Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/ae1f3a-65a8-4794-91c8-a5879b69f126/1/_bL-oqLiNrhk8r5yvrMsAb0xWU0.roa
File:                     _bL-oqLiNrhk8r5yvrMsAb0xWU0.roa (raw, json)
Hash identifier:          ndMLqC4uFsLLWIqCPFOfqvZyd/9MM3csvNL1wkBvGpo=
Subject key identifier:   FD:B2:FE:A2:A2:E2:36:B8:64:F2:BE:72:BE:B3:2C:01:BD:31:59:4D
Certificate issuer:       /CN=050365c8af48813a5bab97ede355539f11474dc7
Certificate serial:       018CC64ABD332C4F96AD8F23D57AFD455725
Authority key identifier: 05:03:65:C8:AF:48:81:3A:5B:AB:97:ED:E3:55:53:9F:11:47:4D:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BQNlyK9IgTpbq5ft41VTnxFHTcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/ae1f3a-65a8-4794-91c8-a5879b69f126/1/_bL-oqLiNrhk8r5yvrMsAb0xWU0.roa
Signing time:             Mon 01 Jan 2024 18:30:36 +0000
ROA not before:           Mon 01 Jan 2024 18:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39587
IP address blocks:        147.78.236.0/23 maxlen: 23
                          2a0f:2980::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/ae1f3a-65a8-4794-91c8-a5879b69f126/1/BQNlyK9IgTpbq5ft41VTnxFHTcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/ae1f3a-65a8-4794-91c8-a5879b69f126/1/BQNlyK9IgTpbq5ft41VTnxFHTcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BQNlyK9IgTpbq5ft41VTnxFHTcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:bd:33:2c:4f:96:ad:8f:23:d5:7a:fd:45:57:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=050365c8af48813a5bab97ede355539f11474dc7
        Validity
            Not Before: Jan  1 18:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdb2fea2a2e236b864f2be72beb32c01bd31594d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ed:31:e2:a2:a6:60:ff:36:89:c2:02:95:ec:
                    f4:01:7c:3d:e1:66:63:f9:e7:7f:54:75:34:0a:55:
                    e8:0c:4b:63:46:d9:0e:3c:29:68:27:83:ae:bc:92:
                    79:93:a5:61:83:63:41:49:6e:58:c3:7c:9e:b4:02:
                    05:ed:7b:e6:d5:76:05:b7:b0:c7:68:30:e3:58:19:
                    f7:a2:79:7e:e1:d3:7e:0a:a4:fc:41:fc:51:0c:90:
                    05:97:d2:77:34:3b:1e:87:4b:87:aa:21:d9:e5:78:
                    aa:fc:bf:f1:aa:ae:49:06:6f:4c:21:eb:b5:a1:83:
                    c3:6f:f2:c2:7d:2c:fc:7d:33:6c:a9:1c:e6:45:d9:
                    26:fe:94:c3:bf:8d:20:95:ee:9c:1d:02:bf:f3:75:
                    8e:f8:94:3c:71:86:79:0a:31:66:43:da:21:c4:d6:
                    29:e4:69:e3:92:81:08:fd:22:05:18:a5:4e:55:a1:
                    f9:74:ca:b0:01:00:d4:c2:05:79:ca:4f:36:05:27:
                    9d:1a:b8:23:2d:39:80:b1:31:47:17:83:bc:68:d2:
                    b1:ef:8a:1f:f2:d2:a9:6e:99:f7:6c:3a:db:0a:57:
                    9f:4b:05:24:2e:12:72:a5:95:ec:a6:f6:78:2e:19:
                    92:a1:8d:32:de:c4:c7:27:96:54:60:b5:93:87:cb:
                    f4:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:B2:FE:A2:A2:E2:36:B8:64:F2:BE:72:BE:B3:2C:01:BD:31:59:4D
            X509v3 Authority Key Identifier:
