Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/fIjDjyLqM8cF2KeOfOqKRaDUG4U.roa
File:                     fIjDjyLqM8cF2KeOfOqKRaDUG4U.roa (raw, json)
Hash identifier:          GfndL3IKaUV7l5CzQzQ1kyPGUXTqH2lmj13eHVTzGt4=
Subject key identifier:   7C:88:C3:8F:22:EA:33:C7:05:D8:A7:8E:7C:EA:8A:45:A0:D4:1B:85
Certificate issuer:       /CN=c398060f1bf22f0999cb071b1b42696dbc43e10c
Certificate serial:       01916987A471A74714FA4A569DCF5D71D6FC
Authority key identifier: C3:98:06:0F:1B:F2:2F:09:99:CB:07:1B:1B:42:69:6D:BC:43:E1:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/fIjDjyLqM8cF2KeOfOqKRaDUG4U.roa
Signing time:             Mon 19 Aug 2024 07:26:22 +0000
ROA not before:           Mon 19 Aug 2024 07:26:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        62.132.26.0/23 maxlen: 23
                          194.45.24.0/23 maxlen: 23
                          2001:698::/47 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:69:87:a4:71:a7:47:14:fa:4a:56:9d:cf:5d:71:d6:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c398060f1bf22f0999cb071b1b42696dbc43e10c
        Validity
            Not Before: Aug 19 07:26:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c88c38f22ea33c705d8a78e7cea8a45a0d41b85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ee:4b:63:a7:3d:81:b7:55:10:db:42:3f:3b:
                    17:7f:ff:a5:2a:15:7b:97:0b:3c:4d:3c:17:be:73:
                    8f:a9:a8:34:82:c4:c2:85:01:0f:3d:82:0d:ef:d2:
                    4d:d0:1f:f9:c5:fe:21:dc:8d:57:36:ef:ec:cb:d6:
                    e6:a9:91:87:9d:e4:7b:50:0a:8c:32:40:b0:d2:aa:
                    c4:51:b6:8b:37:85:7e:06:6c:37:01:62:4d:5a:1b:
                    af:7a:63:d4:84:18:6d:18:72:4b:79:db:52:e4:97:
                    f2:85:7c:9a:7a:37:4d:6b:08:e2:60:82:6e:df:9a:
                    71:72:a0:36:b7:1a:3f:94:50:5e:91:17:cc:ce:5b:
                    d1:1b:67:c1:91:52:99:b6:13:03:23:a5:b5:23:b8:
                    c9:eb:31:6b:77:1b:07:fb:3b:ca:38:e1:4a:d6:3c:
                    cf:78:b2:fd:9c:42:22:d7:5b:4f:36:ba:56:7c:86:
                    19:1f:3a:4b:77:c7:ca:47:db:bd:52:5e:42:9c:15:
                    f8:90:ba:06:88:f8:3e:5a:3d:1c:08:a4:f0:f3:3b:
                    50:15:fc:ed:d5:4c:01:4a:ad:f0:b5:69:85:6d:9c:
                    78:0c:41:27:c3:3d:82:3b:64:e6:dd:db:c0:a0:8f:
                    c8:29:ae:bb:8d:a0:da:a3:d1:dd:ef:2b:f5:b9:ab:
                    86:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:88:C3:8F:22:EA:33:C7:05:D8:A7:8E:7C:EA:8A:45:A0:D4:1B:85
            X509v3 Authority Key Identifier:
                keyid:C3:98:06:0F:1B:F2:2F:09:99:CB:07:1B:1B:42:69:6D:BC:43:E1:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/fIjDjyLqM8cF2KeOfOqKRaDUG4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.132.26.0/23
