Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/aa2311-b1cd-4d18-aebb-a3f2324f6d8c/1/p_FrBgbJKMqk7JXenxoCK3jnAm8.roa
File:                     p_FrBgbJKMqk7JXenxoCK3jnAm8.roa (raw, json)
Hash identifier:          viBHWgUbDKXGBurXfE5vJ298Ljh2+Fc2OkP/E+83FWk=
Subject key identifier:   A7:F1:6B:06:06:C9:28:CA:A4:EC:95:DE:9F:1A:02:2B:78:E7:02:6F
Certificate issuer:       /CN=59f915ae3e2216be338f6334532f9380cfd2f40a
Certificate serial:       018CC86F98CDFFCBFF1A47FFC9DAFED68685
Authority key identifier: 59:F9:15:AE:3E:22:16:BE:33:8F:63:34:53:2F:93:80:CF:D2:F4:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WfkVrj4iFr4zj2M0Uy-TgM_S9Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/aa2311-b1cd-4d18-aebb-a3f2324f6d8c/1/p_FrBgbJKMqk7JXenxoCK3jnAm8.roa
Signing time:             Tue 02 Jan 2024 04:30:05 +0000
ROA not before:           Tue 02 Jan 2024 04:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        194.56.108.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/aa2311-b1cd-4d18-aebb-a3f2324f6d8c/1/WfkVrj4iFr4zj2M0Uy-TgM_S9Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/aa2311-b1cd-4d18-aebb-a3f2324f6d8c/1/WfkVrj4iFr4zj2M0Uy-TgM_S9Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WfkVrj4iFr4zj2M0Uy-TgM_S9Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:03:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:98:cd:ff:cb:ff:1a:47:ff:c9:da:fe:d6:86:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59f915ae3e2216be338f6334532f9380cfd2f40a
        Validity
            Not Before: Jan  2 04:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7f16b0606c928caa4ec95de9f1a022b78e7026f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:0d:e0:9e:f2:14:7e:92:6e:85:9d:76:93:27:
                    70:8f:95:f5:f7:97:98:1e:1c:f0:16:ae:f0:4b:c4:
                    3a:93:b6:2f:af:1d:90:a9:fe:8f:ce:f7:0a:8b:e5:
                    8a:5b:09:00:33:1e:36:d9:ef:f4:1c:a6:f9:1d:92:
                    60:77:aa:cf:13:d7:76:a6:a7:33:3d:63:25:be:40:
                    1c:ff:80:43:00:44:09:1c:3b:bf:fd:de:b1:aa:f8:
                    26:df:63:db:99:97:2b:14:59:84:0e:20:9a:93:94:
                    11:18:2d:0c:eb:0b:c2:ee:c4:2c:01:26:ae:11:4a:
                    ca:b8:5f:ee:c1:85:0d:e8:d1:b6:39:92:d1:ee:4b:
                    83:f2:f5:f6:8e:d2:68:4c:1e:cd:d2:c1:a0:7e:3e:
                    8c:53:c4:69:34:65:d3:28:d2:0e:06:1c:93:d1:06:
                    7b:17:33:18:16:44:a1:78:2e:ba:ee:ee:5b:9d:c3:
                    65:cf:35:14:c9:c7:3c:a9:fa:84:53:d4:62:97:f8:
                    4a:16:66:10:12:80:ec:ff:53:5f:19:14:c9:ed:ab:
                    04:91:93:ec:ad:ac:28:f1:0d:45:cb:4b:c0:7a:24:
                    30:d3:84:3e:59:4f:c1:b9:99:e5:a9:c2:c7:fd:84:
                    6e:78:cb:73:a5:c7:25:43:4f:4a:92:02:24:b2:8d:
                    af:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:F1:6B:06:06:C9:28:CA:A4:EC:95:DE:9F:1A:02:2B:78:E7:02:6F
            X509v3 Authority Key Identifier:
                keyid:59:F9:15:AE:3E:22:16:BE:33:8F:63:34:53:2F:93:80:CF:D2:F4:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WfkVrj4iFr4zj2M0Uy-TgM_S9Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/aa2311-b1cd-4d18-aebb-a3f2324f6d8c/1/p_FrBgbJKMqk7JXenxoCK3jnAm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/aa2311-b1cd-4d18-aebb-a3f2324f6d8c/1/WfkVrj4iFr4zj2M0Uy-TgM_S9Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:aa:d5:c8:17:e3:de:df:75:26:ca:55:3c:24:9e:6e:bd:20:
         4e:06:d4:6e:d2:25:bb:65:f6:c1:c8:66:cb:c0:47:be:c7:0e:
         ec:19:18:61:dd:c2:ca:6d:c7:be:78:03:dd:32:2a:b3:e7:05:
         d8:94:34:a3:5d:fa:24:70:8b:52:47:53:98:e1:e4:fb:a2:b2:
         bf:b5:91:50:a3:bd:b2:a2:de:52:15:fd:27:ae:51:e7:09:5b:
         20:b6:e3:c3:c8:b0:25:c4:95:d5:66:24:a6:91:97:67:9a:bb:
         f3:be:e8:dc:05:9a:19:59:fb:8b:0e:88:36:3a:38:11:1c:24:
         0a:f7:09:d9:ad:08:c6:53:e7:cd:ea:97:7b:a5:97:da:86:9b:
         d4:e2:6f:4d:c5:6d:90:9f:37:a8:b9:8c:04:e2:a3:bd:26:59:
         34:1e:47:fd:9b:4b:40:61:8d:3f:2f:08:a7:a0:50:b0:09:d1:
         e0:d9:70:f7:1c:ac:fe:d3:b9:42:b6:da:ba:af:85:cb:c7:d3:
         4e:1a:6f:a0:a5:09:8d:ec:5b:3f:ef:c0:cc:39:6e:49:78:14:
         d7:6c:e8:2e:19:d3:54:ad:97:75:94:5b:56:2c:81:86:9a:d8:
         09:eb:23:f9:62:df:dc:b3:54:30:b6:f7:a9:00:dc:5c:4a:23:
         33:d4:dc:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb5jN/8v/Gkf/ydr+1oaFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ZjkxNWFlM2UyMjE2YmUzMzhmNjMzNDUzMmY5MzgwY2Zk
MmY0MGEwHhcNMjQwMTAyMDQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2YxNmIwNjA2YzkyOGNhYTRlYzk1ZGU5ZjFhMDIyYjc4ZTcwMjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQ3gnvIUfpJuhZ12kydwj5X195eY
HhzwFq7wS8Q6k7Yvrx2Qqf6PzvcKi+WKWwkAMx422e/0HKb5HZJgd6rPE9d2pqcz
PWMlvkAc/4BDAEQJHDu//d6xqvgm32PbmZcrFFmEDiCak5QRGC0M6wvC7sQsASau
EUrKuF/uwYUN6NG2OZLR7kuD8vX2jtJoTB7N0sGgfj6MU8RpNGXTKNIOBhyT0QZ7
FzMYFkSheC667u5bncNlzzUUycc8qfqEU9Ril/hKFmYQEoDs/1NfGRTJ7asEkZPs
rawo8Q1Fy0vAeiQw04Q+WU/BuZnlqcLH/YRueMtzpcclQ09KkgIkso2vuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKfxawYGySjKpOyV3p8aAit45wJvMB8GA1UdIwQY
MBaAFFn5Fa4+Iha+M49jNFMvk4DP0vQKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2ZrVnJqNGlGcjR6ajJNMFV5LVRnTV9TOUFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9hYTIzMTEtYjFjZC00ZDE4LWFlYmIt
YTNmMjMyNGY2ZDhjLzEvcF9GckJnYkpLTXFrN0pYZW54b0NLM2puQW04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9hYTIzMTEtYjFjZC00ZDE4LWFlYmItYTNmMjMyNGY2ZDhj
LzEvV2ZrVnJqNGlGcjR6ajJNMFV5LVRnTV9TOUFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjhsMA0G
CSqGSIb3DQEBCwUAA4IBAQBHqtXIF+Pe33UmylU8JJ5uvSBOBtRu0iW7ZfbByGbL
wEe+xw7sGRhh3cLKbce+eAPdMiqz5wXYlDSjXfokcItSR1OY4eT7orK/tZFQo72y
ot5SFf0nrlHnCVsgtuPDyLAlxJXVZiSmkZdnmrvzvujcBZoZWfuLDog2OjgRHCQK
9wnZrQjGU+fN6pd7pZfahpvU4m9NxW2QnzeouYwE4qO9Jlk0Hkf9m0tAYY0/Lwin
oFCwCdHg2XD3HKz+07lCttq6r4XLx9NOGm+gpQmN7Fs/78DMOW5JeBTXbOguGdNU
rZd1lFtWLIGGmtgJ6yP5Yt/cs1QwtvepANxcSiMz1Nxu
-----END CERTIFICATE-----