Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/FuJRxaRFT8DopUH9oKdq3-nO_q8.roa
File:                     FuJRxaRFT8DopUH9oKdq3-nO_q8.roa (raw, json)
Hash identifier:          N3kMPIdpBXYE28ecOTgfqI/rdsJLwAm+rC2ZrqQ196Q=
Subject key identifier:   16:E2:51:C5:A4:45:4F:C0:E8:A5:41:FD:A0:A7:6A:DF:E9:CE:FE:AF
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018CC348984F51808575A748946A075477A5
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/FuJRxaRFT8DopUH9oKdq3-nO_q8.roa
Signing time:             Mon 01 Jan 2024 04:29:23 +0000
ROA not before:           Mon 01 Jan 2024 04:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212000
IP address blocks:        185.244.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:98:4f:51:80:85:75:a7:48:94:6a:07:54:77:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  1 04:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16e251c5a4454fc0e8a541fda0a76adfe9cefeaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d4:5c:01:fc:ac:5a:0f:79:aa:84:d8:30:b1:
                    d9:0f:0b:14:6e:4e:a9:45:de:fb:e6:f9:17:e4:c3:
                    3c:bf:e9:bf:af:52:ed:8e:36:d1:9b:ce:6d:ab:65:
                    04:5b:06:09:ba:48:b4:a3:23:21:0d:b2:ae:ac:e7:
                    0d:96:3d:16:87:fd:7f:37:52:02:f7:0f:9c:3a:3d:
                    7b:32:3b:6f:9a:21:24:6a:a0:5f:86:de:ed:f1:91:
                    3f:fd:65:f0:f1:c5:18:64:e9:59:01:66:67:72:e1:
                    0b:93:77:ee:79:ee:0b:29:7b:20:36:6e:41:0d:df:
                    c3:ec:88:90:06:32:c1:88:18:00:2c:f8:ac:9c:0f:
                    18:9a:fc:53:27:0e:88:36:57:10:00:c4:cb:86:e4:
                    ab:34:c8:e9:83:e7:2f:d7:47:80:c9:cb:83:2f:e1:
                    60:33:38:a6:70:9c:d3:14:f4:0f:43:6f:c6:a9:a1:
                    9b:5a:63:9f:b7:15:38:83:a0:82:90:6e:24:41:fe:
                    e6:e6:87:a1:24:b2:0e:de:d3:08:db:60:4c:25:4f:
                    45:a2:8a:2b:c4:19:fa:c4:9f:19:9c:ef:71:83:05:
                    78:33:91:45:f5:d4:1e:e6:f0:e7:ff:62:43:d6:3a:
                    cc:24:92:d8:f7:88:8c:5f:32:24:10:90:72:5a:7b:
                    92:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:E2:51:C5:A4:45:4F:C0:E8:A5:41:FD:A0:A7:6A:DF:E9:CE:FE:AF
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/FuJRxaRFT8DopUH9oKdq3-nO_q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:ba:72:b9:4e:53:8a:b3:5d:c2:6a:c4:ae:56:ef:04:48:f8:
         80:f1:09:43:04:6a:9f:50:0c:49:62:1f:c7:97:7e:84:f9:20:
         fe:68:58:91:dd:f3:b5:20:92:bc:54:91:29:9d:96:64:d3:5a:
         ed:67:95:84:3d:e4:09:63:6c:20:96:d1:e5:1d:c0:8a:0c:52:
         3e:25:72:b7:57:80:ba:ff:a2:74:be:f4:49:db:41:2d:da:7a:
         73:a5:7e:d0:2b:a7:06:40:e2:46:58:54:be:45:07:79:df:52:
         35:c5:c2:28:80:ff:2c:f9:a1:a6:b3:4d:64:e8:3f:a1:eb:fb:
         a8:7c:6c:17:1b:8f:1b:a9:15:8e:1f:91:3a:77:7b:f2:43:53:
         f3:ae:db:8f:d8:2d:a9:eb:13:89:09:2c:eb:22:21:54:1f:83:
         97:50:0e:5b:0d:65:a4:69:9b:52:74:60:89:9b:18:8c:ec:56:
         dd:13:f5:ea:c4:57:41:fa:78:dc:9f:bc:f0:b5:45:27:4c:8b:
         9d:47:25:2d:39:fc:6d:07:2a:35:3b:d4:bc:c9:c8:15:94:b4:
         ab:fd:e8:07:0d:bf:6e:94:d3:b6:28:d0:7c:9d:4a:0b:37:0a:
         a2:69:7a:1e:96:22:23:c3:bf:a0:a9:76:cc:78:05:e3:12:06:
         00:ee:a2:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJhPUYCFdadIlGoHVHelMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMTAxMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmUyNTFjNWE0NDU0ZmMwZThhNTQxZmRhMGE3NmFkZmU5Y2VmZWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNRcAfysWg95qoTYMLHZDwsUbk6p
Rd775vkX5MM8v+m/r1LtjjbRm85tq2UEWwYJuki0oyMhDbKurOcNlj0Wh/1/N1IC
9w+cOj17MjtvmiEkaqBfht7t8ZE//WXw8cUYZOlZAWZncuELk3fuee4LKXsgNm5B
Dd/D7IiQBjLBiBgALPisnA8YmvxTJw6INlcQAMTLhuSrNMjpg+cv10eAycuDL+Fg
MzimcJzTFPQPQ2/GqaGbWmOftxU4g6CCkG4kQf7m5oehJLIO3tMI22BMJU9Fooor
xBn6xJ8ZnO9xgwV4M5FF9dQe5vDn/2JD1jrMJJLY94iMXzIkEJByWnuS0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBbiUcWkRU/A6KVB/aCnat/pzv6vMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvRnVKUnhhUkZUOERvcFVIOW9LZHEzLW5PX3E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufQcMA0G
CSqGSIb3DQEBCwUAA4IBAQBUunK5TlOKs13CasSuVu8ESPiA8QlDBGqfUAxJYh/H
l36E+SD+aFiR3fO1IJK8VJEpnZZk01rtZ5WEPeQJY2wgltHlHcCKDFI+JXK3V4C6
/6J0vvRJ20Et2npzpX7QK6cGQOJGWFS+RQd531I1xcIogP8s+aGms01k6D+h6/uo
fGwXG48bqRWOH5E6d3vyQ1PzrtuP2C2p6xOJCSzrIiFUH4OXUA5bDWWkaZtSdGCJ
mxiM7FbdE/XqxFdB+njcn7zwtUUnTIudRyUtOfxtByo1O9S8ycgVlLSr/egHDb9u
lNO2KNB8nUoLNwqiaXoeliIjw7+gqXbMeAXjEgYA7qK2
-----END CERTIFICATE-----