                  194.45.24.0/23
                IPv6:
                  2001:698::/47

    Signature Algorithm: sha256WithRSAEncryption
         03:6e:c7:a3:45:83:a4:62:43:1d:2f:51:1d:fe:2e:ab:3b:40:
         0a:a8:0b:48:a6:39:94:6f:b7:c3:1c:ed:0b:54:a6:e5:8e:c0:
         f3:f4:a8:67:d2:91:d4:50:e0:76:2e:ce:c8:93:ac:2e:39:06:
         dd:bc:77:63:d8:38:35:46:d0:5b:bb:98:e9:52:58:ff:cd:eb:
         62:93:a0:e7:b7:42:a9:a0:8d:d7:60:e7:04:20:f4:28:a1:10:
         e7:f9:2a:98:38:b6:33:06:b0:67:df:0e:66:57:54:b4:6f:7a:
         ee:3b:6e:99:a0:13:83:73:64:b3:1a:13:d0:25:2e:ce:73:e9:
         75:a3:66:15:dc:36:d9:0d:62:ae:b7:a5:91:4a:1a:88:9e:e4:
         34:fd:30:3e:e7:cf:29:a7:9c:d0:33:2c:00:3e:bd:7f:b9:57:
         98:5b:85:e8:e4:9b:01:d2:73:3b:91:d1:b6:da:41:88:c7:14:
         12:3e:d0:8b:46:93:28:a1:05:23:83:f2:73:26:ee:22:02:a7:
         d1:26:d7:f5:5e:40:a1:a6:ae:32:09:c7:36:fd:38:f4:37:78:
         51:e8:81:44:5c:89:7e:66:e6:a8:a6:60:93:e6:63:51:28:56:
         8f:c2:57:31:5f:ec:f2:21:47:8a:91:48:9d:f6:de:6f:89:86:
         be:21:72:80
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZFph6Rxp0cU+kpWnc9dcdb8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzOTgwNjBmMWJmMjJmMDk5OWNiMDcxYjFiNDI2OTZkYmM0
M2UxMGMwHhcNMjQwODE5MDcyNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yzg4YzM4ZjIyZWEzM2M3MDVkOGE3OGU3Y2VhOGE0NWEwZDQxYjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+5LY6c9gbdVENtCPzsXf/+lKhV7
lws8TTwXvnOPqag0gsTChQEPPYIN79JN0B/5xf4h3I1XNu/sy9bmqZGHneR7UAqM
MkCw0qrEUbaLN4V+Bmw3AWJNWhuvemPUhBhtGHJLedtS5JfyhXyaejdNawjiYIJu
35pxcqA2txo/lFBekRfMzlvRG2fBkVKZthMDI6W1I7jJ6zFrdxsH+zvKOOFK1jzP
eLL9nEIi11tPNrpWfIYZHzpLd8fKR9u9Ul5CnBX4kLoGiPg+Wj0cCKTw8ztQFfzt
1UwBSq3wtWmFbZx4DEEnwz2CO2Tm3dvAoI/IKa67jaDao9Hd7yv1uauG1QIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFHyIw48i6jPHBdinjnzqikWg1BuFMB8GA1UdIwQY
MBaAFMOYBg8b8i8JmcsHGxtCaW28Q+EMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzVnR0R4dnlMd21aeXdjYkcwSnBiYnhENFF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8zYmZjMzEtZGMzMi00NTQxLTg0NjAt
YzkyN2I4YzJjN2M0LzEvZklqRGp5THFNOGNGMktlT2ZPcUtSYURVRzRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8zYmZjMzEtZGMzMi00NTQxLTg0NjAtYzkyN2I4YzJjN2M0
LzEvdzVnR0R4dnlMd21aeXdjYkcwSnBiYnhENFF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBPoQaAwQB
wi0YMA8EAgACMAkDBwEgAQaYAAAwDQYJKoZIhvcNAQELBQADggEBAANux6NFg6Ri
Qx0vUR3+Lqs7QAqoC0imOZRvt8Mc7QtUpuWOwPP0qGfSkdRQ4HYuzsiTrC45Bt28
d2PYODVG0Fu7mOlSWP/N62KToOe3Qqmgjddg5wQg9CihEOf5Kpg4tjMGsGffDmZX
VLRveu47bpmgE4NzZLMaE9AlLs5z6XWjZhXcNtkNYq63pZFKGoie5DT9MD7nzymn
nNAzLAA+vX+5V5hbhejkmwHSczuR0bbaQYjHFBI+0ItGkyihBSOD8nMm7iICp9Em
1/VeQKGmrjIJxzb9OPQ3eFHogURciX5m5qimYJPmY1EoVo/CVzFf7PIhR4qRSJ32
3m+Jhr4hcoA=
-----END CERTIFICATE-----