Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/3545e6-8cde-4533-9605-faf2b9f04def/1/9qQP7n9K44TImBzNc6LnqhIENE4.roa
File:                     9qQP7n9K44TImBzNc6LnqhIENE4.roa (raw, json)
Hash identifier:          CzwTFHiORhxhCbfDfeA6o4w3Y2vxuOLSiCQ4AkwwQYQ=
Subject key identifier:   F6:A4:0F:EE:7F:4A:E3:84:C8:98:1C:CD:73:A2:E7:AA:12:04:34:4E
Certificate issuer:       /CN=fc2a6347b531e30f55551d0b6edf60dc8b808b91
Certificate serial:       018CC4939490443343F5339610C4ADA2D01F
Authority key identifier: FC:2A:63:47:B5:31:E3:0F:55:55:1D:0B:6E:DF:60:DC:8B:80:8B:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_CpjR7Ux4w9VVR0Lbt9g3IuAi5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/3545e6-8cde-4533-9605-faf2b9f04def/1/9qQP7n9K44TImBzNc6LnqhIENE4.roa
Signing time:             Mon 01 Jan 2024 10:30:55 +0000
ROA not before:           Mon 01 Jan 2024 10:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200311
IP address blocks:        194.60.214.0/24 maxlen: 24
                          194.60.215.0/24 maxlen: 24
                          194.60.213.0/24 maxlen: 24
                          194.60.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/3545e6-8cde-4533-9605-faf2b9f04def/1/_CpjR7Ux4w9VVR0Lbt9g3IuAi5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/3545e6-8cde-4533-9605-faf2b9f04def/1/_CpjR7Ux4w9VVR0Lbt9g3IuAi5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_CpjR7Ux4w9VVR0Lbt9g3IuAi5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:94:90:44:33:43:f5:33:96:10:c4:ad:a2:d0:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc2a6347b531e30f55551d0b6edf60dc8b808b91
        Validity
            Not Before: Jan  1 10:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6a40fee7f4ae384c8981ccd73a2e7aa1204344e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:80:e7:78:b7:0b:18:13:8a:9a:59:04:08:38:
                    ca:e7:50:ed:d1:e6:14:30:36:6c:3f:b9:88:88:d1:
                    71:4b:37:51:e2:5d:c2:5b:8b:24:21:b9:0f:de:2c:
                    4f:2d:9f:94:3f:36:64:3e:17:5b:d2:d7:8a:2d:c8:
                    46:4a:8e:43:e2:35:ed:e8:5c:79:8e:e4:9b:5a:6f:
                    42:18:e8:35:2c:3e:7c:23:2a:d6:67:ff:c2:c5:d7:
                    1b:6b:90:09:a1:8d:b7:19:20:8f:ee:19:a1:63:a0:
                    2e:b8:ec:cc:18:38:37:2f:51:73:02:60:df:2b:77:
                    09:72:a3:78:fe:62:47:96:5d:55:b5:04:e6:ea:3d:
                    fc:7e:12:c3:bc:e6:32:a9:d8:85:45:83:b8:be:74:
                    c6:67:a7:fb:78:f5:37:3a:66:94:78:8a:7f:a1:4e:
                    b6:d6:ff:8c:e2:06:f8:35:87:ab:ec:fa:bf:da:79:
                    98:79:d0:95:3a:7d:38:cd:d2:0e:b9:c0:78:95:ad:
                    81:81:8d:6d:a8:01:d9:df:20:cb:60:40:89:c6:7b:
                    9e:a1:79:1e:e3:c0:92:e8:a1:ec:18:96:c5:17:3d:
                    b1:f3:e9:b8:97:ec:11:f9:de:d6:d1:ff:77:1f:1e:
                    51:a5:2e:45:19:41:60:7a:8d:56:6c:e3:c8:45:ba:
                    82:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:A4:0F:EE:7F:4A:E3:84:C8:98:1C:CD:73:A2:E7:AA:12:04:34:4E
