Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/442e17-4198-435b-96f4-6467f44b43bf/1/bFyTSVWaksMFPIC5uBwbHyreY9E.roa
File:                     bFyTSVWaksMFPIC5uBwbHyreY9E.roa (raw, json)
Hash identifier:          3FG371GIP9RsCMbfIl11e2kFW+ACT9X1ZyfToXR+GXU=
Subject key identifier:   6C:5C:93:49:55:9A:92:C3:05:3C:80:B9:B8:1C:1B:1F:2A:DE:63:D1
Certificate issuer:       /CN=df904155ee3acfe3fea8bbfee86e97c58c8991f4
Certificate serial:       018CC725EBF0AFE80FAE0EF4055A07504C0B
Authority key identifier: DF:90:41:55:EE:3A:CF:E3:FE:A8:BB:FE:E8:6E:97:C5:8C:89:91:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/35BBVe46z-P-qLv-6G6XxYyJkfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/442e17-4198-435b-96f4-6467f44b43bf/1/bFyTSVWaksMFPIC5uBwbHyreY9E.roa
Signing time:             Mon 01 Jan 2024 22:30:00 +0000
ROA not before:           Mon 01 Jan 2024 22:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44356
IP address blocks:        79.99.192.0/21 maxlen: 24
                          31.13.152.0/21 maxlen: 24
                          2a00:1538::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/442e17-4198-435b-96f4-6467f44b43bf/1/35BBVe46z-P-qLv-6G6XxYyJkfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/442e17-4198-435b-96f4-6467f44b43bf/1/35BBVe46z-P-qLv-6G6XxYyJkfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/35BBVe46z-P-qLv-6G6XxYyJkfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 19:23:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:eb:f0:af:e8:0f:ae:0e:f4:05:5a:07:50:4c:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df904155ee3acfe3fea8bbfee86e97c58c8991f4
        Validity
            Not Before: Jan  1 22:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c5c9349559a92c3053c80b9b81c1b1f2ade63d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:de:5a:a2:21:92:b4:de:5b:27:4f:4d:30:01:
                    67:bb:1f:d6:4f:bc:77:73:7f:e3:eb:dd:3a:da:54:
                    81:d7:55:b1:4c:6b:6a:00:54:5f:e8:fd:3b:75:c3:
                    60:31:21:e4:dd:5c:3d:5e:66:ca:ac:91:07:fd:35:
                    f7:48:09:41:81:bb:af:6a:08:53:1d:80:7c:f0:e2:
                    fb:be:92:f5:bd:dd:76:94:a7:02:44:a2:ff:99:eb:
                    2c:64:9c:0f:9e:a0:53:87:79:81:e7:35:f2:9e:7d:
                    3a:5b:fc:cb:93:6e:a4:4a:77:42:98:31:de:22:bb:
                    a9:0b:4e:60:d8:81:9e:8f:4f:22:ee:a8:fa:0e:80:
                    95:dd:83:cb:af:c4:bc:4e:68:62:cc:d9:26:b9:f2:
                    8a:30:1f:8d:51:24:ef:c8:b5:cf:f4:17:46:91:ea:
                    53:70:2d:33:d8:23:ea:38:ff:a6:49:c2:01:c8:d2:
                    74:02:42:da:4c:c0:80:9d:49:86:89:00:bb:cc:d3:
                    30:ec:f7:50:92:4c:d2:00:18:63:66:a6:50:b3:a0:
                    3c:4e:a2:1f:ec:68:54:36:6d:cb:91:20:fe:7b:e9:
                    53:80:47:a3:41:20:7b:e1:20:16:1b:47:17:ac:7e:
                    ba:0d:fe:18:e0:7a:81:29:2f:f6:93:f1:9a:e9:98:
                    a7:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:5C:93:49:55:9A:92:C3:05:3C:80:B9:B8:1C:1B:1F:2A:DE:63:D1
            X509v3 Authority Key Identifier:
                keyid:DF:90:41:55:EE:3A:CF:E3:FE:A8:BB:FE:E8:6E:97:C5:8C:89:91:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/35BBVe46z-P-qLv-6G6XxYyJkfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/442e17-4198-435b-96f4-6467f44b43bf/1/bFyTSVWaksMFPIC5uBwbHyreY9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/442e17-4198-435b-96f4-6467f44b43bf/1/35BBVe46z-P-qLv-6G6XxYyJkfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.152.0/21
                  79.99.192.0/21
                IPv6:
                  2a00:1538::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:19:45:f8:aa:3c:9c:d3:c9:70:d3:ba:5d:f9:1d:70:4e:6f:
         e3:b7:07:9d:98:a6:52:9c:24:f3:f6:b9:e8:45:b5:ee:5a:47:
         6d:2a:78:b4:dc:7f:19:99:f6:a0:24:6b:37:98:d6:b0:2c:42:
         2a:0a:84:d1:dd:2d:6a:f5:d0:8b:93:7c:8c:f5:cc:23:7e:28:
         d7:c9:b3:5a:05:56:3b:33:fd:38:74:62:93:c9:5b:ea:f1:8c:
         19:fb:52:00:86:83:f3:21:27:88:3d:a3:93:85:c7:db:00:82:
         0d:83:40:d8:a7:78:69:6f:46:3a:55:86:b9:98:76:25:5d:00:
         51:d6:a5:9c:1c:04:35:96:73:f4:b3:d2:9d:20:78:48:04:f5:
         26:24:b6:ae:41:8c:2f:3b:b9:2f:21:73:58:41:63:22:ce:58:
         c1:a6:11:ab:80:60:cb:92:f2:87:fd:1f:a6:61:18:e5:f8:3f:
         9f:b6:5f:bb:c1:55:95:0b:47:22:b1:17:f1:1b:c9:f9:c7:85:
         7c:7e:6e:29:1e:e8:1e:eb:e8:49:30:0d:8e:ba:2c:27:35:4f:
         02:8b:e9:41:97:1a:5e:6d:ed:53:96:f2:c1:1e:02:95:b3:be:
         ac:05:80:49:c3:2b:0b:14:5d:ec:0c:14:88:7f:b4:f5:fb:ca:
         ac:70:c6:78
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHJevwr+gPrg70BVoHUEwLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmOTA0MTU1ZWUzYWNmZTNmZWE4YmJmZWU4NmU5N2M1OGM4
OTkxZjQwHhcNMjQwMTAxMjIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzVjOTM0OTU1OWE5MmMzMDUzYzgwYjliODFjMWIxZjJhZGU2M2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAit5aoiGStN5bJ09NMAFnux/WT7x3
c3/j69062lSB11WxTGtqAFRf6P07dcNgMSHk3Vw9XmbKrJEH/TX3SAlBgbuvaghT
HYB88OL7vpL1vd12lKcCRKL/messZJwPnqBTh3mB5zXynn06W/zLk26kSndCmDHe
IrupC05g2IGej08i7qj6DoCV3YPLr8S8TmhizNkmufKKMB+NUSTvyLXP9BdGkepT
cC0z2CPqOP+mScIByNJ0AkLaTMCAnUmGiQC7zNMw7PdQkkzSABhjZqZQs6A8TqIf
7GhUNm3LkSD+e+lTgEejQSB74SAWG0cXrH66Df4Y4HqBKS/2k/Ga6Zin4QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGxck0lVmpLDBTyAubgcGx8q3mPRMB8GA1UdIwQY
MBaAFN+QQVXuOs/j/qi7/uhul8WMiZH0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzVCQlZlNDZ6LVAtcUx2LTZHNlh4WXlKa2ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS80NDJlMTctNDE5OC00MzViLTk2ZjQt
NjQ2N2Y0NGI0M2JmLzEvYkZ5VFNWV2Frc01GUElDNXVCd2JIeXJlWTlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS80NDJlMTctNDE5OC00MzViLTk2ZjQtNjQ2N2Y0NGI0M2Jm
LzEvMzVCQlZlNDZ6LVAtcUx2LTZHNlh4WXlKa2ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDHw2YAwQD
T2PAMA0EAgACMAcDBQAqABU4MA0GCSqGSIb3DQEBCwUAA4IBAQCCGUX4qjyc08lw
07pd+R1wTm/jtwedmKZSnCTz9rnoRbXuWkdtKni03H8ZmfagJGs3mNawLEIqCoTR
3S1q9dCLk3yM9cwjfijXybNaBVY7M/04dGKTyVvq8YwZ+1IAhoPzISeIPaOThcfb
AIINg0DYp3hpb0Y6VYa5mHYlXQBR1qWcHAQ1lnP0s9KdIHhIBPUmJLauQYwvO7kv
IXNYQWMizljBphGrgGDLkvKH/R+mYRjl+D+ftl+7wVWVC0cisRfxG8n5x4V8fm4p
Huge6+hJMA2OuiwnNU8Ci+lBlxpebe1TlvLBHgKVs76sBYBJwysLFF3sDBSIf7T1
+8qscMZ4
-----END CERTIFICATE-----