Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/fNV7doYVgcxlnDEBHwxA41Zna9E.roa
File:                     fNV7doYVgcxlnDEBHwxA41Zna9E.roa (raw, json)
Hash identifier:          8hDkDzEkgoGcPqIv/bWiJZHaN+yTfkSBQybzqscdy6I=
Subject key identifier:   7C:D5:7B:76:86:15:81:CC:65:9C:31:01:1F:0C:40:E3:56:67:6B:D1
Certificate issuer:       /CN=d66738a8dadac2d0d3aeddb934f820066b9f5feb
Certificate serial:       018CC500716FC079E94EED3778CF6ED31714
Authority key identifier: D6:67:38:A8:DA:DA:C2:D0:D3:AE:DD:B9:34:F8:20:06:6B:9F:5F:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1mc4qNrawtDTrt25NPggBmufX-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/fNV7doYVgcxlnDEBHwxA41Zna9E.roa
Signing time:             Mon 01 Jan 2024 12:29:49 +0000
ROA not before:           Mon 01 Jan 2024 12:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197229
IP address blocks:        212.72.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/1mc4qNrawtDTrt25NPggBmufX-s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/1mc4qNrawtDTrt25NPggBmufX-s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1mc4qNrawtDTrt25NPggBmufX-s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 06:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:71:6f:c0:79:e9:4e:ed:37:78:cf:6e:d3:17:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d66738a8dadac2d0d3aeddb934f820066b9f5feb
        Validity
            Not Before: Jan  1 12:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cd57b76861581cc659c31011f0c40e356676bd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0b:77:7a:3b:44:51:ef:43:d4:56:6c:97:19:
                    91:fd:a5:21:45:de:a4:42:d4:18:a3:82:9a:60:be:
                    11:d5:5d:dc:f3:22:5b:6c:56:25:af:49:50:f2:8e:
                    b0:ae:7c:6a:f3:23:b3:c4:7e:dc:eb:d8:59:f1:a3:
                    7a:90:e1:04:3f:d4:13:74:5f:11:77:fc:2a:0e:a6:
                    8e:70:38:7d:6e:af:47:00:b0:e9:c2:21:96:c9:40:
                    19:5e:16:57:c4:0e:c4:4e:4a:91:66:50:4f:eb:55:
                    71:cb:ee:79:85:1b:32:b7:13:92:3f:44:25:09:c1:
                    5f:6b:1a:da:e8:0b:fd:03:4f:87:a3:04:ce:24:c4:
                    05:8c:2b:18:c8:06:a2:21:1b:d5:ce:9c:0d:e8:a9:
                    48:0b:e5:26:18:b8:d7:b2:b9:93:dd:cf:d2:b7:c0:
                    e9:c5:24:f1:f4:67:3f:7b:fe:86:38:69:5b:1c:6b:
                    66:cd:68:52:54:87:82:71:e5:cb:cd:ec:1d:d9:6e:
                    7a:e8:31:39:43:c8:cc:de:f9:2b:56:e7:cf:17:ff:
                    38:a2:24:81:d4:60:16:6a:df:d4:45:5d:62:49:2e:
                    44:11:55:a7:17:7e:d0:11:ee:64:c9:91:58:61:1f:
                    b0:4e:ba:01:3e:d8:34:e1:90:0c:42:32:e9:64:74:
                    9d:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:D5:7B:76:86:15:81:CC:65:9C:31:01:1F:0C:40:E3:56:67:6B:D1
            X509v3 Authority Key Identifier:
                keyid:D6:67:38:A8:DA:DA:C2:D0:D3:AE:DD:B9:34:F8:20:06:6B:9F:5F:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1mc4qNrawtDTrt25NPggBmufX-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/fNV7doYVgcxlnDEBHwxA41Zna9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/1mc4qNrawtDTrt25NPggBmufX-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.72.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:40:01:50:96:a9:b4:d8:c5:29:2c:1e:d7:c9:53:a5:cf:9c:
         1c:74:c2:de:5b:51:7f:6b:c0:3e:e9:f6:81:5e:de:dc:f9:4b:
         df:3b:5b:5b:f6:55:e8:87:b6:6e:37:57:b4:3f:dc:10:5b:ef:
         40:97:2d:8a:85:38:f2:5d:1a:b0:30:95:d1:6f:92:0a:b3:d4:
         33:01:70:2f:c4:e2:7d:07:49:8f:03:3a:99:7a:b9:a9:61:d0:
         3c:34:cb:0c:51:2d:1d:34:8b:4f:14:f8:09:ce:e9:f6:34:5d:
         a0:39:95:64:97:cd:02:d1:43:78:f7:76:43:9a:cb:4d:db:58:
         5a:d5:4d:4c:c8:23:01:15:dd:e6:a2:a7:4d:61:02:ac:a8:a5:
         f1:5e:0f:49:79:71:e4:58:8a:02:5f:75:41:09:92:44:4b:61:
         09:6f:73:2d:bd:cf:d0:87:46:08:df:6d:dc:0f:da:5d:25:8f:
         66:2f:34:da:bc:b1:06:66:77:97:ae:ae:d2:6c:e6:27:8e:b9:
         1c:b3:aa:e0:55:6a:c6:db:4a:3b:6d:5f:7a:d9:bf:59:37:00:
         af:8a:6b:9b:63:4f:39:be:d1:79:85:ee:c7:0f:08:3c:00:82:
         3e:1c:ad:d4:41:ad:a5:29:c7:fc:3b:8a:61:d3:e9:25:82:25:
         84:40:3a:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAHFvwHnpTu03eM9u0xcUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NjczOGE4ZGFkYWMyZDBkM2FlZGRiOTM0ZjgyMDA2NmI5
ZjVmZWIwHhcNMjQwMTAxMTIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2Q1N2I3Njg2MTU4MWNjNjU5YzMxMDExZjBjNDBlMzU2Njc2YmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwt3ejtEUe9D1FZslxmR/aUhRd6k
QtQYo4KaYL4R1V3c8yJbbFYlr0lQ8o6wrnxq8yOzxH7c69hZ8aN6kOEEP9QTdF8R
d/wqDqaOcDh9bq9HALDpwiGWyUAZXhZXxA7ETkqRZlBP61Vxy+55hRsytxOSP0Ql
CcFfaxra6Av9A0+HowTOJMQFjCsYyAaiIRvVzpwN6KlIC+UmGLjXsrmT3c/St8Dp
xSTx9Gc/e/6GOGlbHGtmzWhSVIeCceXLzewd2W566DE5Q8jM3vkrVufPF/84oiSB
1GAWat/URV1iSS5EEVWnF37QEe5kyZFYYR+wTroBPtg04ZAMQjLpZHSdRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHzVe3aGFYHMZZwxAR8MQONWZ2vRMB8GA1UdIwQY
MBaAFNZnOKja2sLQ067duTT4IAZrn1/rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW1jNHFOcmF3dERUcnQyNU5QZ2dCbXVmWC1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jNTc3MjctOTM5Ni00YmY4LWIyNWQt
NmExZTBlYzcxZGE4LzEvZk5WN2RvWVZnY3hsbkRFQkh3eEE0MVpuYTlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jNTc3MjctOTM5Ni00YmY4LWIyNWQtNmExZTBlYzcxZGE4
LzEvMW1jNHFOcmF3dERUcnQyNU5QZ2dCbXVmWC1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EibMA0G
CSqGSIb3DQEBCwUAA4IBAQAOQAFQlqm02MUpLB7XyVOlz5wcdMLeW1F/a8A+6faB
Xt7c+UvfO1tb9lXoh7ZuN1e0P9wQW+9Aly2KhTjyXRqwMJXRb5IKs9QzAXAvxOJ9
B0mPAzqZermpYdA8NMsMUS0dNItPFPgJzun2NF2gOZVkl80C0UN493ZDmstN21ha
1U1MyCMBFd3moqdNYQKsqKXxXg9JeXHkWIoCX3VBCZJES2EJb3Mtvc/Qh0YI323c
D9pdJY9mLzTavLEGZneXrq7SbOYnjrkcs6rgVWrG20o7bV962b9ZNwCvimubY085
vtF5he7HDwg8AII+HK3UQa2lKcf8O4ph0+klgiWEQDoQ
-----END CERTIFICATE-----