Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/41ccce-acd8-4fb8-b148-a79510e613e8/1/aFtYd19mLo1XewR0mMMx5qRQayw.roa
File:                     aFtYd19mLo1XewR0mMMx5qRQayw.roa (raw, json)
Hash identifier:          B1BMuQ367J1JrdVH+sEyccOwS63MilgOaXsdtE8aVrE=
Subject key identifier:   68:5B:58:77:5F:66:2E:8D:57:7B:04:74:98:C3:31:E6:A4:50:6B:2C
Certificate issuer:       /CN=d4c0d694d59d7d36ba421a3050f4ec7dd3781efd
Certificate serial:       018CC9BC3D1322977D1861A098119AFBDD43
Authority key identifier: D4:C0:D6:94:D5:9D:7D:36:BA:42:1A:30:50:F4:EC:7D:D3:78:1E:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1MDWlNWdfTa6QhowUPTsfdN4Hv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/41ccce-acd8-4fb8-b148-a79510e613e8/1/aFtYd19mLo1XewR0mMMx5qRQayw.roa
Signing time:             Tue 02 Jan 2024 10:33:25 +0000
ROA not before:           Tue 02 Jan 2024 10:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39121
IP address blocks:        195.66.89.0/24 maxlen: 24
                          193.105.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/41ccce-acd8-4fb8-b148-a79510e613e8/1/1MDWlNWdfTa6QhowUPTsfdN4Hv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/41ccce-acd8-4fb8-b148-a79510e613e8/1/1MDWlNWdfTa6QhowUPTsfdN4Hv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1MDWlNWdfTa6QhowUPTsfdN4Hv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 01:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:3d:13:22:97:7d:18:61:a0:98:11:9a:fb:dd:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4c0d694d59d7d36ba421a3050f4ec7dd3781efd
        Validity
            Not Before: Jan  2 10:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=685b58775f662e8d577b047498c331e6a4506b2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:04:08:bf:92:09:dc:96:eb:73:b4:ee:b7:de:
                    42:c2:72:76:0e:00:db:53:cb:6e:19:73:a0:b2:be:
                    00:4b:ce:f7:f5:d9:ef:92:59:63:c5:4a:aa:d4:f3:
                    86:ea:49:52:69:e7:62:82:c7:d9:ca:de:2e:a5:cc:
                    44:3b:47:39:b0:62:80:82:1a:62:76:91:84:a6:c2:
                    53:02:a5:56:ca:ac:cd:cb:e6:8d:76:a5:14:22:b0:
                    f9:51:ef:68:f0:8b:9b:a7:2b:58:bf:dd:42:bc:e1:
                    ed:de:6a:dd:48:d2:0b:cd:00:28:cc:39:23:1b:fd:
                    88:05:5f:4f:df:52:f5:cf:2a:da:a4:70:0b:ed:09:
                    0c:0a:90:a7:da:58:37:9d:32:43:c5:77:7a:db:a9:
                    cf:ad:23:a4:c5:05:86:0d:4d:ab:db:73:9a:bc:2d:
                    12:27:99:af:03:17:77:5e:9c:8e:8d:90:8d:f1:cd:
                    ab:c6:e0:ad:9d:a7:55:c5:80:27:eb:72:6b:1b:b0:
                    0f:64:6c:a8:0c:02:ed:5a:b3:4c:23:ab:92:bc:a3:
                    65:3c:06:0e:fc:d2:85:77:b9:2d:84:7c:84:71:1f:
                    21:83:64:b6:53:86:99:54:25:06:cf:af:e6:f4:2c:
                    b8:b3:c7:3d:e4:88:a7:40:fc:e1:3e:84:ce:50:56:
                    34:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:5B:58:77:5F:66:2E:8D:57:7B:04:74:98:C3:31:E6:A4:50:6B:2C
            X509v3 Authority Key Identifier:
