Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/db912f-bf6d-4f24-96ae-cc7b28990b81/1/_uMgQ8D5hzUqKCzpBjTthAPxmJw.roa
File:                     _uMgQ8D5hzUqKCzpBjTthAPxmJw.roa (raw, json)
Hash identifier:          KEVInvt5VOxwAwL3B+FJduefk4DUdKT+8oQRIy/rVGQ=
Subject key identifier:   FE:E3:20:43:C0:F9:87:35:2A:28:2C:E9:06:34:ED:84:03:F1:98:9C
Certificate issuer:       /CN=fc195bd682a8e9a124d5853dc5e908aae7339bae
Certificate serial:       018E60D96B1335EB3B8F542F7D7B56F5DFD6
Authority key identifier: FC:19:5B:D6:82:A8:E9:A1:24:D5:85:3D:C5:E9:08:AA:E7:33:9B:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Blb1oKo6aEk1YU9xekIquczm64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/db912f-bf6d-4f24-96ae-cc7b28990b81/1/_uMgQ8D5hzUqKCzpBjTthAPxmJw.roa
Signing time:             Thu 21 Mar 2024 11:50:45 +0000
ROA not before:           Thu 21 Mar 2024 11:50:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        139.28.226.0/24 maxlen: 24
                          194.93.32.0/24 maxlen: 24
                          194.93.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/db912f-bf6d-4f24-96ae-cc7b28990b81/1/_Blb1oKo6aEk1YU9xekIquczm64.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/db912f-bf6d-4f24-96ae-cc7b28990b81/1/_Blb1oKo6aEk1YU9xekIquczm64.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Blb1oKo6aEk1YU9xekIquczm64.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:60:d9:6b:13:35:eb:3b:8f:54:2f:7d:7b:56:f5:df:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc195bd682a8e9a124d5853dc5e908aae7339bae
        Validity
            Not Before: Mar 21 11:50:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fee32043c0f987352a282ce90634ed8403f1989c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:27:d0:8d:27:3a:9c:e6:0e:a4:13:7c:a6:13:
                    0d:0d:74:ef:7b:2a:a8:89:c6:a9:55:67:b5:27:06:
                    f7:90:83:67:74:fe:d9:c4:9f:17:b1:c4:27:50:ef:
                    36:b5:58:40:73:8e:05:3d:99:b1:9a:ab:00:93:42:
                    de:7c:11:c9:35:8d:2d:0e:43:f6:65:79:08:89:41:
                    fa:ab:0a:b0:37:90:6e:f5:a8:86:5f:77:49:dc:96:
                    23:e9:30:69:c5:4e:06:42:eb:ad:b9:3e:b1:8d:33:
                    23:a8:f9:cd:a7:a1:54:cd:18:20:ea:9e:96:dc:28:
                    c0:75:8c:95:1f:c3:4c:de:0f:42:22:94:bb:11:b1:
                    f5:73:ad:08:14:a5:b8:d5:af:5c:a5:c6:d0:bf:25:
                    30:be:65:c2:3f:03:75:fb:8e:09:fc:ce:c3:2e:d4:
                    e8:7f:c7:7d:15:0a:2b:85:b2:71:18:a1:84:80:ad:
                    7d:0a:a0:6c:6d:38:9d:4b:d7:6e:20:68:51:37:4e:
                    1d:1c:31:20:ce:e4:d6:5b:3d:32:bb:26:9f:ef:63:
                    78:ed:eb:66:ce:9f:87:48:f6:67:0c:be:e4:36:25:
                    de:fe:7c:21:7e:60:f8:a6:61:5c:7f:35:e2:21:1c:
                    04:be:cd:3a:34:7c:40:ee:1c:52:e2:5d:cf:c3:6e:
                    c6:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:E3:20:43:C0:F9:87:35:2A:28:2C:E9:06:34:ED:84:03:F1:98:9C
            X509v3 Authority Key Identifier:
                keyid:FC:19:5B:D6:82:A8:E9:A1:24:D5:85:3D:C5:E9:08:AA:E7:33:9B:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Blb1oKo6aEk1YU9xekIquczm64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/db912f-bf6d-4f24-96ae-cc7b28990b81/1/_uMgQ8D5hzUqKCzpBjTthAPxmJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/db912f-bf6d-4f24-96ae-cc7b28990b81/1/_Blb1oKo6aEk1YU9xekIquczm64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.226.0/24
                  194.93.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:1b:9b:62:f9:77:92:77:06:2f:44:11:bc:ac:47:f8:45:87:
         a2:8c:e5:64:49:0a:9e:22:b2:f7:58:cf:db:21:16:ce:8a:a5:
         87:a8:f3:4d:f8:0f:81:7a:23:34:94:fb:92:e0:82:97:34:82:
         3a:dc:55:e7:9e:c6:ae:d2:c1:f8:10:c1:47:8e:87:11:8c:5e:
         ad:53:a6:7a:5b:fa:9e:a5:9b:37:2e:b2:62:dc:b2:bd:48:a9:
         69:15:ed:06:ad:b1:dd:e6:b8:47:d5:43:84:02:6f:fc:62:01:
         09:e7:47:91:2d:b7:87:43:58:78:cc:b1:72:7e:88:a9:c1:b5:
         60:f9:f3:9d:e2:ac:45:54:a9:1b:8b:26:10:69:6e:ac:65:79:
         fe:cc:a7:88:7d:00:ee:93:0b:28:19:f1:99:13:df:ca:30:c6:
         ae:c8:b8:03:fd:00:e3:29:b1:dd:b8:48:f0:0b:42:42:ec:b5:
         45:9e:39:da:b5:0e:f1:6c:58:05:47:4f:bf:2e:e3:ea:a4:4e:
         12:8a:b4:90:b3:2c:18:6b:85:58:d4:b2:c4:e0:51:27:86:95:
         2d:55:de:67:0c:75:3c:22:96:28:d7:f1:74:b9:d7:86:8c:7b:
         7f:9c:49:e2:7c:5d:e6:2a:b0:2b:d7:0f:bc:39:89:ee:7e:c1:
         3c:fa:89:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5g2WsTNes7j1QvfXtW9d/WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMTk1YmQ2ODJhOGU5YTEyNGQ1ODUzZGM1ZTkwOGFhZTcz
MzliYWUwHhcNMjQwMzIxMTE1MDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWUzMjA0M2MwZjk4NzM1MmEyODJjZTkwNjM0ZWQ4NDAzZjE5ODljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkifQjSc6nOYOpBN8phMNDXTveyqo
icapVWe1Jwb3kINndP7ZxJ8XscQnUO82tVhAc44FPZmxmqsAk0LefBHJNY0tDkP2
ZXkIiUH6qwqwN5Bu9aiGX3dJ3JYj6TBpxU4GQuutuT6xjTMjqPnNp6FUzRgg6p6W
3CjAdYyVH8NM3g9CIpS7EbH1c60IFKW41a9cpcbQvyUwvmXCPwN1+44J/M7DLtTo
f8d9FQorhbJxGKGEgK19CqBsbTidS9duIGhRN04dHDEgzuTWWz0yuyaf72N47etm
zp+HSPZnDL7kNiXe/nwhfmD4pmFcfzXiIRwEvs06NHxA7hxS4l3Pw27GOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP7jIEPA+Yc1Kigs6QY07YQD8ZicMB8GA1UdIwQY
MBaAFPwZW9aCqOmhJNWFPcXpCKrnM5uuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0JsYjFvS282YUVrMVlVOXhla0lxdWN6bTY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9kYjkxMmYtYmY2ZC00ZjI0LTk2YWUt
Y2M3YjI4OTkwYjgxLzEvX3VNZ1E4RDVoelVxS0N6cEJqVHRoQVB4bUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9kYjkxMmYtYmY2ZC00ZjI0LTk2YWUtY2M3YjI4OTkwYjgx
LzEvX0JsYjFvS282YUVrMVlVOXhla0lxdWN6bTY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAixziAwQB
wl0gMA0GCSqGSIb3DQEBCwUAA4IBAQAtG5ti+XeSdwYvRBG8rEf4RYeijOVkSQqe
IrL3WM/bIRbOiqWHqPNN+A+BeiM0lPuS4IKXNII63FXnnsau0sH4EMFHjocRjF6t
U6Z6W/qepZs3LrJi3LK9SKlpFe0GrbHd5rhH1UOEAm/8YgEJ50eRLbeHQ1h4zLFy
foipwbVg+fOd4qxFVKkbiyYQaW6sZXn+zKeIfQDukwsoGfGZE9/KMMauyLgD/QDj
KbHduEjwC0JC7LVFnjnatQ7xbFgFR0+/LuPqpE4SirSQsywYa4VY1LLE4FEnhpUt
Vd5nDHU8IpYo1/F0udeGjHt/nEnifF3mKrAr1w+8OYnufsE8+ome
-----END CERTIFICATE-----