Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/46916e-e86c-44a8-8ab9-53849baf1b45/1/FVxu6-nKlZcqAFBmfC-KXBPro4s.roa
File:                     FVxu6-nKlZcqAFBmfC-KXBPro4s.roa (raw, json)
Hash identifier:          dRicxB9UJeR6ABiPfk52Ciux/vE1Kp6EDBEpLxXY2lo=
Subject key identifier:   15:5C:6E:EB:E9:CA:95:97:2A:00:50:66:7C:2F:8A:5C:13:EB:A3:8B
Certificate issuer:       /CN=0c2d7c238e89dcd52f6fb2296dfa4758c61c97be
Certificate serial:       018CC86F3AB4BBE436E6D9779F0881F42C4E
Authority key identifier: 0C:2D:7C:23:8E:89:DC:D5:2F:6F:B2:29:6D:FA:47:58:C6:1C:97:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DC18I46J3NUvb7IpbfpHWMYcl74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/46916e-e86c-44a8-8ab9-53849baf1b45/1/FVxu6-nKlZcqAFBmfC-KXBPro4s.roa
Signing time:             Tue 02 Jan 2024 04:29:41 +0000
ROA not before:           Tue 02 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35258
IP address blocks:        185.93.58.0/23 maxlen: 23
                          185.93.56.0/24 maxlen: 24
                          2a03:8fa0::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/46916e-e86c-44a8-8ab9-53849baf1b45/1/DC18I46J3NUvb7IpbfpHWMYcl74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/46916e-e86c-44a8-8ab9-53849baf1b45/1/DC18I46J3NUvb7IpbfpHWMYcl74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DC18I46J3NUvb7IpbfpHWMYcl74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:3a:b4:bb:e4:36:e6:d9:77:9f:08:81:f4:2c:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c2d7c238e89dcd52f6fb2296dfa4758c61c97be
        Validity
            Not Before: Jan  2 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=155c6eebe9ca95972a0050667c2f8a5c13eba38b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d0:88:41:67:95:69:58:e8:ac:ce:37:39:94:
                    e8:5a:d9:58:75:5f:0f:5f:b0:0d:ae:56:8a:9d:99:
                    8a:9a:47:56:94:11:46:45:65:3b:84:c1:8d:37:e8:
                    0d:ec:82:e9:b5:45:13:4f:7d:f0:e2:f9:1a:57:c8:
                    f9:76:c8:2d:f1:e9:c6:59:60:bc:82:90:b0:06:2e:
                    3f:46:c7:f5:2b:67:d0:f0:03:c6:08:d5:ba:85:92:
                    9e:e3:03:b9:5e:cc:56:20:01:51:6c:8f:09:27:e2:
                    4f:50:dc:8c:5f:0d:f5:04:c7:fe:22:06:70:29:3d:
                    0b:d5:5c:76:cc:d6:ca:70:a9:84:65:ba:71:72:4d:
                    de:16:62:c2:50:6c:9f:03:24:1b:ed:bf:e3:82:b6:
                    f4:93:b7:a9:e3:ef:33:98:b9:3a:f5:5c:c3:67:61:
                    79:e1:dc:c9:66:f2:1e:db:42:a0:bd:59:e1:57:e1:
                    41:f7:12:15:31:8b:ab:f0:cb:e4:37:24:cc:7e:a7:
                    71:0e:8b:e1:3b:22:ab:7b:ad:5c:12:9c:48:d6:43:
                    ab:b3:7a:a6:8d:1d:cf:38:70:99:d8:87:ed:37:3b:
                    7c:fa:c8:3c:15:6c:78:5f:b1:ab:5f:46:c5:f0:99:
                    66:46:95:18:37:1f:e5:6b:f3:ab:33:d9:cf:08:6a:
                    3c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:5C:6E:EB:E9:CA:95:97:2A:00:50:66:7C:2F:8A:5C:13:EB:A3:8B
            X509v3 Authority Key Identifier:
                keyid:0C:2D:7C:23:8E:89:DC:D5:2F:6F:B2:29:6D:FA:47:58:C6:1C:97:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DC18I46J3NUvb7IpbfpHWMYcl74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/46916e-e86c-44a8-8ab9-53849baf1b45/1/FVxu6-nKlZcqAFBmfC-KXBPro4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/46916e-e86c-44a8-8ab9-53849baf1b45/1/DC18I46J3NUvb7IpbfpHWMYcl74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.56.0/24
                  185.93.58.0/23
                IPv6:
                  2a03:8fa0::/36

    Signature Algorithm: sha256WithRSAEncryption
         b0:2b:91:8f:ae:76:f0:06:7a:23:a6:3d:48:dc:59:bd:83:fe:
         73:1c:e2:62:1f:d3:ad:f5:5e:58:79:db:d1:3c:2d:32:19:dc:
         83:e2:9f:69:f8:3a:fc:23:6e:ae:89:d2:96:5b:1c:7a:f7:ad:
         02:62:cc:54:90:1b:1e:65:7b:d1:e7:e0:f2:54:d4:51:e1:39:
         2e:cb:e3:3a:b1:9d:78:b2:5a:bd:ff:db:ed:df:5e:8c:bd:d7:
         f1:9c:8e:a1:9c:a4:85:91:ef:df:f8:b5:80:12:7b:c2:52:82:
         a3:7c:bd:15:4a:1c:4b:54:45:b5:dd:cb:bf:4e:3f:0b:50:75:
         eb:5b:3e:a8:fd:df:39:e9:0b:d8:ff:c2:94:5a:f1:2b:08:33:
         f8:27:ba:8b:89:96:aa:09:95:9e:47:f2:09:05:c6:ca:79:cd:
         bf:5e:36:09:04:60:86:39:21:f6:b0:b8:48:54:4e:77:b2:ea:
         c5:99:d8:85:43:f0:30:c9:a8:45:c4:c4:db:a3:74:29:ee:32:
         af:b0:b4:b5:42:b7:c2:eb:db:cb:d9:09:da:11:b8:94:17:19:
         23:5d:3a:ef:0a:95:2e:c9:e8:fe:8d:6c:5c:63:b9:fd:12:99:
         29:9d:92:b1:50:b5:36:5f:7e:aa:07:ca:d7:c2:37:10:3d:ba:
         c5:85:31:42
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzIbzq0u+Q25tl3nwiB9CxOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMmQ3YzIzOGU4OWRjZDUyZjZmYjIyOTZkZmE0NzU4YzYx
Yzk3YmUwHhcNMjQwMTAyMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTVjNmVlYmU5Y2E5NTk3MmEwMDUwNjY3YzJmOGE1YzEzZWJhMzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNCIQWeVaVjorM43OZToWtlYdV8P
X7ANrlaKnZmKmkdWlBFGRWU7hMGNN+gN7ILptUUTT33w4vkaV8j5dsgt8enGWWC8
gpCwBi4/Rsf1K2fQ8APGCNW6hZKe4wO5XsxWIAFRbI8JJ+JPUNyMXw31BMf+IgZw
KT0L1Vx2zNbKcKmEZbpxck3eFmLCUGyfAyQb7b/jgrb0k7ep4+8zmLk69VzDZ2F5
4dzJZvIe20KgvVnhV+FB9xIVMYur8MvkNyTMfqdxDovhOyKre61cEpxI1kOrs3qm
jR3POHCZ2IftNzt8+sg8FWx4X7GrX0bF8JlmRpUYNx/la/OrM9nPCGo8tQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFBVcbuvpypWXKgBQZnwvilwT66OLMB8GA1UdIwQY
MBaAFAwtfCOOidzVL2+yKW36R1jGHJe+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREMxOEk0NkozTlV2YjdJcGJmcEhXTVljbDc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC80NjkxNmUtZTg2Yy00NGE4LThhYjkt
NTM4NDliYWYxYjQ1LzEvRlZ4dTYtbktsWmNxQUZCbWZDLUtYQlBybzRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC80NjkxNmUtZTg2Yy00NGE4LThhYjktNTM4NDliYWYxYjQ1
LzEvREMxOEk0NkozTlV2YjdJcGJmcEhXTVljbDc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQAuV04AwQB
uV06MA4EAgACMAgDBgQqA4+gADANBgkqhkiG9w0BAQsFAAOCAQEAsCuRj6528AZ6
I6Y9SNxZvYP+cxziYh/TrfVeWHnb0TwtMhncg+Kfafg6/CNuronSllscevetAmLM
VJAbHmV70efg8lTUUeE5LsvjOrGdeLJavf/b7d9ejL3X8ZyOoZykhZHv3/i1gBJ7
wlKCo3y9FUocS1RFtd3Lv04/C1B161s+qP3fOekL2P/ClFrxKwgz+Ce6i4mWqgmV
nkfyCQXGynnNv142CQRghjkh9rC4SFROd7LqxZnYhUPwMMmoRcTE26N0Ke4yr7C0
tUK3wuvby9kJ2hG4lBcZI1067wqVLsno/o1sXGO5/RKZKZ2SsVC1Nl9+qgfK18I3
ED26xYUxQg==
-----END CERTIFICATE-----