Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/ANWNiur68OhCtx7_4TLC30tU_2E.roa
File:                     ANWNiur68OhCtx7_4TLC30tU_2E.roa (raw, json)
Hash identifier:          9ymGsvt9QSr3XHZVyowlgugYVE8Zq+sfRUp+CLAZOhs=
Subject key identifier:   00:D5:8D:8A:EA:FA:F0:E8:42:B7:1E:FF:E1:32:C2:DF:4B:54:FF:61
Certificate issuer:       /CN=66feef09c450990af34779ce701be6cd54b3d924
Certificate serial:       01932F8426A20A492AE91F2A1A20ED33B36C
Authority key identifier: 66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/ANWNiur68OhCtx7_4TLC30tU_2E.roa
Signing time:             Fri 15 Nov 2024 11:10:09 +0000
ROA not before:           Fri 15 Nov 2024 11:10:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35007
IP address blocks:        83.168.118.0/24 maxlen: 24
                          83.168.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2f:84:26:a2:0a:49:2a:e9:1f:2a:1a:20:ed:33:b3:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66feef09c450990af34779ce701be6cd54b3d924
        Validity
            Not Before: Nov 15 11:10:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00d58d8aeafaf0e842b71effe132c2df4b54ff61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:44:ad:e0:59:37:ac:ab:e8:53:ab:97:1b:16:
                    a8:f0:54:00:dd:7c:99:79:16:71:4b:bd:91:63:ba:
                    56:64:47:80:c2:86:97:da:2e:b9:aa:71:12:30:0b:
                    e8:0c:63:33:26:0e:6a:4a:51:cb:f1:78:10:f6:49:
                    87:8c:6e:36:c7:20:bf:19:2d:1a:4b:88:9d:2b:af:
                    06:8a:33:26:78:fa:52:e3:22:3e:77:05:5a:d6:81:
                    e5:69:8e:0d:c9:f2:d1:06:72:6f:af:5f:46:fb:11:
                    25:dc:21:86:62:08:bb:ee:1f:b9:05:0d:f0:f4:26:
                    99:50:3c:df:85:d0:0d:a3:55:c8:33:cc:1c:5e:6e:
                    0a:64:a7:8e:42:8c:b1:8e:8e:07:17:ef:2a:30:a7:
                    ef:15:ed:13:14:fd:48:2a:ed:18:f0:6a:d6:4b:02:
                    4e:51:f2:77:54:30:fb:1f:24:1d:fe:11:d4:90:e0:
                    36:85:c0:e1:51:49:99:0c:26:21:65:cd:5e:40:d1:
                    b2:20:86:17:a7:72:8c:3a:f5:f5:84:ed:dd:89:0c:
                    a4:7f:80:c9:88:d0:8b:01:9f:f9:7f:57:40:20:23:
                    aa:ca:c8:49:05:17:f8:a8:38:59:f3:94:0a:93:2a:
                    84:b2:dc:56:1f:31:7c:38:d7:a9:9f:30:6a:db:14:
                    60:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:D5:8D:8A:EA:FA:F0:E8:42:B7:1E:FF:E1:32:C2:DF:4B:54:FF:61
            X509v3 Authority Key Identifier:
                keyid:66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/ANWNiur68OhCtx7_4TLC30tU_2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.168.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c1:91:49:d9:07:14:1f:81:24:62:94:7d:37:12:4b:31:86:bf:
         9d:03:f5:e4:bc:54:8e:3b:db:72:70:5c:ae:a3:6a:99:33:f4:
         be:e5:33:ad:bd:e6:2d:e9:c4:f1:e9:1e:d7:7c:82:c4:86:95:
         ef:a6:3d:c5:96:26:36:43:cf:30:d8:4f:e9:41:a0:80:1f:c5:
         60:1e:56:07:4d:3d:eb:2f:ed:7c:84:fb:4a:48:83:e2:45:e8:
         25:84:21:ef:c2:e7:6c:a3:b8:49:db:d6:99:13:f7:d5:c6:68:
         ad:5f:fc:89:55:06:f4:0f:d1:cb:61:0e:a6:a2:a3:51:29:12:
         9b:6d:ae:49:09:e9:96:54:9c:14:b1:c4:d1:f6:9f:07:32:44:
         67:38:ce:4b:b8:f6:e7:ee:f6:24:eb:70:f0:42:f4:ce:c4:ee:
         78:b8:76:22:79:ef:b5:3f:76:b6:76:fa:23:33:66:80:d9:8a:
         a0:66:43:a7:00:80:84:16:29:82:75:82:43:c1:86:f3:3d:07:
         bd:c2:7e:cd:2a:2b:2d:c5:da:65:6c:03:01:ac:b5:3d:86:dd:
         9a:35:f2:3e:8c:e4:46:b3:c7:bf:36:ee:d4:60:c4:e6:8f:20:
         55:d7:9a:06:bb:8e:c6:52:ea:0b:c8:05:b6:57:c4:3b:04:9a:
         20:df:ce:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMvhCaiCkkq6R8qGiDtM7NsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZmVlZjA5YzQ1MDk5MGFmMzQ3NzljZTcwMWJlNmNkNTRi
M2Q5MjQwHhcNMjQxMTE1MTExMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGQ1OGQ4YWVhZmFmMGU4NDJiNzFlZmZlMTMyYzJkZjRiNTRmZjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUSt4Fk3rKvoU6uXGxao8FQA3XyZ
eRZxS72RY7pWZEeAwoaX2i65qnESMAvoDGMzJg5qSlHL8XgQ9kmHjG42xyC/GS0a
S4idK68GijMmePpS4yI+dwVa1oHlaY4NyfLRBnJvr19G+xEl3CGGYgi77h+5BQ3w
9CaZUDzfhdANo1XIM8wcXm4KZKeOQoyxjo4HF+8qMKfvFe0TFP1IKu0Y8GrWSwJO
UfJ3VDD7HyQd/hHUkOA2hcDhUUmZDCYhZc1eQNGyIIYXp3KMOvX1hO3diQykf4DJ
iNCLAZ/5f1dAICOqyshJBRf4qDhZ85QKkyqEstxWHzF8ONepnzBq2xRgtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADVjYrq+vDoQrce/+Eywt9LVP9hMB8GA1UdIwQY
MBaAFGb+7wnEUJkK80d5znAb5s1Us9kkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYt
ODI0NTFmMzNmNGNhLzEvQU5XTml1cjY4T2hDdHg3XzRUTEMzMHRVXzJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYtODI0NTFmMzNmNGNh
LzEvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU6h2MA0G
CSqGSIb3DQEBCwUAA4IBAQDBkUnZBxQfgSRilH03Eksxhr+dA/XkvFSOO9tycFyu
o2qZM/S+5TOtveYt6cTx6R7XfILEhpXvpj3FliY2Q88w2E/pQaCAH8VgHlYHTT3r
L+18hPtKSIPiReglhCHvwudso7hJ29aZE/fVxmitX/yJVQb0D9HLYQ6moqNRKRKb
ba5JCemWVJwUscTR9p8HMkRnOM5LuPbn7vYk63DwQvTOxO54uHYiee+1P3a2dvoj
M2aA2YqgZkOnAICEFimCdYJDwYbzPQe9wn7NKistxdplbAMBrLU9ht2aNfI+jORG
s8e/Nu7UYMTmjyBV15oGu47GUuoLyAW2V8Q7BJog385X
-----END CERTIFICATE-----