Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/ABb9jMV83msi0-lqg0njsser9Jw.roa
File:                     ABb9jMV83msi0-lqg0njsser9Jw.roa (raw, json)
Hash identifier:          Qwu9wrN6uK9Doxbn4MK6Fg4BrAEUIPbwn0JGoWFbYro=
Subject key identifier:   00:16:FD:8C:C5:7C:DE:6B:22:D3:E9:6A:83:49:E3:B2:C7:AB:F4:9C
Certificate issuer:       /CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Certificate serial:       018CC9BCAE76F6329D4DB0E234FED7065E86
Authority key identifier: BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/ABb9jMV83msi0-lqg0njsser9Jw.roa
Signing time:             Tue 02 Jan 2024 10:33:55 +0000
ROA not before:           Tue 02 Jan 2024 10:33:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47385
IP address blocks:        79.174.64.0/19 maxlen: 20
                          79.174.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ae:76:f6:32:9d:4d:b0:e2:34:fe:d7:06:5e:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
        Validity
            Not Before: Jan  2 10:33:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0016fd8cc57cde6b22d3e96a8349e3b2c7abf49c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:b4:9b:30:3e:32:08:8d:4d:74:39:c1:84:2e:
                    97:81:12:a0:73:2f:e6:d9:0d:a4:4b:c6:8d:cb:57:
                    61:5a:b5:5d:af:97:8b:16:74:67:2a:a5:6f:c9:0a:
                    6e:04:f3:76:e2:88:67:dd:86:23:f6:71:9b:b3:9a:
                    16:42:52:6f:4d:7e:02:e6:fd:46:e4:df:d5:5b:19:
                    45:2e:95:49:b4:1b:23:f6:e0:a6:0d:0b:83:48:26:
                    74:c0:cf:59:e4:d3:a0:ed:0f:15:08:7d:24:43:84:
                    64:4b:10:c8:29:be:40:92:cb:94:b9:a5:a4:1a:85:
                    ed:0f:e5:9c:06:f1:be:e9:ad:2a:49:70:2f:eb:ac:
                    2a:ca:05:5e:40:5b:dc:37:78:84:3a:3a:25:4a:ff:
                    b4:f3:4b:d4:80:a2:36:36:1f:21:30:69:ca:74:93:
                    1e:bc:0d:38:68:67:9a:3c:2b:ec:af:74:35:af:d0:
                    f7:f7:c2:40:3b:a2:19:e3:98:1e:92:5c:f5:c9:0a:
                    04:b6:29:66:00:b6:4a:c4:3e:7a:6f:c0:3a:62:67:
                    ba:68:14:b8:e3:12:4b:20:40:85:72:03:e6:3b:ee:
                    8a:4f:52:6c:40:df:e4:c8:5b:89:fe:13:3a:bb:78:
                    58:ef:cf:e5:01:21:48:14:d9:20:98:d1:83:69:8b:
                    d0:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:16:FD:8C:C5:7C:DE:6B:22:D3:E9:6A:83:49:E3:B2:C7:AB:F4:9C
            X509v3 Authority Key Identifier:
                keyid:BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/ABb9jMV83msi0-lqg0njsser9Jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.174.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6c:d2:40:00:01:4d:eb:f6:8e:b2:58:b8:ef:21:d4:a1:44:03:
         86:14:7b:5d:cd:0e:bf:09:ce:89:01:c7:1c:14:1a:f4:b0:a5:
         c4:9f:8b:51:e7:90:37:9e:a5:23:13:6a:f5:86:c7:de:12:89:
         98:5e:e1:13:72:74:cd:a6:56:70:9a:bf:1c:90:ab:8c:13:75:
         5d:3c:d7:33:47:92:bd:c6:2e:2f:a2:97:a8:40:5e:25:70:f6:
         95:24:40:e6:b1:5c:08:62:a5:2f:cf:15:cb:9d:8d:cc:77:0e:
         91:47:c8:3f:81:15:ee:e7:16:3b:70:78:1d:15:a8:bc:4f:24:
         d9:5b:de:cb:b7:b5:7b:f9:df:0c:53:38:58:04:96:83:18:e5:
         27:69:c6:4a:c2:d5:29:34:2f:1f:0f:58:0b:b0:03:d3:70:32:
         08:8e:74:5f:72:d3:65:bb:14:92:13:ff:43:79:dd:cb:4a:77:
         b1:0e:50:f6:85:d2:04:e8:6b:4e:81:1a:84:34:98:99:5d:92:
         b9:38:dd:e4:60:3c:74:90:36:3e:80:f6:2f:2a:fd:7e:fd:13:
         7e:1b:d5:59:ef:41:a8:23:a7:a1:e9:1a:a2:b5:9d:40:4d:cf:
         03:0f:a1:dd:3f:a0:e3:27:f1:ff:0c:3b:33:76:dd:36:6b:6e:
         ff:8b:d8:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvK529jKdTbDiNP7XBl6GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmFkMjNlMTFjZjBkMjRhNDc3NTk0ZWJhMDlmOTlhY2M2
ZjFmZmYwHhcNMjQwMTAyMTAzMzU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDE2ZmQ4Y2M1N2NkZTZiMjJkM2U5NmE4MzQ5ZTNiMmM3YWJmNDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3bSbMD4yCI1NdDnBhC6XgRKgcy/m
2Q2kS8aNy1dhWrVdr5eLFnRnKqVvyQpuBPN24ohn3YYj9nGbs5oWQlJvTX4C5v1G
5N/VWxlFLpVJtBsj9uCmDQuDSCZ0wM9Z5NOg7Q8VCH0kQ4RkSxDIKb5AksuUuaWk
GoXtD+WcBvG+6a0qSXAv66wqygVeQFvcN3iEOjolSv+080vUgKI2Nh8hMGnKdJMe
vA04aGeaPCvsr3Q1r9D398JAO6IZ45geklz1yQoEtilmALZKxD56b8A6Yme6aBS4
4xJLIECFcgPmO+6KT1JsQN/kyFuJ/hM6u3hY78/lASFIFNkgmNGDaYvQUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAAW/YzFfN5rItPpaoNJ47LHq/ScMB8GA1UdIwQY
MBaAFL360j4Rzw0kpHdZTroJ+ZrMbx//MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEt
NGY0ZTcxZTMyMDg0LzEvQUJiOWpNVjgzbXNpMC1scWcwbmpzc2VyOUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEtNGY0ZTcxZTMyMDg0
LzEvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFT65AMA0G
CSqGSIb3DQEBCwUAA4IBAQBs0kAAAU3r9o6yWLjvIdShRAOGFHtdzQ6/Cc6JAccc
FBr0sKXEn4tR55A3nqUjE2r1hsfeEomYXuETcnTNplZwmr8ckKuME3VdPNczR5K9
xi4vopeoQF4lcPaVJEDmsVwIYqUvzxXLnY3Mdw6RR8g/gRXu5xY7cHgdFai8TyTZ
W97Lt7V7+d8MUzhYBJaDGOUnacZKwtUpNC8fD1gLsAPTcDIIjnRfctNluxSSE/9D
ed3LSnexDlD2hdIE6GtOgRqENJiZXZK5ON3kYDx0kDY+gPYvKv1+/RN+G9VZ70Go
I6eh6RqitZ1ATc8DD6HdP6DjJ/H/DDszdt02a27/i9il
-----END CERTIFICATE-----