Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/akd-bNVv3oBkHdFToOVaII9HwcY.roa
File:                     akd-bNVv3oBkHdFToOVaII9HwcY.roa (raw, json)
Hash identifier:          3OyCJDeCG09EcvDR7NLQx2djKqJQR+AQOOvxe8+7c3c=
Subject key identifier:   6A:47:7E:6C:D5:6F:DE:80:64:1D:D1:53:A0:E5:5A:20:8F:47:C1:C6
Certificate issuer:       /CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
Certificate serial:       0192C0155773E1EE850E189C52A9D3FC2C83
Authority key identifier: FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/akd-bNVv3oBkHdFToOVaII9HwcY.roa
Signing time:             Thu 24 Oct 2024 19:51:17 +0000
ROA not before:           Thu 24 Oct 2024 19:51:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.49.104.0/24 maxlen: 24
                          185.49.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c0:15:57:73:e1:ee:85:0e:18:9c:52:a9:d3:fc:2c:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
        Validity
            Not Before: Oct 24 19:51:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a477e6cd56fde80641dd153a0e55a208f47c1c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d6:1d:48:90:55:0d:ca:2f:72:21:65:81:9d:
                    e8:ef:a6:10:7c:87:7d:62:ff:be:72:f7:52:f1:38:
                    4b:14:a6:46:a9:b5:63:10:bf:b5:d4:ca:25:75:a6:
                    37:70:4c:31:cd:de:fe:50:ea:5f:fa:48:ae:21:93:
                    8e:72:ad:e1:98:70:69:01:54:cf:0f:eb:ce:8c:58:
                    ed:b6:0e:9d:a1:b9:51:11:24:0f:38:0d:e6:2e:71:
                    64:0d:f7:4d:43:8b:af:59:6d:fa:0f:81:15:36:9f:
                    b6:12:9e:48:70:04:cb:ab:1b:63:6a:fc:7e:86:6b:
                    1a:de:3b:64:cd:6a:63:07:dc:37:e5:28:b4:81:d7:
                    44:14:c1:e1:9e:46:c7:41:cd:e3:2a:20:85:b8:03:
                    74:c9:0c:8e:c9:b7:8e:91:47:83:65:12:0b:90:cd:
                    f1:65:95:41:92:51:2d:a5:8c:19:2c:16:21:8f:8c:
                    11:a6:20:1e:c7:d3:60:ca:82:33:52:cc:0f:3e:ab:
                    a2:96:dc:6e:fe:29:08:47:c7:02:8b:85:ff:bf:00:
                    74:99:79:ce:da:09:49:d4:9c:e0:e6:00:57:27:7f:
                    56:f0:1d:d8:a4:32:21:1f:8b:4a:52:e6:93:74:d3:
                    e9:a6:48:29:0f:c6:ca:3c:58:9b:76:84:ae:46:49:
                    0a:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:47:7E:6C:D5:6F:DE:80:64:1D:D1:53:A0:E5:5A:20:8F:47:C1:C6
            X509v3 Authority Key Identifier:
                keyid:FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/akd-bNVv3oBkHdFToOVaII9HwcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:f0:35:bc:2d:e4:9e:a4:ed:eb:cf:c4:4e:a2:b6:54:8c:75:
         dc:d7:c7:1e:3b:bc:9e:20:9c:2b:0f:ff:78:2e:17:bf:b5:59:
         9b:71:42:21:06:18:f4:81:44:3d:5d:8f:48:f7:7d:c5:17:75:
         8e:48:9f:d4:a7:f4:78:c3:38:46:04:6a:48:da:38:d8:e0:f2:
         13:06:ab:59:82:99:05:bb:d9:6e:51:d4:5e:ea:ae:d3:77:28:
         be:46:15:06:ab:f9:67:be:cb:7f:cd:7d:40:52:73:d4:e0:e8:
         90:98:94:c4:41:d9:37:06:38:38:81:2b:e5:23:9c:33:45:f7:
         6b:d7:db:11:ac:ec:03:54:ec:d0:54:bb:17:5e:c7:c1:62:b6:
         33:d7:91:76:39:16:79:ef:4f:2c:a4:33:f8:49:1a:5e:b4:64:
         f2:f3:b0:c6:78:07:12:ea:5c:da:2f:62:9f:93:7a:62:e4:ea:
         f3:bc:2d:82:fc:37:ad:ac:23:d0:1a:b5:6e:f9:01:85:fc:dc:
         9f:a1:22:b7:08:3a:bd:8f:b0:1d:62:73:ec:8a:ad:72:eb:ba:
         e2:ee:d7:6b:66:87:75:fb:b2:92:77:a4:f0:24:62:1c:95:e3:
         d6:65:60:3d:f6:ee:12:16:31:27:e0:6b:f9:55:54:3e:5d:0c:
         65:6c:fd:c3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZLAFVdz4e6FDhicUqnT/CyDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhM2QwYmMxMWIyOWRhNDRhZDU3MzA0YzNmODU2ODg3MGEw
MTljMjQwHhcNMjQxMDI0MTk1MTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTQ3N2U2Y2Q1NmZkZTgwNjQxZGQxNTNhMGU1NWEyMDhmNDdjMWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdYdSJBVDcovciFlgZ3o76YQfId9
Yv++cvdS8ThLFKZGqbVjEL+11MoldaY3cEwxzd7+UOpf+kiuIZOOcq3hmHBpAVTP
D+vOjFjttg6doblRESQPOA3mLnFkDfdNQ4uvWW36D4EVNp+2Ep5IcATLqxtjavx+
hmsa3jtkzWpjB9w35Si0gddEFMHhnkbHQc3jKiCFuAN0yQyOybeOkUeDZRILkM3x
ZZVBklEtpYwZLBYhj4wRpiAex9NgyoIzUswPPquiltxu/ikIR8cCi4X/vwB0mXnO
2glJ1Jzg5gBXJ39W8B3YpDIhH4tKUuaTdNPppkgpD8bKPFibdoSuRkkKHQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGpHfmzVb96AZB3RU6DlWiCPR8HGMB8GA1UdIwQY
MBaAFPo9C8EbKdpErVcwTD+FaIcKAZwkMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1qMEx3UnNwMmtTdFZ6Qk1QNFZvaHdvQm5DUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1
LWQyMTA3MWVmNzM1Yi8xL2FrZC1iTlZ2M29Ca0hkRlRvT1ZhSUk5SHdjWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1LWQyMTA3MWVmNzM1
Yi8xLzEtajBMd1JzcDJrU3RWekJNUDRWb2h3b0JuQ1EuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAG5MWgw
DQYJKoZIhvcNAQELBQADggEBAGLwNbwt5J6k7evPxE6itlSMddzXxx47vJ4gnCsP
/3guF7+1WZtxQiEGGPSBRD1dj0j3fcUXdY5In9Sn9HjDOEYEakjaONjg8hMGq1mC
mQW72W5R1F7qrtN3KL5GFQar+We+y3/NfUBSc9Tg6JCYlMRB2TcGODiBK+UjnDNF
92vX2xGs7ANU7NBUuxdex8FitjPXkXY5FnnvTyykM/hJGl60ZPLzsMZ4BxLqXNov
Yp+TemLk6vO8LYL8N62sI9AatW75AYX83J+hIrcIOr2PsB1ic+yKrXLruuLu12tm
h3X7spJ3pPAkYhyV49ZlYD327hIWMSfga/lVVD5dDGVs/cM=
-----END CERTIFICATE-----