                keyid:D4:C0:D6:94:D5:9D:7D:36:BA:42:1A:30:50:F4:EC:7D:D3:78:1E:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1MDWlNWdfTa6QhowUPTsfdN4Hv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/41ccce-acd8-4fb8-b148-a79510e613e8/1/aFtYd19mLo1XewR0mMMx5qRQayw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/41ccce-acd8-4fb8-b148-a79510e613e8/1/1MDWlNWdfTa6QhowUPTsfdN4Hv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.126.0/24
                  195.66.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:89:d5:f9:17:a9:2f:a4:56:a6:7a:75:dd:47:d6:2d:70:36:
         a4:d2:23:0b:68:98:e6:c4:02:4e:33:f1:b5:22:34:3d:a4:ac:
         d0:9c:71:7e:a7:bf:75:f7:d1:2b:9d:3f:f1:17:5c:27:f1:77:
         95:40:07:18:8b:2d:75:eb:62:b9:65:07:b2:49:11:fe:ec:6e:
         c8:7d:b6:cd:11:40:82:cd:6c:62:3e:74:bb:15:2e:77:46:6f:
         fe:63:5f:93:7c:af:86:0b:da:ab:21:af:82:ae:a1:e0:cc:89:
         fc:f0:fe:21:85:39:c7:78:14:95:9c:af:c7:2d:61:5d:b9:38:
         d9:02:c0:a6:e0:a7:d4:3c:4f:84:8d:07:b2:87:1b:46:0f:4b:
         52:8a:11:9e:70:3b:76:f5:b1:48:c9:98:47:43:f3:e7:5d:8c:
         34:af:5b:a9:1f:b8:f0:a3:63:c0:45:ae:3e:5d:18:31:e8:6c:
         14:b8:a4:73:bf:6c:17:cf:6e:0e:02:63:00:3a:01:a0:5a:f1:
         8f:2f:7a:fa:04:be:16:bc:73:a6:47:eb:03:7e:c9:96:3c:31:
         7f:4d:f4:e2:08:ab:fa:7d:08:7f:61:40:30:20:20:f8:3d:83:
         f6:01:d3:71:e6:14:40:dc:fa:04:bd:11:cb:1d:36:32:46:84:
         7a:2e:0b:13
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvD0TIpd9GGGgmBGa+91DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0YzBkNjk0ZDU5ZDdkMzZiYTQyMWEzMDUwZjRlYzdkZDM3
ODFlZmQwHhcNMjQwMTAyMTAzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODViNTg3NzVmNjYyZThkNTc3YjA0NzQ5OGMzMzFlNmE0NTA2YjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAQIv5IJ3Jbrc7Tut95CwnJ2DgDb
U8tuGXOgsr4AS8739dnvklljxUqq1POG6klSaedigsfZyt4upcxEO0c5sGKAghpi
dpGEpsJTAqVWyqzNy+aNdqUUIrD5Ue9o8IubpytYv91CvOHt3mrdSNILzQAozDkj
G/2IBV9P31L1zyrapHAL7QkMCpCn2lg3nTJDxXd626nPrSOkxQWGDU2r23OavC0S
J5mvAxd3XpyOjZCN8c2rxuCtnadVxYAn63JrG7APZGyoDALtWrNMI6uSvKNlPAYO
/NKFd7kthHyEcR8hg2S2U4aZVCUGz6/m9Cy4s8c95IinQPzhPoTOUFY0nwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGhbWHdfZi6NV3sEdJjDMeakUGssMB8GA1UdIwQY
MBaAFNTA1pTVnX02ukIaMFD07H3TeB79MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU1EV2xOV2RmVGE2UWhvd1VQVHNmZE40SHYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80MWNjY2UtYWNkOC00ZmI4LWIxNDgt
YTc5NTEwZTYxM2U4LzEvYUZ0WWQxOW1MbzFYZXdSMG1NTXg1cVJRYXl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80MWNjY2UtYWNkOC00ZmI4LWIxNDgtYTc5NTEwZTYxM2U4
LzEvMU1EV2xOV2RmVGE2UWhvd1VQVHNmZE40SHYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwWl+AwQA
w0JZMA0GCSqGSIb3DQEBCwUAA4IBAQCiidX5F6kvpFamenXdR9YtcDak0iMLaJjm
xAJOM/G1IjQ9pKzQnHF+p79199ErnT/xF1wn8XeVQAcYiy1162K5ZQeySRH+7G7I
fbbNEUCCzWxiPnS7FS53Rm/+Y1+TfK+GC9qrIa+CrqHgzIn88P4hhTnHeBSVnK/H
LWFduTjZAsCm4KfUPE+EjQeyhxtGD0tSihGecDt29bFIyZhHQ/PnXYw0r1upH7jw
o2PARa4+XRgx6GwUuKRzv2wXz24OAmMAOgGgWvGPL3r6BL4WvHOmR+sDfsmWPDF/
TfTiCKv6fQh/YUAwICD4PYP2AdNx5hRA3PoEvRHLHTYyRoR6LgsT
-----END CERTIFICATE-----