Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/4af898-21cb-4d8d-a63f-1dc967d56409/1/FrvldDqYg7bFAxsRbl2H3QJb5R4.roa
File:                     FrvldDqYg7bFAxsRbl2H3QJb5R4.roa (raw, json)
Hash identifier:          iiX0WCS7Jpq6lKUQRZTH9m0yCuEeYvuNJWgg3974qDQ=
Subject key identifier:   16:BB:E5:74:3A:98:83:B6:C5:03:1B:11:6E:5D:87:DD:02:5B:E5:1E
Certificate issuer:       /CN=4956f3084d9310efa1bc07ef31f934b2941f103e
Certificate serial:       018CC26D3ED05DDDF10AA456E0EE0FA89B91
Authority key identifier: 49:56:F3:08:4D:93:10:EF:A1:BC:07:EF:31:F9:34:B2:94:1F:10:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SVbzCE2TEO-hvAfvMfk0spQfED4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/4af898-21cb-4d8d-a63f-1dc967d56409/1/FrvldDqYg7bFAxsRbl2H3QJb5R4.roa
Signing time:             Mon 01 Jan 2024 00:29:48 +0000
ROA not before:           Mon 01 Jan 2024 00:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6798
IP address blocks:        194.177.128.0/19 maxlen: 19
                          94.136.96.0/20 maxlen: 20
                          2a00:12e0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/4af898-21cb-4d8d-a63f-1dc967d56409/1/SVbzCE2TEO-hvAfvMfk0spQfED4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/4af898-21cb-4d8d-a63f-1dc967d56409/1/SVbzCE2TEO-hvAfvMfk0spQfED4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SVbzCE2TEO-hvAfvMfk0spQfED4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3e:d0:5d:dd:f1:0a:a4:56:e0:ee:0f:a8:9b:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4956f3084d9310efa1bc07ef31f934b2941f103e
        Validity
            Not Before: Jan  1 00:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16bbe5743a9883b6c5031b116e5d87dd025be51e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ea:85:0f:d4:de:c8:1b:8b:b0:2b:d1:1b:18:
                    a7:d0:3c:7c:7c:22:19:90:b9:9c:df:33:1e:71:5f:
                    9f:1c:8f:83:bd:77:27:db:a4:6a:bf:99:95:fe:89:
                    e0:24:38:90:17:9f:32:b1:33:e7:c3:5b:dd:9c:78:
                    a5:f6:aa:8d:62:70:5d:f1:e2:f2:b3:22:62:44:55:
                    e1:5b:0d:17:22:13:a8:42:05:dd:9d:ca:b2:22:fc:
                    25:39:d0:09:8d:31:f2:71:ec:ec:93:4c:35:bb:1c:
                    46:ca:4c:dc:79:0a:44:0b:6e:41:12:21:ba:09:84:
                    d5:79:d1:8b:80:80:91:ba:32:9c:3a:2c:ee:f1:77:
                    0c:33:12:70:3b:97:42:5d:0f:68:0a:b6:29:7a:e9:
                    a8:4f:c4:f1:a4:c5:7d:76:50:47:f9:a1:4e:df:3b:
                    71:79:e9:16:5e:44:4f:c4:91:50:19:25:7c:87:0c:
                    06:4f:cc:20:a8:b6:69:c6:fd:5f:24:ee:5a:64:05:
                    83:21:4c:02:fa:7d:91:2a:25:2b:f6:db:96:14:3f:
                    32:9f:51:6c:61:ce:57:6c:0f:5e:d2:aa:b0:88:20:
                    1f:44:ae:1d:df:64:21:08:4d:6e:84:48:d7:31:11:
                    5a:7a:3d:64:59:16:5b:98:a7:77:a9:c7:6f:d2:b4:
                    dd:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:BB:E5:74:3A:98:83:B6:C5:03:1B:11:6E:5D:87:DD:02:5B:E5:1E
            X509v3 Authority Key Identifier:
                keyid:49:56:F3:08:4D:93:10:EF:A1:BC:07:EF:31:F9:34:B2:94:1F:10:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SVbzCE2TEO-hvAfvMfk0spQfED4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/4af898-21cb-4d8d-a63f-1dc967d56409/1/FrvldDqYg7bFAxsRbl2H3QJb5R4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/4af898-21cb-4d8d-a63f-1dc967d56409/1/SVbzCE2TEO-hvAfvMfk0spQfED4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.136.96.0/20
                  194.177.128.0/19
                IPv6:
                  2a00:12e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:1f:26:f9:bd:16:97:a6:1e:a2:82:57:91:ac:47:e7:9f:b1:
         30:28:5b:c1:ed:0a:1f:4f:d8:ab:a5:f5:c3:09:13:a1:48:e8:
         3f:14:65:c2:2a:27:dc:42:7c:05:5c:fd:a1:29:1e:d8:ed:c4:
         1e:dc:95:9e:b4:b7:aa:0c:45:21:10:29:e6:22:0b:10:19:f5:
         90:d0:3f:a0:ca:ad:fc:58:ee:87:a1:58:2e:9d:c8:6b:96:0b:
         5f:9b:ff:91:e6:9d:c5:cd:ac:6e:d3:99:02:a9:b9:a9:08:19:
         1a:8d:8f:51:c8:ce:97:d6:99:9b:a5:99:dc:bb:e3:5f:7b:68:
         8a:cc:e6:03:15:6d:04:8f:2a:72:1b:18:45:d8:9a:35:9a:05:
         d5:32:f9:0f:2f:9f:75:5d:f7:87:78:93:95:25:9b:85:f1:77:
         66:d2:ae:2b:5d:4f:ce:56:dd:16:14:28:22:f8:5a:8c:16:71:
         60:19:87:96:1f:78:51:b2:47:3a:87:52:06:41:fd:be:fc:8b:
         d3:15:39:53:ef:8f:13:cc:c3:9c:31:b4:bf:4b:56:0c:dc:64:
         d2:3c:91:48:a8:a8:d0:2d:78:e1:aa:dc:3c:5a:57:eb:8e:c2:
         f5:e7:7b:1c:9b:2d:3c:59:10:8d:8e:07:c5:e3:53:d5:5a:74:
         1d:32:ee:f1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzCbT7QXd3xCqRW4O4PqJuRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NTZmMzA4NGQ5MzEwZWZhMWJjMDdlZjMxZjkzNGIyOTQx
ZjEwM2UwHhcNMjQwMTAxMDAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmJiZTU3NDNhOTg4M2I2YzUwMzFiMTE2ZTVkODdkZDAyNWJlNTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuqFD9TeyBuLsCvRGxin0Dx8fCIZ
kLmc3zMecV+fHI+DvXcn26Rqv5mV/ongJDiQF58ysTPnw1vdnHil9qqNYnBd8eLy
syJiRFXhWw0XIhOoQgXdncqyIvwlOdAJjTHycezsk0w1uxxGykzceQpEC25BEiG6
CYTVedGLgICRujKcOizu8XcMMxJwO5dCXQ9oCrYpeumoT8TxpMV9dlBH+aFO3ztx
eekWXkRPxJFQGSV8hwwGT8wgqLZpxv1fJO5aZAWDIUwC+n2RKiUr9tuWFD8yn1Fs
Yc5XbA9e0qqwiCAfRK4d32QhCE1uhEjXMRFaej1kWRZbmKd3qcdv0rTd9wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBa75XQ6mIO2xQMbEW5dh90CW+UeMB8GA1UdIwQY
MBaAFElW8whNkxDvobwH7zH5NLKUHxA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1ZiekNFMlRFTy1odkFmdk1mazBzcFFmRUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My80YWY4OTgtMjFjYi00ZDhkLWE2M2Yt
MWRjOTY3ZDU2NDA5LzEvRnJ2bGREcVlnN2JGQXhzUmJsMkgzUUpiNVI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My80YWY4OTgtMjFjYi00ZDhkLWE2M2YtMWRjOTY3ZDU2NDA5
LzEvU1ZiekNFMlRFTy1odkFmdk1mazBzcFFmRUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEXohgAwQF
wrGAMA0EAgACMAcDBQAqABLgMA0GCSqGSIb3DQEBCwUAA4IBAQAwHyb5vRaXph6i
gleRrEfnn7EwKFvB7QofT9irpfXDCROhSOg/FGXCKifcQnwFXP2hKR7Y7cQe3JWe
tLeqDEUhECnmIgsQGfWQ0D+gyq38WO6HoVgunchrlgtfm/+R5p3Fzaxu05kCqbmp
CBkajY9RyM6X1pmbpZncu+Nfe2iKzOYDFW0EjypyGxhF2Jo1mgXVMvkPL591XfeH
eJOVJZuF8Xdm0q4rXU/OVt0WFCgi+FqMFnFgGYeWH3hRskc6h1IGQf2+/IvTFTlT
748TzMOcMbS/S1YM3GTSPJFIqKjQLXjhqtw8WlfrjsL153scmy08WRCNjgfF41PV
WnQdMu7x
-----END CERTIFICATE-----