Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/3073b2-ae86-42c3-bdcb-66d5463592d7/1/FgdWFUmFC9X35xPu1lV8zWU1rAs.roa
File:                     FgdWFUmFC9X35xPu1lV8zWU1rAs.roa (raw, json)
Hash identifier:          R6pomITusrCDWeYSh6+bif7MrLkdRMqleZFyzrbzpWg=
Subject key identifier:   16:07:56:15:49:85:0B:D5:F7:E7:13:EE:D6:55:7C:CD:65:35:AC:0B
Certificate issuer:       /CN=f7a70fff261ae39910950b46d5777b0e4836d1cb
Certificate serial:       018CC5DC42057118032BF2EC829A69D6D637
Authority key identifier: F7:A7:0F:FF:26:1A:E3:99:10:95:0B:46:D5:77:7B:0E:48:36:D1:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/96cP_yYa45kQlQtG1Xd7Dkg20cs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/3073b2-ae86-42c3-bdcb-66d5463592d7/1/FgdWFUmFC9X35xPu1lV8zWU1rAs.roa
Signing time:             Mon 01 Jan 2024 16:29:55 +0000
ROA not before:           Mon 01 Jan 2024 16:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24904
IP address blocks:        185.202.60.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/3073b2-ae86-42c3-bdcb-66d5463592d7/1/96cP_yYa45kQlQtG1Xd7Dkg20cs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/3073b2-ae86-42c3-bdcb-66d5463592d7/1/96cP_yYa45kQlQtG1Xd7Dkg20cs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/96cP_yYa45kQlQtG1Xd7Dkg20cs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:42:05:71:18:03:2b:f2:ec:82:9a:69:d6:d6:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7a70fff261ae39910950b46d5777b0e4836d1cb
        Validity
            Not Before: Jan  1 16:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1607561549850bd5f7e713eed6557ccd6535ac0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:06:1c:9f:b5:f5:61:c8:d0:da:51:f3:da:93:
                    e9:53:58:10:04:98:24:b8:2a:86:fa:f3:be:f6:96:
                    27:cd:63:68:ff:85:bf:06:6b:59:95:f6:aa:4b:03:
                    af:5a:70:f6:28:3d:f6:1e:72:3b:b0:55:f6:4a:ff:
                    18:c9:be:b2:28:9d:74:13:43:4d:ab:73:e4:1f:32:
                    1c:68:ad:31:43:41:a2:2f:ee:0a:99:44:a6:9d:4a:
                    3e:f6:58:4d:d0:c7:02:ce:67:a8:d4:bd:5f:0e:08:
                    f6:d2:4e:bf:45:34:a8:fe:76:d5:be:e6:54:48:de:
                    04:d0:90:6a:18:3d:53:5c:dc:17:da:1c:cf:6a:d2:
                    d0:a7:5c:af:14:30:f3:07:67:3a:81:ac:22:c0:8e:
                    61:f0:22:1d:e4:fb:02:78:15:21:47:65:45:b3:5e:
                    77:96:aa:4b:c5:cd:f9:74:ee:b2:af:fe:f6:48:5a:
                    bb:ec:b7:d5:dd:70:7d:d0:8a:0b:99:b3:71:8e:2d:
                    49:2d:9f:8e:7d:94:41:a2:83:16:08:c9:7a:9b:b1:
                    7e:a5:a5:5d:6a:c1:b8:32:01:e9:56:c4:dd:cb:e7:
                    61:f2:87:bc:e5:2c:9a:59:28:af:80:cc:0d:ea:16:
                    03:9d:01:05:11:b5:4c:1d:79:d0:23:b2:c1:a9:0f:
                    15:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:07:56:15:49:85:0B:D5:F7:E7:13:EE:D6:55:7C:CD:65:35:AC:0B
            X509v3 Authority Key Identifier:
                keyid:F7:A7:0F:FF:26:1A:E3:99:10:95:0B:46:D5:77:7B:0E:48:36:D1:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/96cP_yYa45kQlQtG1Xd7Dkg20cs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/3073b2-ae86-42c3-bdcb-66d5463592d7/1/FgdWFUmFC9X35xPu1lV8zWU1rAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/3073b2-ae86-42c3-bdcb-66d5463592d7/1/96cP_yYa45kQlQtG1Xd7Dkg20cs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:46:bb:ef:32:0f:f0:5e:fc:5e:91:0e:5b:45:73:51:e6:e3:
         5e:01:13:a6:7b:35:2e:6c:7f:fd:41:7e:e2:42:0b:8f:ac:be:
         54:bd:88:66:1c:16:83:fc:eb:91:43:b3:2e:92:82:38:06:f4:
         c0:da:94:3b:5b:2e:eb:f9:1d:58:45:89:b1:cf:83:96:58:87:
         73:7a:91:0c:6d:a0:d0:bd:60:35:51:8f:45:ca:15:ee:b6:ed:
         a7:0f:d6:e7:e9:a2:ec:81:c1:4c:0f:64:3b:75:2c:81:a2:1a:
         a7:ee:7a:f9:d5:7d:ee:67:ee:85:32:a8:ac:d2:c7:0b:9c:2a:
         0f:4c:6d:ca:60:2f:fb:54:1c:d6:6b:c4:19:3a:37:e0:ec:5a:
         cf:67:12:91:c0:0b:1f:d9:df:ee:a9:de:5d:1e:b0:8e:9d:b7:
         47:df:c5:f8:78:45:4b:54:cd:9a:11:77:ba:a7:5b:ba:5f:f9:
         cb:17:e3:53:86:56:ac:35:49:b3:e8:d3:3c:cd:75:77:09:5a:
         22:6e:ba:80:28:5d:bd:ec:57:ff:dc:8e:f5:18:8e:48:0b:8b:
         08:dc:81:fb:23:a8:9b:64:df:b9:47:4c:25:bb:58:0e:c7:35:
         0a:0b:3c:c1:a9:a0:60:6a:69:c7:67:8d:cc:8d:31:7b:7e:59:
         32:e4:c0:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3EIFcRgDK/Lsgppp1tY3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YTcwZmZmMjYxYWUzOTkxMDk1MGI0NmQ1Nzc3YjBlNDgz
NmQxY2IwHhcNMjQwMTAxMTYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjA3NTYxNTQ5ODUwYmQ1ZjdlNzEzZWVkNjU1N2NjZDY1MzVhYzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgYcn7X1YcjQ2lHz2pPpU1gQBJgk
uCqG+vO+9pYnzWNo/4W/BmtZlfaqSwOvWnD2KD32HnI7sFX2Sv8Yyb6yKJ10E0NN
q3PkHzIcaK0xQ0GiL+4KmUSmnUo+9lhN0McCzmeo1L1fDgj20k6/RTSo/nbVvuZU
SN4E0JBqGD1TXNwX2hzPatLQp1yvFDDzB2c6gawiwI5h8CId5PsCeBUhR2VFs153
lqpLxc35dO6yr/72SFq77LfV3XB90IoLmbNxji1JLZ+OfZRBooMWCMl6m7F+paVd
asG4MgHpVsTdy+dh8oe85SyaWSivgMwN6hYDnQEFEbVMHXnQI7LBqQ8VQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYHVhVJhQvV9+cT7tZVfM1lNawLMB8GA1UdIwQY
MBaAFPenD/8mGuOZEJULRtV3ew5INtHLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTZjUF95WWE0NWtRbFF0RzFYZDdEa2cyMGNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8zMDczYjItYWU4Ni00MmMzLWJkY2It
NjZkNTQ2MzU5MmQ3LzEvRmdkV0ZVbUZDOVgzNXhQdTFsVjh6V1UxckFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8zMDczYjItYWU4Ni00MmMzLWJkY2ItNjZkNTQ2MzU5MmQ3
LzEvOTZjUF95WWE0NWtRbFF0RzFYZDdEa2cyMGNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuco8MA0G
CSqGSIb3DQEBCwUAA4IBAQB3RrvvMg/wXvxekQ5bRXNR5uNeAROmezUubH/9QX7i
QguPrL5UvYhmHBaD/OuRQ7MukoI4BvTA2pQ7Wy7r+R1YRYmxz4OWWIdzepEMbaDQ
vWA1UY9FyhXutu2nD9bn6aLsgcFMD2Q7dSyBohqn7nr51X3uZ+6FMqis0scLnCoP
TG3KYC/7VBzWa8QZOjfg7FrPZxKRwAsf2d/uqd5dHrCOnbdH38X4eEVLVM2aEXe6
p1u6X/nLF+NThlasNUmz6NM8zXV3CVoibrqAKF297Ff/3I71GI5IC4sI3IH7I6ib
ZN+5R0wlu1gOxzUKCzzBqaBgamnHZ43MjTF7flky5MDy
-----END CERTIFICATE-----