Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/FnxhJQ5jd2jBoCiaTZ0_b7pYcn4.roa
File:                     FnxhJQ5jd2jBoCiaTZ0_b7pYcn4.roa (raw, json)
Hash identifier:          YbjDITXwnNkMY1d8iM5sg8TPIw1q/oeZDc75wOKQiOE=
Subject key identifier:   16:7C:61:25:0E:63:77:68:C1:A0:28:9A:4D:9D:3F:6F:BA:58:72:7E
Certificate issuer:       /CN=dc7821e1bcbf6e074ea4814aaa5c63e3ba813c5f
Certificate serial:       019421B1BB44FF3A4F3EED18471084128C0F
Authority key identifier: DC:78:21:E1:BC:BF:6E:07:4E:A4:81:4A:AA:5C:63:E3:BA:81:3C:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/FnxhJQ5jd2jBoCiaTZ0_b7pYcn4.roa
Signing time:             Wed 01 Jan 2025 11:48:03 +0000
ROA not before:           Wed 01 Jan 2025 11:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48955
IP address blocks:        2.59.12.0/24 maxlen: 24
                          2.59.15.0/24 maxlen: 24
                          91.196.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:bb:44:ff:3a:4f:3e:ed:18:47:10:84:12:8c:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc7821e1bcbf6e074ea4814aaa5c63e3ba813c5f
        Validity
            Not Before: Jan  1 11:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=167c61250e637768c1a0289a4d9d3f6fba58727e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:b5:fa:26:a5:ff:71:44:a7:18:d7:60:53:0e:
                    11:28:14:fb:b6:b3:3b:91:fe:1e:af:97:09:dd:4e:
                    d7:1f:f3:6a:6a:b7:d2:bf:e6:8f:f0:7f:cb:2d:74:
                    32:b8:98:ed:14:9c:e6:3c:f4:88:9d:8d:44:3a:98:
                    ac:48:73:75:76:a1:b2:a1:ef:dd:69:d2:38:33:76:
                    6f:af:8b:9b:0c:36:87:39:6c:bf:65:3a:26:19:56:
                    d5:3d:4c:37:c2:1b:e3:74:b5:49:d7:c9:e4:84:e9:
                    6b:bf:4a:4b:78:15:3c:5f:f5:38:c3:5f:e3:a1:13:
                    6f:e5:db:4b:f6:f3:1d:37:80:31:b4:85:cc:81:e3:
                    53:7f:52:10:d8:fe:26:23:57:4b:af:59:44:65:6c:
                    ef:d0:59:fa:42:5b:11:23:30:1c:67:11:03:1c:35:
                    ca:c9:e0:3d:c6:14:c4:17:9c:e6:9c:b4:b0:95:94:
                    dd:fd:cf:dd:ab:b9:33:24:1f:bc:0b:a1:21:17:53:
                    d3:cb:79:da:bc:c0:7c:dc:c3:dc:c0:71:57:44:74:
                    0f:5e:60:3d:44:78:ed:8b:6d:dd:56:83:6b:9e:fd:
                    a1:6e:04:11:3a:d9:ec:35:48:a8:9b:3b:22:c4:86:
                    1a:5f:e6:80:f4:c0:a9:b2:d1:33:46:b9:10:04:de:
                    d1:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:7C:61:25:0E:63:77:68:C1:A0:28:9A:4D:9D:3F:6F:BA:58:72:7E
            X509v3 Authority Key Identifier:
                keyid:DC:78:21:E1:BC:BF:6E:07:4E:A4:81:4A:AA:5C:63:E3:BA:81:3C:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/FnxhJQ5jd2jBoCiaTZ0_b7pYcn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.12.0/24
