Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/pFSML8UpDQZYC5GWogVZ_0cHGWE.roa
File:                     pFSML8UpDQZYC5GWogVZ_0cHGWE.roa (raw, json)
Hash identifier:          A4Ke3Y8YMuiHc8br6ON1LdUlnmQ5C9GcnxZPOrusHuI=
Subject key identifier:   A4:54:8C:2F:C5:29:0D:06:58:0B:91:96:A2:05:59:FF:47:07:19:61
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       018F76E933EA436BF2A9D4D243F2FFE2F5B5
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/pFSML8UpDQZYC5GWogVZ_0cHGWE.roa
Signing time:             Tue 14 May 2024 11:42:25 +0000
ROA not before:           Tue 14 May 2024 11:42:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44436
IP address blocks:        194.59.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:e9:33:ea:43:6b:f2:a9:d4:d2:43:f2:ff:e2:f5:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: May 14 11:42:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4548c2fc5290d06580b9196a20559ff47071961
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:dd:31:74:9c:02:34:ab:ac:d6:ad:e1:3a:05:
                    3f:35:c9:11:60:b5:d6:ec:80:e8:12:11:c0:d5:ef:
                    48:18:fa:8d:e8:13:76:90:c1:2a:1f:4f:a4:98:7e:
                    dc:9a:be:32:06:ae:36:20:9d:a7:11:e3:b6:73:6c:
                    a0:1e:02:7a:e8:5f:45:e1:ac:f0:6e:f0:d0:e3:d9:
                    52:16:76:8e:e5:44:80:c1:d1:de:94:a0:9e:8e:4f:
                    ce:06:d1:6d:c2:60:c4:00:4f:30:eb:6a:be:75:fc:
                    70:27:d4:99:65:14:9b:e3:10:ac:cf:f4:b8:5a:49:
                    18:6d:fd:3f:cb:35:90:eb:c2:df:ef:e4:45:68:73:
                    0f:f2:27:c2:0e:e3:3a:9e:a6:38:72:95:e1:8d:ea:
                    2d:e7:fd:69:a3:b9:de:e4:0e:30:a1:1a:ef:35:7b:
                    30:ec:73:40:15:f9:93:b4:2a:42:45:3d:51:49:bc:
                    23:6a:90:a6:f0:9d:f5:e6:09:2a:93:bb:b5:61:5d:
                    16:b2:e1:14:d5:25:74:e0:09:a7:fb:0e:2b:d6:89:
                    30:71:be:d3:5d:06:77:9e:a7:91:17:17:6d:6a:06:
                    30:5f:2c:8e:0d:22:ee:c8:fc:75:3b:32:37:a5:6e:
                    02:11:57:b4:32:b3:34:a5:5b:88:27:8c:ec:1b:3c:
                    48:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:54:8C:2F:C5:29:0D:06:58:0B:91:96:A2:05:59:FF:47:07:19:61
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/pFSML8UpDQZYC5GWogVZ_0cHGWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:be:23:b3:42:df:0f:34:fb:af:94:bd:4f:02:84:cf:3e:be:
         20:b5:41:fe:73:f3:ef:62:e0:48:57:4d:a1:e3:5e:d3:79:87:
         45:5b:12:94:d4:1f:4e:82:77:0a:ec:35:97:d9:93:7b:ea:58:
         63:4f:37:38:cf:22:a8:61:08:c2:2f:c7:c1:25:61:12:72:6f:
         00:c1:5f:1e:9b:99:38:6a:0f:82:67:2d:65:f6:45:9e:9b:06:
         03:5d:6c:46:92:7a:1e:5c:30:27:43:fd:cb:57:dc:10:d1:14:
         b7:cc:b6:ed:2f:43:c5:e4:be:47:b4:4c:ed:ff:c5:54:55:c7:
         de:80:15:b0:e4:38:b7:23:cb:99:f1:04:2c:83:b5:4a:02:9f:
         47:3e:92:5f:e4:f5:8b:56:50:a6:0f:0a:47:b1:0a:6c:15:f0:
         44:6a:be:72:4c:ca:83:76:ef:dc:c8:e5:0a:42:26:58:56:bd:
         38:46:f9:d9:7f:35:ec:c2:4b:7c:4e:da:8b:8f:3d:d9:16:3a:
         b4:34:98:84:94:9f:41:e3:9b:2e:63:38:4c:20:78:b7:73:32:
         e4:22:63:d7:bf:b0:cf:c3:e0:fb:1c:d1:4d:50:ba:44:2c:eb:
         24:1a:6e:f2:f3:55:70:c8:78:cc:9e:bc:ed:40:69:10:c2:76:
         a4:b0:cc:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY926TPqQ2vyqdTSQ/L/4vW1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjQwNTE0MTE0MjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDU0OGMyZmM1MjkwZDA2NTgwYjkxOTZhMjA1NTlmZjQ3MDcxOTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuN0xdJwCNKus1q3hOgU/NckRYLXW
7IDoEhHA1e9IGPqN6BN2kMEqH0+kmH7cmr4yBq42IJ2nEeO2c2ygHgJ66F9F4azw
bvDQ49lSFnaO5USAwdHelKCejk/OBtFtwmDEAE8w62q+dfxwJ9SZZRSb4xCsz/S4
WkkYbf0/yzWQ68Lf7+RFaHMP8ifCDuM6nqY4cpXhjeot5/1po7ne5A4woRrvNXsw
7HNAFfmTtCpCRT1RSbwjapCm8J315gkqk7u1YV0WsuEU1SV04Amn+w4r1okwcb7T
XQZ3nqeRFxdtagYwXyyODSLuyPx1OzI3pW4CEVe0MrM0pVuIJ4zsGzxIXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRUjC/FKQ0GWAuRlqIFWf9HBxlhMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvcEZTTUw4VXBEUVpZQzVHV29nVlpfMGNIR1dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjvWMA0G
CSqGSIb3DQEBCwUAA4IBAQANviOzQt8PNPuvlL1PAoTPPr4gtUH+c/PvYuBIV02h
417TeYdFWxKU1B9OgncK7DWX2ZN76lhjTzc4zyKoYQjCL8fBJWEScm8AwV8em5k4
ag+CZy1l9kWemwYDXWxGknoeXDAnQ/3LV9wQ0RS3zLbtL0PF5L5HtEzt/8VUVcfe
gBWw5Di3I8uZ8QQsg7VKAp9HPpJf5PWLVlCmDwpHsQpsFfBEar5yTMqDdu/cyOUK
QiZYVr04RvnZfzXswkt8TtqLjz3ZFjq0NJiElJ9B45suYzhMIHi3czLkImPXv7DP
w+D7HNFNULpELOskGm7y81VwyHjMnrztQGkQwnaksMx3
-----END CERTIFICATE-----