Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/frMCPky-VCZAMD2LOVXWDz8-_zA.roa
File:                     frMCPky-VCZAMD2LOVXWDz8-_zA.roa (raw, json)
Hash identifier:          SApuK4oQ86/iVGISPYlS01ef4MV+gEb/nEBtCvs7Th8=
Subject key identifier:   7E:B3:02:3E:4C:BE:54:26:40:30:3D:8B:39:55:D6:0F:3F:3E:FF:30
Certificate issuer:       /CN=66de1d9dcdb25c1e532c5c9b69dfa757e306210e
Certificate serial:       018CC86F4B62D829F84ECE061473C7AD8AFF
Authority key identifier: 66:DE:1D:9D:CD:B2:5C:1E:53:2C:5C:9B:69:DF:A7:57:E3:06:21:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/frMCPky-VCZAMD2LOVXWDz8-_zA.roa
Signing time:             Tue 02 Jan 2024 04:29:46 +0000
ROA not before:           Tue 02 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51335
IP address blocks:        85.118.36.0/24 maxlen: 24
                          85.118.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:4b:62:d8:29:f8:4e:ce:06:14:73:c7:ad:8a:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66de1d9dcdb25c1e532c5c9b69dfa757e306210e
        Validity
            Not Before: Jan  2 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7eb3023e4cbe542640303d8b3955d60f3f3eff30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:eb:d9:10:87:f6:5f:2a:c9:13:67:9b:fc:3d:
                    27:b4:d2:5c:f6:32:16:0b:9b:da:05:c8:20:2e:f3:
                    16:3d:2c:5e:22:1e:58:9a:d4:ff:0d:22:e7:e7:ba:
                    37:dd:99:a6:ef:33:ea:d2:8e:8a:e5:33:6d:d0:19:
                    ae:82:72:7d:ff:5f:d9:20:b0:05:9b:64:bb:e8:42:
                    03:56:2f:18:ec:da:75:61:2b:ab:e9:6d:89:85:c2:
                    89:a9:e5:87:96:c5:08:f5:a8:60:ea:af:ed:a8:49:
                    da:f3:5b:17:ac:7b:87:d5:f8:9c:5b:26:b3:fd:b0:
                    7e:5d:60:45:c5:9a:7b:97:d0:80:1f:ca:74:a6:d2:
                    ef:5a:4a:fe:63:09:ba:96:b0:3c:46:f9:9e:48:90:
                    5b:7e:7b:1e:11:7b:04:f4:00:4d:8a:fb:e8:d4:a2:
                    79:c9:27:c5:32:75:54:8f:9d:8e:fc:78:50:7b:e5:
                    09:3c:7b:90:96:86:f5:13:6e:6d:ca:10:36:b0:f3:
                    b9:47:5c:8c:66:cf:4f:3b:52:8d:84:8b:5a:98:a6:
                    d0:4f:35:07:8c:33:88:ce:43:0a:c9:4c:6b:97:f3:
                    fd:a7:51:c9:ac:52:14:5c:03:aa:21:b7:63:c4:b5:
                    7c:62:08:75:6f:c4:81:a8:cf:7c:e2:8c:58:63:e2:
                    ea:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:B3:02:3E:4C:BE:54:26:40:30:3D:8B:39:55:D6:0F:3F:3E:FF:30
            X509v3 Authority Key Identifier:
                keyid:66:DE:1D:9D:CD:B2:5C:1E:53:2C:5C:9B:69:DF:A7:57:E3:06:21:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/frMCPky-VCZAMD2LOVXWDz8-_zA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.118.36.0/24
