Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/rcRvOawdsWXd2woQoCFATENrtm4.roa
File:                     rcRvOawdsWXd2woQoCFATENrtm4.roa (raw, json)
Hash identifier:          NjRHDsG5Ui4DhQoC/RaNiII1Da/J9l2T0wvygg1N1/A=
Subject key identifier:   AD:C4:6F:39:AC:1D:B1:65:DD:DB:0A:10:A0:21:40:4C:43:6B:B6:6E
Certificate issuer:       /CN=54296d23def4c8521c647dc68acb3c123f611d89
Certificate serial:       01929552E9F31B048CC5C23793915A1D46EC
Authority key identifier: 54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/rcRvOawdsWXd2woQoCFATENrtm4.roa
Signing time:             Wed 16 Oct 2024 12:34:51 +0000
ROA not before:           Wed 16 Oct 2024 12:34:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8708
IP address blocks:        185.133.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:95:52:e9:f3:1b:04:8c:c5:c2:37:93:91:5a:1d:46:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54296d23def4c8521c647dc68acb3c123f611d89
        Validity
            Not Before: Oct 16 12:34:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=adc46f39ac1db165dddb0a10a021404c436bb66e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:52:49:87:ea:e9:4f:93:b8:11:7b:02:0b:e6:
                    24:d4:42:20:c4:1f:a7:e1:d6:e9:32:07:5d:16:a2:
                    8c:4f:37:f9:f2:39:5a:65:ff:58:1a:71:6a:41:f4:
                    c0:b8:e0:12:13:32:8f:25:fb:42:a3:8b:30:b6:f5:
                    89:6d:bc:53:a8:2a:7e:b9:2e:ad:35:f7:d1:6c:28:
                    36:f6:d4:ad:a5:a7:ec:75:6e:ff:bb:9d:dd:af:d5:
                    a2:25:a8:20:06:ca:cf:50:f4:f1:3a:98:16:3e:e3:
                    5d:1c:43:5d:a1:48:65:0d:74:16:f4:9c:c4:86:7c:
                    96:e4:07:31:e3:c1:8b:a3:9c:05:39:ce:2f:90:ae:
                    1e:70:91:da:f7:3f:e3:ae:04:07:96:d0:93:be:95:
                    da:b6:74:b5:3f:2b:13:df:44:1e:a5:77:18:0d:e4:
                    77:dc:21:48:93:3c:83:ba:2a:02:0c:cd:e8:54:e7:
                    a0:89:c9:ff:dc:4a:27:9e:0b:2f:b0:44:ff:bc:c1:
                    b9:6a:99:82:21:0e:40:01:96:8a:e3:b6:33:64:85:
                    2b:f9:fe:ee:17:65:79:6d:0b:f0:12:f0:5d:f4:5d:
                    4d:fb:36:87:03:c1:92:79:f1:c4:ba:54:8f:89:cf:
                    e9:b8:4b:fc:b8:f4:95:8f:ac:66:7c:44:37:bc:bb:
                    09:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:C4:6F:39:AC:1D:B1:65:DD:DB:0A:10:A0:21:40:4C:43:6B:B6:6E
            X509v3 Authority Key Identifier:
                keyid:54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/rcRvOawdsWXd2woQoCFATENrtm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:80:2d:86:78:a2:cb:b4:f1:52:73:9c:36:4a:e2:e0:6e:b8:
         eb:cc:1e:55:ea:c6:60:04:fb:9f:27:66:b2:85:17:48:df:e3:
         ed:2e:99:42:0b:b9:45:6a:16:45:bc:15:4d:af:87:f6:1f:9a:
         f7:40:6f:84:1f:b6:ca:2f:11:78:9e:b1:ec:58:62:d1:b8:cb:
         25:d2:7b:72:0a:d4:93:94:2a:10:f6:5a:bb:f7:65:f6:fb:48:
         d4:82:5f:8c:52:77:d1:1d:1c:94:72:9f:79:48:63:69:49:4a:
         91:06:5b:df:6e:3d:cf:7a:46:31:76:bd:81:c1:8d:12:b8:13:
         82:ca:e7:ca:19:95:38:76:05:14:f6:ce:7a:6a:2e:52:2a:52:
         1c:24:44:55:22:c7:16:38:21:d9:c7:5c:41:7d:4d:a1:5a:61:
         fc:e7:99:ac:bb:0c:38:d5:64:bd:85:32:06:4a:09:f2:2f:83:
         a1:fb:a8:6f:b5:13:e7:b5:84:9f:59:98:41:c4:84:77:03:2d:
         70:2f:52:97:ea:09:5b:33:58:c2:fe:b6:83:5d:da:56:ea:cf:
         5a:cb:cb:28:6b:13:38:05:38:eb:10:cc:e4:73:ae:7d:c0:44:
         a4:c1:ec:d0:e0:2a:ae:90:4f:af:fd:a2:14:01:5b:48:c3:98:
         a5:03:35:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKVUunzGwSMxcI3k5FaHUbsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Mjk2ZDIzZGVmNGM4NTIxYzY0N2RjNjhhY2IzYzEyM2Y2
MTFkODkwHhcNMjQxMDE2MTIzNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGM0NmYzOWFjMWRiMTY1ZGRkYjBhMTBhMDIxNDA0YzQzNmJiNjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1JJh+rpT5O4EXsCC+Yk1EIgxB+n
4dbpMgddFqKMTzf58jlaZf9YGnFqQfTAuOASEzKPJftCo4swtvWJbbxTqCp+uS6t
NffRbCg29tStpafsdW7/u53dr9WiJaggBsrPUPTxOpgWPuNdHENdoUhlDXQW9JzE
hnyW5Acx48GLo5wFOc4vkK4ecJHa9z/jrgQHltCTvpXatnS1PysT30QepXcYDeR3
3CFIkzyDuioCDM3oVOegicn/3EonngsvsET/vMG5apmCIQ5AAZaK47YzZIUr+f7u
F2V5bQvwEvBd9F1N+zaHA8GSefHEulSPic/puEv8uPSVj6xmfEQ3vLsJKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK3EbzmsHbFl3dsKEKAhQExDa7ZuMB8GA1UdIwQY
MBaAFFQpbSPe9MhSHGR9xorLPBI/YR2JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUt
OTQyNDgyZjhkMmVhLzEvcmNSdk9hd2RzV1hkMndvUW9DRkFURU5ydG00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUtOTQyNDgyZjhkMmVh
LzEvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYVAMA0G
CSqGSIb3DQEBCwUAA4IBAQBmgC2GeKLLtPFSc5w2SuLgbrjrzB5V6sZgBPufJ2ay
hRdI3+PtLplCC7lFahZFvBVNr4f2H5r3QG+EH7bKLxF4nrHsWGLRuMsl0ntyCtST
lCoQ9lq792X2+0jUgl+MUnfRHRyUcp95SGNpSUqRBlvfbj3PekYxdr2BwY0SuBOC
yufKGZU4dgUU9s56ai5SKlIcJERVIscWOCHZx1xBfU2hWmH855msuww41WS9hTIG
SgnyL4Oh+6hvtRPntYSfWZhBxIR3Ay1wL1KX6glbM1jC/raDXdpW6s9ay8soaxM4
BTjrEMzkc659wESkwezQ4CqukE+v/aIUAVtIw5ilAzWY
-----END CERTIFICATE-----