Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/oXAZbDiJyqy04fSeXZO64AppbsM.roa
File:                     oXAZbDiJyqy04fSeXZO64AppbsM.roa (raw, json)
Hash identifier:          4wPYX9qzCcqqtLnSoHn99/eZvbX+dto7ZU8241bAG2k=
Subject key identifier:   A1:70:19:6C:38:89:CA:AC:B4:E1:F4:9E:5D:93:BA:E0:0A:69:6E:C3
Certificate issuer:       /CN=fc44297e9271c6edf064915f6180ae12690dda8b
Certificate serial:       018CC56E1B075AAA883057F3874D29BD5917
Authority key identifier: FC:44:29:7E:92:71:C6:ED:F0:64:91:5F:61:80:AE:12:69:0D:DA:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/oXAZbDiJyqy04fSeXZO64AppbsM.roa
Signing time:             Mon 01 Jan 2024 14:29:36 +0000
ROA not before:           Mon 01 Jan 2024 14:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35432
IP address blocks:        213.169.149.0/24 maxlen: 24
                          82.114.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1b:07:5a:aa:88:30:57:f3:87:4d:29:bd:59:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc44297e9271c6edf064915f6180ae12690dda8b
        Validity
            Not Before: Jan  1 14:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a170196c3889caacb4e1f49e5d93bae00a696ec3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:6e:f3:9e:c9:16:9d:77:43:7e:a0:af:27:23:
                    fb:77:3a:f5:de:a0:21:b7:39:3b:0d:1f:87:aa:94:
                    1b:f5:a9:93:cf:85:0f:c8:6c:b0:84:14:84:cb:b7:
                    9c:78:b4:7f:d1:2a:38:e7:5a:67:76:8a:ed:e1:53:
                    6f:23:47:51:e7:36:b1:f4:bd:ce:3c:f3:60:df:5e:
                    40:5f:b6:af:28:40:f3:ad:0c:b4:bf:73:b1:27:2a:
                    c8:62:be:07:75:d6:71:11:f6:33:3a:44:a6:11:9b:
                    b6:e0:00:4f:38:06:5c:bc:b7:8f:96:ff:a4:74:97:
                    f8:dc:31:ee:14:f7:1f:fc:4a:7a:ca:d8:83:0e:c8:
                    60:c5:c2:ca:05:64:7e:e6:6d:f0:18:76:c0:c7:1b:
                    42:1b:9c:3b:7c:c3:fb:48:02:38:41:9b:04:08:fe:
                    be:48:d1:53:ea:72:da:69:32:18:ab:09:57:bf:30:
                    8b:83:f5:8d:18:22:be:5f:56:b0:80:76:f7:c3:08:
                    a5:39:c9:73:d3:2d:83:b9:ed:95:39:ad:43:57:79:
                    c1:3b:00:4a:fc:e6:f1:e2:9d:3f:17:f2:f7:2c:27:
                    4d:03:c7:00:6d:20:d2:aa:4d:b2:2f:2f:b6:52:59:
                    9e:eb:61:b3:2a:70:be:23:06:e3:64:aa:a5:31:84:
                    03:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:70:19:6C:38:89:CA:AC:B4:E1:F4:9E:5D:93:BA:E0:0A:69:6E:C3
            X509v3 Authority Key Identifier:
                keyid:FC:44:29:7E:92:71:C6:ED:F0:64:91:5F:61:80:AE:12:69:0D:DA:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/oXAZbDiJyqy04fSeXZO64AppbsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.114.51.0/24
