Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/fbeWzzXDUcMuL-oX7KQbeJ9_Q3E.roa
File:                     fbeWzzXDUcMuL-oX7KQbeJ9_Q3E.roa (raw, json)
Hash identifier:          s5D3tRVSaHV2OQ4TvqsU8OUQLJ9PVKYBG1dWQFZRKfs=
Subject key identifier:   7D:B7:96:CF:35:C3:51:C3:2E:2F:EA:17:EC:A4:1B:78:9F:7F:43:71
Certificate issuer:       /CN=11b69b59d19f2987e49f1852d60bb1777f80a301
Certificate serial:       018CCA2B153C2B19B9F1C3497573B4708BCD
Authority key identifier: 11:B6:9B:59:D1:9F:29:87:E4:9F:18:52:D6:0B:B1:77:7F:80:A3:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EbabWdGfKYfknxhS1guxd3-AowE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/fbeWzzXDUcMuL-oX7KQbeJ9_Q3E.roa
Signing time:             Tue 02 Jan 2024 12:34:30 +0000
ROA not before:           Tue 02 Jan 2024 12:34:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201706
IP address blocks:        92.53.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/EbabWdGfKYfknxhS1guxd3-AowE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/EbabWdGfKYfknxhS1guxd3-AowE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EbabWdGfKYfknxhS1guxd3-AowE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:15:3c:2b:19:b9:f1:c3:49:75:73:b4:70:8b:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11b69b59d19f2987e49f1852d60bb1777f80a301
        Validity
            Not Before: Jan  2 12:34:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7db796cf35c351c32e2fea17eca41b789f7f4371
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:d8:5a:e9:09:8d:49:0c:57:41:58:54:bf:65:
                    43:ce:5f:5e:b8:30:98:14:e6:6b:81:9d:8d:1c:4f:
                    a2:53:9e:2f:44:a5:19:2e:14:63:4c:9f:e1:8f:38:
                    2a:b7:46:4f:b2:d0:9e:63:76:a1:5d:f7:88:74:c1:
                    f3:a3:6a:a3:c2:ac:b1:36:6a:06:77:3c:ed:cf:5b:
                    57:4d:37:4e:91:86:82:f9:6f:a0:e8:c8:3e:82:36:
                    54:df:33:08:95:15:35:0c:4a:12:cd:fe:69:79:a7:
                    64:da:4b:1c:39:89:37:5c:89:3c:13:cc:b5:80:71:
                    bc:94:c9:20:17:49:f5:01:e6:5b:4b:1b:88:ce:93:
                    39:74:e7:84:cb:d1:73:bf:ce:36:97:9d:3d:e1:d8:
                    e8:fa:02:1b:69:85:f5:ed:3a:a5:e9:7a:26:13:8a:
                    a6:49:b3:02:9c:62:eb:7b:2e:c6:82:ac:c5:49:a6:
                    ab:66:de:da:69:fd:ca:93:ec:3e:75:8d:c7:90:4e:
                    bf:37:ad:f4:7f:bf:6d:99:4b:0f:f1:f2:0a:d5:7d:
                    c8:a1:5b:21:71:c1:96:41:20:23:45:c2:16:ff:db:
                    cb:48:59:7f:2e:61:99:4a:4c:a8:19:37:a0:9d:cb:
                    69:cb:34:57:31:cd:31:f7:c5:f1:1a:b1:ab:92:83:
                    7e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:B7:96:CF:35:C3:51:C3:2E:2F:EA:17:EC:A4:1B:78:9F:7F:43:71
            X509v3 Authority Key Identifier:
                keyid:11:B6:9B:59:D1:9F:29:87:E4:9F:18:52:D6:0B:B1:77:7F:80:A3:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EbabWdGfKYfknxhS1guxd3-AowE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/fbeWzzXDUcMuL-oX7KQbeJ9_Q3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/EbabWdGfKYfknxhS1guxd3-AowE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.53.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:d5:a6:fd:e9:c0:41:15:f1:f6:90:87:43:a7:37:c3:7c:bc:
         67:8f:f2:58:22:df:27:8f:bc:af:69:0f:de:5d:67:bc:9c:2a:
         b6:11:ba:41:c7:b0:21:02:55:14:50:83:ef:d7:2f:77:67:c8:
         22:c8:cf:04:31:b6:92:87:a3:2a:02:d6:97:d4:1c:bf:23:70:
         37:55:29:94:14:5b:5a:e4:d8:c1:b9:47:7a:46:e5:fd:80:41:
         e6:18:1b:12:15:60:70:bd:9d:6c:e2:4f:bc:3c:21:6d:b3:34:
         28:5f:ae:cf:64:b2:98:d9:df:a0:3e:3a:a6:76:09:b2:88:8e:
         ba:21:91:0b:5e:81:41:8d:6f:c2:94:48:14:6b:59:8a:38:2e:
         74:cb:b8:9e:41:e1:ec:85:13:3e:5e:c4:db:ae:9d:df:94:18:
         e3:f8:b0:01:5e:1e:8e:25:6d:3e:d6:d5:94:e3:71:38:4e:ab:
         96:05:61:a3:ef:b5:ab:23:3d:2f:6d:08:f4:1e:cf:62:07:69:
         3f:96:b1:5d:8d:5f:5e:b1:1c:b4:06:e3:39:b3:7a:bf:ce:86:
         1f:1b:1e:67:af:8b:e1:ef:48:d2:5d:36:6c:33:6e:2f:2c:98:
         d1:79:7e:72:99:33:eb:2a:7d:93:71:45:8c:d4:fa:23:b1:7b:
         93:dc:21:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKxU8Kxm58cNJdXO0cIvNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYjY5YjU5ZDE5ZjI5ODdlNDlmMTg1MmQ2MGJiMTc3N2Y4
MGEzMDEwHhcNMjQwMTAyMTIzNDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGI3OTZjZjM1YzM1MWMzMmUyZmVhMTdlY2E0MWI3ODlmN2Y0MzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNha6QmNSQxXQVhUv2VDzl9euDCY
FOZrgZ2NHE+iU54vRKUZLhRjTJ/hjzgqt0ZPstCeY3ahXfeIdMHzo2qjwqyxNmoG
dzztz1tXTTdOkYaC+W+g6Mg+gjZU3zMIlRU1DEoSzf5peadk2kscOYk3XIk8E8y1
gHG8lMkgF0n1AeZbSxuIzpM5dOeEy9Fzv842l5094djo+gIbaYX17Tql6XomE4qm
SbMCnGLrey7GgqzFSaarZt7aaf3Kk+w+dY3HkE6/N630f79tmUsP8fIK1X3IoVsh
ccGWQSAjRcIW/9vLSFl/LmGZSkyoGTegnctpyzRXMc0x98XxGrGrkoN+BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH23ls81w1HDLi/qF+ykG3iff0NxMB8GA1UdIwQY
MBaAFBG2m1nRnymH5J8YUtYLsXd/gKMBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWJhYldkR2ZLWWZrbnhoUzFndXhkMy1Bb3dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC81ZWRmN2EtYWI5YS00NWU3LWE2MTIt
ZDE2OWMwODhiNDEyLzEvZmJlV3p6WERVY011TC1vWDdLUWJlSjlfUTNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC81ZWRmN2EtYWI5YS00NWU3LWE2MTItZDE2OWMwODhiNDEy
LzEvRWJhYldkR2ZLWWZrbnhoUzFndXhkMy1Bb3dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXDVBMA0G
CSqGSIb3DQEBCwUAA4IBAQAq1ab96cBBFfH2kIdDpzfDfLxnj/JYIt8nj7yvaQ/e
XWe8nCq2EbpBx7AhAlUUUIPv1y93Z8giyM8EMbaSh6MqAtaX1By/I3A3VSmUFFta
5NjBuUd6RuX9gEHmGBsSFWBwvZ1s4k+8PCFtszQoX67PZLKY2d+gPjqmdgmyiI66
IZELXoFBjW/ClEgUa1mKOC50y7ieQeHshRM+XsTbrp3flBjj+LABXh6OJW0+1tWU
43E4TquWBWGj77WrIz0vbQj0Hs9iB2k/lrFdjV9esRy0BuM5s3q/zoYfGx5nr4vh
70jSXTZsM24vLJjReX5ymTPrKn2TcUWM1PojsXuT3CHz
-----END CERTIFICATE-----