Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/F9f74dFoQA9DG75DlX0JRsxo46Y.roa
File:                     F9f74dFoQA9DG75DlX0JRsxo46Y.roa (raw, json)
Hash identifier:          iB3zdter0I1Urw8QWbpSIG6Ifzdk25mzCnCnNyO45Fc=
Subject key identifier:   17:D7:FB:E1:D1:68:40:0F:43:1B:BE:43:95:7D:09:46:CC:68:E3:A6
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       019198E4E27B09D7CF7643C3E35DAAAF2794
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/F9f74dFoQA9DG75DlX0JRsxo46Y.roa
Signing time:             Wed 28 Aug 2024 12:10:22 +0000
ROA not before:           Wed 28 Aug 2024 12:10:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51699
IP address blocks:        5.1.64.0/24 maxlen: 24
                          2a07:6fc0:5::/48 maxlen: 48
                          2a0f:b80:4::/46 maxlen: 46

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:98:e4:e2:7b:09:d7:cf:76:43:c3:e3:5d:aa:af:27:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Aug 28 12:10:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17d7fbe1d168400f431bbe43957d0946cc68e3a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:73:92:bf:a0:1f:4c:9d:19:e9:b0:47:82:4d:
                    ac:e7:da:13:43:19:3f:00:c2:1f:ae:46:a9:cc:94:
                    36:4f:8e:a6:c3:5c:a3:6d:09:92:0e:e2:4d:6c:74:
                    27:26:ca:98:50:d9:23:fc:97:d5:35:d8:b7:97:15:
                    93:e3:4e:0e:e1:98:b8:71:f3:89:67:58:46:3b:4f:
                    c7:fd:49:cd:02:69:cb:3b:3d:df:3b:7d:94:b7:5e:
                    7d:56:a7:c3:0f:c0:15:94:19:7d:02:48:a0:03:f2:
                    9d:69:1a:48:47:9f:cb:ac:09:69:03:8a:e4:e7:e6:
                    6a:2b:1a:09:05:72:2a:84:9b:1f:e2:b7:fe:4e:f7:
                    e0:bb:e1:a9:49:ed:21:69:7e:2e:f5:27:03:9c:a0:
                    6f:af:26:86:58:88:30:6a:ae:2f:27:c8:67:77:09:
                    a4:bf:71:50:80:bc:0a:51:17:f5:a7:71:ae:49:76:
                    7f:7e:9e:f1:c9:09:9d:10:96:31:bb:b5:28:e3:3f:
                    fd:ad:57:88:71:3a:0a:50:9c:7e:20:79:2b:69:a5:
                    20:60:c6:e1:bb:19:b9:ce:b4:5c:df:1b:87:37:9c:
                    f7:5e:cd:dc:a8:0f:fb:d3:4b:ad:86:93:9d:e6:89:
                    f0:bc:50:5d:9a:b2:0e:7a:c7:23:2a:84:bf:3b:ab:
                    70:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:D7:FB:E1:D1:68:40:0F:43:1B:BE:43:95:7D:09:46:CC:68:E3:A6
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/F9f74dFoQA9DG75DlX0JRsxo46Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.64.0/24
                IPv6:
                  2a07:6fc0:5::/48
                  2a0f:b80:4::/46

    Signature Algorithm: sha256WithRSAEncryption
         34:c1:32:1a:a0:cc:ed:33:4e:ab:ae:fb:f6:e9:5a:d2:c0:0d:
         6f:c1:e8:22:fc:b0:6b:db:2f:78:7a:5e:4e:de:fd:11:61:e1:
         e1:ca:ab:ad:7b:26:ff:85:a3:13:fa:82:67:5a:15:63:2e:6d:
         96:40:ff:f4:bd:5b:bf:7a:69:76:81:b2:f9:31:be:24:3b:e9:
         9f:b1:cf:ad:9e:67:25:da:95:14:17:d1:72:d8:18:8b:5a:b1:
         a5:9d:9c:39:cf:32:c8:0f:da:ae:14:55:9b:a0:d5:d0:40:d1:
         d7:c8:5f:b3:03:02:29:75:3e:fc:d8:e3:74:c1:32:6c:f4:39:
         bc:22:84:51:35:40:8a:b1:5f:65:e8:e8:f8:be:bc:04:c7:74:
         38:78:9c:3c:48:be:eb:6d:99:a9:52:fd:35:1a:0d:fb:6b:c3:
         ff:9b:cf:27:9a:cd:8c:62:27:8a:5f:ce:90:f8:56:8a:12:37:
         d3:1a:46:3f:74:86:45:71:c4:a8:32:d3:c0:55:4f:36:9b:20:
         c9:6f:d0:91:30:75:b7:7a:87:4e:6b:02:f1:af:cd:84:64:02:
         5e:d6:96:85:12:6f:09:49:9b:5a:82:58:f0:e6:85:86:8a:52:
         da:56:1b:68:fa:03:0d:a5:43:c3:0c:d8:14:b1:f8:f3:a5:57:
         85:c2:92:d0
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZGY5OJ7CdfPdkPD412qryeUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwODI4MTIxMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2Q3ZmJlMWQxNjg0MDBmNDMxYmJlNDM5NTdkMDk0NmNjNjhlM2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunOSv6AfTJ0Z6bBHgk2s59oTQxk/
AMIfrkapzJQ2T46mw1yjbQmSDuJNbHQnJsqYUNkj/JfVNdi3lxWT404O4Zi4cfOJ
Z1hGO0/H/UnNAmnLOz3fO32Ut159VqfDD8AVlBl9AkigA/KdaRpIR5/LrAlpA4rk
5+ZqKxoJBXIqhJsf4rf+Tvfgu+GpSe0haX4u9ScDnKBvryaGWIgwaq4vJ8hndwmk
v3FQgLwKURf1p3GuSXZ/fp7xyQmdEJYxu7Uo4z/9rVeIcToKUJx+IHkraaUgYMbh
uxm5zrRc3xuHN5z3Xs3cqA/700uthpOd5onwvFBdmrIOescjKoS/O6twMwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFBfX++HRaEAPQxu+Q5V9CUbMaOOmMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvRjlmNzRkRm9RQTlERzc1RGxYMEpSc3hvNDZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQABQFAMBgE
AgACMBIDBwAqB2/AAAUDBwIqDwuAAAQwDQYJKoZIhvcNAQELBQADggEBADTBMhqg
zO0zTquu+/bpWtLADW/B6CL8sGvbL3h6Xk7e/RFh4eHKq617Jv+FoxP6gmdaFWMu
bZZA//S9W796aXaBsvkxviQ76Z+xz62eZyXalRQX0XLYGItasaWdnDnPMsgP2q4U
VZug1dBA0dfIX7MDAil1PvzY43TBMmz0ObwihFE1QIqxX2Xo6Pi+vATHdDh4nDxI
vuttmalS/TUaDftrw/+bzyeazYxiJ4pfzpD4VooSN9MaRj90hkVxxKgy08BVTzab
IMlv0JEwdbd6h05rAvGvzYRkAl7WloUSbwlJm1qCWPDmhYaKUtpWG2j6Aw2lQ8MM
2BSx+POlV4XCktA=
-----END CERTIFICATE-----