Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/AmnFz35OPLD6ZO7jkAaOMH1hS30.roa
File:                     AmnFz35OPLD6ZO7jkAaOMH1hS30.roa (raw, json)
Hash identifier:          BqqDhJpF41pJN92YIwPMVjwMJ5Q4nSs3yGwRWvLfXT4=
Subject key identifier:   02:69:C5:CF:7E:4E:3C:B0:FA:64:EE:E3:90:06:8E:30:7D:61:4B:7D
Certificate issuer:       /CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
Certificate serial:       018CC5DCD8176601F7251BB43D54F064C085
Authority key identifier: D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/AmnFz35OPLD6ZO7jkAaOMH1hS30.roa
Signing time:             Mon 01 Jan 2024 16:30:33 +0000
ROA not before:           Mon 01 Jan 2024 16:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36040
IP address blocks:        185.225.248.0/24 maxlen: 26
                          176.126.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:d8:17:66:01:f7:25:1b:b4:3d:54:f0:64:c0:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
        Validity
            Not Before: Jan  1 16:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0269c5cf7e4e3cb0fa64eee390068e307d614b7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:49:76:62:6a:38:50:ca:43:43:89:b8:55:08:
                    92:be:f8:95:4d:7e:3d:f5:9a:6f:f3:f2:09:50:f6:
                    7f:c0:49:e3:04:02:01:47:3c:5b:eb:66:f3:6a:50:
                    16:30:1e:ed:d1:0b:fd:9c:30:e4:3b:eb:db:d9:ff:
                    cc:af:c7:78:5b:ad:95:c7:99:94:b3:23:c3:52:d1:
                    30:12:61:92:ed:75:22:ee:fd:41:ae:86:34:52:7a:
                    85:5f:01:bd:2f:a7:5b:b1:12:a7:fb:ba:ec:a9:c1:
                    cf:58:c1:02:e7:b6:32:c1:d8:46:94:b3:12:fc:db:
                    22:48:b7:74:76:5a:0c:e0:5f:95:36:b6:38:51:85:
                    c2:7a:44:97:37:62:50:57:01:27:76:a5:51:f6:6f:
                    65:06:48:f3:a6:82:cd:68:92:3f:6d:ae:a1:ff:59:
                    1d:a0:28:c1:46:5c:8e:e0:77:b0:92:df:a0:c0:c6:
                    84:df:1b:c4:6e:71:09:98:d0:a7:6d:83:5b:bf:7d:
                    5c:30:b9:76:6b:5e:a6:49:2e:e7:e5:84:61:28:4f:
                    4b:c5:df:55:01:cc:63:7c:c8:24:75:a3:b7:71:39:
                    5a:b7:eb:05:ce:3f:81:be:58:c1:e5:65:6a:8e:18:
                    1b:c4:62:79:0a:b8:14:2a:22:c5:b2:53:b1:fc:9e:
                    aa:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:69:C5:CF:7E:4E:3C:B0:FA:64:EE:E3:90:06:8E:30:7D:61:4B:7D
            X509v3 Authority Key Identifier:
                keyid:D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/AmnFz35OPLD6ZO7jkAaOMH1hS30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.126.58.0/24
                  185.225.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:c5:f0:51:d0:0d:12:21:cc:6b:b0:39:57:1a:00:8b:13:e8:
         68:ea:bd:55:d2:14:4e:b5:41:60:ce:c8:9a:b3:38:ad:54:b9:
         62:6b:b7:06:b1:13:27:df:93:67:c0:66:2b:e7:a3:10:7e:97:
         da:8f:aa:94:26:2e:a9:83:1e:92:23:23:2a:f5:79:b5:b4:90:
         16:24:3c:49:7b:e3:98:40:90:54:7a:09:7f:9b:f2:30:c4:07:
         9a:ed:f1:10:6a:95:40:b2:48:88:fd:a6:97:b0:7c:c2:b6:8b:
         ef:ba:6d:bb:43:b0:e3:62:ed:4e:1e:77:90:24:6b:67:50:03:
         12:d7:2c:d2:55:64:80:62:57:09:2f:a7:76:a3:ce:94:f4:27:
         6a:f2:a0:01:dc:07:90:d1:fa:d2:02:87:61:30:57:40:6e:f9:
         6c:17:40:40:41:26:85:fc:69:8d:41:cc:76:4a:68:1e:e2:f5:
         0b:d3:a8:74:8f:3c:62:2c:5e:f6:d8:3d:21:09:bc:c6:e4:15:
         ba:6f:8c:40:0c:b0:7a:57:07:4d:53:f6:a3:35:4a:4f:ac:9f:
         ed:ca:93:96:d7:d5:33:73:99:aa:e2:e5:69:7a:fd:46:76:8f:
         5f:e7:09:71:85:7b:9e:58:da:e6:30:25:fb:a7:48:d8:06:58:
         f0:00:6d:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3NgXZgH3JRu0PVTwZMCFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZDU2ZjA3YmUxODRjYmE1MmY2ZmRjMDQ5ZTgxMTRkMjYx
NmMzMmEwHhcNMjQwMTAxMTYzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjY5YzVjZjdlNGUzY2IwZmE2NGVlZTM5MDA2OGUzMDdkNjE0YjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkl2Ymo4UMpDQ4m4VQiSvviVTX49
9Zpv8/IJUPZ/wEnjBAIBRzxb62bzalAWMB7t0Qv9nDDkO+vb2f/Mr8d4W62Vx5mU
syPDUtEwEmGS7XUi7v1BroY0UnqFXwG9L6dbsRKn+7rsqcHPWMEC57YywdhGlLMS
/NsiSLd0dloM4F+VNrY4UYXCekSXN2JQVwEndqVR9m9lBkjzpoLNaJI/ba6h/1kd
oCjBRlyO4Hewkt+gwMaE3xvEbnEJmNCnbYNbv31cMLl2a16mSS7n5YRhKE9Lxd9V
AcxjfMgkdaO3cTlat+sFzj+BvljB5WVqjhgbxGJ5CrgUKiLFslOx/J6q1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAJpxc9+Tjyw+mTu45AGjjB9YUt9MB8GA1UdIwQY
MBaAFNPVbwe+GEy6Uvb9wEnoEU0mFsMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYt
MWIwNmQxYzcwNGMxLzEvQW1uRnozNU9QTEQ2Wk83amtBYU9NSDFoUzMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYtMWIwNmQxYzcwNGMx
LzEvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsH46AwQA
ueH4MA0GCSqGSIb3DQEBCwUAA4IBAQAlxfBR0A0SIcxrsDlXGgCLE+ho6r1V0hRO
tUFgzsiaszitVLlia7cGsRMn35NnwGYr56MQfpfaj6qUJi6pgx6SIyMq9Xm1tJAW
JDxJe+OYQJBUegl/m/IwxAea7fEQapVAskiI/aaXsHzCtovvum27Q7DjYu1OHneQ
JGtnUAMS1yzSVWSAYlcJL6d2o86U9Cdq8qAB3AeQ0frSAodhMFdAbvlsF0BAQSaF
/GmNQcx2Smge4vUL06h0jzxiLF722D0hCbzG5BW6b4xADLB6VwdNU/ajNUpPrJ/t
ypOW19Uzc5mq4uVpev1Gdo9f5wlxhXueWNrmMCX7p0jYBljwAG3m
-----END CERTIFICATE-----