Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/36362a-d91c-4ad4-92c7-1d2513308d21/1/r7Rczu0t-PgIi_jfPF6Q3NZMIUA.roa
File:                     r7Rczu0t-PgIi_jfPF6Q3NZMIUA.roa (raw, json)
Hash identifier:          /9IQT62LzxuD1SeakvxUXwDh5kwJGgz77L1gNGYweOc=
Subject key identifier:   AF:B4:5C:CE:ED:2D:F8:F8:08:8B:F8:DF:3C:5E:90:DC:D6:4C:21:40
Certificate issuer:       /CN=fc9be4ed4e54b601e6b6a42d0ba04cfb7ab2c3bf
Certificate serial:       018FFA1985C5CC5B55F8AC3AAC8FC2132616
Authority key identifier: FC:9B:E4:ED:4E:54:B6:01:E6:B6:A4:2D:0B:A0:4C:FB:7A:B2:C3:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Jvk7U5UtgHmtqQtC6BM-3qyw78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/36362a-d91c-4ad4-92c7-1d2513308d21/1/r7Rczu0t-PgIi_jfPF6Q3NZMIUA.roa
Signing time:             Sat 08 Jun 2024 23:05:27 +0000
ROA not before:           Sat 08 Jun 2024 23:05:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41227
IP address blocks:        185.166.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/36362a-d91c-4ad4-92c7-1d2513308d21/1/_Jvk7U5UtgHmtqQtC6BM-3qyw78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/36362a-d91c-4ad4-92c7-1d2513308d21/1/_Jvk7U5UtgHmtqQtC6BM-3qyw78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Jvk7U5UtgHmtqQtC6BM-3qyw78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:fa:19:85:c5:cc:5b:55:f8:ac:3a:ac:8f:c2:13:26:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc9be4ed4e54b601e6b6a42d0ba04cfb7ab2c3bf
        Validity
            Not Before: Jun  8 23:05:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afb45cceed2df8f8088bf8df3c5e90dcd64c2140
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:e4:81:ae:96:87:79:7b:1b:ae:49:20:fb:d7:
                    bb:ba:7e:0a:db:1b:f4:00:cd:57:08:5e:7d:6b:54:
                    5f:4c:5e:8a:d9:6b:0e:b6:7c:28:58:27:02:bb:e2:
                    84:e1:0a:4f:b3:c5:ec:2e:cf:fb:8d:1c:e1:ab:34:
                    83:5b:99:f3:39:6a:cb:6c:1e:f0:50:64:78:c4:31:
                    31:19:62:1b:da:70:9d:ee:39:32:55:c0:38:ef:a9:
                    37:1b:cd:ea:f4:02:c0:2b:3c:d4:7e:4c:b7:a4:3b:
                    58:b4:11:2c:ac:41:45:03:c5:af:de:04:f7:e2:ee:
                    6f:2b:47:29:22:38:10:81:06:8d:b7:85:8b:86:26:
                    9d:00:69:00:0e:a7:2f:91:b8:11:66:28:1b:13:e4:
                    5f:70:bc:0e:ca:3a:dd:a6:29:46:c1:d4:ce:98:fb:
                    79:ae:ba:70:74:74:68:1e:df:15:4a:2d:83:79:93:
                    73:6f:63:8b:0a:c7:2c:9c:31:fd:30:10:7a:93:c5:
                    97:ed:2f:dd:6d:ce:ba:79:d0:88:16:4d:ee:c9:25:
                    a6:93:7c:cc:b5:a4:f1:06:6a:56:90:2f:58:17:9f:
                    8d:ae:bd:34:7e:cc:49:07:c7:62:70:47:55:69:dd:
                    23:04:22:55:67:9f:7c:ac:50:6a:e0:ee:86:3e:42:
                    55:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:B4:5C:CE:ED:2D:F8:F8:08:8B:F8:DF:3C:5E:90:DC:D6:4C:21:40
            X509v3 Authority Key Identifier:
                keyid:FC:9B:E4:ED:4E:54:B6:01:E6:B6:A4:2D:0B:A0:4C:FB:7A:B2:C3:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Jvk7U5UtgHmtqQtC6BM-3qyw78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/36362a-d91c-4ad4-92c7-1d2513308d21/1/r7Rczu0t-PgIi_jfPF6Q3NZMIUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/36362a-d91c-4ad4-92c7-1d2513308d21/1/_Jvk7U5UtgHmtqQtC6BM-3qyw78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:2e:01:11:43:31:a0:cb:8e:7e:e1:15:00:b4:f4:f9:75:03:
         e2:46:c2:15:66:58:fe:1e:e9:f5:3c:03:50:c2:a0:89:77:ee:
         64:fb:de:96:77:f7:17:c3:0c:bd:76:9c:3b:4d:8c:51:d4:4c:
         f8:e1:f4:75:de:46:09:71:75:3c:1b:39:d1:f6:ac:f3:e6:d8:
         7b:94:3e:cb:97:cb:c6:d1:9e:da:1b:11:aa:74:84:5e:69:7a:
         d8:70:42:70:f7:de:65:bd:a6:9e:bd:a4:09:7a:27:7a:b5:5e:
         e4:3b:2f:8f:3d:83:75:80:db:73:69:9a:2a:ae:1f:3c:78:8a:
         7d:cc:17:d0:33:2c:d6:18:91:6e:dd:24:3f:17:82:5f:60:87:
         c8:b3:69:ef:34:24:0e:75:75:01:c2:3d:f9:74:96:ac:06:57:
         0d:a3:fc:04:6e:34:29:e7:2b:4c:40:5a:96:84:79:6a:45:d8:
         3b:e7:0d:87:c3:d6:7a:00:2e:5b:5f:96:a1:8a:9c:e3:03:61:
         50:68:51:d0:d5:fe:be:28:60:5d:83:6e:2f:01:e2:2b:16:3b:
         63:36:20:85:1a:58:48:93:7c:4a:eb:b2:34:b2:de:0d:c9:61:
         fd:6b:96:4b:f7:85:50:3a:39:bb:ae:25:73:5c:f3:70:99:bb:
         a2:4d:c5:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/6GYXFzFtV+Kw6rI/CEyYWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjOWJlNGVkNGU1NGI2MDFlNmI2YTQyZDBiYTA0Y2ZiN2Fi
MmMzYmYwHhcNMjQwNjA4MjMwNTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmI0NWNjZWVkMmRmOGY4MDg4YmY4ZGYzYzVlOTBkY2Q2NGMyMTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5+SBrpaHeXsbrkkg+9e7un4K2xv0
AM1XCF59a1RfTF6K2WsOtnwoWCcCu+KE4QpPs8XsLs/7jRzhqzSDW5nzOWrLbB7w
UGR4xDExGWIb2nCd7jkyVcA476k3G83q9ALAKzzUfky3pDtYtBEsrEFFA8Wv3gT3
4u5vK0cpIjgQgQaNt4WLhiadAGkADqcvkbgRZigbE+RfcLwOyjrdpilGwdTOmPt5
rrpwdHRoHt8VSi2DeZNzb2OLCscsnDH9MBB6k8WX7S/dbc66edCIFk3uySWmk3zM
taTxBmpWkC9YF5+Nrr00fsxJB8dicEdVad0jBCJVZ598rFBq4O6GPkJV8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK+0XM7tLfj4CIv43zxekNzWTCFAMB8GA1UdIwQY
MBaAFPyb5O1OVLYB5rakLQugTPt6ssO/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0p2azdVNVV0Z0htdHFRdEM2Qk0tM3F5dzc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8zNjM2MmEtZDkxYy00YWQ0LTkyYzct
MWQyNTEzMzA4ZDIxLzEvcjdSY3p1MHQtUGdJaV9qZlBGNlEzTlpNSVVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8zNjM2MmEtZDkxYy00YWQ0LTkyYzctMWQyNTEzMzA4ZDIx
LzEvX0p2azdVNVV0Z0htdHFRdEM2Qk0tM3F5dzc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaZpMA0G
CSqGSIb3DQEBCwUAA4IBAQCdLgERQzGgy45+4RUAtPT5dQPiRsIVZlj+Hun1PANQ
wqCJd+5k+96Wd/cXwwy9dpw7TYxR1Ez44fR13kYJcXU8GznR9qzz5th7lD7Ll8vG
0Z7aGxGqdIReaXrYcEJw995lvaaevaQJeid6tV7kOy+PPYN1gNtzaZoqrh88eIp9
zBfQMyzWGJFu3SQ/F4JfYIfIs2nvNCQOdXUBwj35dJasBlcNo/wEbjQp5ytMQFqW
hHlqRdg75w2Hw9Z6AC5bX5ahipzjA2FQaFHQ1f6+KGBdg24vAeIrFjtjNiCFGlhI
k3xK67I0st4NyWH9a5ZL94VQOjm7riVzXPNwmbuiTcWq
-----END CERTIFICATE-----