                  213.169.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:dc:2e:e3:92:1b:c8:f8:a4:4e:89:52:02:34:4f:7b:9d:6f:
         f7:63:9c:de:a6:5b:df:c3:3c:7e:bd:9e:9a:52:08:2c:56:57:
         c4:f9:52:5f:1e:52:84:32:a8:2f:4a:52:fc:61:50:f9:28:80:
         77:58:ef:61:bb:2f:bc:48:ff:4f:31:fd:b1:22:19:f5:8c:a7:
         e2:bc:09:78:80:c8:24:ca:8e:0f:ca:bf:5d:0b:9a:b6:46:d0:
         2b:e5:77:fe:7c:84:8c:b9:b2:33:ed:6a:d0:b5:cc:b4:94:89:
         99:71:6a:f8:5a:b3:e5:99:5b:9f:02:c3:85:ab:90:8b:6e:b6:
         c9:1e:2e:52:d9:47:7b:86:d2:24:b5:60:5d:3a:40:51:74:bc:
         af:67:51:66:b0:b7:67:94:5f:80:97:2f:4e:d2:f7:bc:06:ac:
         50:11:51:d6:49:08:36:16:45:89:a0:b5:78:8d:be:81:6a:b1:
         9f:1c:d5:4c:08:7e:2a:4d:d7:fa:03:63:9d:ab:6f:fb:1e:48:
         7b:0a:48:cc:55:19:b5:d3:31:97:dc:2e:aa:dc:03:5d:f6:0f:
         61:49:af:01:56:2c:5d:08:b3:cf:f5:95:bb:13:22:f4:e6:f0:
         72:6b:65:8f:a0:e3:be:c3:49:6e:61:59:82:40:cd:11:3a:01:
         d2:45:ff:5e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbhsHWqqIMFfzh00pvVkXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNDQyOTdlOTI3MWM2ZWRmMDY0OTE1ZjYxODBhZTEyNjkw
ZGRhOGIwHhcNMjQwMTAxMTQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTcwMTk2YzM4ODljYWFjYjRlMWY0OWU1ZDkzYmFlMDBhNjk2ZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAim7znskWnXdDfqCvJyP7dzr13qAh
tzk7DR+HqpQb9amTz4UPyGywhBSEy7eceLR/0So451pndort4VNvI0dR5zax9L3O
PPNg315AX7avKEDzrQy0v3OxJyrIYr4HddZxEfYzOkSmEZu24ABPOAZcvLePlv+k
dJf43DHuFPcf/Ep6ytiDDshgxcLKBWR+5m3wGHbAxxtCG5w7fMP7SAI4QZsECP6+
SNFT6nLaaTIYqwlXvzCLg/WNGCK+X1awgHb3wwilOclz0y2Due2VOa1DV3nBOwBK
/Obx4p0/F/L3LCdNA8cAbSDSqk2yLy+2Ulme62GzKnC+IwbjZKqlMYQDAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKFwGWw4icqstOH0nl2TuuAKaW7DMB8GA1UdIwQY
MBaAFPxEKX6Sccbt8GSRX2GArhJpDdqLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0VRcGZwSnh4dTN3WkpGZllZQ3VFbWtOMm9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi83Y2IxNzktYWQyYy00ODI0LWExZTUt
YWUwN2YzMmU0MTAyLzEvb1hBWmJEaUp5cXkwNGZTZVhaTzY0QXBwYnNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi83Y2IxNzktYWQyYy00ODI0LWExZTUtYWUwN2YzMmU0MTAy
LzEvX0VRcGZwSnh4dTN3WkpGZllZQ3VFbWtOMm9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUnIzAwQA
1amVMA0GCSqGSIb3DQEBCwUAA4IBAQCG3C7jkhvI+KROiVICNE97nW/3Y5zeplvf
wzx+vZ6aUggsVlfE+VJfHlKEMqgvSlL8YVD5KIB3WO9huy+8SP9PMf2xIhn1jKfi
vAl4gMgkyo4Pyr9dC5q2RtAr5Xf+fISMubIz7WrQtcy0lImZcWr4WrPlmVufAsOF
q5CLbrbJHi5S2Ud7htIktWBdOkBRdLyvZ1FmsLdnlF+Aly9O0ve8BqxQEVHWSQg2
FkWJoLV4jb6BarGfHNVMCH4qTdf6A2Odq2/7Hkh7CkjMVRm10zGX3C6q3ANd9g9h
Sa8BVixdCLPP9ZW7EyL05vBya2WPoOO+w0luYVmCQM0ROgHSRf9e
-----END CERTIFICATE-----