Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/52d75c-e8a0-4ec8-b00f-03586523b133/1/A19nQtZFOxb6hdPq0sE7TKb2CT0.roa
File:                     A19nQtZFOxb6hdPq0sE7TKb2CT0.roa (raw, json)
Hash identifier:          5Q5QFHOYPfpWBW61FjwinjJwn64917yhldax5HUf43o=
Subject key identifier:   03:5F:67:42:D6:45:3B:16:FA:85:D3:EA:D2:C1:3B:4C:A6:F6:09:3D
Certificate issuer:       /CN=c87474ceb85af31122ede586d4d65b0f5b4d97f0
Certificate serial:       018CC64A9DF29885BFF199620E3A453DDB1C
Authority key identifier: C8:74:74:CE:B8:5A:F3:11:22:ED:E5:86:D4:D6:5B:0F:5B:4D:97:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yHR0zrha8xEi7eWG1NZbD1tNl_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/52d75c-e8a0-4ec8-b00f-03586523b133/1/A19nQtZFOxb6hdPq0sE7TKb2CT0.roa
Signing time:             Mon 01 Jan 2024 18:30:27 +0000
ROA not before:           Mon 01 Jan 2024 18:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42000
IP address blocks:        91.103.160.0/21 maxlen: 21
                          185.160.20.0/22 maxlen: 22
                          94.124.104.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/52d75c-e8a0-4ec8-b00f-03586523b133/1/yHR0zrha8xEi7eWG1NZbD1tNl_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/52d75c-e8a0-4ec8-b00f-03586523b133/1/yHR0zrha8xEi7eWG1NZbD1tNl_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yHR0zrha8xEi7eWG1NZbD1tNl_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:9d:f2:98:85:bf:f1:99:62:0e:3a:45:3d:db:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c87474ceb85af31122ede586d4d65b0f5b4d97f0
        Validity
            Not Before: Jan  1 18:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=035f6742d6453b16fa85d3ead2c13b4ca6f6093d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e7:16:7f:aa:f6:18:33:f4:45:01:59:83:91:
                    de:40:56:6e:cb:34:78:8f:b5:a7:75:75:5a:5e:6c:
                    57:71:29:d1:6f:2e:5f:c2:07:2e:2d:c8:5d:9f:46:
                    8a:19:b0:ec:03:0e:d9:83:28:a1:d5:38:9c:98:b0:
                    96:50:55:eb:8b:a7:0b:94:08:6e:39:00:dc:3c:e0:
                    fc:8a:90:ae:cf:6c:89:74:ec:f9:18:e7:76:04:22:
                    e4:45:7b:11:b2:b3:0e:7b:43:91:84:b4:d1:52:e7:
                    ec:0c:1a:53:01:2f:55:9b:9a:b7:c0:09:27:f2:5c:
                    fe:9b:19:72:d0:bd:b7:12:e7:78:76:15:33:93:21:
                    be:15:5f:18:71:4e:a3:02:5d:97:b4:f5:e0:a4:d7:
                    08:39:03:f5:d0:8a:5c:9c:ed:f7:ac:85:55:db:f4:
                    90:ea:e9:72:8f:1b:9b:4f:0d:1b:2a:ee:a5:5a:3e:
                    81:bd:f2:80:90:ab:30:0b:b7:cd:a4:2e:46:e8:a5:
                    a7:a9:b5:65:ed:0e:fd:57:31:60:6e:da:d3:fb:36:
                    13:3d:93:f1:81:e5:68:0c:fd:72:49:32:9e:a8:6f:
                    b9:39:be:e2:b2:2a:d7:07:9f:ba:93:39:7f:03:f9:
                    eb:77:8e:66:e8:da:8a:fb:04:c7:ba:70:2d:6e:1f:
                    eb:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:5F:67:42:D6:45:3B:16:FA:85:D3:EA:D2:C1:3B:4C:A6:F6:09:3D
            X509v3 Authority Key Identifier:
                keyid:C8:74:74:CE:B8:5A:F3:11:22:ED:E5:86:D4:D6:5B:0F:5B:4D:97:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yHR0zrha8xEi7eWG1NZbD1tNl_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/52d75c-e8a0-4ec8-b00f-03586523b133/1/A19nQtZFOxb6hdPq0sE7TKb2CT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/52d75c-e8a0-4ec8-b00f-03586523b133/1/yHR0zrha8xEi7eWG1NZbD1tNl_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.160.0/21
                  94.124.104.0/21
                  185.160.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:cb:c4:a7:e0:21:0e:b2:ad:a8:cc:d6:2b:59:d8:a6:d5:1d:
         a7:ab:96:fc:eb:94:68:ae:36:1e:47:ef:47:d8:4f:f2:b7:d6:
         41:bf:60:cc:0f:1f:91:0f:e8:9f:e7:94:01:86:4b:48:b1:5f:
         6f:9e:b5:09:60:63:3b:fe:f7:71:65:03:9c:0c:83:1c:5b:01:
         45:15:0a:eb:d7:93:ba:42:6b:ad:c5:ec:d0:94:9f:b0:93:e5:
         e5:fd:44:86:38:b2:a7:05:c9:df:43:9b:f3:35:95:21:d2:ba:
         34:43:b5:40:53:47:a1:46:4c:94:d7:8c:be:7e:0c:4c:f7:c6:
         2b:f0:a6:a0:ed:7e:78:af:c0:2f:d5:94:b4:f9:15:41:46:b2:
         09:1d:89:ae:31:33:c2:be:57:07:79:d3:65:4a:13:e1:59:3d:
         d0:b2:5e:23:4e:3c:ea:34:ca:4f:b7:d4:4e:65:6f:78:6c:7f:
         16:a7:7d:14:d5:cd:0e:4a:72:66:c0:37:1a:e8:f4:82:16:c8:
         18:66:08:e4:a4:18:8c:68:e8:db:e1:f0:b4:8b:92:16:1b:1e:
         36:10:3c:dc:bc:f1:29:32:ae:56:28:76:23:c2:0a:42:a7:ce:
         3c:ac:6c:44:c2:36:4e:eb:04:54:bc:4f:08:96:a8:74:2b:c9:
         89:66:e1:4a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGSp3ymIW/8ZliDjpFPdscMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NzQ3NGNlYjg1YWYzMTEyMmVkZTU4NmQ0ZDY1YjBmNWI0
ZDk3ZjAwHhcNMjQwMTAxMTgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzVmNjc0MmQ2NDUzYjE2ZmE4NWQzZWFkMmMxM2I0Y2E2ZjYwOTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnecWf6r2GDP0RQFZg5HeQFZuyzR4
j7WndXVaXmxXcSnRby5fwgcuLchdn0aKGbDsAw7Zgyih1TicmLCWUFXri6cLlAhu
OQDcPOD8ipCuz2yJdOz5GOd2BCLkRXsRsrMOe0ORhLTRUufsDBpTAS9Vm5q3wAkn
8lz+mxly0L23Eud4dhUzkyG+FV8YcU6jAl2XtPXgpNcIOQP10IpcnO33rIVV2/SQ
6ulyjxubTw0bKu6lWj6BvfKAkKswC7fNpC5G6KWnqbVl7Q79VzFgbtrT+zYTPZPx
geVoDP1ySTKeqG+5Ob7isirXB5+6kzl/A/nrd45m6NqK+wTHunAtbh/rzwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFANfZ0LWRTsW+oXT6tLBO0ym9gk9MB8GA1UdIwQY
MBaAFMh0dM64WvMRIu3lhtTWWw9bTZfwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUhSMHpyaGE4eEVpN2VXRzFOWmJEMXRObF9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi81MmQ3NWMtZThhMC00ZWM4LWIwMGYt
MDM1ODY1MjNiMTMzLzEvQTE5blF0WkZPeGI2aGRQcTBzRTdUS2IyQ1QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi81MmQ3NWMtZThhMC00ZWM4LWIwMGYtMDM1ODY1MjNiMTMz
LzEveUhSMHpyaGE4eEVpN2VXRzFOWmJEMXRObF9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDW2egAwQD
XnxoAwQCuaAUMA0GCSqGSIb3DQEBCwUAA4IBAQCdy8Sn4CEOsq2ozNYrWdim1R2n
q5b865RorjYeR+9H2E/yt9ZBv2DMDx+RD+if55QBhktIsV9vnrUJYGM7/vdxZQOc
DIMcWwFFFQrr15O6QmutxezQlJ+wk+Xl/USGOLKnBcnfQ5vzNZUh0ro0Q7VAU0eh
RkyU14y+fgxM98Yr8Kag7X54r8Av1ZS0+RVBRrIJHYmuMTPCvlcHedNlShPhWT3Q
sl4jTjzqNMpPt9ROZW94bH8Wp30U1c0OSnJmwDca6PSCFsgYZgjkpBiMaOjb4fC0
i5IWGx42EDzcvPEpMq5WKHYjwgpCp848rGxEwjZO6wRUvE8Ilqh0K8mJZuFK
-----END CERTIFICATE-----