Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/f96430-62d4-4310-8493-ae1aa1654cde/1/_azbUa_spbOSlCL7odY9gCUMMww.roa
File:                     _azbUa_spbOSlCL7odY9gCUMMww.roa (raw, json)
Hash identifier:          zMl3Tf1DpfxmQgEPOSptd5lTaGmbBkgvJ2Ut508MPmI=
Subject key identifier:   FD:AC:DB:51:AF:EC:A5:B3:92:94:22:FB:A1:D6:3D:80:25:0C:33:0C
Certificate issuer:       /CN=122a2ba3cc18c998501309ecde042706af5b845a
Certificate serial:       018CC56DEF13BF814F92B92E705D35D451FB
Authority key identifier: 12:2A:2B:A3:CC:18:C9:98:50:13:09:EC:DE:04:27:06:AF:5B:84:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eioro8wYyZhQEwns3gQnBq9bhFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/f96430-62d4-4310-8493-ae1aa1654cde/1/_azbUa_spbOSlCL7odY9gCUMMww.roa
Signing time:             Mon 01 Jan 2024 14:29:25 +0000
ROA not before:           Mon 01 Jan 2024 14:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56690
IP address blocks:        91.226.172.0/22 maxlen: 22
                          185.250.60.0/22 maxlen: 22
                          2a09:8880::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/f96430-62d4-4310-8493-ae1aa1654cde/1/Eioro8wYyZhQEwns3gQnBq9bhFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/f96430-62d4-4310-8493-ae1aa1654cde/1/Eioro8wYyZhQEwns3gQnBq9bhFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eioro8wYyZhQEwns3gQnBq9bhFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ef:13:bf:81:4f:92:b9:2e:70:5d:35:d4:51:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=122a2ba3cc18c998501309ecde042706af5b845a
        Validity
            Not Before: Jan  1 14:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdacdb51afeca5b3929422fba1d63d80250c330c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:4d:91:a3:94:5b:c8:9f:f8:ae:ac:f1:14:db:
                    a0:52:b2:8f:96:3b:c9:6d:a3:1c:ce:bb:74:db:f7:
                    e4:2a:f5:29:15:97:c8:ca:40:95:64:07:71:3c:b1:
                    de:1f:03:4c:8c:24:28:1e:d4:3b:fa:a8:c9:52:b5:
                    00:89:a0:55:cd:ce:4b:b7:d0:36:aa:39:76:1c:7e:
                    e2:55:b8:d0:ab:3f:3a:d4:26:c1:53:6e:36:e0:81:
                    91:4c:8f:b1:86:fb:75:b6:80:db:a3:16:a8:dc:de:
                    3e:b9:05:ec:01:3e:6d:0a:a9:72:31:67:74:a8:51:
                    a4:a9:72:a1:c4:99:8e:7e:ba:65:aa:a3:70:d3:37:
                    87:a1:ed:db:4b:d3:02:e7:0a:9e:93:a2:50:0f:11:
                    09:14:f5:f9:a1:e4:d0:bc:cb:82:f6:b1:01:a9:8a:
                    e5:49:cd:90:67:6a:f3:43:06:a3:34:c6:1d:58:e6:
                    d3:88:91:c0:d3:3d:3d:77:f1:09:b6:c6:fa:4e:e2:
                    aa:6b:4d:1a:11:cf:b6:0f:1f:f8:09:f6:d1:44:e9:
                    2e:13:60:d0:11:26:01:32:0b:6e:69:84:9d:a4:8c:
                    22:31:4a:7a:a3:ad:85:4b:4e:df:22:3d:2a:29:b9:
                    0b:3c:cd:2b:67:e2:a3:04:a2:e3:40:d3:4f:c2:e1:
                    7e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:AC:DB:51:AF:EC:A5:B3:92:94:22:FB:A1:D6:3D:80:25:0C:33:0C
            X509v3 Authority Key Identifier:
                keyid:12:2A:2B:A3:CC:18:C9:98:50:13:09:EC:DE:04:27:06:AF:5B:84:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eioro8wYyZhQEwns3gQnBq9bhFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f96430-62d4-4310-8493-ae1aa1654cde/1/_azbUa_spbOSlCL7odY9gCUMMww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f96430-62d4-4310-8493-ae1aa1654cde/1/Eioro8wYyZhQEwns3gQnBq9bhFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.172.0/22
                  185.250.60.0/22
                IPv6:
                  2a09:8880::/36

    Signature Algorithm: sha256WithRSAEncryption
         32:8d:54:f1:8a:6d:02:7d:e6:ae:82:d7:ce:bf:6b:4f:37:2c:
         99:ac:49:eb:50:fb:62:89:95:04:68:15:ee:49:f6:51:76:b2:
         80:b0:31:04:61:2f:e5:9b:87:fc:10:71:38:46:d5:c9:42:42:
         5d:23:be:ec:10:cf:97:10:33:de:9f:47:ba:e9:93:8d:27:40:
         bb:89:6d:af:77:5b:e6:37:5b:70:ca:f9:68:f5:0c:e1:1a:74:
         4a:07:ac:eb:bc:35:1b:28:87:20:31:f7:ec:33:34:2e:f7:40:
         dd:d7:0f:cf:1c:15:13:ca:c1:aa:c9:02:76:c2:ce:99:f5:e7:
         bf:ec:a7:1f:80:d0:e1:a5:62:ed:d9:9e:95:0a:95:bf:24:ac:
         51:df:63:b6:21:88:58:2d:85:59:8d:b1:55:9f:b0:01:9a:db:
         d5:60:24:b8:07:72:3f:7e:0f:97:c3:62:e8:32:c2:09:27:e0:
         8e:c6:0f:47:06:80:04:82:49:43:81:d4:f3:20:f2:88:07:26:
         d1:3b:d6:10:8a:a8:9e:ab:0c:1f:df:80:46:fa:3c:8a:2a:e8:
         eb:63:67:7d:5a:62:7c:9d:f8:c7:76:c0:74:e4:7b:09:c4:cc:
         01:5c:73:2c:6b:18:76:00:97:80:89:f0:0a:e7:47:3a:68:1b:
         1f:af:d4:bf
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzFbe8Tv4FPkrkucF011FH7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMmEyYmEzY2MxOGM5OTg1MDEzMDllY2RlMDQyNzA2YWY1
Yjg0NWEwHhcNMjQwMTAxMTQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGFjZGI1MWFmZWNhNWIzOTI5NDIyZmJhMWQ2M2Q4MDI1MGMzMzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw02Ro5RbyJ/4rqzxFNugUrKPljvJ
baMczrt02/fkKvUpFZfIykCVZAdxPLHeHwNMjCQoHtQ7+qjJUrUAiaBVzc5Lt9A2
qjl2HH7iVbjQqz861CbBU2424IGRTI+xhvt1toDboxao3N4+uQXsAT5tCqlyMWd0
qFGkqXKhxJmOfrplqqNw0zeHoe3bS9MC5wqek6JQDxEJFPX5oeTQvMuC9rEBqYrl
Sc2QZ2rzQwajNMYdWObTiJHA0z09d/EJtsb6TuKqa00aEc+2Dx/4CfbRROkuE2DQ
ESYBMgtuaYSdpIwiMUp6o62FS07fIj0qKbkLPM0rZ+KjBKLjQNNPwuF+ywIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFP2s21Gv7KWzkpQi+6HWPYAlDDMMMB8GA1UdIwQY
MBaAFBIqK6PMGMmYUBMJ7N4EJwavW4RaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWlvcm84d1l5WmhRRXduczNnUW5CcTliaEZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9mOTY0MzAtNjJkNC00MzEwLTg0OTMt
YWUxYWExNjU0Y2RlLzEvX2F6YlVhX3NwYk9TbENMN29kWTlnQ1VNTXd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9mOTY0MzAtNjJkNC00MzEwLTg0OTMtYWUxYWExNjU0Y2Rl
LzEvRWlvcm84d1l5WmhRRXduczNnUW5CcTliaEZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQCW+KsAwQC
ufo8MA4EAgACMAgDBgQqCYiAADANBgkqhkiG9w0BAQsFAAOCAQEAMo1U8YptAn3m
roLXzr9rTzcsmaxJ61D7YomVBGgV7kn2UXaygLAxBGEv5ZuH/BBxOEbVyUJCXSO+
7BDPlxAz3p9HuumTjSdAu4ltr3db5jdbcMr5aPUM4Rp0Sges67w1GyiHIDH37DM0
LvdA3dcPzxwVE8rBqskCdsLOmfXnv+ynH4DQ4aVi7dmelQqVvySsUd9jtiGIWC2F
WY2xVZ+wAZrb1WAkuAdyP34Pl8Ni6DLCCSfgjsYPRwaABIJJQ4HU8yDyiAcm0TvW
EIqonqsMH9+ARvo8iiro62NnfVpifJ34x3bAdOR7CcTMAVxzLGsYdgCXgInwCudH
OmgbH6/Uvw==
-----END CERTIFICATE-----