Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/a52b04-efb0-415b-9b1a-409ea1208926/1/AfKeN8Z4LsOO8hg6zBl5MwNY7xA.roa
File:                     AfKeN8Z4LsOO8hg6zBl5MwNY7xA.roa (raw, json)
Hash identifier:          MDnFbZZ3NLNdBlB30xhpAi5VnJ3v6PlYxgA9qnjGeeE=
Subject key identifier:   01:F2:9E:37:C6:78:2E:C3:8E:F2:18:3A:CC:19:79:33:03:58:EF:10
Certificate issuer:       /CN=65cf99962f989f7b733da7aa70eaf9e41052ae19
Certificate serial:       018CC64B77D6157777443EC087AD7FC17307
Authority key identifier: 65:CF:99:96:2F:98:9F:7B:73:3D:A7:AA:70:EA:F9:E4:10:52:AE:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zc-Zli-Yn3tzPaeqcOr55BBSrhk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/a52b04-efb0-415b-9b1a-409ea1208926/1/AfKeN8Z4LsOO8hg6zBl5MwNY7xA.roa
Signing time:             Mon 01 Jan 2024 18:31:23 +0000
ROA not before:           Mon 01 Jan 2024 18:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202717
IP address blocks:        193.33.124.0/24 maxlen: 24
                          2a10:a80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/a52b04-efb0-415b-9b1a-409ea1208926/1/Zc-Zli-Yn3tzPaeqcOr55BBSrhk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/a52b04-efb0-415b-9b1a-409ea1208926/1/Zc-Zli-Yn3tzPaeqcOr55BBSrhk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zc-Zli-Yn3tzPaeqcOr55BBSrhk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:02:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:77:d6:15:77:77:44:3e:c0:87:ad:7f:c1:73:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65cf99962f989f7b733da7aa70eaf9e41052ae19
        Validity
            Not Before: Jan  1 18:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01f29e37c6782ec38ef2183acc1979330358ef10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:78:6b:e5:1f:49:2a:88:24:49:15:d8:e1:cf:
                    0b:de:31:a2:58:dd:50:b8:2b:45:44:26:16:9b:4c:
                    b7:7a:87:ba:41:ee:0a:a5:12:1f:78:bf:f4:80:39:
                    de:4d:b0:36:3e:9d:71:05:6a:da:13:3d:a5:95:c5:
                    e3:02:28:50:d0:ed:70:d0:cc:75:21:04:e3:5a:6c:
                    6e:6a:0c:72:3f:31:35:06:d8:85:fe:5f:ba:73:c7:
                    37:3d:d3:13:ee:27:f4:f3:c7:3b:12:5f:5b:50:5a:
                    56:ef:0c:4d:fc:3f:92:cd:cb:4f:f8:3e:15:04:56:
                    e7:a1:83:66:5a:fe:bc:e4:82:f8:cb:97:37:54:6b:
                    e8:72:23:4d:62:0d:fc:28:13:40:67:61:4e:0a:32:
                    48:0b:32:d5:75:19:78:21:22:59:ba:2b:6d:a8:e6:
                    64:e3:03:4e:51:71:5b:c2:4a:9e:d2:54:b2:3e:ab:
                    3b:c0:e2:69:52:2a:4d:e5:42:23:0d:c8:d7:3e:8b:
                    f4:87:fb:2e:ae:aa:05:1a:ef:3f:12:2a:00:b2:b6:
                    e3:f3:1b:8c:f0:7b:92:db:d5:6c:c6:e3:2e:c2:30:
                    9c:90:64:81:bf:51:59:36:5a:55:b4:52:c7:cc:ba:
                    1b:d8:87:f7:6c:e2:32:eb:d1:bb:4e:7b:81:1b:0e:
                    b4:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:F2:9E:37:C6:78:2E:C3:8E:F2:18:3A:CC:19:79:33:03:58:EF:10
            X509v3 Authority Key Identifier:
                keyid:65:CF:99:96:2F:98:9F:7B:73:3D:A7:AA:70:EA:F9:E4:10:52:AE:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zc-Zli-Yn3tzPaeqcOr55BBSrhk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/a52b04-efb0-415b-9b1a-409ea1208926/1/AfKeN8Z4LsOO8hg6zBl5MwNY7xA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/a52b04-efb0-415b-9b1a-409ea1208926/1/Zc-Zli-Yn3tzPaeqcOr55BBSrhk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.124.0/24
                IPv6:
                  2a10:a80::/32

    Signature Algorithm: sha256WithRSAEncryption
         b0:a2:2e:78:d9:bc:07:1f:34:64:64:a3:8b:21:93:90:23:5e:
         e1:b0:4a:d9:a9:be:9a:37:8b:16:28:b4:3c:59:8a:f5:38:e2:
         e1:f3:42:88:a5:87:62:81:ad:08:1f:0a:4b:a9:2a:ce:a4:a1:
         b7:e6:cd:a8:f2:9b:77:3d:4f:94:3d:00:96:32:76:45:2d:ae:
         23:83:bb:f4:1e:63:b6:0f:96:21:ee:e3:a1:e3:1b:12:bd:6f:
         7b:98:d0:35:5a:d9:58:ad:5f:24:92:18:50:1f:33:db:fd:e5:
         43:46:fd:cf:25:6b:0e:70:97:96:2e:9c:78:3b:d9:80:23:8b:
         6e:d8:d3:f7:69:e7:4b:1b:29:60:97:d1:ed:29:b2:9c:9f:d9:
         37:ca:5e:ed:ed:31:ca:04:69:1e:db:c7:4a:2d:bd:dd:63:0a:
         4c:eb:63:c1:c4:c9:7b:30:71:1d:92:e9:c8:74:26:0e:8d:7a:
         e3:97:84:4d:99:1d:b0:0b:82:52:22:f0:79:66:69:0a:31:6d:
         91:2a:3a:db:71:3a:d8:7a:08:81:f3:f7:95:43:7c:2c:9e:00:
         7d:70:4c:ce:bc:71:cf:7e:a8:74:aa:30:59:ca:33:f0:61:23:
         27:b4:97:39:16:ae:5e:70:7a:8d:60:b2:d5:e4:be:28:0a:0c:
         5c:6a:8d:5d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGS3fWFXd3RD7Ah61/wXMHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1Y2Y5OTk2MmY5ODlmN2I3MzNkYTdhYTcwZWFmOWU0MTA1
MmFlMTkwHhcNMjQwMTAxMTgzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWYyOWUzN2M2NzgyZWMzOGVmMjE4M2FjYzE5NzkzMzAzNThlZjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXhr5R9JKogkSRXY4c8L3jGiWN1Q
uCtFRCYWm0y3eoe6Qe4KpRIfeL/0gDneTbA2Pp1xBWraEz2llcXjAihQ0O1w0Mx1
IQTjWmxuagxyPzE1BtiF/l+6c8c3PdMT7if088c7El9bUFpW7wxN/D+SzctP+D4V
BFbnoYNmWv685IL4y5c3VGvociNNYg38KBNAZ2FOCjJICzLVdRl4ISJZuittqOZk
4wNOUXFbwkqe0lSyPqs7wOJpUipN5UIjDcjXPov0h/surqoFGu8/EioAsrbj8xuM
8HuS29VsxuMuwjCckGSBv1FZNlpVtFLHzLob2If3bOIy69G7TnuBGw60NwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAHynjfGeC7DjvIYOswZeTMDWO8QMB8GA1UdIwQY
MBaAFGXPmZYvmJ97cz2nqnDq+eQQUq4ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmMtWmxpLVluM3R6UGFlcWNPcjU1QkJTcmhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9hNTJiMDQtZWZiMC00MTViLTliMWEt
NDA5ZWExMjA4OTI2LzEvQWZLZU44WjRMc09POGhnNnpCbDVNd05ZN3hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9hNTJiMDQtZWZiMC00MTViLTliMWEtNDA5ZWExMjA4OTI2
LzEvWmMtWmxpLVluM3R6UGFlcWNPcjU1QkJTcmhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwSF8MA0E
AgACMAcDBQAqEAqAMA0GCSqGSIb3DQEBCwUAA4IBAQCwoi542bwHHzRkZKOLIZOQ
I17hsErZqb6aN4sWKLQ8WYr1OOLh80KIpYdiga0IHwpLqSrOpKG35s2o8pt3PU+U
PQCWMnZFLa4jg7v0HmO2D5Yh7uOh4xsSvW97mNA1WtlYrV8kkhhQHzPb/eVDRv3P
JWsOcJeWLpx4O9mAI4tu2NP3aedLGylgl9HtKbKcn9k3yl7t7THKBGke28dKLb3d
YwpM62PBxMl7MHEdkunIdCYOjXrjl4RNmR2wC4JSIvB5ZmkKMW2RKjrbcTrYegiB
8/eVQ3wsngB9cEzOvHHPfqh0qjBZyjPwYSMntJc5Fq5ecHqNYLLV5L4oCgxcao1d
-----END CERTIFICATE-----