Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fJhPZ6bFQopQH-CwxrVRlNI2H-E.roa
File:                     fJhPZ6bFQopQH-CwxrVRlNI2H-E.roa (raw, json)
Hash identifier:          Mc+I073Wgi6wXV7tvyREeFY8rR9Zyr4BR94p4X89AAo=
Subject key identifier:   7C:98:4F:67:A6:C5:42:8A:50:1F:E0:B0:C6:B5:51:94:D2:36:1F:E1
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018E526C2F08D003B71AB93E8AC81C8BF113
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fJhPZ6bFQopQH-CwxrVRlNI2H-E.roa
Signing time:             Mon 18 Mar 2024 16:36:45 +0000
ROA not before:           Mon 18 Mar 2024 16:36:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215292
IP address blocks:        185.216.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:52:6c:2f:08:d0:03:b7:1a:b9:3e:8a:c8:1c:8b:f1:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 18 16:36:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c984f67a6c5428a501fe0b0c6b55194d2361fe1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a2:5b:01:f8:74:61:10:b5:a8:20:f1:14:5b:
                    3c:a4:36:92:56:f7:82:e3:94:08:53:6d:fb:b9:07:
                    90:71:e7:e6:55:68:c6:c6:40:38:74:db:35:6c:6f:
                    a4:c1:19:42:20:7c:c8:48:a8:91:1d:b2:4d:d3:eb:
                    ca:b1:93:f1:88:fa:82:d2:94:1f:7e:2d:0e:3b:14:
                    ef:aa:21:46:b9:9d:19:87:8f:00:c4:05:58:96:ce:
                    fc:de:7d:8f:18:34:b0:0f:24:85:2c:6f:33:56:f3:
                    59:7d:87:04:a1:c5:98:cd:f2:2e:c7:89:61:3b:82:
                    28:20:1f:17:07:28:32:49:70:0c:f6:31:80:f7:70:
                    32:fc:2a:36:b1:7f:29:81:46:d2:16:d1:33:3e:30:
                    bf:e7:f5:69:b1:13:2e:60:34:b6:b9:a1:12:48:3e:
                    27:4c:f9:c6:81:0e:6d:bd:25:dc:47:45:68:fa:ed:
                    6a:04:58:be:11:04:91:cd:0c:2f:bb:8c:42:b7:02:
                    d9:4d:4c:f0:f7:92:b6:3f:34:0a:c2:f8:5d:7a:c1:
                    aa:1c:2f:2f:ce:81:81:a3:7e:0d:74:82:45:62:d7:
                    60:d8:ae:13:a8:a6:df:69:81:69:e1:13:12:e5:4f:
                    92:cc:e3:fd:f6:62:51:4c:18:71:70:d3:0e:7e:f9:
                    9f:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:98:4F:67:A6:C5:42:8A:50:1F:E0:B0:C6:B5:51:94:D2:36:1F:E1
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fJhPZ6bFQopQH-CwxrVRlNI2H-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:9a:86:71:9f:d4:54:e8:78:bb:0e:77:08:45:a8:a2:19:cf:
         76:46:2c:f9:e4:dc:9d:d2:13:96:f0:3d:ac:1f:8d:cd:f5:60:
         87:3b:41:90:a8:f9:3c:9a:14:dd:65:7a:ca:f2:a3:3f:df:29:
         f1:a5:bc:0e:79:5b:7f:d6:10:aa:07:b9:6c:01:c6:e1:1f:ee:
         d3:5e:8c:38:58:28:42:a0:70:ba:13:34:3f:02:e3:42:e1:72:
         26:63:63:c4:96:58:ab:42:14:3c:9b:ed:aa:2b:b4:bf:4b:3b:
         49:38:c8:f3:f6:63:a5:05:07:08:b2:85:e9:2b:b2:65:f1:cd:
         86:0c:3f:2e:68:88:f1:d5:58:52:0c:1c:21:1d:77:d9:4b:36:
         c0:1a:f2:a3:83:dd:ca:38:a0:b4:88:cd:e8:85:fc:70:92:e6:
         80:31:73:42:c2:80:8b:53:78:49:fc:1d:e7:bd:a3:f0:65:9c:
         64:82:bd:b4:5e:8e:c9:cd:9a:3a:05:9c:c5:b0:1d:56:9c:50:
         0a:eb:4e:57:31:4e:59:43:9f:30:b3:fa:c3:a2:8c:26:97:6e:
         a7:e9:30:2f:b1:ef:02:b2:4a:b1:88:a6:3f:01:0f:8a:f9:c1:
         f3:8b:f9:c0:1b:23:23:a1:5a:1a:56:a0:19:cc:a5:bf:0e:d1:
         c3:b6:04:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5SbC8I0AO3Grk+isgci/ETMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzE4MTYzNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yzk4NGY2N2E2YzU0MjhhNTAxZmUwYjBjNmI1NTE5NGQyMzYxZmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjaJbAfh0YRC1qCDxFFs8pDaSVveC
45QIU237uQeQcefmVWjGxkA4dNs1bG+kwRlCIHzISKiRHbJN0+vKsZPxiPqC0pQf
fi0OOxTvqiFGuZ0Zh48AxAVYls783n2PGDSwDySFLG8zVvNZfYcEocWYzfIux4lh
O4IoIB8XBygySXAM9jGA93Ay/Co2sX8pgUbSFtEzPjC/5/VpsRMuYDS2uaESSD4n
TPnGgQ5tvSXcR0Vo+u1qBFi+EQSRzQwvu4xCtwLZTUzw95K2PzQKwvhdesGqHC8v
zoGBo34NdIJFYtdg2K4TqKbfaYFp4RMS5U+SzOP99mJRTBhxcNMOfvmfewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHyYT2emxUKKUB/gsMa1UZTSNh/hMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZkpoUFo2YkZRb3BRSC1Dd3hyVlJsTkkySC1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudhHMA0G
CSqGSIb3DQEBCwUAA4IBAQB2moZxn9RU6Hi7DncIRaiiGc92Riz55Nyd0hOW8D2s
H43N9WCHO0GQqPk8mhTdZXrK8qM/3ynxpbwOeVt/1hCqB7lsAcbhH+7TXow4WChC
oHC6EzQ/AuNC4XImY2PEllirQhQ8m+2qK7S/SztJOMjz9mOlBQcIsoXpK7Jl8c2G
DD8uaIjx1VhSDBwhHXfZSzbAGvKjg93KOKC0iM3ohfxwkuaAMXNCwoCLU3hJ/B3n
vaPwZZxkgr20Xo7JzZo6BZzFsB1WnFAK605XMU5ZQ58ws/rDoowml26n6TAvse8C
skqxiKY/AQ+K+cHzi/nAGyMjoVoaVqAZzKW/DtHDtgSa
-----END CERTIFICATE-----