Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/3d0f40-a7dd-4689-bc32-9eed9d75c0d1/1/fkt1_yGJOewpS3ACrBiOUvohKsg.roa
File:                     fkt1_yGJOewpS3ACrBiOUvohKsg.roa (raw, json)
Hash identifier:          bYGaX/XLmbWFriJsZvzyJWNTq3ikb7NRBjFvZUeP8Ko=
Subject key identifier:   7E:4B:75:FF:21:89:39:EC:29:4B:70:02:AC:18:8E:52:FA:21:2A:C8
Certificate issuer:       /CN=2515e8792a424ff72cc1792978e2cd4cdbeda4d0
Certificate serial:       018F5C8C68684E5D6EA97DD0708CA818C5D9
Authority key identifier: 25:15:E8:79:2A:42:4F:F7:2C:C1:79:29:78:E2:CD:4C:DB:ED:A4:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JRXoeSpCT_cswXkpeOLNTNvtpNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/3d0f40-a7dd-4689-bc32-9eed9d75c0d1/1/fkt1_yGJOewpS3ACrBiOUvohKsg.roa
Signing time:             Thu 09 May 2024 08:50:56 +0000
ROA not before:           Thu 09 May 2024 08:50:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        93.174.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/3d0f40-a7dd-4689-bc32-9eed9d75c0d1/1/JRXoeSpCT_cswXkpeOLNTNvtpNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/3d0f40-a7dd-4689-bc32-9eed9d75c0d1/1/JRXoeSpCT_cswXkpeOLNTNvtpNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JRXoeSpCT_cswXkpeOLNTNvtpNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5c:8c:68:68:4e:5d:6e:a9:7d:d0:70:8c:a8:18:c5:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2515e8792a424ff72cc1792978e2cd4cdbeda4d0
        Validity
            Not Before: May  9 08:50:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e4b75ff218939ec294b7002ac188e52fa212ac8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:82:49:42:07:5e:7a:fe:9e:d1:d9:8d:63:2f:
                    70:1f:c2:09:f1:ae:f3:3f:91:f1:97:30:98:9b:1e:
                    76:de:36:c3:e4:bf:36:cb:7e:10:d5:01:24:1f:88:
                    c1:7e:fb:0b:be:d8:10:c1:60:a3:a3:01:92:c1:d3:
                    65:52:2e:8f:e1:2a:20:e9:1b:9e:99:01:76:79:b0:
                    23:07:69:a7:b4:7f:f5:bc:12:94:ff:ed:ed:47:ec:
                    e6:5f:b6:6a:31:8c:10:b7:5d:41:dc:a2:37:12:32:
                    fa:37:02:70:43:af:d6:89:a5:90:c4:57:6b:05:e4:
                    16:fb:de:42:c7:37:4b:7f:b1:d5:dd:78:93:41:1c:
                    ce:9a:34:ed:05:5c:fa:4e:36:df:26:1f:61:5f:2a:
                    11:c2:f0:2e:a4:46:fb:2c:62:77:48:28:1c:dc:cb:
                    ce:1f:e5:03:ed:08:05:34:59:23:be:42:ec:e7:ba:
                    be:0d:4c:5e:ff:8e:27:a4:1a:5e:c6:e3:19:fa:f2:
                    98:a0:f9:53:84:ef:5a:b2:7c:35:91:06:24:7c:eb:
                    f3:84:e8:64:49:21:c4:d2:13:b5:59:62:b5:e1:a1:
                    54:b8:3d:42:34:d8:00:31:af:53:e5:15:85:bf:d6:
                    77:13:9b:d8:97:2c:ae:ab:98:c4:fe:5d:9c:3b:25:
                    d8:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:4B:75:FF:21:89:39:EC:29:4B:70:02:AC:18:8E:52:FA:21:2A:C8
            X509v3 Authority Key Identifier:
                keyid:25:15:E8:79:2A:42:4F:F7:2C:C1:79:29:78:E2:CD:4C:DB:ED:A4:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JRXoeSpCT_cswXkpeOLNTNvtpNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/3d0f40-a7dd-4689-bc32-9eed9d75c0d1/1/fkt1_yGJOewpS3ACrBiOUvohKsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/3d0f40-a7dd-4689-bc32-9eed9d75c0d1/1/JRXoeSpCT_cswXkpeOLNTNvtpNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.174.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:f9:54:11:ca:5f:b0:b1:9b:18:72:09:09:a5:b0:c5:26:37:
         f9:8c:e6:ab:df:e8:59:4b:5c:9a:aa:8b:9e:4e:51:43:1f:b8:
         93:3f:bc:c9:d3:af:5e:0a:f0:29:e2:a7:0b:fa:a6:5d:7c:2c:
         1b:4d:f2:d8:18:c0:2d:d8:6d:0c:a7:e2:40:4e:8b:14:c7:62:
         9e:0c:5e:9d:21:bd:63:54:f6:28:7f:3d:7d:0c:64:b7:e7:96:
         04:2e:af:5a:51:8b:a9:99:ab:b4:33:f6:1a:56:5d:7d:7b:0c:
         18:dc:8d:6d:6f:1e:7e:e4:b2:96:31:bb:40:47:26:34:a2:3a:
         8f:de:78:a8:46:30:14:b7:4a:72:8c:b3:cc:7a:e7:e5:da:e0:
         ff:7f:5c:79:e0:4f:03:31:38:cd:47:00:c8:46:69:d1:26:dd:
         28:09:7f:a5:35:cc:6c:71:4c:61:7d:ad:72:80:79:48:b0:5c:
         2a:bc:6a:9d:2b:ca:b8:dc:5f:db:a5:58:40:9c:fb:25:f5:b4:
         72:29:54:6f:1d:fe:64:b9:c9:0c:9d:8d:a0:a1:5f:74:4b:46:
         99:76:69:a6:28:be:c5:2f:0e:76:a2:04:9a:63:e8:c7:b6:f9:
         66:53:19:84:5d:ee:22:b5:eb:22:61:04:58:0c:7b:fb:76:ba:
         65:56:7d:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9cjGhoTl1uqX3QcIyoGMXZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1MTVlODc5MmE0MjRmZjcyY2MxNzkyOTc4ZTJjZDRjZGJl
ZGE0ZDAwHhcNMjQwNTA5MDg1MDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTRiNzVmZjIxODkzOWVjMjk0YjcwMDJhYzE4OGU1MmZhMjEyYWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7IJJQgdeev6e0dmNYy9wH8IJ8a7z
P5HxlzCYmx523jbD5L82y34Q1QEkH4jBfvsLvtgQwWCjowGSwdNlUi6P4Sog6Rue
mQF2ebAjB2mntH/1vBKU/+3tR+zmX7ZqMYwQt11B3KI3EjL6NwJwQ6/WiaWQxFdr
BeQW+95CxzdLf7HV3XiTQRzOmjTtBVz6TjbfJh9hXyoRwvAupEb7LGJ3SCgc3MvO
H+UD7QgFNFkjvkLs57q+DUxe/44npBpexuMZ+vKYoPlThO9asnw1kQYkfOvzhOhk
SSHE0hO1WWK14aFUuD1CNNgAMa9T5RWFv9Z3E5vYlyyuq5jE/l2cOyXYcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH5Ldf8hiTnsKUtwAqwYjlL6ISrIMB8GA1UdIwQY
MBaAFCUV6HkqQk/3LMF5KXjizUzb7aTQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlJYb2VTcENUX2Nzd1hrcGVPTE5UTnZ0cE5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8zZDBmNDAtYTdkZC00Njg5LWJjMzIt
OWVlZDlkNzVjMGQxLzEvZmt0MV95R0pPZXdwUzNBQ3JCaU9Vdm9oS3NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8zZDBmNDAtYTdkZC00Njg5LWJjMzItOWVlZDlkNzVjMGQx
LzEvSlJYb2VTcENUX2Nzd1hrcGVPTE5UTnZ0cE5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXa5gMA0G
CSqGSIb3DQEBCwUAA4IBAQAc+VQRyl+wsZsYcgkJpbDFJjf5jOar3+hZS1yaqoue
TlFDH7iTP7zJ069eCvAp4qcL+qZdfCwbTfLYGMAt2G0Mp+JATosUx2KeDF6dIb1j
VPYofz19DGS355YELq9aUYupmau0M/YaVl19ewwY3I1tbx5+5LKWMbtARyY0ojqP
3nioRjAUt0pyjLPMeufl2uD/f1x54E8DMTjNRwDIRmnRJt0oCX+lNcxscUxhfa1y
gHlIsFwqvGqdK8q43F/bpVhAnPsl9bRyKVRvHf5kuckMnY2goV90S0aZdmmmKL7F
Lw52ogSaY+jHtvlmUxmEXe4itesiYQRYDHv7drplVn0+
-----END CERTIFICATE-----