Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/344d24-2e11-466d-8ade-38e846148c78/1/FB1kSpEsqenueojYSA6hfV_kN5o.roa
File:                     FB1kSpEsqenueojYSA6hfV_kN5o.roa (raw, json)
Hash identifier:          QbjPqlvhFNGii+MNvcX/LOo2lMH8REvBU5pA91JGeNo=
Subject key identifier:   14:1D:64:4A:91:2C:A9:E9:EE:7A:88:D8:48:0E:A1:7D:5F:E4:37:9A
Certificate issuer:       /CN=1aa0a328c6fe0f1bca5e6599042dff59e513b25d
Certificate serial:       018CC4939AF0D3285ED2898E6DD00427F96A
Authority key identifier: 1A:A0:A3:28:C6:FE:0F:1B:CA:5E:65:99:04:2D:FF:59:E5:13:B2:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GqCjKMb-DxvKXmWZBC3_WeUTsl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/344d24-2e11-466d-8ade-38e846148c78/1/FB1kSpEsqenueojYSA6hfV_kN5o.roa
Signing time:             Mon 01 Jan 2024 10:30:56 +0000
ROA not before:           Mon 01 Jan 2024 10:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200845
IP address blocks:        185.252.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/344d24-2e11-466d-8ade-38e846148c78/1/GqCjKMb-DxvKXmWZBC3_WeUTsl0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/344d24-2e11-466d-8ade-38e846148c78/1/GqCjKMb-DxvKXmWZBC3_WeUTsl0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GqCjKMb-DxvKXmWZBC3_WeUTsl0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:9a:f0:d3:28:5e:d2:89:8e:6d:d0:04:27:f9:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aa0a328c6fe0f1bca5e6599042dff59e513b25d
        Validity
            Not Before: Jan  1 10:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=141d644a912ca9e9ee7a88d8480ea17d5fe4379a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:82:b9:91:f9:df:3d:47:20:5a:33:94:ef:8a:
                    75:67:5a:39:c4:be:84:af:9c:60:9d:f3:77:e3:61:
                    fb:8f:88:d1:65:6b:b9:e5:e4:18:47:b3:ce:03:ce:
                    9a:88:3d:b9:e2:ea:6a:c1:cc:7d:fe:a1:11:33:42:
                    32:77:20:57:ab:58:13:5a:92:11:86:d1:78:1e:32:
                    30:df:dd:51:81:62:28:a9:95:b9:06:de:0c:ca:2a:
                    0a:20:88:a4:2a:99:48:9e:dc:9b:97:92:29:44:c3:
                    21:79:f8:29:d3:20:a6:14:12:00:3e:9c:e0:46:79:
                    92:05:e7:aa:21:c6:7a:98:71:c1:83:45:ea:b9:f7:
                    3f:fc:ab:ef:31:e0:7b:ea:af:5a:89:22:6c:0b:24:
                    1b:30:96:8a:bd:6c:5e:2b:5a:39:7b:d6:a6:64:46:
                    ea:ef:d9:43:7c:a0:23:7f:b6:96:b0:fb:33:a3:a7:
                    9f:8d:84:d0:fb:35:88:49:31:f5:29:fb:ac:9f:46:
                    26:46:e8:7f:c0:a5:c2:11:4b:d1:b0:7d:54:3c:b8:
                    8a:a4:6f:18:c0:bc:42:7c:91:2e:7e:79:4a:af:61:
                    9f:4c:b3:9d:c8:e6:3e:2d:bd:d3:84:ac:71:52:7d:
                    cb:3e:a1:c4:4d:34:d8:c0:b2:64:1f:f1:2a:f4:78:
                    11:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:1D:64:4A:91:2C:A9:E9:EE:7A:88:D8:48:0E:A1:7D:5F:E4:37:9A
            X509v3 Authority Key Identifier:
                keyid:1A:A0:A3:28:C6:FE:0F:1B:CA:5E:65:99:04:2D:FF:59:E5:13:B2:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GqCjKMb-DxvKXmWZBC3_WeUTsl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/344d24-2e11-466d-8ade-38e846148c78/1/FB1kSpEsqenueojYSA6hfV_kN5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/344d24-2e11-466d-8ade-38e846148c78/1/GqCjKMb-DxvKXmWZBC3_WeUTsl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:6b:54:28:28:01:5f:87:fd:71:0b:8a:d2:b3:04:cb:0f:98:
         a6:7c:64:70:b8:3c:58:ec:69:4d:b7:38:02:e2:82:d3:d1:01:
         56:66:62:1e:78:c9:88:d1:f6:81:45:13:00:e2:87:13:77:7f:
         be:7d:28:e7:fe:10:28:e2:d7:d7:11:bf:67:74:a6:63:d8:a6:
         8e:eb:84:22:e2:42:17:5a:57:e7:8d:66:ee:62:4b:ff:26:9f:
         31:1d:67:3d:e3:f2:f2:35:33:25:1f:72:a3:70:c2:ad:34:d5:
         cc:27:ac:93:75:15:a3:46:59:29:c4:27:c5:59:47:2c:e0:3e:
         99:f7:7e:2f:04:22:82:aa:32:e7:ab:d9:5f:28:fd:41:27:fc:
         7f:25:c5:24:25:a0:3a:89:b4:42:d0:b7:c8:87:08:af:c8:89:
         95:30:22:bd:24:8d:29:9b:38:9d:94:1b:3e:33:77:1d:4a:74:
         84:44:75:e7:0f:d8:b6:9c:bd:68:c5:c9:05:41:a5:0e:8e:07:
         83:70:31:fe:70:d2:02:8e:53:0e:db:27:74:14:82:f8:2c:a3:
         fb:df:f7:75:55:f5:d8:c3:14:6a:cf:ef:76:87:c0:1d:3b:63:
         eb:71:51:43:12:76:f0:f3:6b:d7:e1:84:31:b3:d6:7e:8e:11:
         09:4c:c6:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5rw0yhe0omObdAEJ/lqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhYTBhMzI4YzZmZTBmMWJjYTVlNjU5OTA0MmRmZjU5ZTUx
M2IyNWQwHhcNMjQwMTAxMTAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDFkNjQ0YTkxMmNhOWU5ZWU3YTg4ZDg0ODBlYTE3ZDVmZTQzNzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4K5kfnfPUcgWjOU74p1Z1o5xL6E
r5xgnfN342H7j4jRZWu55eQYR7POA86aiD254upqwcx9/qERM0IydyBXq1gTWpIR
htF4HjIw391RgWIoqZW5Bt4MyioKIIikKplIntybl5IpRMMhefgp0yCmFBIAPpzg
RnmSBeeqIcZ6mHHBg0Xqufc//KvvMeB76q9aiSJsCyQbMJaKvWxeK1o5e9amZEbq
79lDfKAjf7aWsPszo6efjYTQ+zWISTH1Kfusn0YmRuh/wKXCEUvRsH1UPLiKpG8Y
wLxCfJEufnlKr2GfTLOdyOY+Lb3ThKxxUn3LPqHETTTYwLJkH/Eq9HgRPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBQdZEqRLKnp7nqI2EgOoX1f5DeaMB8GA1UdIwQY
MBaAFBqgoyjG/g8byl5lmQQt/1nlE7JdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3FDaktNYi1EeHZLWG1XWkJDM19XZVVUc2wwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8zNDRkMjQtMmUxMS00NjZkLThhZGUt
MzhlODQ2MTQ4Yzc4LzEvRkIxa1NwRXNxZW51ZW9qWVNBNmhmVl9rTjVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8zNDRkMjQtMmUxMS00NjZkLThhZGUtMzhlODQ2MTQ4Yzc4
LzEvR3FDaktNYi1EeHZLWG1XWkJDM19XZVVUc2wwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufwHMA0G
CSqGSIb3DQEBCwUAA4IBAQAXa1QoKAFfh/1xC4rSswTLD5imfGRwuDxY7GlNtzgC
4oLT0QFWZmIeeMmI0faBRRMA4ocTd3++fSjn/hAo4tfXEb9ndKZj2KaO64Qi4kIX
WlfnjWbuYkv/Jp8xHWc94/LyNTMlH3KjcMKtNNXMJ6yTdRWjRlkpxCfFWUcs4D6Z
934vBCKCqjLnq9lfKP1BJ/x/JcUkJaA6ibRC0LfIhwivyImVMCK9JI0pmzidlBs+
M3cdSnSERHXnD9i2nL1oxckFQaUOjgeDcDH+cNICjlMO2yd0FIL4LKP73/d1VfXY
wxRqz+92h8AdO2PrcVFDEnbw82vX4YQxs9Z+jhEJTMb3
-----END CERTIFICATE-----