Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/b58bbe-b50f-4857-871c-1c0e31de31c7/1/fQFjdxCZbncjr25_2376Tqo5xxQ.roa
File:                     fQFjdxCZbncjr25_2376Tqo5xxQ.roa (raw, json)
Hash identifier:          wp8pLTNY64Qkp/zanRCAB3sa1qge4gX6qG6a8Vdxuo8=
Subject key identifier:   7D:01:63:77:10:99:6E:77:23:AF:6E:7F:DB:7E:FA:4E:AA:39:C7:14
Certificate issuer:       /CN=78375fb6168b354841b91d305f9d0cdc0cb1501d
Certificate serial:       018CC424676D44F0B16409007BC3B802F232
Authority key identifier: 78:37:5F:B6:16:8B:35:48:41:B9:1D:30:5F:9D:0C:DC:0C:B1:50:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eDdfthaLNUhBuR0wX50M3AyxUB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/b58bbe-b50f-4857-871c-1c0e31de31c7/1/fQFjdxCZbncjr25_2376Tqo5xxQ.roa
Signing time:             Mon 01 Jan 2024 08:29:29 +0000
ROA not before:           Mon 01 Jan 2024 08:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62086
IP address blocks:        185.48.104.0/22 maxlen: 24
                          2a01:9820::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/b58bbe-b50f-4857-871c-1c0e31de31c7/1/eDdfthaLNUhBuR0wX50M3AyxUB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/b58bbe-b50f-4857-871c-1c0e31de31c7/1/eDdfthaLNUhBuR0wX50M3AyxUB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eDdfthaLNUhBuR0wX50M3AyxUB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:03:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:67:6d:44:f0:b1:64:09:00:7b:c3:b8:02:f2:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78375fb6168b354841b91d305f9d0cdc0cb1501d
        Validity
            Not Before: Jan  1 08:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d01637710996e7723af6e7fdb7efa4eaa39c714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:50:96:23:40:03:75:18:b5:3d:72:e9:08:c3:
                    cb:d2:d0:44:04:d8:11:2c:62:d5:62:26:c5:d6:3b:
                    59:ea:df:0a:c8:0b:56:11:48:ae:4c:da:71:cb:e9:
                    8b:85:e6:96:48:7d:d9:ad:45:f0:29:a2:2b:1c:ac:
                    ac:00:cf:bf:09:84:59:b9:8c:3c:1b:33:d8:73:86:
                    fe:0e:bd:d1:ae:b5:2b:d2:06:cc:81:fd:70:7e:a8:
                    ed:b7:4e:4b:da:92:8e:61:64:66:b3:d5:27:5d:b8:
                    9d:1b:9b:81:75:7c:14:1b:9e:13:ab:81:71:7b:e5:
                    cf:0c:e7:90:45:34:ed:dd:80:fd:70:7b:5e:fb:7c:
                    c8:3f:89:2d:ac:cb:3d:02:b0:fa:3e:69:cf:e1:d9:
                    7e:f3:35:27:e8:5e:9e:71:22:fd:8d:43:45:f2:ec:
                    84:a9:09:3e:62:1e:66:fe:47:79:41:01:bf:1a:cc:
                    e4:28:de:6e:f7:9c:d8:f1:0e:93:7f:55:e0:f8:5f:
                    18:66:7f:9f:d8:0f:ee:c3:fd:87:77:18:72:23:a8:
                    a1:5f:b9:da:e5:46:0d:b4:9f:37:c7:55:cb:ae:4d:
                    f6:7d:d0:5f:70:7f:14:11:fd:08:1f:19:a1:8c:62:
                    1a:cc:7c:8f:32:ea:c0:37:75:e1:39:e7:40:61:93:
                    c9:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:01:63:77:10:99:6E:77:23:AF:6E:7F:DB:7E:FA:4E:AA:39:C7:14
            X509v3 Authority Key Identifier:
                keyid:78:37:5F:B6:16:8B:35:48:41:B9:1D:30:5F:9D:0C:DC:0C:B1:50:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eDdfthaLNUhBuR0wX50M3AyxUB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b58bbe-b50f-4857-871c-1c0e31de31c7/1/fQFjdxCZbncjr25_2376Tqo5xxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b58bbe-b50f-4857-871c-1c0e31de31c7/1/eDdfthaLNUhBuR0wX50M3AyxUB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.104.0/22
                IPv6:
                  2a01:9820::/32

    Signature Algorithm: sha256WithRSAEncryption
         4d:b7:f7:db:ef:9a:f0:aa:4e:d1:3c:d6:00:2d:1e:b3:b0:cb:
         a7:62:d4:5b:2e:f0:05:ff:4e:8f:cb:b0:1e:79:eb:dc:5c:eb:
         19:7f:5e:c1:39:5b:11:fe:97:13:96:01:4d:bf:be:81:98:0c:
         12:ce:f6:47:ef:9e:68:39:26:06:45:72:5e:01:45:61:67:01:
         98:02:cd:72:d3:b1:08:6c:b4:f5:13:08:cf:01:9d:37:80:f6:
         58:fa:1e:34:61:04:bb:6e:2b:81:86:73:e0:59:df:56:4b:17:
         00:fa:ad:6d:15:f8:b1:02:ee:47:4b:dd:98:38:9a:d1:86:fc:
         4d:d5:5c:85:c0:2f:0f:2e:43:ef:af:b8:c3:91:e1:b6:76:78:
         27:b0:01:19:93:fa:98:89:c1:24:ad:9d:9a:52:9a:96:fc:5a:
         5b:71:53:f1:b3:18:a7:48:ff:1c:16:79:99:89:28:18:90:30:
         71:ad:17:3c:29:73:43:da:a7:d9:69:fd:5f:d3:b4:95:d7:81:
         bf:6d:25:03:d8:ca:53:76:79:67:6a:d9:96:cf:50:83:20:4e:
         e9:ac:e3:31:91:31:85:d9:31:96:1e:d9:cb:95:07:09:00:1b:
         6c:a1:3d:b3:6d:06:8f:8b:6c:c6:8d:88:84:aa:24:70:5b:92:
         3a:a6:ef:5b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJGdtRPCxZAkAe8O4AvIyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4Mzc1ZmI2MTY4YjM1NDg0MWI5MWQzMDVmOWQwY2RjMGNi
MTUwMWQwHhcNMjQwMTAxMDgyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDAxNjM3NzEwOTk2ZTc3MjNhZjZlN2ZkYjdlZmE0ZWFhMzljNzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlCWI0ADdRi1PXLpCMPL0tBEBNgR
LGLVYibF1jtZ6t8KyAtWEUiuTNpxy+mLheaWSH3ZrUXwKaIrHKysAM+/CYRZuYw8
GzPYc4b+Dr3RrrUr0gbMgf1wfqjtt05L2pKOYWRms9UnXbidG5uBdXwUG54Tq4Fx
e+XPDOeQRTTt3YD9cHte+3zIP4ktrMs9ArD6PmnP4dl+8zUn6F6ecSL9jUNF8uyE
qQk+Yh5m/kd5QQG/GszkKN5u95zY8Q6Tf1Xg+F8YZn+f2A/uw/2HdxhyI6ihX7na
5UYNtJ83x1XLrk32fdBfcH8UEf0IHxmhjGIazHyPMurAN3XhOedAYZPJMQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH0BY3cQmW53I69uf9t++k6qOccUMB8GA1UdIwQY
MBaAFHg3X7YWizVIQbkdMF+dDNwMsVAdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZURkZnRoYUxOVWhCdVIwd1g1ME0zQXl4VUIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9iNThiYmUtYjUwZi00ODU3LTg3MWMt
MWMwZTMxZGUzMWM3LzEvZlFGamR4Q1pibmNqcjI1XzIzNzZUcW81eHhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9iNThiYmUtYjUwZi00ODU3LTg3MWMtMWMwZTMxZGUzMWM3
LzEvZURkZnRoYUxOVWhCdVIwd1g1ME0zQXl4VUIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTBoMA0E
AgACMAcDBQAqAZggMA0GCSqGSIb3DQEBCwUAA4IBAQBNt/fb75rwqk7RPNYALR6z
sMunYtRbLvAF/06Py7AeeevcXOsZf17BOVsR/pcTlgFNv76BmAwSzvZH755oOSYG
RXJeAUVhZwGYAs1y07EIbLT1EwjPAZ03gPZY+h40YQS7biuBhnPgWd9WSxcA+q1t
FfixAu5HS92YOJrRhvxN1VyFwC8PLkPvr7jDkeG2dngnsAEZk/qYicEkrZ2aUpqW
/FpbcVPxsxinSP8cFnmZiSgYkDBxrRc8KXND2qfZaf1f07SV14G/bSUD2MpTdnln
atmWz1CDIE7prOMxkTGF2TGWHtnLlQcJABtsoT2zbQaPi2zGjYiEqiRwW5I6pu9b
-----END CERTIFICATE-----