            X509v3 Authority Key Identifier:
                keyid:FC:2A:63:47:B5:31:E3:0F:55:55:1D:0B:6E:DF:60:DC:8B:80:8B:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_CpjR7Ux4w9VVR0Lbt9g3IuAi5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/3545e6-8cde-4533-9605-faf2b9f04def/1/9qQP7n9K44TImBzNc6LnqhIENE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/3545e6-8cde-4533-9605-faf2b9f04def/1/_CpjR7Ux4w9VVR0Lbt9g3IuAi5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:db:f3:01:50:82:04:c7:19:67:e4:7b:3e:de:3e:49:d7:03:
         0e:99:f8:39:6c:e0:3a:39:29:5b:af:f2:45:58:10:3e:4e:81:
         84:00:01:4e:87:ec:8e:b7:d9:d1:8a:fd:0f:5e:80:92:9f:ed:
         3e:70:85:e2:43:5e:4c:94:fe:10:eb:91:8d:de:a6:01:6c:ce:
         29:09:60:ca:09:b3:b2:eb:63:e0:56:56:6c:c1:13:7c:c5:55:
         65:a7:d1:c6:40:dc:39:d5:33:cf:03:6b:01:7a:32:60:c0:17:
         83:d9:2d:60:99:70:84:3b:b1:91:90:4d:16:67:7d:ed:cc:67:
         18:8c:be:3a:7d:c5:4b:bb:4b:a2:6c:ca:92:34:1a:b9:8e:50:
         8c:d4:8f:45:23:3d:06:f2:4e:78:82:56:69:bf:98:f5:97:c8:
         f4:9c:69:68:a1:eb:f0:f9:cc:bb:e1:1a:b4:25:8c:1b:dc:f1:
         2f:e3:31:51:5a:3e:39:89:a6:42:31:ee:19:9f:59:e0:95:77:
         c0:8f:26:8e:1b:3c:e1:4d:5b:c1:31:eb:26:ad:b3:df:b5:79:
         21:20:1f:12:39:80:7c:9e:26:6c:61:b8:af:54:d7:69:e4:b1:
         fd:59:7d:f4:07:e6:f2:be:6b:5f:38:b5:23:ca:1b:c5:f2:0f:
         79:61:ef:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5SQRDND9TOWEMStotAfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMmE2MzQ3YjUzMWUzMGY1NTU1MWQwYjZlZGY2MGRjOGI4
MDhiOTEwHhcNMjQwMTAxMTAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmE0MGZlZTdmNGFlMzg0Yzg5ODFjY2Q3M2EyZTdhYTEyMDQzNDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4DneLcLGBOKmlkECDjK51Dt0eYU
MDZsP7mIiNFxSzdR4l3CW4skIbkP3ixPLZ+UPzZkPhdb0teKLchGSo5D4jXt6Fx5
juSbWm9CGOg1LD58IyrWZ//Cxdcba5AJoY23GSCP7hmhY6AuuOzMGDg3L1FzAmDf
K3cJcqN4/mJHll1VtQTm6j38fhLDvOYyqdiFRYO4vnTGZ6f7ePU3OmaUeIp/oU62
1v+M4gb4NYer7Pq/2nmYedCVOn04zdIOucB4la2BgY1tqAHZ3yDLYECJxnueoXke
48CS6KHsGJbFFz2x8+m4l+wR+d7W0f93Hx5RpS5FGUFgeo1WbOPIRbqCYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPakD+5/SuOEyJgczXOi56oSBDROMB8GA1UdIwQY
MBaAFPwqY0e1MeMPVVUdC27fYNyLgIuRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0NwalI3VXg0dzlWVlIwTGJ0OWczSXVBaTVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8zNTQ1ZTYtOGNkZS00NTMzLTk2MDUt
ZmFmMmI5ZjA0ZGVmLzEvOXFRUDduOUs0NFRJbUJ6TmM2TG5xaElFTkU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8zNTQ1ZTYtOGNkZS00NTMzLTk2MDUtZmFmMmI5ZjA0ZGVm
LzEvX0NwalI3VXg0dzlWVlIwTGJ0OWczSXVBaTVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjzUMA0G
CSqGSIb3DQEBCwUAA4IBAQCT2/MBUIIExxln5Hs+3j5J1wMOmfg5bOA6OSlbr/JF
WBA+ToGEAAFOh+yOt9nRiv0PXoCSn+0+cIXiQ15MlP4Q65GN3qYBbM4pCWDKCbOy
62PgVlZswRN8xVVlp9HGQNw51TPPA2sBejJgwBeD2S1gmXCEO7GRkE0WZ33tzGcY
jL46fcVLu0uibMqSNBq5jlCM1I9FIz0G8k54glZpv5j1l8j0nGlooevw+cy74Rq0
JYwb3PEv4zFRWj45iaZCMe4Zn1nglXfAjyaOGzzhTVvBMesmrbPftXkhIB8SOYB8
niZsYbivVNdp5LH9WX30B+byvmtfOLUjyhvF8g95Ye+S
-----END CERTIFICATE-----