Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/db912f-bf6d-4f24-96ae-cc7b28990b81/1/S8hTDaLNJfFKV_Q5kH4xG0zYGIQ.roa
File:                     S8hTDaLNJfFKV_Q5kH4xG0zYGIQ.roa (raw, json)
Hash identifier:          ng644q+iQ9iIjEgaMsCa3UlSI9OUSgDNntgRdP9zLzU=
Subject key identifier:   4B:C8:53:0D:A2:CD:25:F1:4A:57:F4:39:90:7E:31:1B:4C:D8:18:84
Certificate issuer:       /CN=fc195bd682a8e9a124d5853dc5e908aae7339bae
Certificate serial:       018E60D87FEF53B85E3B4E4DEF414889CD42
Authority key identifier: FC:19:5B:D6:82:A8:E9:A1:24:D5:85:3D:C5:E9:08:AA:E7:33:9B:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Blb1oKo6aEk1YU9xekIquczm64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/db912f-bf6d-4f24-96ae-cc7b28990b81/1/S8hTDaLNJfFKV_Q5kH4xG0zYGIQ.roa
Signing time:             Thu 21 Mar 2024 11:49:45 +0000
ROA not before:           Thu 21 Mar 2024 11:49:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28753
IP address blocks:        139.28.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/db912f-bf6d-4f24-96ae-cc7b28990b81/1/_Blb1oKo6aEk1YU9xekIquczm64.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/db912f-bf6d-4f24-96ae-cc7b28990b81/1/_Blb1oKo6aEk1YU9xekIquczm64.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Blb1oKo6aEk1YU9xekIquczm64.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:60:d8:7f:ef:53:b8:5e:3b:4e:4d:ef:41:48:89:cd:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc195bd682a8e9a124d5853dc5e908aae7339bae
        Validity
            Not Before: Mar 21 11:49:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4bc8530da2cd25f14a57f439907e311b4cd81884
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:23:70:4a:42:4f:bc:38:e4:ee:40:46:83:52:
                    b8:65:d8:75:33:14:89:de:a3:6f:4d:93:be:96:a9:
                    de:1f:41:a3:49:cb:61:4d:ec:d4:c4:a1:a1:b0:43:
                    16:5b:29:08:ce:cb:34:b3:1a:0b:dd:bd:87:f8:61:
                    da:bf:cc:07:cc:91:00:d1:ca:43:9b:34:fc:b1:ae:
                    2f:71:91:48:76:63:81:e2:11:d3:0c:3d:5d:51:07:
                    fc:7f:e8:52:ef:56:14:da:55:55:a2:98:33:1e:c1:
                    5c:ca:88:c8:4d:30:8e:8a:fa:1c:c0:20:22:76:f4:
                    ed:0d:44:fe:c7:55:d5:6b:3d:2c:75:5b:98:0b:9c:
                    95:2e:c3:4b:cc:3a:a3:b8:86:c5:19:37:c2:ea:a4:
                    2d:dd:8b:e8:f0:8f:e9:85:73:0c:95:a2:a3:f8:f0:
                    0f:68:8f:6e:4d:fc:b9:27:72:3a:98:55:8c:73:c0:
                    67:6e:c9:c3:f6:66:e9:4a:5d:bd:b9:1c:b4:3f:84:
                    6f:f1:d3:24:a3:7e:7a:eb:54:c6:19:6f:11:c5:c6:
                    da:3b:36:87:eb:1b:cc:bc:be:7b:05:83:39:ca:c6:
                    2a:e6:ee:d6:ee:22:97:2a:5a:58:a1:29:35:4c:a1:
                    80:5b:f5:c4:dd:83:7c:e0:68:ed:45:6a:a0:7d:72:
                    a0:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:C8:53:0D:A2:CD:25:F1:4A:57:F4:39:90:7E:31:1B:4C:D8:18:84
            X509v3 Authority Key Identifier:
