Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/fe34d4-59b8-4324-ad27-85069125d3bf/1/CfBeVHIx6W3zSc3WYfmUZTVH6Is.roa
File:                     CfBeVHIx6W3zSc3WYfmUZTVH6Is.roa (raw, json)
Hash identifier:          YE6HC5kgSO0aCGuysepwUW9Q7cotvQMXPLRtbjiOxfM=
Subject key identifier:   09:F0:5E:54:72:31:E9:6D:F3:49:CD:D6:61:F9:94:65:35:47:E8:8B
Certificate issuer:       /CN=33f650c0a0f16515a72dea601ce9ca2d4c164993
Certificate serial:       018CC26D230E52EADDAB1DA832FFED327B9F
Authority key identifier: 33:F6:50:C0:A0:F1:65:15:A7:2D:EA:60:1C:E9:CA:2D:4C:16:49:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M_ZQwKDxZRWnLepgHOnKLUwWSZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/fe34d4-59b8-4324-ad27-85069125d3bf/1/CfBeVHIx6W3zSc3WYfmUZTVH6Is.roa
Signing time:             Mon 01 Jan 2024 00:29:41 +0000
ROA not before:           Mon 01 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48943
IP address blocks:        185.36.16.0/22 maxlen: 24
                          94.136.0.0/19 maxlen: 24
                          2a02:ab8::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/fe34d4-59b8-4324-ad27-85069125d3bf/1/M_ZQwKDxZRWnLepgHOnKLUwWSZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/fe34d4-59b8-4324-ad27-85069125d3bf/1/M_ZQwKDxZRWnLepgHOnKLUwWSZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M_ZQwKDxZRWnLepgHOnKLUwWSZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:23:0e:52:ea:dd:ab:1d:a8:32:ff:ed:32:7b:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33f650c0a0f16515a72dea601ce9ca2d4c164993
        Validity
            Not Before: Jan  1 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09f05e547231e96df349cdd661f994653547e88b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:da:f5:81:4e:ed:37:b9:db:a3:ed:f8:61:87:
                    0b:5f:5c:33:41:83:18:78:a2:bc:48:fc:db:57:b0:
                    f7:9f:9c:05:a9:8c:13:e0:96:19:7f:60:dc:96:46:
                    6d:91:0c:1a:eb:c5:b9:15:c6:8c:cb:b4:bc:85:cc:
                    c4:8c:90:af:e4:4d:5b:81:56:54:fc:09:fe:02:0f:
                    9b:be:71:97:8c:39:48:03:d2:e0:bd:0d:9d:c7:85:
                    a4:ff:b6:72:db:89:f6:e0:ee:43:07:e1:ea:b1:4f:
                    7c:d7:df:31:f2:42:93:96:43:26:6a:e4:78:13:9f:
                    a9:cd:a7:b4:18:a2:83:0c:81:5c:ef:cc:da:3e:3b:
                    b0:a4:9a:51:7e:01:80:29:5f:a1:6a:15:ad:92:5f:
                    c4:75:54:ab:46:d8:a8:e9:1b:16:a9:33:da:58:77:
                    c8:f9:f3:80:24:6b:72:b3:36:13:bb:fe:57:6b:d6:
                    ff:b3:f4:e4:50:30:e2:70:ce:c1:7c:66:16:9e:f7:
                    4c:fd:79:42:f4:40:7f:ec:e7:4b:4d:b2:af:9a:5d:
                    96:7b:6b:4e:5e:d3:82:a5:20:a4:53:0a:07:fa:3e:
                    36:d0:6a:c0:33:65:e8:f0:c8:df:4f:2c:f1:a7:c6:
                    3f:8f:b7:34:73:4b:e0:65:f8:f7:8b:58:74:ea:1d:
                    f5:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:F0:5E:54:72:31:E9:6D:F3:49:CD:D6:61:F9:94:65:35:47:E8:8B
            X509v3 Authority Key Identifier:
                keyid:33:F6:50:C0:A0:F1:65:15:A7:2D:EA:60:1C:E9:CA:2D:4C:16:49:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M_ZQwKDxZRWnLepgHOnKLUwWSZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/fe34d4-59b8-4324-ad27-85069125d3bf/1/CfBeVHIx6W3zSc3WYfmUZTVH6Is.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/fe34d4-59b8-4324-ad27-85069125d3bf/1/M_ZQwKDxZRWnLepgHOnKLUwWSZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.136.0.0/19
                  185.36.16.0/22
                IPv6:
                  2a02:ab8::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:34:ed:b5:cd:98:96:80:9a:ea:44:b7:b3:1b:6c:dd:6e:9f:
         27:85:80:30:db:75:b7:0f:1b:d8:53:37:97:5a:a5:db:b3:56:
         fe:f3:49:52:74:92:63:65:9e:56:4d:a1:16:7c:24:2c:68:04:
         17:5d:86:55:ed:21:77:28:67:97:89:0f:4d:b6:83:c4:5b:57:
         d4:6d:70:1a:39:fd:03:2f:07:62:b2:1e:6d:5c:67:66:04:82:
         8f:ad:bf:f3:d4:80:32:5c:8d:25:91:b9:cc:35:1a:f4:36:cc:
         74:2f:7c:a7:2e:9c:3f:7b:5b:08:27:ae:ba:56:60:45:13:0a:
         e7:0c:c5:b6:43:c3:5c:e0:1d:1c:c6:4f:ee:93:c5:c1:a8:7d:
         2b:4d:de:9b:b3:91:8a:66:27:1e:23:06:df:44:8f:6f:c1:43:
         d5:38:aa:de:fd:7a:fb:aa:60:74:2b:d0:fc:7b:af:9e:c3:3b:
         14:b9:e6:f7:b5:30:18:d8:9e:21:a1:3f:05:0e:13:70:94:fa:
         c8:9c:17:d2:ca:b1:19:5d:e4:3b:a3:82:85:6f:92:2d:61:e6:
         15:00:cc:07:89:d3:1c:98:29:aa:3f:63:c3:c5:b7:3e:7a:fd:
         90:20:3a:5c:82:ee:b4:2f:31:b3:76:90:0a:af:03:9c:10:a0:
         09:f1:0f:b0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzCbSMOUurdqx2oMv/tMnufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzZjY1MGMwYTBmMTY1MTVhNzJkZWE2MDFjZTljYTJkNGMx
NjQ5OTMwHhcNMjQwMTAxMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWYwNWU1NDcyMzFlOTZkZjM0OWNkZDY2MWY5OTQ2NTM1NDdlODhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodr1gU7tN7nbo+34YYcLX1wzQYMY
eKK8SPzbV7D3n5wFqYwT4JYZf2DclkZtkQwa68W5FcaMy7S8hczEjJCv5E1bgVZU
/An+Ag+bvnGXjDlIA9LgvQ2dx4Wk/7Zy24n24O5DB+HqsU98198x8kKTlkMmauR4
E5+pzae0GKKDDIFc78zaPjuwpJpRfgGAKV+hahWtkl/EdVSrRtio6RsWqTPaWHfI
+fOAJGtyszYTu/5Xa9b/s/TkUDDicM7BfGYWnvdM/XlC9EB/7OdLTbKvml2We2tO
XtOCpSCkUwoH+j420GrAM2Xo8MjfTyzxp8Y/j7c0c0vgZfj3i1h06h317QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAnwXlRyMelt80nN1mH5lGU1R+iLMB8GA1UdIwQY
MBaAFDP2UMCg8WUVpy3qYBzpyi1MFkmTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTV9aUXdLRHhaUlduTGVwZ0hPbktMVXdXU1pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9mZTM0ZDQtNTliOC00MzI0LWFkMjct
ODUwNjkxMjVkM2JmLzEvQ2ZCZVZISXg2VzN6U2MzV1lmbVVaVFZINklzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9mZTM0ZDQtNTliOC00MzI0LWFkMjctODUwNjkxMjVkM2Jm
LzEvTV9aUXdLRHhaUlduTGVwZ0hPbktMVXdXU1pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFXogAAwQC
uSQQMA0EAgACMAcDBQMqAgq4MA0GCSqGSIb3DQEBCwUAA4IBAQAMNO21zZiWgJrq
RLezG2zdbp8nhYAw23W3DxvYUzeXWqXbs1b+80lSdJJjZZ5WTaEWfCQsaAQXXYZV
7SF3KGeXiQ9NtoPEW1fUbXAaOf0DLwdish5tXGdmBIKPrb/z1IAyXI0lkbnMNRr0
Nsx0L3ynLpw/e1sIJ666VmBFEwrnDMW2Q8Nc4B0cxk/uk8XBqH0rTd6bs5GKZice
IwbfRI9vwUPVOKre/Xr7qmB0K9D8e6+ewzsUueb3tTAY2J4hoT8FDhNwlPrInBfS
yrEZXeQ7o4KFb5ItYeYVAMwHidMcmCmqP2PDxbc+ev2QIDpcgu60LzGzdpAKrwOc
EKAJ8Q+w
-----END CERTIFICATE-----