Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/FIbyeaHgXFyo3GM8xTNq5rI2Fhk.roa
File:                     FIbyeaHgXFyo3GM8xTNq5rI2Fhk.roa (raw, json)
Hash identifier:          jJ9aso3MLu4ArvD7Ptz1m4Du5DzmIlcm5DdSKl2oImo=
Subject key identifier:   14:86:F2:79:A1:E0:5C:5C:A8:DC:63:3C:C5:33:6A:E6:B2:36:16:19
Certificate issuer:       /CN=3a685cf88a7fc43fe1c7fe34a6ff3ddbb414f0b5
Certificate serial:       018CC56E254148E43680EFAB452C4942D4F0
Authority key identifier: 3A:68:5C:F8:8A:7F:C4:3F:E1:C7:FE:34:A6:FF:3D:DB:B4:14:F0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Omhc-Ip_xD_hx_40pv8927QU8LU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/FIbyeaHgXFyo3GM8xTNq5rI2Fhk.roa
Signing time:             Mon 01 Jan 2024 14:29:39 +0000
ROA not before:           Mon 01 Jan 2024 14:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55195
IP address blocks:        194.0.46.0/24 maxlen: 24
                          2001:678:74::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/Omhc-Ip_xD_hx_40pv8927QU8LU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/Omhc-Ip_xD_hx_40pv8927QU8LU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Omhc-Ip_xD_hx_40pv8927QU8LU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 23:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:25:41:48:e4:36:80:ef:ab:45:2c:49:42:d4:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a685cf88a7fc43fe1c7fe34a6ff3ddbb414f0b5
        Validity
            Not Before: Jan  1 14:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1486f279a1e05c5ca8dc633cc5336ae6b2361619
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:24:20:5e:4b:c8:38:32:95:f9:62:0b:8d:34:
                    ea:b8:94:41:56:6c:6b:b7:cf:8d:c8:0a:1a:b7:76:
                    e9:11:30:a5:f0:c4:bf:c0:a2:b0:b4:33:cb:8c:72:
                    3f:9e:9c:e4:35:47:bc:23:cd:db:a7:2f:9f:c5:62:
                    c9:63:7e:71:92:ed:4f:b7:17:21:19:ec:b7:bc:2f:
                    75:c4:53:c8:84:f6:7e:02:3a:41:d3:f2:3f:a8:31:
                    e6:9e:05:86:09:f5:55:e0:b4:9a:97:6a:e1:7c:9c:
                    f8:a3:f8:73:4f:ac:06:92:f6:41:22:20:27:ee:23:
                    d3:ca:11:01:4e:a1:c2:52:07:0d:e7:87:31:3d:66:
                    88:8a:36:20:59:2f:83:2c:98:43:88:07:86:9a:0a:
                    ad:97:a5:5d:1c:93:09:01:7e:95:c0:e0:35:00:39:
                    10:c0:7f:71:9c:b2:4e:f3:bc:64:c2:bb:1a:9c:3a:
                    b1:14:52:c7:3c:21:b8:86:33:5e:11:f0:c8:d6:25:
                    f9:7b:bb:72:b3:52:30:77:2a:87:1f:37:90:e3:14:
                    0a:27:55:d3:b9:d3:78:cc:04:df:b1:c3:e7:13:1e:
                    90:ce:90:bb:9e:d8:4e:ec:f9:3b:eb:33:b3:d6:fb:
                    83:c3:f5:a7:07:b7:67:35:6c:ef:5e:7e:63:6a:e6:
                    2f:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:86:F2:79:A1:E0:5C:5C:A8:DC:63:3C:C5:33:6A:E6:B2:36:16:19
            X509v3 Authority Key Identifier:
                keyid:3A:68:5C:F8:8A:7F:C4:3F:E1:C7:FE:34:A6:FF:3D:DB:B4:14:F0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Omhc-Ip_xD_hx_40pv8927QU8LU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/FIbyeaHgXFyo3GM8xTNq5rI2Fhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/Omhc-Ip_xD_hx_40pv8927QU8LU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.46.0/24
                IPv6:
                  2001:678:74::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:de:06:5b:8d:d8:8c:fe:38:53:7c:8a:fb:cb:7c:57:03:78:
         24:1d:b6:0e:9e:7f:c1:ff:ec:d4:cd:20:98:a0:f2:ee:d8:b6:
         c8:f7:f4:3d:51:3e:a4:8d:8c:51:88:63:0d:a1:51:a1:21:8b:
         47:95:08:73:82:6d:91:92:a7:23:a3:e3:f2:c7:a2:15:b8:a4:
         79:c2:ba:bf:c5:41:cd:ec:ea:da:e6:f7:a0:4f:a7:e6:28:42:
         53:66:97:d4:00:0a:5d:28:02:25:57:de:28:22:7a:0d:e1:cf:
         5e:07:3b:be:7d:7c:6f:dc:cb:ae:fc:85:06:49:eb:24:a2:51:
         a7:b0:4d:c7:45:50:84:99:50:31:1e:da:2c:2a:0d:61:cc:5a:
         e6:96:59:dd:b4:f3:ce:ed:9f:f3:23:6b:b0:a6:2e:93:60:98:
         92:3f:f9:2b:37:52:53:83:5f:a5:61:27:ee:2d:85:2e:92:ac:
         c4:b8:83:bc:c2:1a:ff:c0:bb:4e:71:3f:22:05:ba:e3:fa:b3:
         2a:6b:4f:0b:de:f8:fe:f6:dc:08:6b:3b:bb:b5:37:4d:b8:59:
         01:44:2a:2c:a6:82:10:5c:81:bd:70:f6:21:52:eb:77:dd:98:
         6d:25:5b:06:f2:0b:46:b9:ac:09:b2:9a:97:fa:27:14:3c:b9:
         a8:99:3a:5e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFbiVBSOQ2gO+rRSxJQtTwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNjg1Y2Y4OGE3ZmM0M2ZlMWM3ZmUzNGE2ZmYzZGRiYjQx
NGYwYjUwHhcNMjQwMTAxMTQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDg2ZjI3OWExZTA1YzVjYThkYzYzM2NjNTMzNmFlNmIyMzYxNjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyQgXkvIODKV+WILjTTquJRBVmxr
t8+NyAoat3bpETCl8MS/wKKwtDPLjHI/npzkNUe8I83bpy+fxWLJY35xku1Ptxch
Gey3vC91xFPIhPZ+AjpB0/I/qDHmngWGCfVV4LSal2rhfJz4o/hzT6wGkvZBIiAn
7iPTyhEBTqHCUgcN54cxPWaIijYgWS+DLJhDiAeGmgqtl6VdHJMJAX6VwOA1ADkQ
wH9xnLJO87xkwrsanDqxFFLHPCG4hjNeEfDI1iX5e7tys1IwdyqHHzeQ4xQKJ1XT
udN4zATfscPnEx6QzpC7nthO7Pk76zOz1vuDw/WnB7dnNWzvXn5jauYvSwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBSG8nmh4FxcqNxjPMUzauayNhYZMB8GA1UdIwQY
MBaAFDpoXPiKf8Q/4cf+NKb/Pdu0FPC1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT21oYy1JcF94RF9oeF80MHB2ODkyN1FVOExVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9lNjVjMjctYWVmNS00ODZkLWI1ZDct
NTlkNmNhNjVjY2JjLzEvRklieWVhSGdYRnlvM0dNOHhUTnE1ckkyRmhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9lNjVjMjctYWVmNS00ODZkLWI1ZDctNTlkNmNhNjVjY2Jj
LzEvT21oYy1JcF94RF9oeF80MHB2ODkyN1FVOExVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwgAuMA8E
AgACMAkDBwAgAQZ4AHQwDQYJKoZIhvcNAQELBQADggEBAAneBluN2Iz+OFN8ivvL
fFcDeCQdtg6ef8H/7NTNIJig8u7Ytsj39D1RPqSNjFGIYw2hUaEhi0eVCHOCbZGS
pyOj4/LHohW4pHnCur/FQc3s6trm96BPp+YoQlNml9QACl0oAiVX3igieg3hz14H
O759fG/cy678hQZJ6ySiUaewTcdFUISZUDEe2iwqDWHMWuaWWd20887tn/Mja7Cm
LpNgmJI/+Ss3UlODX6VhJ+4thS6SrMS4g7zCGv/Au05xPyIFuuP6syprTwve+P72
3AhrO7u1N024WQFEKiymghBcgb1w9iFS63fdmG0lWwbyC0a5rAmympf6JxQ8uaiZ
Ol4=
-----END CERTIFICATE-----