                keyid:FC:19:5B:D6:82:A8:E9:A1:24:D5:85:3D:C5:E9:08:AA:E7:33:9B:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Blb1oKo6aEk1YU9xekIquczm64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/db912f-bf6d-4f24-96ae-cc7b28990b81/1/S8hTDaLNJfFKV_Q5kH4xG0zYGIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/db912f-bf6d-4f24-96ae-cc7b28990b81/1/_Blb1oKo6aEk1YU9xekIquczm64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:c6:98:6f:c3:a5:be:63:04:cd:bf:49:81:1f:4f:72:eb:81:
         fc:a6:65:c0:fe:89:5d:db:18:a8:96:be:4c:58:6d:31:5f:75:
         48:fd:3d:0d:04:06:82:00:64:f8:1d:af:cd:03:36:da:fe:10:
         cd:9a:55:37:cb:fd:b0:71:97:bb:d0:ff:78:35:b7:ab:d3:33:
         a2:38:40:6a:a0:07:a5:46:f9:db:b7:c5:ab:3d:78:26:4e:fc:
         00:6d:ea:b3:cc:c6:3f:23:60:ea:de:e7:61:b9:89:e8:90:d2:
         9d:ef:15:44:56:ab:49:16:7e:28:76:57:04:54:73:6c:f6:08:
         42:bf:6b:84:d6:f3:e4:f2:a0:ae:0d:ab:7a:6e:dc:0a:08:82:
         b9:c1:ca:42:2b:ab:32:bf:62:ca:5a:35:58:b6:56:43:65:86:
         9b:1d:53:46:2c:41:da:22:e2:b6:72:2e:cd:ca:7f:cf:8d:32:
         be:05:8b:c7:5f:e6:2a:ab:4a:99:7a:60:e4:44:5e:02:df:3c:
         23:32:a9:8d:29:1c:d2:e6:87:7b:7e:3d:03:67:92:aa:23:2e:
         cf:4f:30:34:70:c5:dc:29:fc:81:f7:a3:63:4f:84:8f:b8:c4:
         70:d4:09:d0:93:77:a2:c8:99:68:3a:31:79:b2:d0:a3:f7:bc:
         68:60:47:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5g2H/vU7heO05N70FIic1CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMTk1YmQ2ODJhOGU5YTEyNGQ1ODUzZGM1ZTkwOGFhZTcz
MzliYWUwHhcNMjQwMzIxMTE0OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmM4NTMwZGEyY2QyNWYxNGE1N2Y0Mzk5MDdlMzExYjRjZDgxODg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCNwSkJPvDjk7kBGg1K4Zdh1MxSJ
3qNvTZO+lqneH0GjScthTezUxKGhsEMWWykIzss0sxoL3b2H+GHav8wHzJEA0cpD
mzT8sa4vcZFIdmOB4hHTDD1dUQf8f+hS71YU2lVVopgzHsFcyojITTCOivocwCAi
dvTtDUT+x1XVaz0sdVuYC5yVLsNLzDqjuIbFGTfC6qQt3Yvo8I/phXMMlaKj+PAP
aI9uTfy5J3I6mFWMc8BnbsnD9mbpSl29uRy0P4Rv8dMko35661TGGW8RxcbaOzaH
6xvMvL57BYM5ysYq5u7W7iKXKlpYoSk1TKGAW/XE3YN84GjtRWqgfXKg6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvIUw2izSXxSlf0OZB+MRtM2BiEMB8GA1UdIwQY
MBaAFPwZW9aCqOmhJNWFPcXpCKrnM5uuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0JsYjFvS282YUVrMVlVOXhla0lxdWN6bTY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9kYjkxMmYtYmY2ZC00ZjI0LTk2YWUt
Y2M3YjI4OTkwYjgxLzEvUzhoVERhTE5KZkZLVl9RNWtINHhHMHpZR0lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9kYjkxMmYtYmY2ZC00ZjI0LTk2YWUtY2M3YjI4OTkwYjgx
LzEvX0JsYjFvS282YUVrMVlVOXhla0lxdWN6bTY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAixzjMA0G
CSqGSIb3DQEBCwUAA4IBAQA2xphvw6W+YwTNv0mBH09y64H8pmXA/old2xiolr5M
WG0xX3VI/T0NBAaCAGT4Ha/NAzba/hDNmlU3y/2wcZe70P94Nber0zOiOEBqoAel
Rvnbt8WrPXgmTvwAbeqzzMY/I2Dq3udhuYnokNKd7xVEVqtJFn4odlcEVHNs9ghC
v2uE1vPk8qCuDat6btwKCIK5wcpCK6syv2LKWjVYtlZDZYabHVNGLEHaIuK2ci7N
yn/PjTK+BYvHX+Yqq0qZemDkRF4C3zwjMqmNKRzS5od7fj0DZ5KqIy7PTzA0cMXc
KfyB96NjT4SPuMRw1AnQk3eiyJloOjF5stCj97xoYEc7
-----END CERTIFICATE-----