Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/a3d85e-4335-425a-b0f6-8f54ab134d83/1/ftVi0pgPkC7uzreatZ3XOpSEFUI.roa
File:                     ftVi0pgPkC7uzreatZ3XOpSEFUI.roa (raw, json)
Hash identifier:          ANFvJ35e7CNOQ2vIM0x4wI/biYUk7QTt/HBMV4dlVWY=
Subject key identifier:   7E:D5:62:D2:98:0F:90:2E:EE:CE:B7:9A:B5:9D:D7:3A:94:84:15:42
Certificate issuer:       /CN=14d6927b5a75b7669b1fe2ac8fdc7b61377c9101
Certificate serial:       018CC9BC5C08449AF4EDA24FE0259205CBE4
Authority key identifier: 14:D6:92:7B:5A:75:B7:66:9B:1F:E2:AC:8F:DC:7B:61:37:7C:91:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FNaSe1p1t2abH-Ksj9x7YTd8kQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/a3d85e-4335-425a-b0f6-8f54ab134d83/1/ftVi0pgPkC7uzreatZ3XOpSEFUI.roa
Signing time:             Tue 02 Jan 2024 10:33:33 +0000
ROA not before:           Tue 02 Jan 2024 10:33:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49544
IP address blocks:        185.77.208.0/22 maxlen: 22
                          2a05:6440::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/a3d85e-4335-425a-b0f6-8f54ab134d83/1/FNaSe1p1t2abH-Ksj9x7YTd8kQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/a3d85e-4335-425a-b0f6-8f54ab134d83/1/FNaSe1p1t2abH-Ksj9x7YTd8kQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FNaSe1p1t2abH-Ksj9x7YTd8kQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:5c:08:44:9a:f4:ed:a2:4f:e0:25:92:05:cb:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14d6927b5a75b7669b1fe2ac8fdc7b61377c9101
        Validity
            Not Before: Jan  2 10:33:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ed562d2980f902eeeceb79ab59dd73a94841542
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:8b:01:cd:c1:9c:6f:04:92:e7:7e:62:11:40:
                    b9:d7:6c:8a:bc:66:bf:b9:a0:09:fd:72:78:10:f5:
                    39:33:16:c3:2a:eb:86:15:9c:ba:f2:df:86:6b:c6:
                    9c:38:11:db:9e:03:49:63:7f:d2:4f:27:a2:2d:80:
                    dd:ee:3a:f6:58:46:69:c2:f8:e3:c7:70:69:e0:94:
                    b7:99:87:f0:00:52:9e:58:c2:42:56:fd:85:08:73:
                    ae:d7:ce:e7:d1:db:7a:35:37:f4:f5:3b:4d:65:58:
                    6d:25:30:76:80:b3:2d:94:89:88:c0:e4:28:49:d2:
                    80:3a:ac:a1:21:69:dd:ad:54:bc:ae:a3:b0:c8:f2:
                    d3:3f:fa:71:a4:c1:73:ac:8e:8c:71:54:dc:d8:9c:
                    fc:05:f8:7f:0d:10:17:57:85:2c:33:7d:8f:dd:6e:
                    e1:ad:49:78:7e:c1:54:d1:18:c3:9b:4b:c7:b4:19:
                    47:1d:89:d5:7a:36:65:54:67:44:fd:b8:a5:5b:14:
                    6d:20:da:a8:6a:83:1a:0d:d8:22:a0:ef:f0:1c:cf:
                    86:22:f3:6b:7f:dd:1f:a7:a2:8d:1f:2f:3a:c7:ef:
                    53:1f:b9:ff:0a:e0:0f:17:20:8f:3d:e4:6a:38:e4:
                    be:74:e4:ca:03:d0:90:73:e4:92:bc:fb:15:c5:ce:
                    7b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:D5:62:D2:98:0F:90:2E:EE:CE:B7:9A:B5:9D:D7:3A:94:84:15:42
            X509v3 Authority Key Identifier:
                keyid:14:D6:92:7B:5A:75:B7:66:9B:1F:E2:AC:8F:DC:7B:61:37:7C:91:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FNaSe1p1t2abH-Ksj9x7YTd8kQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a3d85e-4335-425a-b0f6-8f54ab134d83/1/ftVi0pgPkC7uzreatZ3XOpSEFUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a3d85e-4335-425a-b0f6-8f54ab134d83/1/FNaSe1p1t2abH-Ksj9x7YTd8kQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.208.0/22
                IPv6:
                  2a05:6440::/29

    Signature Algorithm: sha256WithRSAEncryption
         04:43:91:d0:e1:63:da:ae:cf:e8:05:00:5c:2e:55:fb:58:6d:
         4c:8e:1d:a4:15:bb:e5:2f:6d:df:ed:50:a2:75:88:be:cd:74:
         60:23:84:2f:59:ac:af:2b:83:8a:8a:44:5b:15:7d:c4:df:fe:
         f0:96:60:53:4c:10:c5:5a:35:d5:a8:f9:d9:a5:8a:39:8b:bd:
         c9:d5:30:6f:d8:cb:05:e6:85:d8:ec:4a:25:4d:2c:74:97:72:
         11:5e:1f:8e:5b:7a:7a:b0:23:3e:e4:b0:a0:07:02:f4:7a:ab:
         9c:0f:54:f4:1e:a3:b0:e8:9a:e4:03:45:d5:6c:e1:1e:b7:1b:
         e6:79:11:72:d8:47:ad:1e:71:82:04:2a:ed:be:78:40:28:23:
         86:65:cd:f3:58:17:da:07:68:56:bc:82:41:bf:a7:64:cb:2e:
         6b:11:7d:60:d2:12:b7:75:c6:76:81:f3:90:65:6f:f3:dc:04:
         e4:a3:85:7a:f3:50:1f:e9:8a:70:02:43:7b:0a:0a:7a:11:08:
         39:4d:25:7a:cb:4a:ef:eb:ad:4c:d2:84:8f:73:fe:3c:12:d4:
         36:ab:f1:7a:2a:57:96:59:8d:8e:d3:8a:35:40:8d:59:85:0d:
         03:da:6b:b1:e5:ea:41:dc:c3:76:04:a7:68:02:a9:da:1f:0e:
         6b:a4:b0:7e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvFwIRJr07aJP4CWSBcvkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0ZDY5MjdiNWE3NWI3NjY5YjFmZTJhYzhmZGM3YjYxMzc3
YzkxMDEwHhcNMjQwMTAyMTAzMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWQ1NjJkMjk4MGY5MDJlZWVjZWI3OWFiNTlkZDczYTk0ODQxNTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIsBzcGcbwSS535iEUC512yKvGa/
uaAJ/XJ4EPU5MxbDKuuGFZy68t+Ga8acOBHbngNJY3/STyeiLYDd7jr2WEZpwvjj
x3Bp4JS3mYfwAFKeWMJCVv2FCHOu187n0dt6NTf09TtNZVhtJTB2gLMtlImIwOQo
SdKAOqyhIWndrVS8rqOwyPLTP/pxpMFzrI6McVTc2Jz8Bfh/DRAXV4UsM32P3W7h
rUl4fsFU0RjDm0vHtBlHHYnVejZlVGdE/bilWxRtINqoaoMaDdgioO/wHM+GIvNr
f90fp6KNHy86x+9TH7n/CuAPFyCPPeRqOOS+dOTKA9CQc+SSvPsVxc57HwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH7VYtKYD5Au7s63mrWd1zqUhBVCMB8GA1UdIwQY
MBaAFBTWkntadbdmmx/irI/ce2E3fJEBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRk5hU2UxcDF0MmFiSC1Lc2o5eDdZVGQ4a1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9hM2Q4NWUtNDMzNS00MjVhLWIwZjYt
OGY1NGFiMTM0ZDgzLzEvZnRWaTBwZ1BrQzd1enJlYXRaM1hPcFNFRlVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9hM2Q4NWUtNDMzNS00MjVhLWIwZjYtOGY1NGFiMTM0ZDgz
LzEvRk5hU2UxcDF0MmFiSC1Lc2o5eDdZVGQ4a1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuU3QMA0E
AgACMAcDBQMqBWRAMA0GCSqGSIb3DQEBCwUAA4IBAQAEQ5HQ4WPars/oBQBcLlX7
WG1Mjh2kFbvlL23f7VCidYi+zXRgI4QvWayvK4OKikRbFX3E3/7wlmBTTBDFWjXV
qPnZpYo5i73J1TBv2MsF5oXY7EolTSx0l3IRXh+OW3p6sCM+5LCgBwL0equcD1T0
HqOw6JrkA0XVbOEetxvmeRFy2EetHnGCBCrtvnhAKCOGZc3zWBfaB2hWvIJBv6dk
yy5rEX1g0hK3dcZ2gfOQZW/z3ATko4V681Af6YpwAkN7Cgp6EQg5TSV6y0rv661M
0oSPc/48EtQ2q/F6KleWWY2O04o1QI1ZhQ0D2mux5epB3MN2BKdoAqnaHw5rpLB+
-----END CERTIFICATE-----