Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/ddda5e-feef-4763-88da-8bc825c3a324/1/ERQoxFennYG-B3zfx7SPzfsnczU.roa
File:                     ERQoxFennYG-B3zfx7SPzfsnczU.roa (raw, json)
Hash identifier:          SEWjXLiK7AKZpC9fZI547ElyZjTRfEZ2ck6prClX3FA=
Subject key identifier:   11:14:28:C4:57:A7:9D:81:BE:07:7C:DF:C7:B4:8F:CD:FB:27:73:35
Certificate issuer:       /CN=541fc54762cfe92d76c2f4c6af8999cbccf6bb67
Certificate serial:       018CC9BCC3EED0725143EDEA32B3CA5F1CE2
Authority key identifier: 54:1F:C5:47:62:CF:E9:2D:76:C2:F4:C6:AF:89:99:CB:CC:F6:BB:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VB_FR2LP6S12wvTGr4mZy8z2u2c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/ddda5e-feef-4763-88da-8bc825c3a324/1/ERQoxFennYG-B3zfx7SPzfsnczU.roa
Signing time:             Tue 02 Jan 2024 10:34:00 +0000
ROA not before:           Tue 02 Jan 2024 10:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203055
IP address blocks:        66.203.124.0/23 maxlen: 24
                          2a0b:e46:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/ddda5e-feef-4763-88da-8bc825c3a324/1/VB_FR2LP6S12wvTGr4mZy8z2u2c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/ddda5e-feef-4763-88da-8bc825c3a324/1/VB_FR2LP6S12wvTGr4mZy8z2u2c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VB_FR2LP6S12wvTGr4mZy8z2u2c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c3:ee:d0:72:51:43:ed:ea:32:b3:ca:5f:1c:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=541fc54762cfe92d76c2f4c6af8999cbccf6bb67
        Validity
            Not Before: Jan  2 10:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=111428c457a79d81be077cdfc7b48fcdfb277335
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:3f:2b:ca:ad:5c:df:9c:02:56:d4:4d:02:32:
                    fc:b4:11:49:75:71:a1:cf:79:8a:a6:a8:d3:df:c2:
                    45:8e:ee:ee:92:90:8b:df:03:82:26:c3:c3:6d:07:
                    84:bb:fb:13:b8:84:5f:16:81:74:9e:38:16:31:fb:
                    20:11:a2:9d:c4:ee:1a:f3:d6:86:88:56:ff:7b:ee:
                    2a:0c:00:89:cf:3b:09:df:b1:df:5d:78:5b:82:d1:
                    d3:5c:75:fd:fb:2e:8a:91:de:b5:33:84:28:22:b9:
                    fb:72:ab:ef:9a:93:cf:49:75:40:58:29:82:fa:2e:
                    20:75:54:d5:a9:b7:23:09:76:71:b2:f3:1a:e6:1c:
                    4c:80:d3:e2:f2:58:16:1c:7f:fd:fe:76:8a:e5:b7:
                    a6:4f:05:f2:f0:64:fb:6b:bb:8b:76:24:c0:4a:46:
                    3a:9a:df:d2:67:a1:25:33:46:6a:49:57:16:93:62:
                    d0:c1:97:b2:8b:61:a1:2c:b4:b6:0b:3b:8d:8c:94:
                    33:d2:be:72:13:81:9e:ed:ea:f9:f7:8c:fb:19:7b:
                    ee:c2:63:7c:81:18:25:8d:34:2f:94:ff:ce:e1:95:
                    c1:07:1f:ba:64:da:fa:58:64:58:6b:98:0e:7c:b1:
                    14:df:85:d6:b7:a0:4b:52:4c:67:80:8e:bb:ba:88:
                    38:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:14:28:C4:57:A7:9D:81:BE:07:7C:DF:C7:B4:8F:CD:FB:27:73:35
            X509v3 Authority Key Identifier:
                keyid:54:1F:C5:47:62:CF:E9:2D:76:C2:F4:C6:AF:89:99:CB:CC:F6:BB:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VB_FR2LP6S12wvTGr4mZy8z2u2c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/ddda5e-feef-4763-88da-8bc825c3a324/1/ERQoxFennYG-B3zfx7SPzfsnczU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/ddda5e-feef-4763-88da-8bc825c3a324/1/VB_FR2LP6S12wvTGr4mZy8z2u2c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.203.124.0/23
                IPv6:
                  2a0b:e46:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:19:0f:46:0d:a8:4d:df:c5:4d:92:94:19:f2:a8:78:5c:66:
         dc:03:c5:9c:6e:79:6f:1d:9d:df:de:a4:7c:2f:42:4f:95:c3:
         65:4b:9e:01:24:a1:91:f7:b8:65:1c:b6:7d:54:c4:1b:29:92:
         73:8d:8a:19:f2:9a:5d:32:44:cf:fd:99:b2:36:18:8b:06:cb:
         70:28:18:fc:3f:0e:4e:b1:48:0a:c8:5d:7d:c0:28:45:de:bf:
         f4:6d:0c:85:b6:4b:1e:34:08:ba:05:57:d8:81:d9:29:87:93:
         d1:78:78:78:4c:5f:75:ee:e9:f6:35:c7:21:4a:cb:7b:12:e9:
         92:66:0c:a9:cd:20:24:df:32:8e:75:5a:33:12:c8:ac:07:de:
         3d:fb:81:80:5a:69:2f:b6:2d:29:12:27:4a:0b:60:58:19:64:
         f1:e3:a8:5e:25:1a:5c:df:31:fa:52:1f:b8:c7:d3:e6:29:81:
         1f:d3:c5:b1:1b:be:b1:20:f3:72:08:6d:81:16:af:6f:f4:10:
         ba:d2:01:9b:10:1e:fa:f5:e4:d3:27:c0:9b:b5:f7:b4:3f:64:
         60:fd:03:7a:43:0b:62:4e:59:d9:8b:e7:0a:b6:e1:e6:d9:05:
         e1:c6:91:92:6a:dd:7d:85:0a:62:96:eb:ef:31:f2:41:9b:48:
         34:69:c7:d2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJvMPu0HJRQ+3qMrPKXxziMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MWZjNTQ3NjJjZmU5MmQ3NmMyZjRjNmFmODk5OWNiY2Nm
NmJiNjcwHhcNMjQwMTAyMTAzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTE0MjhjNDU3YTc5ZDgxYmUwNzdjZGZjN2I0OGZjZGZiMjc3MzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyz8ryq1c35wCVtRNAjL8tBFJdXGh
z3mKpqjT38JFju7ukpCL3wOCJsPDbQeEu/sTuIRfFoF0njgWMfsgEaKdxO4a89aG
iFb/e+4qDACJzzsJ37HfXXhbgtHTXHX9+y6Kkd61M4QoIrn7cqvvmpPPSXVAWCmC
+i4gdVTVqbcjCXZxsvMa5hxMgNPi8lgWHH/9/naK5bemTwXy8GT7a7uLdiTASkY6
mt/SZ6ElM0ZqSVcWk2LQwZeyi2GhLLS2CzuNjJQz0r5yE4Ge7er594z7GXvuwmN8
gRgljTQvlP/O4ZXBBx+6ZNr6WGRYa5gOfLEU34XWt6BLUkxngI67uog45wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBEUKMRXp52Bvgd838e0j837J3M1MB8GA1UdIwQY
MBaAFFQfxUdiz+ktdsL0xq+JmcvM9rtnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkJfRlIyTFA2UzEyd3ZUR3I0bVp5OHoydTJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9kZGRhNWUtZmVlZi00NzYzLTg4ZGEt
OGJjODI1YzNhMzI0LzEvRVJRb3hGZW5uWUctQjN6Zng3U1B6ZnNuY3pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9kZGRhNWUtZmVlZi00NzYzLTg4ZGEtOGJjODI1YzNhMzI0
LzEvVkJfRlIyTFA2UzEyd3ZUR3I0bVp5OHoydTJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBQst8MA8E
AgACMAkDBwAqCw5GAAEwDQYJKoZIhvcNAQELBQADggEBAC8ZD0YNqE3fxU2SlBny
qHhcZtwDxZxueW8dnd/epHwvQk+Vw2VLngEkoZH3uGUctn1UxBspknONihnyml0y
RM/9mbI2GIsGy3AoGPw/Dk6xSArIXX3AKEXev/RtDIW2Sx40CLoFV9iB2SmHk9F4
eHhMX3Xu6fY1xyFKy3sS6ZJmDKnNICTfMo51WjMSyKwH3j37gYBaaS+2LSkSJ0oL
YFgZZPHjqF4lGlzfMfpSH7jH0+YpgR/TxbEbvrEg83IIbYEWr2/0ELrSAZsQHvr1
5NMnwJu197Q/ZGD9A3pDC2JOWdmL5wq24ebZBeHGkZJq3X2FCmKW6+8x8kGbSDRp
x9I=
-----END CERTIFICATE-----