Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/afc3c8-e952-4070-a546-424462bc949b/1/_DVSD5HPvn0LiBSzZlfJ1G-O_Wo.roa
File:                     _DVSD5HPvn0LiBSzZlfJ1G-O_Wo.roa (raw, json)
Hash identifier:          B9cKHmWw6tNl7HJVV2uGLHZPs8INQR0cRD3J1AzuCok=
Subject key identifier:   FC:35:52:0F:91:CF:BE:7D:0B:88:14:B3:66:57:C9:D4:6F:8E:FD:6A
Certificate issuer:       /CN=a4f5533a527b264ca2e8373285d780d33a2bd0a1
Certificate serial:       019353284BEDACAD1F94CC917734A2F698E1
Authority key identifier: A4:F5:53:3A:52:7B:26:4C:A2:E8:37:32:85:D7:80:D3:3A:2B:D0:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pPVTOlJ7Jkyi6DcyhdeA0zor0KE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/afc3c8-e952-4070-a546-424462bc949b/1/_DVSD5HPvn0LiBSzZlfJ1G-O_Wo.roa
Signing time:             Fri 22 Nov 2024 09:16:09 +0000
ROA not before:           Fri 22 Nov 2024 09:16:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58309
IP address blocks:        176.120.32.0/19 maxlen: 19
                          185.46.188.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/afc3c8-e952-4070-a546-424462bc949b/1/pPVTOlJ7Jkyi6DcyhdeA0zor0KE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/afc3c8-e952-4070-a546-424462bc949b/1/pPVTOlJ7Jkyi6DcyhdeA0zor0KE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pPVTOlJ7Jkyi6DcyhdeA0zor0KE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:53:28:4b:ed:ac:ad:1f:94:cc:91:77:34:a2:f6:98:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4f5533a527b264ca2e8373285d780d33a2bd0a1
        Validity
            Not Before: Nov 22 09:16:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc35520f91cfbe7d0b8814b36657c9d46f8efd6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ab:7a:69:90:4e:17:a1:5e:55:ce:a5:1b:86:
                    47:4a:f2:94:06:54:30:00:4b:40:f0:87:9b:19:86:
                    cc:0c:ab:49:20:f1:6c:a4:8d:67:4f:5d:ea:69:c7:
                    f0:6b:08:a8:2b:ac:97:1f:21:a4:57:8c:10:74:b1:
                    e5:0b:ea:15:c1:1d:a6:36:a2:ab:1a:50:1c:2a:d6:
                    e3:c3:2e:9b:3a:d3:9b:e0:36:b9:45:2d:55:67:2d:
                    45:81:1b:19:23:1a:4e:28:1f:b7:85:f7:2e:85:20:
                    5f:fa:2f:00:6c:28:a1:d8:1b:6d:6d:47:60:2f:20:
                    b9:4f:77:7a:aa:78:ad:40:c6:e3:39:f5:b9:80:8b:
                    c6:92:98:c3:4f:56:b9:df:c2:30:51:14:23:0f:aa:
                    29:52:7e:2d:9a:86:cb:d5:5a:a9:dd:b1:a8:91:21:
                    c3:c4:c6:9d:1b:17:3f:09:68:00:71:ba:62:87:6d:
                    64:11:6c:4f:44:61:0e:89:26:c8:df:50:3a:9a:5c:
                    2d:85:c9:8c:4b:e0:9b:98:52:37:38:ae:a2:f6:e0:
                    13:34:b3:20:b2:75:65:0e:ca:00:2d:c4:d0:34:d5:
                    85:61:83:1b:3c:7b:73:c8:21:8e:09:f8:6e:93:af:
                    2f:bb:1b:6f:19:f3:fc:57:64:39:39:66:e1:d8:8a:
                    c5:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:35:52:0F:91:CF:BE:7D:0B:88:14:B3:66:57:C9:D4:6F:8E:FD:6A
            X509v3 Authority Key Identifier:
                keyid:A4:F5:53:3A:52:7B:26:4C:A2:E8:37:32:85:D7:80:D3:3A:2B:D0:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pPVTOlJ7Jkyi6DcyhdeA0zor0KE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/afc3c8-e952-4070-a546-424462bc949b/1/_DVSD5HPvn0LiBSzZlfJ1G-O_Wo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/afc3c8-e952-4070-a546-424462bc949b/1/pPVTOlJ7Jkyi6DcyhdeA0zor0KE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.120.32.0/19
                  185.46.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:b4:5d:e0:90:bf:e3:40:74:3b:61:25:38:59:92:55:cb:6a:
         db:25:d9:84:db:2a:d9:89:5d:b3:03:5e:87:d8:12:b4:56:3b:
         8f:c6:65:90:41:ae:c7:be:00:dc:fb:db:0e:84:a7:08:6c:9b:
         1e:bf:5a:7e:bf:97:43:bf:28:44:dd:43:d5:9d:53:e2:59:40:
         37:70:17:e8:6a:bd:db:91:0f:df:ed:3f:13:9a:33:59:a4:0b:
         da:b2:96:86:c6:0d:68:b6:4c:01:5b:bf:d7:dc:28:97:7d:2b:
         34:71:e5:f4:4f:4d:7d:f3:af:79:57:ce:75:a8:44:03:6e:96:
         7b:be:77:c6:e7:23:3b:17:1c:c2:7a:b6:90:a7:3e:b9:ea:9e:
         32:c9:b9:88:f8:38:1f:f2:ea:ab:43:d5:06:17:4c:15:fe:75:
         a4:a4:f7:cf:14:34:bb:2a:79:4c:86:23:22:5e:fc:ff:29:7b:
         8d:a2:17:6e:67:3a:c3:7b:b1:f4:3b:02:52:f3:5d:e2:04:09:
         9e:63:53:9f:4e:f0:d0:1e:d6:e6:4f:3d:1a:b1:4f:9d:d4:cd:
         b2:2c:b8:08:10:17:ab:98:28:59:03:69:a9:82:01:be:09:26:
         f1:f8:c4:eb:95:2d:7c:1e:a5:41:d7:38:62:f4:4f:ae:d9:0f:
         57:06:e3:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNTKEvtrK0flMyRdzSi9pjhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ZjU1MzNhNTI3YjI2NGNhMmU4MzczMjg1ZDc4MGQzM2Ey
YmQwYTEwHhcNMjQxMTIyMDkxNjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzM1NTIwZjkxY2ZiZTdkMGI4ODE0YjM2NjU3YzlkNDZmOGVmZDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6t6aZBOF6FeVc6lG4ZHSvKUBlQw
AEtA8IebGYbMDKtJIPFspI1nT13qacfwawioK6yXHyGkV4wQdLHlC+oVwR2mNqKr
GlAcKtbjwy6bOtOb4Da5RS1VZy1FgRsZIxpOKB+3hfcuhSBf+i8AbCih2BttbUdg
LyC5T3d6qnitQMbjOfW5gIvGkpjDT1a538IwURQjD6opUn4tmobL1Vqp3bGokSHD
xMadGxc/CWgAcbpih21kEWxPRGEOiSbI31A6mlwthcmMS+CbmFI3OK6i9uATNLMg
snVlDsoALcTQNNWFYYMbPHtzyCGOCfhuk68vuxtvGfP8V2Q5OWbh2IrF/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPw1Ug+Rz759C4gUs2ZXydRvjv1qMB8GA1UdIwQY
MBaAFKT1UzpSeyZMoug3MoXXgNM6K9ChMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFBWVE9sSjdKa3lpNkRjeWhkZUEwem9yMEtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9hZmMzYzgtZTk1Mi00MDcwLWE1NDYt
NDI0NDYyYmM5NDliLzEvX0RWU0Q1SFB2bjBMaUJTelpsZkoxRy1PX1dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9hZmMzYzgtZTk1Mi00MDcwLWE1NDYtNDI0NDYyYmM5NDli
LzEvcFBWVE9sSjdKa3lpNkRjeWhkZUEwem9yMEtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFsHggAwQC
uS68MA0GCSqGSIb3DQEBCwUAA4IBAQBTtF3gkL/jQHQ7YSU4WZJVy2rbJdmE2yrZ
iV2zA16H2BK0VjuPxmWQQa7HvgDc+9sOhKcIbJsev1p+v5dDvyhE3UPVnVPiWUA3
cBfoar3bkQ/f7T8TmjNZpAvaspaGxg1otkwBW7/X3CiXfSs0ceX0T0198695V851
qEQDbpZ7vnfG5yM7FxzCeraQpz656p4yybmI+Dgf8uqrQ9UGF0wV/nWkpPfPFDS7
KnlMhiMiXvz/KXuNohduZzrDe7H0OwJS813iBAmeY1OfTvDQHtbmTz0asU+d1M2y
LLgIEBermChZA2mpggG+CSbx+MTrlS18HqVB1zhi9E+u2Q9XBuNA
-----END CERTIFICATE-----