Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/b8d29c-3333-493c-9739-df56ec670de7/1/oQp1juCEDfdOQuzj1xzql-MZ6P0.roa
File:                     oQp1juCEDfdOQuzj1xzql-MZ6P0.roa (raw, json)
Hash identifier:          F3SpUmtfk21MD/YpGJ0U3d+0vPwK/USbzTS1CV7n3wU=
Subject key identifier:   A1:0A:75:8E:E0:84:0D:F7:4E:42:EC:E3:D7:1C:EA:97:E3:19:E8:FD
Certificate issuer:       /CN=fcbe62378bb580af4ed70bfa35abc840945d7803
Certificate serial:       018CC86F0E22405AD223EF3C89E358B863AD
Authority key identifier: FC:BE:62:37:8B:B5:80:AF:4E:D7:0B:FA:35:AB:C8:40:94:5D:78:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_L5iN4u1gK9O1wv6NavIQJRdeAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/b8d29c-3333-493c-9739-df56ec670de7/1/oQp1juCEDfdOQuzj1xzql-MZ6P0.roa
Signing time:             Tue 02 Jan 2024 04:29:30 +0000
ROA not before:           Tue 02 Jan 2024 04:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206084
IP address blocks:        194.15.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/b8d29c-3333-493c-9739-df56ec670de7/1/_L5iN4u1gK9O1wv6NavIQJRdeAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/b8d29c-3333-493c-9739-df56ec670de7/1/_L5iN4u1gK9O1wv6NavIQJRdeAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_L5iN4u1gK9O1wv6NavIQJRdeAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 19:03:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:0e:22:40:5a:d2:23:ef:3c:89:e3:58:b8:63:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fcbe62378bb580af4ed70bfa35abc840945d7803
        Validity
            Not Before: Jan  2 04:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a10a758ee0840df74e42ece3d71cea97e319e8fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8c:7c:f2:eb:e8:0f:b3:0e:21:92:75:bc:be:
                    c1:4e:77:21:46:3f:b9:95:ce:e6:76:fe:d2:cb:b7:
                    af:5f:29:68:26:f9:0a:ff:42:a9:5b:36:31:f1:e1:
                    a9:fb:88:6b:f4:b8:5b:64:ef:28:0e:0f:56:17:2d:
                    8b:e1:54:d4:9f:99:8c:bb:e4:96:eb:e0:ed:ce:33:
                    46:9b:f9:e0:f9:be:a3:09:4c:b2:85:60:cf:b0:59:
                    eb:3a:dd:fc:d9:22:5d:52:ae:a1:c3:4b:d4:4b:a8:
                    bd:5f:f8:67:1f:de:b2:8f:ef:87:a2:45:43:f4:08:
                    30:fa:a9:37:3d:c7:41:d7:04:b6:71:b4:ea:26:ee:
                    65:98:e7:67:dc:c5:24:ad:99:2b:59:e6:a8:30:46:
                    27:62:c5:57:12:d8:4d:0f:90:17:07:e7:8b:54:c9:
                    f6:3e:4a:2c:49:fb:80:ca:e3:77:18:46:dd:9d:2f:
                    ba:ad:40:45:e0:e8:99:d3:66:43:88:e6:0c:3c:75:
                    54:7a:b4:63:e6:70:df:7a:eb:e3:3b:db:6e:7c:33:
                    b5:25:28:31:06:69:4d:13:3f:2a:53:43:85:a3:c7:
                    d2:f5:a4:e6:6f:f5:76:ee:9d:70:58:fb:65:7d:c6:
                    58:bd:ac:1c:c2:29:4b:55:19:83:50:85:31:2e:d3:
                    af:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:0A:75:8E:E0:84:0D:F7:4E:42:EC:E3:D7:1C:EA:97:E3:19:E8:FD
            X509v3 Authority Key Identifier:
                keyid:FC:BE:62:37:8B:B5:80:AF:4E:D7:0B:FA:35:AB:C8:40:94:5D:78:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_L5iN4u1gK9O1wv6NavIQJRdeAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/b8d29c-3333-493c-9739-df56ec670de7/1/oQp1juCEDfdOQuzj1xzql-MZ6P0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/b8d29c-3333-493c-9739-df56ec670de7/1/_L5iN4u1gK9O1wv6NavIQJRdeAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:6c:a5:79:31:68:55:dd:68:26:67:82:02:4e:f3:5c:3f:93:
         b4:85:23:21:b3:87:92:29:87:a5:04:33:82:02:9f:f1:31:c7:
         c8:dd:ce:2f:98:8c:c2:42:5e:d1:11:95:2c:40:25:cc:d4:f2:
         ab:d8:2c:26:e0:91:58:2d:49:0c:d1:71:90:3b:e8:8f:ab:1b:
         a4:39:89:a7:64:81:8b:44:93:60:44:71:12:a7:b7:f8:2f:47:
         20:d5:15:f9:50:68:4c:11:7a:ef:04:64:9d:c3:fc:da:fe:13:
         bc:05:23:aa:bc:ad:7f:1b:33:52:86:20:76:1e:bb:d3:3f:74:
         68:c1:f3:3f:ae:ee:bd:5b:01:64:a7:ce:18:18:f8:dc:22:ae:
         03:94:db:96:58:b6:b0:b7:00:b4:d4:b0:21:92:f4:c3:22:89:
         6c:b8:ba:cb:d9:29:ff:c3:ae:7c:e3:4c:dd:45:79:01:e2:e3:
         d8:1c:36:80:49:ea:49:48:22:68:c6:97:ee:d3:67:30:97:fb:
         60:6a:4a:05:1f:3f:e1:d0:ca:1f:46:90:ec:90:59:dd:e1:94:
         8d:58:b9:a1:48:ab:b5:2d:c2:04:13:0a:c1:fc:18:90:30:79:
         ae:0d:de:9f:56:09:5d:bd:e5:b2:37:bd:27:34:d2:b4:6d:0c:
         5e:03:81:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbw4iQFrSI+88ieNYuGOtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYmU2MjM3OGJiNTgwYWY0ZWQ3MGJmYTM1YWJjODQwOTQ1
ZDc4MDMwHhcNMjQwMTAyMDQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTBhNzU4ZWUwODQwZGY3NGU0MmVjZTNkNzFjZWE5N2UzMTllOGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4x88uvoD7MOIZJ1vL7BTnchRj+5
lc7mdv7Sy7evXyloJvkK/0KpWzYx8eGp+4hr9LhbZO8oDg9WFy2L4VTUn5mMu+SW
6+DtzjNGm/ng+b6jCUyyhWDPsFnrOt382SJdUq6hw0vUS6i9X/hnH96yj++HokVD
9Agw+qk3PcdB1wS2cbTqJu5lmOdn3MUkrZkrWeaoMEYnYsVXEthND5AXB+eLVMn2
PkosSfuAyuN3GEbdnS+6rUBF4OiZ02ZDiOYMPHVUerRj5nDfeuvjO9tufDO1JSgx
BmlNEz8qU0OFo8fS9aTmb/V27p1wWPtlfcZYvawcwilLVRmDUIUxLtOvHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEKdY7ghA33TkLs49cc6pfjGej9MB8GA1UdIwQY
MBaAFPy+YjeLtYCvTtcL+jWryECUXXgDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0w1aU40dTFnSzlPMXd2Nk5hdklRSlJkZUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9iOGQyOWMtMzMzMy00OTNjLTk3Mzkt
ZGY1NmVjNjcwZGU3LzEvb1FwMWp1Q0VEZmRPUXV6ajF4enFsLU1aNlAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9iOGQyOWMtMzMzMy00OTNjLTk3MzktZGY1NmVjNjcwZGU3
LzEvX0w1aU40dTFnSzlPMXd2Nk5hdklRSlJkZUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg/7MA0G
CSqGSIb3DQEBCwUAA4IBAQAhbKV5MWhV3WgmZ4ICTvNcP5O0hSMhs4eSKYelBDOC
Ap/xMcfI3c4vmIzCQl7REZUsQCXM1PKr2Cwm4JFYLUkM0XGQO+iPqxukOYmnZIGL
RJNgRHESp7f4L0cg1RX5UGhMEXrvBGSdw/za/hO8BSOqvK1/GzNShiB2HrvTP3Ro
wfM/ru69WwFkp84YGPjcIq4DlNuWWLawtwC01LAhkvTDIolsuLrL2Sn/w65840zd
RXkB4uPYHDaASepJSCJoxpfu02cwl/tgakoFHz/h0MofRpDskFnd4ZSNWLmhSKu1
LcIEEwrB/BiQMHmuDd6fVgldveWyN70nNNK0bQxeA4EC
-----END CERTIFICATE-----