Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ForYvpbwLn5b1yZojNsLhgH8HN8.roa
File:                     ForYvpbwLn5b1yZojNsLhgH8HN8.roa (raw, json)
Hash identifier:          5zMAjIIOzYbiRdAOowKn0I4pibnDguUT85UGlngZZDk=
Subject key identifier:   16:8A:D8:BE:96:F0:2E:7E:5B:D7:26:68:8C:DB:0B:86:01:FC:1C:DF
Certificate issuer:       /CN=9dc28ae9937ff7e49ec4f1234e53d8b9dd694541
Certificate serial:       019175F9ADD8DB4DB4C59792AA48D130548E
Authority key identifier: 9D:C2:8A:E9:93:7F:F7:E4:9E:C4:F1:23:4E:53:D8:B9:DD:69:45:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ncKK6ZN_9-SexPEjTlPYud1pRUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ForYvpbwLn5b1yZojNsLhgH8HN8.roa
Signing time:             Wed 21 Aug 2024 17:26:22 +0000
ROA not before:           Wed 21 Aug 2024 17:26:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39855
IP address blocks:        62.68.69.0/24 maxlen: 24
                          91.221.80.0/24 maxlen: 24
                          185.83.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ncKK6ZN_9-SexPEjTlPYud1pRUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ncKK6ZN_9-SexPEjTlPYud1pRUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ncKK6ZN_9-SexPEjTlPYud1pRUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:75:f9:ad:d8:db:4d:b4:c5:97:92:aa:48:d1:30:54:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dc28ae9937ff7e49ec4f1234e53d8b9dd694541
        Validity
            Not Before: Aug 21 17:26:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=168ad8be96f02e7e5bd726688cdb0b8601fc1cdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:97:a6:d6:71:ba:ac:61:a7:61:96:20:70:82:
                    b1:88:70:40:c0:fe:b3:71:a5:ff:dc:7e:77:3e:c4:
                    ef:0f:83:26:79:ca:9d:e5:da:35:ac:08:69:7e:0f:
                    bf:69:de:e6:4e:57:2a:6c:cc:c6:9a:c2:dd:e5:1c:
                    9a:fd:78:50:f0:09:51:e9:a1:6f:a8:09:5a:f2:48:
                    9b:c4:99:89:6d:21:a1:9b:07:f1:05:3c:c0:99:de:
                    8f:fe:46:7b:61:0e:97:4c:e6:69:36:b5:9f:8e:f4:
                    24:3a:1c:1a:ff:69:c4:7d:89:13:c0:59:42:4b:58:
                    fe:db:e6:0c:6e:47:4c:1d:09:a7:75:b7:36:13:c9:
                    10:fb:37:f7:a5:b1:84:12:6c:3c:e7:a4:9c:6c:39:
                    fb:f9:95:50:e2:c4:62:34:96:54:ff:f8:b7:1e:ba:
                    3d:ec:1d:60:e4:c7:50:95:f5:53:c0:bc:c1:7a:73:
                    63:b2:7d:4c:bd:e4:e3:4b:35:e9:ee:ac:4d:62:d2:
                    ce:d4:a7:60:8f:ea:77:4c:14:71:f2:40:32:ea:c0:
                    ac:04:16:69:27:91:64:25:68:37:dc:22:82:5f:87:
                    af:a0:c6:a0:68:16:2a:0e:eb:92:80:2d:35:9a:2f:
                    3e:ff:32:09:6c:c4:e7:da:dd:dd:f4:1b:26:b4:70:
                    0c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:8A:D8:BE:96:F0:2E:7E:5B:D7:26:68:8C:DB:0B:86:01:FC:1C:DF
            X509v3 Authority Key Identifier:
