Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/5a3bda-c688-4a42-946f-963993ce5181/1/fYbTnOlCQh378dWEbud-_NfORts.roa
File:                     fYbTnOlCQh378dWEbud-_NfORts.roa (raw, json)
Hash identifier:          aCNT2qqGFUHsFnlMLmPu4gi2gWv5F3xCWZ5fRmUnVnI=
Subject key identifier:   7D:86:D3:9C:E9:42:42:1D:FB:F1:D5:84:6E:E7:7E:FC:D7:CE:46:DB
Certificate issuer:       /CN=036aac34c66fda64b67eb96b02d819789febe861
Certificate serial:       018CCA2B3A712FBA54541232EAF2117A6221
Authority key identifier: 03:6A:AC:34:C6:6F:DA:64:B6:7E:B9:6B:02:D8:19:78:9F:EB:E8:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A2qsNMZv2mS2frlrAtgZeJ_r6GE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/5a3bda-c688-4a42-946f-963993ce5181/1/fYbTnOlCQh378dWEbud-_NfORts.roa
Signing time:             Tue 02 Jan 2024 12:34:39 +0000
ROA not before:           Tue 02 Jan 2024 12:34:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41847
IP address blocks:        193.34.170.0/23 maxlen: 24
                          2001:67c:2f1c::/48 maxlen: 120

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/5a3bda-c688-4a42-946f-963993ce5181/1/A2qsNMZv2mS2frlrAtgZeJ_r6GE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/5a3bda-c688-4a42-946f-963993ce5181/1/A2qsNMZv2mS2frlrAtgZeJ_r6GE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A2qsNMZv2mS2frlrAtgZeJ_r6GE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:3a:71:2f:ba:54:54:12:32:ea:f2:11:7a:62:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=036aac34c66fda64b67eb96b02d819789febe861
        Validity
            Not Before: Jan  2 12:34:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d86d39ce942421dfbf1d5846ee77efcd7ce46db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ac:6e:f3:c8:c2:65:d2:0b:3b:6f:13:c6:1b:
                    66:85:80:c6:32:bf:2f:a8:29:ef:62:0b:30:89:71:
                    7a:d5:16:69:d9:d4:12:35:43:ce:9a:20:1f:3c:0e:
                    e1:9d:cd:e8:69:89:80:4a:3a:26:82:7e:aa:b5:82:
                    5c:33:b6:ae:af:39:73:a4:85:c7:95:ef:83:36:8f:
                    07:07:35:39:b8:c1:b2:e8:2f:30:4f:a4:36:eb:bb:
                    2b:d2:6d:40:98:9c:fc:5a:57:e1:91:af:1e:c6:06:
                    5e:20:2b:5e:9e:84:97:01:25:8f:08:22:30:7e:71:
                    21:4b:d0:6d:93:9c:64:a5:49:8f:1b:72:a2:4a:28:
                    d2:e0:8f:d9:20:42:44:48:d9:76:22:39:c8:f2:08:
                    93:97:be:7b:a5:e1:8e:75:03:d5:c9:54:b6:96:6b:
                    3b:9a:a7:ff:cf:c1:79:74:a6:38:ce:03:04:8a:04:
                    d9:08:3d:f6:2e:d4:5c:0c:81:f8:09:a0:33:26:4f:
                    24:0f:53:1d:79:2a:70:9e:aa:65:43:a2:d0:d4:0d:
                    d6:09:bb:1e:6b:09:2b:30:99:6e:3f:4f:1b:a1:97:
                    38:07:4d:be:42:96:d0:aa:9d:f3:f7:da:d8:f5:74:
                    6c:a5:13:eb:09:12:2d:5a:d2:fe:30:9f:a1:1f:4b:
                    26:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:86:D3:9C:E9:42:42:1D:FB:F1:D5:84:6E:E7:7E:FC:D7:CE:46:DB
            X509v3 Authority Key Identifier:
                keyid:03:6A:AC:34:C6:6F:DA:64:B6:7E:B9:6B:02:D8:19:78:9F:EB:E8:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A2qsNMZv2mS2frlrAtgZeJ_r6GE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/5a3bda-c688-4a42-946f-963993ce5181/1/fYbTnOlCQh378dWEbud-_NfORts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/5a3bda-c688-4a42-946f-963993ce5181/1/A2qsNMZv2mS2frlrAtgZeJ_r6GE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.170.0/23
                IPv6:
                  2001:67c:2f1c::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:09:6c:c6:f4:df:19:38:5e:90:47:b6:fa:d3:dc:6f:a7:aa:
         e9:d9:6f:97:5f:f9:b4:78:09:2b:27:b9:53:ee:7e:e3:20:30:
         f7:86:cd:9b:83:0f:cf:a0:99:a1:68:d9:83:db:2d:cb:d9:dd:
         0f:93:06:e2:90:f6:ae:88:ca:c3:6e:f7:9d:41:7e:3e:98:ec:
         88:db:d8:84:24:7f:56:0e:cd:c6:bc:b3:ae:50:3f:64:4a:42:
         14:31:8d:76:91:0c:f8:39:10:ed:4d:95:8e:e9:9b:7a:9b:8f:
         ec:82:e3:5f:ac:5f:8d:ae:d3:d2:6c:18:0d:dc:41:60:e7:72:
         b9:d2:bb:93:06:ab:06:4c:ff:79:49:59:55:84:47:cd:d4:7d:
         db:db:6d:52:df:72:24:08:c6:9d:96:c5:22:f7:74:09:22:db:
         2b:1c:c5:0e:cd:24:19:30:09:e5:d4:6f:ea:d7:76:5e:e7:d6:
         22:88:33:07:a7:07:c3:06:61:86:33:04:78:c8:4c:91:ad:98:
         ce:f8:28:8d:a4:59:e8:2f:40:7f:ec:66:bf:9e:16:b6:56:6f:
         3a:d8:68:55:ca:ac:78:37:80:04:cc:bf:42:d2:9b:ba:1f:75:
         70:1f:96:f6:09:77:b5:7f:3d:a5:11:2e:e4:ec:a9:5b:ac:98:
         f4:76:3e:f4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKzpxL7pUVBIy6vIRemIhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzNmFhYzM0YzY2ZmRhNjRiNjdlYjk2YjAyZDgxOTc4OWZl
YmU4NjEwHhcNMjQwMTAyMTIzNDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDg2ZDM5Y2U5NDI0MjFkZmJmMWQ1ODQ2ZWU3N2VmY2Q3Y2U0NmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhaxu88jCZdILO28TxhtmhYDGMr8v
qCnvYgswiXF61RZp2dQSNUPOmiAfPA7hnc3oaYmASjomgn6qtYJcM7aurzlzpIXH
le+DNo8HBzU5uMGy6C8wT6Q267sr0m1AmJz8Wlfhka8exgZeICtenoSXASWPCCIw
fnEhS9Btk5xkpUmPG3KiSijS4I/ZIEJESNl2IjnI8giTl757peGOdQPVyVS2lms7
mqf/z8F5dKY4zgMEigTZCD32LtRcDIH4CaAzJk8kD1MdeSpwnqplQ6LQ1A3WCbse
awkrMJluP08boZc4B02+QpbQqp3z99rY9XRspRPrCRItWtL+MJ+hH0smWwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFH2G05zpQkId+/HVhG7nfvzXzkbbMB8GA1UdIwQY
MBaAFANqrDTGb9pktn65awLYGXif6+hhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTJxc05NWnYybVMyZnJsckF0Z1plSl9yNkdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC81YTNiZGEtYzY4OC00YTQyLTk0NmYt
OTYzOTkzY2U1MTgxLzEvZlliVG5PbENRaDM3OGRXRWJ1ZC1fTmZPUnRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC81YTNiZGEtYzY4OC00YTQyLTk0NmYtOTYzOTkzY2U1MTgx
LzEvQTJxc05NWnYybVMyZnJsckF0Z1plSl9yNkdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBwSKqMA8E
AgACMAkDBwAgAQZ8LxwwDQYJKoZIhvcNAQELBQADggEBACUJbMb03xk4XpBHtvrT
3G+nqunZb5df+bR4CSsnuVPufuMgMPeGzZuDD8+gmaFo2YPbLcvZ3Q+TBuKQ9q6I
ysNu951Bfj6Y7Ijb2IQkf1YOzca8s65QP2RKQhQxjXaRDPg5EO1NlY7pm3qbj+yC
41+sX42u09JsGA3cQWDncrnSu5MGqwZM/3lJWVWER83UfdvbbVLfciQIxp2WxSL3
dAki2yscxQ7NJBkwCeXUb+rXdl7n1iKIMwenB8MGYYYzBHjITJGtmM74KI2kWegv
QH/sZr+eFrZWbzrYaFXKrHg3gATMv0LSm7ofdXAflvYJd7V/PaURLuTsqVusmPR2
PvQ=
-----END CERTIFICATE-----