                  2.59.15.0/24
                  91.196.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:91:ca:18:30:ec:b7:5f:cd:2a:71:da:14:f9:94:1e:79:c0:
         b5:f8:b9:1d:37:a7:81:4e:80:69:d8:de:b2:32:16:96:b6:c2:
         81:8d:44:4c:51:85:01:40:a5:6f:a8:69:85:83:d1:dc:ed:94:
         20:48:31:c4:24:bc:17:60:13:50:23:ee:80:b4:f3:54:7f:af:
         6c:5f:c3:08:44:5d:70:95:40:eb:cd:fd:83:92:11:ea:b5:cc:
         bc:9b:9b:c3:b1:69:35:17:68:25:1e:f2:9d:82:c9:ca:d2:c6:
         52:f2:05:a7:c4:c8:b5:67:9e:48:b5:0d:58:f4:fa:4f:c8:06:
         62:f6:3d:ae:1f:43:23:8b:58:92:dc:2a:79:d9:e7:bb:33:33:
         77:e0:12:19:53:4e:4e:00:47:72:3a:66:4b:12:d8:47:70:62:
         3c:ab:d8:0c:5e:09:bd:30:fb:b2:51:38:26:59:bf:f4:a1:2c:
         a3:f6:30:2a:fe:ad:7d:e1:b4:27:02:73:55:59:5f:c2:0a:3a:
         b2:9b:d4:96:1f:1c:d3:8f:ac:cc:17:84:d4:2e:56:fc:cd:7c:
         ef:87:a9:33:61:69:91:f4:12:88:1a:ae:4c:40:26:26:02:86:
         f5:db:c7:75:5a:57:40:21:f7:99:51:d5:59:af:39:14:82:9e:
         57:b8:85:ea
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhsbtE/zpPPu0YRxCEEowPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNzgyMWUxYmNiZjZlMDc0ZWE0ODE0YWFhNWM2M2UzYmE4
MTNjNWYwHhcNMjUwMTAxMTE0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjdjNjEyNTBlNjM3NzY4YzFhMDI4OWE0ZDlkM2Y2ZmJhNTg3MjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1bX6JqX/cUSnGNdgUw4RKBT7trM7
kf4er5cJ3U7XH/NqarfSv+aP8H/LLXQyuJjtFJzmPPSInY1EOpisSHN1dqGyoe/d
adI4M3Zvr4ubDDaHOWy/ZTomGVbVPUw3whvjdLVJ18nkhOlrv0pLeBU8X/U4w1/j
oRNv5dtL9vMdN4AxtIXMgeNTf1IQ2P4mI1dLr1lEZWzv0Fn6QlsRIzAcZxEDHDXK
yeA9xhTEF5zmnLSwlZTd/c/dq7kzJB+8C6EhF1PTy3navMB83MPcwHFXRHQPXmA9
RHjti23dVoNrnv2hbgQROtnsNUiomzsixIYaX+aA9MCpstEzRrkQBN7R+QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBZ8YSUOY3dowaAomk2dP2+6WHJ+MB8GA1UdIwQY
MBaAFNx4IeG8v24HTqSBSqpcY+O6gTxfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0hnaDRieV9iZ2RPcElGS3FseGo0N3FCUEY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC85ZGFmZjQtZjE1OC00ODBmLWI0MWYt
ZDQ4YjQyZWYxNTliLzEvRm54aEpRNWpkMmpCb0NpYVRaMF9iN3BZY240LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC85ZGFmZjQtZjE1OC00ODBmLWI0MWYtZDQ4YjQyZWYxNTli
LzEvM0hnaDRieV9iZ2RPcElGS3FseGo0N3FCUEY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAAjsMAwQA
AjsPAwQAW8SaMA0GCSqGSIb3DQEBCwUAA4IBAQCHkcoYMOy3X80qcdoU+ZQeecC1
+LkdN6eBToBp2N6yMhaWtsKBjURMUYUBQKVvqGmFg9Hc7ZQgSDHEJLwXYBNQI+6A
tPNUf69sX8MIRF1wlUDrzf2DkhHqtcy8m5vDsWk1F2glHvKdgsnK0sZS8gWnxMi1
Z55ItQ1Y9PpPyAZi9j2uH0Mji1iS3Cp52ee7MzN34BIZU05OAEdyOmZLEthHcGI8
q9gMXgm9MPuyUTgmWb/0oSyj9jAq/q194bQnAnNVWV/CCjqym9SWHxzTj6zMF4TU
Llb8zXzvh6kzYWmR9BKIGq5MQCYmAob128d1WldAIfeZUdVZrzkUgp5XuIXq
-----END CERTIFICATE-----