                  85.118.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:a3:4f:55:6d:b9:2f:00:1a:db:8a:5b:48:36:85:11:cd:40:
         50:fe:84:48:3b:62:3e:49:3b:5a:37:e9:51:38:02:ad:d0:85:
         c5:81:5b:e8:94:4d:47:b7:02:11:ba:09:25:3c:4b:15:54:13:
         69:6a:1e:0f:5d:a2:67:c0:66:8e:5c:0e:67:25:90:74:fa:95:
         00:b8:0f:d1:50:d0:c9:0d:b9:42:47:8b:39:92:e7:fe:6f:ab:
         b9:09:aa:c8:25:94:2f:eb:56:2e:5a:8f:1d:e9:e8:2b:ad:19:
         02:25:2d:cd:01:1c:29:1d:95:b3:a5:48:e1:b2:d3:49:5c:21:
         d8:c2:b3:1b:74:5f:bd:14:05:5b:b8:41:2a:7a:41:bb:0f:5a:
         a6:fa:82:97:54:71:36:62:bd:ad:e5:d0:3a:d1:ce:b9:7b:ff:
         16:5f:18:af:63:3b:b6:35:8c:f0:68:99:0f:88:db:12:c1:1a:
         22:02:4e:88:7d:57:f9:17:79:bf:5d:c1:97:ff:49:37:1b:54:
         56:a5:8e:4f:0b:a9:67:df:e9:d9:db:94:0c:08:80:61:a3:86:
         1a:8c:85:9a:cf:eb:6b:5a:68:32:ac:ae:f3:79:1c:c7:f4:fb:
         8b:70:87:bc:a1:51:00:6b:40:fa:bb:f8:92:7f:f8:da:88:b9:
         26:ac:32:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb0ti2Cn4Ts4GFHPHrYr/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGUxZDlkY2RiMjVjMWU1MzJjNWM5YjY5ZGZhNzU3ZTMw
NjIxMGUwHhcNMjQwMTAyMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWIzMDIzZTRjYmU1NDI2NDAzMDNkOGIzOTU1ZDYwZjNmM2VmZjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhevZEIf2XyrJE2eb/D0ntNJc9jIW
C5vaBcggLvMWPSxeIh5YmtT/DSLn57o33Zmm7zPq0o6K5TNt0BmugnJ9/1/ZILAF
m2S76EIDVi8Y7Np1YSur6W2JhcKJqeWHlsUI9ahg6q/tqEna81sXrHuH1ficWyaz
/bB+XWBFxZp7l9CAH8p0ptLvWkr+Ywm6lrA8RvmeSJBbfnseEXsE9ABNivvo1KJ5
ySfFMnVUj52O/HhQe+UJPHuQlob1E25tyhA2sPO5R1yMZs9PO1KNhItamKbQTzUH
jDOIzkMKyUxrl/P9p1HJrFIUXAOqIbdjxLV8Ygh1b8SBqM984oxYY+LqbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH6zAj5MvlQmQDA9izlV1g8/Pv8wMB8GA1UdIwQY
MBaAFGbeHZ3NslweUyxcm2nfp1fjBiEOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ0ZG5jMnlYQjVUTEZ5YmFkLW5WLU1HSVE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC82MGZjZmUtN2IyYy00NjcyLWJjMmYt
NDA0Nzk4NzA5NzZlLzEvZnJNQ1BreS1WQ1pBTUQyTE9WWFdEejgtX3pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC82MGZjZmUtN2IyYy00NjcyLWJjMmYtNDA0Nzk4NzA5NzZl
LzEvWnQ0ZG5jMnlYQjVUTEZ5YmFkLW5WLU1HSVE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVXYkAwQA
VXYnMA0GCSqGSIb3DQEBCwUAA4IBAQBuo09VbbkvABrbiltINoURzUBQ/oRIO2I+
STtaN+lROAKt0IXFgVvolE1HtwIRugklPEsVVBNpah4PXaJnwGaOXA5nJZB0+pUA
uA/RUNDJDblCR4s5kuf+b6u5CarIJZQv61YuWo8d6egrrRkCJS3NARwpHZWzpUjh
stNJXCHYwrMbdF+9FAVbuEEqekG7D1qm+oKXVHE2Yr2t5dA60c65e/8WXxivYzu2
NYzwaJkPiNsSwRoiAk6IfVf5F3m/XcGX/0k3G1RWpY5PC6ln3+nZ25QMCIBho4Ya
jIWaz+trWmgyrK7zeRzH9PuLcIe8oVEAa0D6u/iSf/jaiLkmrDL7
-----END CERTIFICATE-----