Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/Pf65Xm5UxWEgF3DLl0yo1LB-aeY.roa
File:                     Pf65Xm5UxWEgF3DLl0yo1LB-aeY.roa (raw, json)
Hash identifier:          uIDlpfgw5wCHmcIYrlMGw5EZa0bOb2z4NiNl0Hovucc=
Subject key identifier:   3D:FE:B9:5E:6E:54:C5:61:20:17:70:CB:97:4C:A8:D4:B0:7E:69:E6
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       01932A7A96F1D5A57CB28C260043E73C5CF7
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/Pf65Xm5UxWEgF3DLl0yo1LB-aeY.roa
Signing time:             Thu 14 Nov 2024 11:41:37 +0000
ROA not before:           Thu 14 Nov 2024 11:41:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44667
IP address blocks:        158.41.0.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2a:7a:96:f1:d5:a5:7c:b2:8c:26:00:43:e7:3c:5c:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Nov 14 11:41:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3dfeb95e6e54c561201770cb974ca8d4b07e69e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:28:93:73:03:b1:00:9e:13:dd:ce:50:4a:50:
                    a5:ba:47:25:ec:d2:a4:58:14:19:2c:db:41:5b:7b:
                    78:06:83:97:11:9a:f5:78:cb:c9:8f:b0:66:ec:b4:
                    28:6d:21:60:b3:ac:eb:e3:2e:fc:fe:a8:b9:ab:2d:
                    2c:e6:a8:b9:0b:3d:37:a9:0c:49:e5:44:d2:6a:88:
                    28:a6:fa:14:1d:d3:93:fc:7a:a2:f2:0e:7b:eb:60:
                    44:8f:44:8b:06:3a:c8:90:a8:76:63:ce:8f:6d:c4:
                    ee:86:ec:dc:83:90:b4:db:34:9b:69:d1:2d:3f:36:
                    d9:e5:e2:42:a1:d7:5d:c9:6c:a5:01:11:98:44:8d:
                    44:73:e7:9b:50:d0:aa:37:c8:3e:3f:30:c8:83:d0:
                    09:74:13:6d:19:44:81:4f:db:dc:47:e0:c0:e5:b6:
                    60:bc:5d:38:5a:ef:a6:b4:e2:54:b0:1b:1e:9b:c3:
                    05:db:d6:6d:5a:68:b7:1c:18:b3:36:d8:e3:35:05:
                    48:de:76:8e:50:9c:d4:39:ee:91:03:54:b4:8f:19:
                    df:09:18:ab:ab:12:da:15:9d:35:8b:a8:89:69:51:
                    82:e0:df:ac:54:14:19:af:ba:9e:a9:3a:55:f7:38:
                    30:b5:85:2b:9b:45:99:ed:19:9f:2f:33:b0:27:1f:
                    50:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:FE:B9:5E:6E:54:C5:61:20:17:70:CB:97:4C:A8:D4:B0:7E:69:E6
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/Pf65Xm5UxWEgF3DLl0yo1LB-aeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.41.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0b:1b:c0:26:54:f9:f0:12:44:97:9b:ef:cd:e6:5e:5b:13:fd:
         ba:0e:d4:28:3f:aa:b1:29:b8:55:fc:c0:f9:96:72:a1:d8:f0:
         84:1d:fa:d9:71:d9:ad:c1:de:7b:c4:a4:b0:83:e1:90:79:0d:
         04:f9:44:3a:42:44:02:2b:29:c1:d3:3a:f5:05:18:c7:29:1b:
         3c:0c:d9:f9:41:35:ba:97:04:b4:e2:4b:0c:4d:ea:fc:22:e2:
         d1:37:04:c7:11:5d:9c:5e:8c:27:04:40:ae:ca:c7:ac:c7:76:
         09:14:83:1c:df:7c:d4:e1:1e:3d:bf:72:5b:7f:5b:92:2c:92:
         0a:6b:f2:d5:e7:78:ca:26:30:e6:07:3a:dd:4a:3f:6f:01:c5:
         f4:35:db:1a:38:99:f8:bc:04:4c:bb:b3:be:69:9a:9a:53:86:
         d0:65:4c:86:be:82:6d:b6:66:c7:6d:f9:55:d7:10:5b:c2:e3:
         6b:d3:a0:04:1d:9a:fb:da:7e:1e:f9:0c:f7:c3:a8:0c:50:8e:
         ac:2c:ef:95:7e:70:6f:f7:e9:4c:8a:5f:24:3f:74:67:8b:03:
         35:57:19:7f:56:2c:cb:ef:cd:3e:f8:2f:9a:55:4c:8a:4b:4c:
         a0:b4:82:1d:5a:a7:ca:95:0e:29:00:02:7c:f2:a8:ef:5e:a1:
         07:25:17:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMqepbx1aV8sowmAEPnPFz3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjQxMTE0MTE0MTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGZlYjk1ZTZlNTRjNTYxMjAxNzcwY2I5NzRjYThkNGIwN2U2OWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyiTcwOxAJ4T3c5QSlClukcl7NKk
WBQZLNtBW3t4BoOXEZr1eMvJj7Bm7LQobSFgs6zr4y78/qi5qy0s5qi5Cz03qQxJ
5UTSaogopvoUHdOT/Hqi8g5762BEj0SLBjrIkKh2Y86PbcTuhuzcg5C02zSbadEt
PzbZ5eJCodddyWylARGYRI1Ec+ebUNCqN8g+PzDIg9AJdBNtGUSBT9vcR+DA5bZg
vF04Wu+mtOJUsBsem8MF29ZtWmi3HBizNtjjNQVI3naOUJzUOe6RA1S0jxnfCRir
qxLaFZ01i6iJaVGC4N+sVBQZr7qeqTpV9zgwtYUrm0WZ7RmfLzOwJx9QWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD3+uV5uVMVhIBdwy5dMqNSwfmnmMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvUGY2NVhtNVV4V0VnRjNETGwweW8xTEItYWVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEnikAMA0G
CSqGSIb3DQEBCwUAA4IBAQALG8AmVPnwEkSXm+/N5l5bE/26DtQoP6qxKbhV/MD5
lnKh2PCEHfrZcdmtwd57xKSwg+GQeQ0E+UQ6QkQCKynB0zr1BRjHKRs8DNn5QTW6
lwS04ksMTer8IuLRNwTHEV2cXownBECuysesx3YJFIMc33zU4R49v3Jbf1uSLJIK
a/LV53jKJjDmBzrdSj9vAcX0NdsaOJn4vARMu7O+aZqaU4bQZUyGvoJttmbHbflV
1xBbwuNr06AEHZr72n4e+Qz3w6gMUI6sLO+VfnBv9+lMil8kP3RniwM1Vxl/VizL
780++C+aVUyKS0ygtIIdWqfKlQ4pAAJ88qjvXqEHJRcO
-----END CERTIFICATE-----