Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/e66a25-31b8-40a1-9485-2264adf5b34c/1/FL3S6hskIs0vhwY8-RwXrIJ1RSA.roa
File:                     FL3S6hskIs0vhwY8-RwXrIJ1RSA.roa (raw, json)
Hash identifier:          bWweeIuZv7wn1FmYYS64JBvgMgI6v5iS0kBOxhjgvTA=
Subject key identifier:   14:BD:D2:EA:1B:24:22:CD:2F:87:06:3C:F9:1C:17:AC:82:75:45:20
Certificate issuer:       /CN=a652cb32c2c86696e35f9b78d5f18b362614b168
Certificate serial:       018CC2DB4E59980EDC54ED6C7AF8974D7A0A
Authority key identifier: A6:52:CB:32:C2:C8:66:96:E3:5F:9B:78:D5:F1:8B:36:26:14:B1:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/plLLMsLIZpbjX5t41fGLNiYUsWg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/e66a25-31b8-40a1-9485-2264adf5b34c/1/FL3S6hskIs0vhwY8-RwXrIJ1RSA.roa
Signing time:             Mon 01 Jan 2024 02:30:01 +0000
ROA not before:           Mon 01 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47692
IP address blocks:        194.0.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/e66a25-31b8-40a1-9485-2264adf5b34c/1/plLLMsLIZpbjX5t41fGLNiYUsWg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/e66a25-31b8-40a1-9485-2264adf5b34c/1/plLLMsLIZpbjX5t41fGLNiYUsWg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/plLLMsLIZpbjX5t41fGLNiYUsWg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:4e:59:98:0e:dc:54:ed:6c:7a:f8:97:4d:7a:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a652cb32c2c86696e35f9b78d5f18b362614b168
        Validity
            Not Before: Jan  1 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14bdd2ea1b2422cd2f87063cf91c17ac82754520
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:41:09:fb:7c:fb:15:d9:4d:27:22:73:cc:17:
                    53:20:14:87:02:e4:73:91:05:87:76:ad:af:3e:73:
                    01:f7:b1:dc:a1:71:cd:1a:15:15:59:a7:6b:e0:d6:
                    b1:d3:98:1e:cf:18:a3:c3:3c:8e:ed:ac:34:80:5a:
                    af:20:c8:87:32:95:98:96:16:03:4b:45:2c:dd:7c:
                    f2:4d:32:96:23:a5:50:ec:07:1a:dd:6a:e7:88:1f:
                    e4:c0:67:38:b3:39:03:aa:31:32:91:60:25:c1:8a:
                    a9:cb:01:0b:c0:d5:52:bd:54:1c:ba:12:8f:ab:fb:
                    69:d5:cb:a4:80:35:ac:b7:a2:8c:14:a6:8d:b6:e4:
                    4f:86:0f:d3:d0:6b:e2:40:51:09:e8:0a:15:6a:60:
                    47:fb:f7:5c:b2:8a:a7:f1:18:ae:da:48:20:df:42:
                    a9:72:09:e7:a7:24:c3:30:ff:14:69:87:b1:a1:6b:
                    7d:52:d1:14:48:66:c0:bd:9e:ee:68:1c:9c:29:2c:
                    c1:01:de:16:31:70:ad:44:c6:a2:59:56:f1:52:92:
                    d4:33:11:f7:5b:05:b9:b7:fe:67:57:39:b1:60:6a:
                    39:72:da:1e:5f:45:26:e3:7e:44:e0:e0:74:3e:d4:
                    1f:26:1a:20:3e:de:22:17:e9:84:ea:fc:1e:89:23:
                    0d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:BD:D2:EA:1B:24:22:CD:2F:87:06:3C:F9:1C:17:AC:82:75:45:20
            X509v3 Authority Key Identifier:
                keyid:A6:52:CB:32:C2:C8:66:96:E3:5F:9B:78:D5:F1:8B:36:26:14:B1:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/plLLMsLIZpbjX5t41fGLNiYUsWg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/e66a25-31b8-40a1-9485-2264adf5b34c/1/FL3S6hskIs0vhwY8-RwXrIJ1RSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/e66a25-31b8-40a1-9485-2264adf5b34c/1/plLLMsLIZpbjX5t41fGLNiYUsWg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:e6:33:6f:3e:45:d1:0c:2f:74:be:cc:dc:86:d5:1f:fb:99:
         bc:a6:22:0d:59:66:5e:c8:b8:81:9d:29:bc:c7:fe:ed:06:df:
         94:df:ca:4a:9e:16:86:a8:e6:b9:c1:54:da:39:fe:92:a6:86:
         55:b7:ad:8b:fb:a1:e7:ed:53:73:b7:43:58:2d:58:fc:2b:f3:
         69:41:e5:71:da:7d:5b:c1:88:fb:5a:93:db:4f:c1:72:1c:29:
         67:74:46:16:f9:c6:dc:5a:ff:49:d9:e0:c8:85:e2:ef:75:2e:
         a3:03:d8:0e:0e:6c:ec:e2:d1:cf:0f:5b:62:cd:0f:4c:0d:fe:
         16:0d:f1:97:47:8c:bc:12:37:c9:3d:24:56:c4:3e:b3:bd:bc:
         11:22:a4:6a:da:77:c7:78:58:ca:fe:b5:83:59:f7:23:f7:6c:
         0c:e0:16:27:86:d6:79:bf:05:04:66:49:fc:87:a0:a8:41:27:
         72:97:63:1d:fd:ce:04:c5:e7:aa:8e:f0:2a:21:42:22:e5:c9:
         d4:eb:88:89:de:74:0b:a4:b3:c5:e9:c2:a8:64:0c:a6:da:f1:
         f4:20:23:e9:ce:bd:b6:10:87:e3:2e:69:51:e9:a7:c6:18:70:
         ed:5e:29:45:4b:07:2f:6d:fd:bf:39:8b:2d:4a:72:cb:b5:0b:
         f0:09:01:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC205ZmA7cVO1seviXTXoKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NTJjYjMyYzJjODY2OTZlMzVmOWI3OGQ1ZjE4YjM2MjYx
NGIxNjgwHhcNMjQwMTAxMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGJkZDJlYTFiMjQyMmNkMmY4NzA2M2NmOTFjMTdhYzgyNzU0NTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkEJ+3z7FdlNJyJzzBdTIBSHAuRz
kQWHdq2vPnMB97HcoXHNGhUVWadr4Nax05gezxijwzyO7aw0gFqvIMiHMpWYlhYD
S0Us3XzyTTKWI6VQ7Aca3WrniB/kwGc4szkDqjEykWAlwYqpywELwNVSvVQcuhKP
q/tp1cukgDWst6KMFKaNtuRPhg/T0GviQFEJ6AoVamBH+/dcsoqn8Riu2kgg30Kp
cgnnpyTDMP8UaYexoWt9UtEUSGbAvZ7uaBycKSzBAd4WMXCtRMaiWVbxUpLUMxH3
WwW5t/5nVzmxYGo5ctoeX0Um435E4OB0PtQfJhogPt4iF+mE6vweiSMNwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBS90uobJCLNL4cGPPkcF6yCdUUgMB8GA1UdIwQY
MBaAFKZSyzLCyGaW41+beNXxizYmFLFoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGxMTE1zTElacGJqWDV0NDFmR0xOaVlVc1dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9lNjZhMjUtMzFiOC00MGExLTk0ODUt
MjI2NGFkZjViMzRjLzEvRkwzUzZoc2tJczB2aHdZOC1Sd1hySUoxUlNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9lNjZhMjUtMzFiOC00MGExLTk0ODUtMjI2NGFkZjViMzRj
LzEvcGxMTE1zTElacGJqWDV0NDFmR0xOaVlVc1dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgDJMA0G
CSqGSIb3DQEBCwUAA4IBAQCu5jNvPkXRDC90vszchtUf+5m8piINWWZeyLiBnSm8
x/7tBt+U38pKnhaGqOa5wVTaOf6SpoZVt62L+6Hn7VNzt0NYLVj8K/NpQeVx2n1b
wYj7WpPbT8FyHClndEYW+cbcWv9J2eDIheLvdS6jA9gODmzs4tHPD1tizQ9MDf4W
DfGXR4y8EjfJPSRWxD6zvbwRIqRq2nfHeFjK/rWDWfcj92wM4BYnhtZ5vwUEZkn8
h6CoQSdyl2Md/c4ExeeqjvAqIUIi5cnU64iJ3nQLpLPF6cKoZAym2vH0ICPpzr22
EIfjLmlR6afGGHDtXilFSwcvbf2/OYstSnLLtQvwCQHv
-----END CERTIFICATE-----