Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/a1f351-42fd-4d44-a9b3-d940050e56ca/1/FfMwh2xFmiiv0urUpQ0cVoRxzzk.roa
File:                     FfMwh2xFmiiv0urUpQ0cVoRxzzk.roa (raw, json)
Hash identifier:          Jr2SQS/3b5s98FEmMpj0hY2KI/Lkqg1S+SiY86joDog=
Subject key identifier:   15:F3:30:87:6C:45:9A:28:AF:D2:EA:D4:A5:0D:1C:56:84:71:CF:39
Certificate issuer:       /CN=c8544c778152f0fd85e5dcb44904f001e5987424
Certificate serial:       018CC86F5CBEA308E4FDA73CBA727F3A03F8
Authority key identifier: C8:54:4C:77:81:52:F0:FD:85:E5:DC:B4:49:04:F0:01:E5:98:74:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yFRMd4FS8P2F5dy0SQTwAeWYdCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/a1f351-42fd-4d44-a9b3-d940050e56ca/1/FfMwh2xFmiiv0urUpQ0cVoRxzzk.roa
Signing time:             Tue 02 Jan 2024 04:29:50 +0000
ROA not before:           Tue 02 Jan 2024 04:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198203
IP address blocks:        185.142.76.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/a1f351-42fd-4d44-a9b3-d940050e56ca/1/yFRMd4FS8P2F5dy0SQTwAeWYdCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/a1f351-42fd-4d44-a9b3-d940050e56ca/1/yFRMd4FS8P2F5dy0SQTwAeWYdCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yFRMd4FS8P2F5dy0SQTwAeWYdCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:5c:be:a3:08:e4:fd:a7:3c:ba:72:7f:3a:03:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8544c778152f0fd85e5dcb44904f001e5987424
        Validity
            Not Before: Jan  2 04:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15f330876c459a28afd2ead4a50d1c568471cf39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c2:4d:ff:88:c3:4e:de:df:22:5a:56:e0:77:
                    e0:fa:9e:5b:77:6b:72:1d:7e:83:32:00:62:29:c7:
                    91:52:00:15:a9:93:8a:90:b1:ab:ab:9b:c4:a1:8e:
                    5c:82:fe:ec:fa:1f:20:b4:72:ad:7f:41:78:04:6f:
                    99:e9:70:eb:d2:53:00:08:5d:c0:23:3f:fd:ec:bd:
                    53:5d:1a:4a:62:ac:38:c2:6e:56:ab:07:31:08:7b:
                    96:45:b2:e8:a1:ee:9c:28:b5:95:1f:3d:3f:43:d7:
                    ef:b7:62:75:6b:74:96:b2:f1:6a:65:65:13:c5:61:
                    7a:3b:94:93:0d:aa:06:ce:ab:ba:a5:56:15:92:d0:
                    2e:5e:1a:f7:73:be:72:a7:de:f7:ef:6a:78:4b:ac:
                    c8:9a:26:17:59:4c:57:a1:cc:b9:ce:9f:b6:79:0e:
                    e5:b7:cd:a5:aa:c6:8c:5d:6f:e8:b0:f1:9d:06:68:
                    7a:4d:88:bd:5f:a1:a1:61:ee:63:18:b9:95:39:07:
                    ff:b6:f2:da:51:02:0c:d2:71:ee:07:26:65:e1:9e:
                    71:f3:ca:17:47:25:7e:14:7a:7e:39:6d:36:d7:43:
                    bc:7e:6f:f4:c8:11:4b:23:55:19:6a:e7:c3:19:29:
                    82:04:aa:1d:cf:56:b6:8e:9d:5a:5a:67:31:51:02:
                    98:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:F3:30:87:6C:45:9A:28:AF:D2:EA:D4:A5:0D:1C:56:84:71:CF:39
            X509v3 Authority Key Identifier:
                keyid:C8:54:4C:77:81:52:F0:FD:85:E5:DC:B4:49:04:F0:01:E5:98:74:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yFRMd4FS8P2F5dy0SQTwAeWYdCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/a1f351-42fd-4d44-a9b3-d940050e56ca/1/FfMwh2xFmiiv0urUpQ0cVoRxzzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/a1f351-42fd-4d44-a9b3-d940050e56ca/1/yFRMd4FS8P2F5dy0SQTwAeWYdCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:ac:08:68:62:fb:37:64:bf:75:24:48:53:03:37:80:2b:8a:
         a8:98:0b:0c:bd:ac:88:f7:ab:e5:98:24:8c:6d:f4:8c:ca:c0:
         6d:62:51:63:1e:5b:95:3a:a9:00:70:0d:3b:38:78:c8:22:8b:
         90:f4:c9:b2:d0:ef:98:56:a1:c4:bf:ea:ba:5c:c7:61:00:02:
         07:c4:f1:96:d5:1f:90:d9:bc:12:68:f3:86:ef:38:03:5a:5f:
         3f:bf:4d:28:93:d7:f9:ee:f8:9b:1b:c8:a7:23:ab:92:bd:d4:
         ed:39:38:b1:49:c6:9d:66:ec:8e:4c:a1:ab:57:fb:0c:37:c8:
         c5:e3:d5:f7:17:11:d4:e5:03:98:eb:fc:e9:53:67:eb:c9:0e:
         0d:7f:e4:22:4c:4f:91:c5:21:71:79:82:32:6c:87:f9:31:21:
         79:56:f6:1f:e6:da:7b:14:ad:c9:46:92:17:48:38:27:cb:1e:
         4c:85:e7:ec:d3:57:3f:7b:05:65:b7:64:d2:17:83:77:54:cf:
         5c:90:0f:90:2d:f9:69:14:29:1a:21:9b:84:59:51:44:91:ea:
         3e:61:24:2e:fa:ce:9c:8c:ec:91:a8:3b:67:20:c5:98:50:96:
         03:94:cb:66:ad:87:c7:36:5f:5c:42:7b:64:e6:aa:20:c1:36:
         b8:5e:0f:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb1y+owjk/ac8unJ/OgP4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NTQ0Yzc3ODE1MmYwZmQ4NWU1ZGNiNDQ5MDRmMDAxZTU5
ODc0MjQwHhcNMjQwMTAyMDQyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWYzMzA4NzZjNDU5YTI4YWZkMmVhZDRhNTBkMWM1Njg0NzFjZjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsJN/4jDTt7fIlpW4Hfg+p5bd2ty
HX6DMgBiKceRUgAVqZOKkLGrq5vEoY5cgv7s+h8gtHKtf0F4BG+Z6XDr0lMACF3A
Iz/97L1TXRpKYqw4wm5WqwcxCHuWRbLooe6cKLWVHz0/Q9fvt2J1a3SWsvFqZWUT
xWF6O5STDaoGzqu6pVYVktAuXhr3c75yp97372p4S6zImiYXWUxXocy5zp+2eQ7l
t82lqsaMXW/osPGdBmh6TYi9X6GhYe5jGLmVOQf/tvLaUQIM0nHuByZl4Z5x88oX
RyV+FHp+OW0210O8fm/0yBFLI1UZaufDGSmCBKodz1a2jp1aWmcxUQKYZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBXzMIdsRZoor9Lq1KUNHFaEcc85MB8GA1UdIwQY
MBaAFMhUTHeBUvD9heXctEkE8AHlmHQkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUZSTWQ0RlM4UDJGNWR5MFNRVHdBZVdZZENRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9hMWYzNTEtNDJmZC00ZDQ0LWE5YjMt
ZDk0MDA1MGU1NmNhLzEvRmZNd2gyeEZtaWl2MHVyVXBRMGNWb1J4enprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9hMWYzNTEtNDJmZC00ZDQ0LWE5YjMtZDk0MDA1MGU1NmNh
LzEveUZSTWQ0RlM4UDJGNWR5MFNRVHdBZVdZZENRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY5MMA0G
CSqGSIb3DQEBCwUAA4IBAQAHrAhoYvs3ZL91JEhTAzeAK4qomAsMvayI96vlmCSM
bfSMysBtYlFjHluVOqkAcA07OHjIIouQ9Mmy0O+YVqHEv+q6XMdhAAIHxPGW1R+Q
2bwSaPOG7zgDWl8/v00ok9f57vibG8inI6uSvdTtOTixScadZuyOTKGrV/sMN8jF
49X3FxHU5QOY6/zpU2fryQ4Nf+QiTE+RxSFxeYIybIf5MSF5VvYf5tp7FK3JRpIX
SDgnyx5Mhefs01c/ewVlt2TSF4N3VM9ckA+QLflpFCkaIZuEWVFEkeo+YSQu+s6c
jOyRqDtnIMWYUJYDlMtmrYfHNl9cQntk5qogwTa4Xg9e
-----END CERTIFICATE-----