PxRR78X5nkS2+W+50jxUTR6w1iFoH
U6ocHeC8u5oh+zwX6g5Lmm/xHsSFUWE3dAfap69c8SsBGmSm9owtkNrM3ITPAL//
Ktt0mscZ
-----END CERTIFICATE-----