                keyid:05:03:65:C8:AF:48:81:3A:5B:AB:97:ED:E3:55:53:9F:11:47:4D:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BQNlyK9IgTpbq5ft41VTnxFHTcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/ae1f3a-65a8-4794-91c8-a5879b69f126/1/_bL-oqLiNrhk8r5yvrMsAb0xWU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/ae1f3a-65a8-4794-91c8-a5879b69f126/1/BQNlyK9IgTpbq5ft41VTnxFHTcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.236.0/23
                IPv6:
                  2a0f:2980::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:b1:ea:e7:9b:36:2b:23:00:3b:ca:97:fb:33:c4:b7:fb:19:
         7a:ae:e7:17:e7:e2:2b:d5:c8:83:9b:f9:0b:d4:13:86:b8:41:
         5b:86:64:9e:76:68:b6:11:12:cf:8a:82:b3:10:2b:5b:65:0e:
         ec:c3:21:5f:30:4b:3a:02:a4:b8:6d:80:cf:3d:4a:a0:8c:ba:
         12:a5:59:34:42:85:52:1b:9c:bd:aa:c3:45:00:e5:fb:30:87:
         9e:f2:94:c2:d0:56:97:4c:4f:2f:e6:88:55:77:af:77:09:a3:
         bc:ac:f4:f9:5c:07:d2:d0:96:10:e7:cb:85:95:af:76:da:99:
         3e:3e:a8:5e:5c:d3:bc:87:a4:25:87:d6:dc:ce:b2:b1:66:4a:
         fe:9c:66:a9:66:e8:ee:92:9e:8a:d9:0b:11:bc:e3:86:c5:cd:
         e8:01:6b:fb:4d:63:e4:8c:11:0b:eb:e2:40:be:49:29:4b:d0:
         e5:e5:91:14:1a:ce:1c:16:60:f2:31:c0:aa:cc:22:ed:1d:5b:
         eb:76:83:b0:ed:a6:bd:63:58:a7:e9:98:df:42:8c:15:b8:09:
         7e:76:15:c5:3b:37:1c:5b:69:3b:c8:31:49:64:7a:9c:91:77:
         fd:0c:02:bf:63:c9:ac:11:53:a9:6f:d7:b2:75:6b:cc:2e:c1:
         0a:f8:c0:b0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSr0zLE+WrY8j1Xr9RVclMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MDM2NWM4YWY0ODgxM2E1YmFiOTdlZGUzNTU1MzlmMTE0
NzRkYzcwHhcNMjQwMTAxMTgzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGIyZmVhMmEyZTIzNmI4NjRmMmJlNzJiZWIzMmMwMWJkMzE1OTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+0x4qKmYP82icIClez0AXw94WZj
+ed/VHU0ClXoDEtjRtkOPCloJ4OuvJJ5k6Vhg2NBSW5Yw3yetAIF7Xvm1XYFt7DH
aDDjWBn3onl+4dN+CqT8QfxRDJAFl9J3NDseh0uHqiHZ5Xiq/L/xqq5JBm9MIeu1
oYPDb/LCfSz8fTNsqRzmRdkm/pTDv40gle6cHQK/83WO+JQ8cYZ5CjFmQ9ohxNYp
5GnjkoEI/SIFGKVOVaH5dMqwAQDUwgV5yk82BSedGrgjLTmAsTFHF4O8aNKx74of
8tKpbpn3bDrbClefSwUkLhJypZXspvZ4LhmSoY0y3sTHJ5ZUYLWTh8v03wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP2y/qKi4ja4ZPK+cr6zLAG9MVlNMB8GA1UdIwQY
MBaAFAUDZcivSIE6W6uX7eNVU58RR03HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlFObHlLOUlnVHBicTVmdDQxVlRueEZIVGNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZTFmM2EtNjVhOC00Nzk0LTkxYzgt
YTU4NzliNjlmMTI2LzEvX2JMLW9xTGlOcmhrOHI1eXZyTXNBYjB4V1UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZTFmM2EtNjVhOC00Nzk0LTkxYzgtYTU4NzliNjlmMTI2
LzEvQlFObHlLOUlnVHBicTVmdDQxVlRueEZIVGNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBk07sMA0E
AgACMAcDBQMqDymAMA0GCSqGSIb3DQEBCwUAA4IBAQBBsernmzYrIwA7ypf7M8S3
+xl6rucX5+Ir1ciDm/kL1BOGuEFbhmSedmi2ERLPioKzECtbZQ7swyFfMEs6AqS4
bYDPPUqgjLoSpVk0QoVSG5y9qsNFAOX7MIee8pTC0FaXTE8v5ohVd693CaO8rPT5
XAfS0JYQ58uFla922pk+PqheXNO8h6Qlh9bczrKxZkr+nGapZujukp6K2QsRvOOG
xc3oAWv7TWPkjBEL6+JAvkkpS9Dl5ZEUGs4cFmDyMcCqzCLtHVvrdoOw7aa9Y1in
6ZjfQowVuAl+dhXFOzccW2k7yDFJZHqckXf9DAK/Y8msEVOpb9eydWvMLsEK+MCw
-----END CERTIFICATE-----