                keyid:9D:C2:8A:E9:93:7F:F7:E4:9E:C4:F1:23:4E:53:D8:B9:DD:69:45:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ncKK6ZN_9-SexPEjTlPYud1pRUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ForYvpbwLn5b1yZojNsLhgH8HN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ncKK6ZN_9-SexPEjTlPYud1pRUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.69.0/24
                  91.221.80.0/24
                  185.83.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:80:18:73:cd:e7:33:c5:17:31:54:8e:b0:c5:43:c7:0e:98:
         99:d3:5d:c7:d6:41:36:dd:ed:18:f9:05:23:6f:ec:08:f1:8f:
         51:ad:57:31:7c:20:87:63:f6:36:bd:22:4a:ee:51:0b:8a:a2:
         3b:a4:21:dc:04:a6:bc:e6:12:2a:3e:e7:f8:44:16:80:3e:e2:
         42:03:19:82:6a:35:e2:ea:a8:de:f0:bb:06:2a:0d:04:c2:29:
         ca:a1:cb:e7:90:53:71:a4:16:5a:4d:d7:53:4d:c4:9c:27:57:
         01:a2:0d:4a:51:73:15:1a:f6:ec:87:a8:f1:be:d5:33:27:6c:
         06:9b:c8:ce:3e:5d:9b:0e:12:8e:50:21:76:11:8f:bd:c6:5a:
         0d:00:41:65:47:ac:bc:d7:61:ce:be:c9:47:73:56:1b:6f:f7:
         c6:4e:70:37:14:21:ed:21:8a:47:45:4f:03:3c:43:2e:23:e8:
         ca:48:97:5c:79:30:27:44:42:2d:87:da:9d:d7:24:28:e0:eb:
         60:14:bc:58:0b:f8:f7:af:d6:f5:d9:32:90:12:5d:a7:e5:05:
         c0:84:20:6a:11:fa:af:2b:17:4c:5d:75:b5:a8:3b:d6:32:1c:
         c7:c9:c0:33:8b:ae:b2:64:f0:de:b7:b4:89:0d:61:73:62:da:
         e0:50:5c:dc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZF1+a3Y2020xZeSqkjRMFSOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYzI4YWU5OTM3ZmY3ZTQ5ZWM0ZjEyMzRlNTNkOGI5ZGQ2
OTQ1NDEwHhcNMjQwODIxMTcyNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjhhZDhiZTk2ZjAyZTdlNWJkNzI2Njg4Y2RiMGI4NjAxZmMxY2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5em1nG6rGGnYZYgcIKxiHBAwP6z
caX/3H53PsTvD4Mmecqd5do1rAhpfg+/ad7mTlcqbMzGmsLd5Rya/XhQ8AlR6aFv
qAla8kibxJmJbSGhmwfxBTzAmd6P/kZ7YQ6XTOZpNrWfjvQkOhwa/2nEfYkTwFlC
S1j+2+YMbkdMHQmndbc2E8kQ+zf3pbGEEmw856ScbDn7+ZVQ4sRiNJZU//i3Hro9
7B1g5MdQlfVTwLzBenNjsn1MveTjSzXp7qxNYtLO1Kdgj+p3TBRx8kAy6sCsBBZp
J5FkJWg33CKCX4evoMagaBYqDuuSgC01mi8+/zIJbMTn2t3d9BsmtHAMhQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBaK2L6W8C5+W9cmaIzbC4YB/BzfMB8GA1UdIwQY
MBaAFJ3CiumTf/fknsTxI05T2LndaUVBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmNLSzZaTl85LVNleFBFalRsUFl1ZDFwUlVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9jMDMzMGMtOTg3Mi00YWM2LWEyMmMt
MTkyY2JkMDhkYjUxLzEvRm9yWXZwYndMbjViMXlab2pOc0xoZ0g4SE44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9jMDMzMGMtOTg3Mi00YWM2LWEyMmMtMTkyY2JkMDhkYjUx
LzEvbmNLSzZaTl85LVNleFBFalRsUFl1ZDFwUlVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPkRFAwQA
W91QAwQAuVPmMA0GCSqGSIb3DQEBCwUAA4IBAQB6gBhzzeczxRcxVI6wxUPHDpiZ
013H1kE23e0Y+QUjb+wI8Y9RrVcxfCCHY/Y2vSJK7lELiqI7pCHcBKa85hIqPuf4
RBaAPuJCAxmCajXi6qje8LsGKg0EwinKocvnkFNxpBZaTddTTcScJ1cBog1KUXMV
Gvbsh6jxvtUzJ2wGm8jOPl2bDhKOUCF2EY+9xloNAEFlR6y812HOvslHc1Ybb/fG
TnA3FCHtIYpHRU8DPEMuI+jKSJdceTAnREIth9qd1yQo4OtgFLxYC/j3r9b12TKQ
El2n5QXAhCBqEfqvKxdMXXW1qDvWMhzHycAzi66yZPDet7SJDWFzYtrgUFzc
-----END CERTIFICATE-----