Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/feMe6IYvy7hX76-N35LRVkdXX4w.roa
File:                     feMe6IYvy7hX76-N35LRVkdXX4w.roa (raw, json)
Hash identifier:          EqE4iPfrFnSE2tSbkgAQjeyeMpWGpCx9A9sA1eaHKpc=
Subject key identifier:   7D:E3:1E:E8:86:2F:CB:B8:57:EF:AF:8D:DF:92:D1:56:47:57:5F:8C
Certificate issuer:       /CN=f8f73c5c0f3a106a8ba7dff3e35c816d1078dc71
Certificate serial:       018CC8016BDC7D3FCC42BACD712FF0FED834
Authority key identifier: F8:F7:3C:5C:0F:3A:10:6A:8B:A7:DF:F3:E3:5C:81:6D:10:78:DC:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-Pc8XA86EGqLp9_z41yBbRB43HE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/feMe6IYvy7hX76-N35LRVkdXX4w.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.51.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/1-Pc8XA86EGqLp9_z41yBbRB43HE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/1-Pc8XA86EGqLp9_z41yBbRB43HE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-Pc8XA86EGqLp9_z41yBbRB43HE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6b:dc:7d:3f:cc:42:ba:cd:71:2f:f0:fe:d8:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8f73c5c0f3a106a8ba7dff3e35c816d1078dc71
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7de31ee8862fcbb857efaf8ddf92d15647575f8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:60:48:3d:b6:2f:d1:40:40:77:6d:7c:a8:56:
                    59:c6:8b:43:29:14:4f:78:ce:3b:ca:16:8c:28:37:
                    85:11:eb:c3:30:30:6f:fd:91:e5:be:ad:97:f8:e5:
                    e1:60:4f:8c:76:d5:d3:c6:ff:01:4f:10:79:99:97:
                    c8:f7:1a:f0:76:0f:1f:1f:e4:85:7c:24:32:59:bd:
                    1a:fc:f1:e5:2e:41:6b:08:73:b3:2f:d1:96:84:08:
                    a3:31:7c:6b:fd:eb:a5:8a:10:11:72:c1:c4:a2:42:
                    1f:61:0f:66:e0:52:7c:34:d8:ad:00:c5:07:0c:50:
                    0d:27:a7:91:e0:3b:b9:ef:08:00:f8:7f:42:df:66:
                    47:a5:c4:2e:2c:a0:78:a9:57:fc:0d:52:10:2f:e4:
                    3c:f1:d1:1c:0f:c6:d5:2f:8b:39:92:ca:5e:a2:36:
                    43:0f:bd:36:87:b3:e8:bf:21:1a:7e:fa:33:f6:2d:
                    03:83:ca:88:63:6d:b9:c3:d7:2c:6e:71:6a:5c:bf:
                    93:cb:b9:e0:76:2e:ec:e0:c4:b5:f2:dd:40:79:a1:
                    c3:81:7f:76:9b:43:01:31:d0:a5:82:31:26:3d:58:
                    fd:c9:ea:2e:8e:a6:f2:d6:8e:f9:ef:57:7b:80:cc:
                    79:ed:da:2c:e8:00:65:5c:48:0b:4e:af:1a:a4:df:
                    53:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:E3:1E:E8:86:2F:CB:B8:57:EF:AF:8D:DF:92:D1:56:47:57:5F:8C
            X509v3 Authority Key Identifier:
                keyid:F8:F7:3C:5C:0F:3A:10:6A:8B:A7:DF:F3:E3:5C:81:6D:10:78:DC:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Pc8XA86EGqLp9_z41yBbRB43HE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/feMe6IYvy7hX76-N35LRVkdXX4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/1-Pc8XA86EGqLp9_z41yBbRB43HE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:55:54:9c:2f:f6:f5:93:71:35:12:76:57:c5:7c:51:b7:cb:
         28:11:51:ed:2a:c4:14:4e:48:ab:c9:81:a1:d9:ba:69:58:af:
         63:0d:0e:f9:14:9e:30:01:0a:29:bb:87:09:be:21:29:30:2a:
         d7:3f:eb:78:2d:2e:b5:7b:a5:79:2f:2d:a5:d3:73:79:50:5d:
         cf:2d:b3:e0:f7:46:e8:a9:bd:fa:fc:12:be:40:20:07:2f:16:
         64:f2:c8:8f:10:b2:a3:92:a7:dd:bc:be:23:3c:b7:78:d9:ea:
         95:96:c9:2b:5f:bb:1c:32:6a:40:c2:88:0f:8d:ed:9b:d8:1a:
         61:89:b4:17:44:01:66:be:2e:5f:b7:3e:84:2c:59:21:18:aa:
         40:87:ce:b0:24:a1:c3:08:cf:9d:a4:43:1e:e0:6a:97:f5:b4:
         47:d3:c6:f7:ca:b3:64:87:5c:3e:f5:92:b9:d7:7c:7f:d7:ec:
         15:bb:4a:d4:c4:16:f8:20:24:37:ad:a2:4d:ee:ce:67:df:f1:
         4f:5c:d5:6c:f4:8b:f5:ec:aa:6e:66:a1:ae:fb:f0:04:c7:ca:
         9b:f4:cc:a0:17:c6:ea:fb:39:42:09:08:c2:10:7d:4a:33:10:
         b7:14:be:1c:fe:c3:71:8d:d4:f3:6e:e8:85:71:47:04:09:62:
         15:53:06:1b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIAWvcfT/MQrrNcS/w/tg0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZjczYzVjMGYzYTEwNmE4YmE3ZGZmM2UzNWM4MTZkMTA3
OGRjNzEwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGUzMWVlODg2MmZjYmI4NTdlZmFmOGRkZjkyZDE1NjQ3NTc1ZjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGBIPbYv0UBAd218qFZZxotDKRRP
eM47yhaMKDeFEevDMDBv/ZHlvq2X+OXhYE+MdtXTxv8BTxB5mZfI9xrwdg8fH+SF
fCQyWb0a/PHlLkFrCHOzL9GWhAijMXxr/eulihARcsHEokIfYQ9m4FJ8NNitAMUH
DFANJ6eR4Du57wgA+H9C32ZHpcQuLKB4qVf8DVIQL+Q88dEcD8bVL4s5kspeojZD
D702h7PovyEafvoz9i0Dg8qIY225w9csbnFqXL+Ty7ngdi7s4MS18t1AeaHDgX92
m0MBMdClgjEmPVj9yeoujqby1o7571d7gMx57dos6ABlXEgLTq8apN9TUwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFH3jHuiGL8u4V++vjd+S0VZHV1+MMB8GA1UdIwQY
MBaAFPj3PFwPOhBqi6ff8+NcgW0QeNxxMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1QYzhYQTg2RUdxTHA5X3o0MXlCYlJCNDNIRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjYvMDNjY2UzLWU2MjAtNDQ4My1iMDhi
LTZkOGZkMzMwZTlhYS8xL2ZlTWU2SVl2eTdoWDc2LU4zNUxSVmtkWFg0dy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjYvMDNjY2UzLWU2MjAtNDQ4My1iMDhiLTZkOGZkMzMwZTlh
YS8xLzEtUGM4WEE4NkVHcUxwOV96NDF5QmJSQjQzSEUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5M+Qw
DQYJKoZIhvcNAQELBQADggEBAHlVVJwv9vWTcTUSdlfFfFG3yygRUe0qxBROSKvJ
gaHZumlYr2MNDvkUnjABCim7hwm+ISkwKtc/63gtLrV7pXkvLaXTc3lQXc8ts+D3
Ruipvfr8Er5AIAcvFmTyyI8QsqOSp928viM8t3jZ6pWWyStfuxwyakDCiA+N7ZvY
GmGJtBdEAWa+Ll+3PoQsWSEYqkCHzrAkocMIz52kQx7gapf1tEfTxvfKs2SHXD71
krnXfH/X7BW7StTEFvggJDetok3uzmff8U9c1Wz0i/Xsqm5moa778ATHypv0zKAX
xur7OUIJCMIQfUozELcUvhz+w3GN1PNu6IVxRwQJYhVTBhs=
-----END CERTIFICATE-----