Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/fRhaL588aGbUVfpiHLJUiVfi1Nc.roa
File:                     fRhaL588aGbUVfpiHLJUiVfi1Nc.roa (raw, json)
Hash identifier:          hDFdlx5f5Y21S60sT46E61l5rNxvxeYDKF0Eak7rntI=
Subject key identifier:   7D:18:5A:2F:9F:3C:68:66:D4:55:FA:62:1C:B2:54:89:57:E2:D4:D7
Certificate issuer:       /CN=5c3a1d973f9b3391e8adacaa664d1b23d778f008
Certificate serial:       018CCA2BA3582FF1DF2F0AD9746F3DA9F179
Authority key identifier: 5C:3A:1D:97:3F:9B:33:91:E8:AD:AC:AA:66:4D:1B:23:D7:78:F0:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XDodlz-bM5HorayqZk0bI9d48Ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/fRhaL588aGbUVfpiHLJUiVfi1Nc.roa
Signing time:             Tue 02 Jan 2024 12:35:06 +0000
ROA not before:           Tue 02 Jan 2024 12:35:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13004
IP address blocks:        193.105.163.0/24 maxlen: 24
                          91.245.214.0/24 maxlen: 24
                          2001:7f8:1e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/XDodlz-bM5HorayqZk0bI9d48Ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/XDodlz-bM5HorayqZk0bI9d48Ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XDodlz-bM5HorayqZk0bI9d48Ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:a3:58:2f:f1:df:2f:0a:d9:74:6f:3d:a9:f1:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c3a1d973f9b3391e8adacaa664d1b23d778f008
        Validity
            Not Before: Jan  2 12:35:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d185a2f9f3c6866d455fa621cb2548957e2d4d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:4c:e7:84:a6:96:6c:af:7d:41:c1:46:8b:59:
                    70:93:57:49:06:20:5b:47:82:f5:48:b2:45:25:c3:
                    1e:95:80:6a:48:01:1c:cf:e5:55:65:3b:7d:cc:de:
                    39:ff:65:9e:89:de:55:c5:26:1b:6c:ab:e1:08:aa:
                    cf:11:bf:5b:f3:8c:32:ee:f3:f3:94:37:c4:dd:3c:
                    5e:ca:04:5a:f2:e4:5d:6f:b4:43:33:a0:d7:92:d0:
                    e2:b3:4f:98:ba:5e:67:d0:6c:50:1c:4f:a4:33:50:
                    0b:66:a1:7b:dd:d9:0a:af:d1:7c:74:a4:9a:cb:d3:
                    3a:bc:4d:a8:58:f0:08:03:25:a8:48:22:fe:55:92:
                    20:f0:54:e4:60:60:5d:d6:ee:a8:5e:c2:34:5b:1d:
                    cb:42:82:4c:51:be:bd:ab:bd:48:29:d8:77:68:86:
                    77:a6:8f:2d:95:cd:03:8a:d1:80:fb:e3:70:f9:37:
                    41:05:0f:35:fc:8b:ce:16:10:bf:ac:1d:61:6f:70:
                    f6:aa:33:70:52:9e:ed:ad:e2:ae:75:69:7c:ab:35:
                    36:b2:f4:c2:19:ec:9b:62:dd:dc:05:c6:96:d2:f2:
                    ac:a5:fc:38:a7:58:7d:43:bc:39:34:3d:bb:93:7a:
                    c8:e4:03:de:95:b4:36:26:33:62:64:37:ac:0b:16:
                    f7:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:18:5A:2F:9F:3C:68:66:D4:55:FA:62:1C:B2:54:89:57:E2:D4:D7
            X509v3 Authority Key Identifier:
                keyid:5C:3A:1D:97:3F:9B:33:91:E8:AD:AC:AA:66:4D:1B:23:D7:78:F0:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XDodlz-bM5HorayqZk0bI9d48Ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/fRhaL588aGbUVfpiHLJUiVfi1Nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/XDodlz-bM5HorayqZk0bI9d48Ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.245.214.0/24
                  193.105.163.0/24
                IPv6:
                  2001:7f8:1e::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:a7:33:83:85:de:eb:a7:ae:a2:d1:c3:5c:29:95:8c:f5:b0:
         9d:f4:1b:1d:6d:e7:3b:b5:5d:27:68:2c:04:ee:aa:17:9c:e0:
         84:ed:7c:3a:f0:28:c6:7e:3e:7e:63:8a:dc:db:f6:64:cd:e8:
         54:4d:78:28:be:67:1b:1c:34:7d:f9:e7:6c:3b:a8:7a:d1:60:
         e0:35:a2:0f:0a:06:09:72:62:20:f7:c2:9d:7f:f9:fe:17:97:
         0f:fd:e9:a0:d1:d7:52:82:35:67:21:11:b1:a7:b4:f7:07:45:
         e0:5b:e5:3f:6a:f5:53:42:bd:c9:cd:3a:80:30:0e:cf:61:f0:
         f9:7c:38:9a:34:4b:b3:00:3f:4f:47:00:a7:93:a6:47:ed:4e:
         ef:3a:10:0c:44:cc:f6:5f:dc:db:fe:5f:ba:1f:5e:dd:53:25:
         15:83:84:6a:27:77:79:89:a6:b1:9d:aa:82:34:f9:7a:5e:e3:
         9b:18:d5:74:2e:0b:55:5a:ef:a3:0c:85:a5:ac:88:52:37:05:
         d5:fe:5f:c0:01:cd:17:ef:ac:e4:00:16:34:9e:f7:9e:d1:a7:
         27:cb:55:3f:39:73:ff:39:19:ee:88:ab:6c:d5:19:c5:a7:94:
         67:f1:f2:8a:0e:2f:ef:60:d8:44:e3:02:d0:a1:c5:12:49:06:
         f4:fc:e7:7e
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzKK6NYL/HfLwrZdG89qfF5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjM2ExZDk3M2Y5YjMzOTFlOGFkYWNhYTY2NGQxYjIzZDc3
OGYwMDgwHhcNMjQwMTAyMTIzNTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDE4NWEyZjlmM2M2ODY2ZDQ1NWZhNjIxY2IyNTQ4OTU3ZTJkNGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UznhKaWbK99QcFGi1lwk1dJBiBb
R4L1SLJFJcMelYBqSAEcz+VVZTt9zN45/2Weid5VxSYbbKvhCKrPEb9b84wy7vPz
lDfE3TxeygRa8uRdb7RDM6DXktDis0+Yul5n0GxQHE+kM1ALZqF73dkKr9F8dKSa
y9M6vE2oWPAIAyWoSCL+VZIg8FTkYGBd1u6oXsI0Wx3LQoJMUb69q71IKdh3aIZ3
po8tlc0DitGA++Nw+TdBBQ81/IvOFhC/rB1hb3D2qjNwUp7treKudWl8qzU2svTC
GeybYt3cBcaW0vKspfw4p1h9Q7w5ND27k3rI5APelbQ2JjNiZDesCxb3vQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFH0YWi+fPGhm1FX6YhyyVIlX4tTXMB8GA1UdIwQY
MBaAFFw6HZc/mzOR6K2sqmZNGyPXePAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWERvZGx6LWJNNUhvcmF5cVprMGJJOWQ0OEFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9hNWZjZjUtNzg2My00M2MxLWExYzEt
MTk0Y2M5OTAyYWJmLzEvZlJoYUw1ODhhR2JVVmZwaUhMSlVpVmZpMU5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9hNWZjZjUtNzg2My00M2MxLWExYzEtMTk0Y2M5OTAyYWJm
LzEvWERvZGx6LWJNNUhvcmF5cVprMGJJOWQ0OEFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAW/XWAwQA
wWmjMA8EAgACMAkDBwAgAQf4AB4wDQYJKoZIhvcNAQELBQADggEBAImnM4OF3uun
rqLRw1wplYz1sJ30Gx1t5zu1XSdoLATuqhec4ITtfDrwKMZ+Pn5jitzb9mTN6FRN
eCi+ZxscNH3552w7qHrRYOA1og8KBglyYiD3wp1/+f4Xlw/96aDR11KCNWchEbGn
tPcHReBb5T9q9VNCvcnNOoAwDs9h8Pl8OJo0S7MAP09HAKeTpkftTu86EAxEzPZf
3Nv+X7ofXt1TJRWDhGond3mJprGdqoI0+Xpe45sY1XQuC1Va76MMhaWsiFI3BdX+
X8ABzRfvrOQAFjSe957RpyfLVT85c/85Ge6Iq2zVGcWnlGfx8ooOL+9g2ETjAtCh
xRJJBvT8534=
-----END CERTIFICATE-----