Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/FE4JCrglQOGWYz3KTMlrQvi4SMk.roa
File:                     FE4JCrglQOGWYz3KTMlrQvi4SMk.roa (raw, json)
Hash identifier:          I7rdjFFnaqg/QuqhQLrz7d9Gv0hTCe0oggpar/JEguo=
Subject key identifier:   14:4E:09:0A:B8:25:40:E1:96:63:3D:CA:4C:C9:6B:42:F8:B8:48:C9
Certificate issuer:       /CN=c3fb403a241883e58fced52d39d80eabd52bb36f
Certificate serial:       018CC726EB1020E7A82F776206A64F09B57F
Authority key identifier: C3:FB:40:3A:24:18:83:E5:8F:CE:D5:2D:39:D8:0E:AB:D5:2B:B3:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/FE4JCrglQOGWYz3KTMlrQvi4SMk.roa
Signing time:             Mon 01 Jan 2024 22:31:05 +0000
ROA not before:           Mon 01 Jan 2024 22:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51500
IP address blocks:        185.17.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:eb:10:20:e7:a8:2f:77:62:06:a6:4f:09:b5:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3fb403a241883e58fced52d39d80eabd52bb36f
        Validity
            Not Before: Jan  1 22:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=144e090ab82540e196633dca4cc96b42f8b848c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4a:76:f9:96:c5:9e:2a:4c:68:6f:4b:d2:67:
                    36:88:cc:6b:09:a9:62:12:6b:c3:5e:f3:2a:66:08:
                    3c:7c:da:1a:98:92:3f:b8:f0:88:5e:d1:a2:6b:4e:
                    9c:90:ef:37:5e:69:ab:27:2a:69:46:1c:6a:2b:c3:
                    80:91:c9:e8:b0:7c:ca:56:37:82:8c:9d:24:be:88:
                    f5:0c:6b:48:3e:52:59:d4:3b:c9:d5:b5:3a:27:81:
                    df:2d:a7:15:6a:6e:70:d2:d2:26:0a:8f:c7:b2:7a:
                    a7:5a:e2:93:12:4e:6e:c2:96:39:0f:43:a2:66:38:
                    76:e7:ba:78:1e:bd:8e:a2:fa:b6:0d:ce:7b:26:0c:
                    d7:4f:52:08:3c:f0:1e:19:5e:04:7a:fb:46:06:5f:
                    7b:33:d9:df:f1:2a:18:fa:2d:f6:4e:f1:61:f5:77:
                    a6:c8:ab:6c:33:c7:e5:16:48:24:5e:45:29:45:25:
                    cc:b5:de:b1:d7:84:a6:2f:d3:4c:37:6b:5a:a6:51:
                    d7:ed:4e:cf:07:fc:06:43:37:2c:1c:45:26:d7:02:
                    37:bf:3b:06:eb:17:9b:e9:8e:d2:e8:03:3a:d5:5a:
                    d1:1a:15:f1:58:2b:42:da:3d:12:d6:87:a5:39:c7:
                    ec:01:78:3b:9b:b5:d2:5f:cf:52:1d:2d:06:53:d8:
                    80:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:4E:09:0A:B8:25:40:E1:96:63:3D:CA:4C:C9:6B:42:F8:B8:48:C9
            X509v3 Authority Key Identifier:
                keyid:C3:FB:40:3A:24:18:83:E5:8F:CE:D5:2D:39:D8:0E:AB:D5:2B:B3:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/FE4JCrglQOGWYz3KTMlrQvi4SMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:a7:ff:2e:c5:79:14:45:c2:e2:17:84:b9:11:90:1e:7b:88:
         49:9c:94:2f:f0:ef:b0:5b:98:98:08:01:68:50:1b:24:53:63:
         10:4f:e0:f0:95:68:d7:01:71:53:9c:8b:79:01:d5:8c:be:55:
         0f:ff:0a:1f:c9:82:cb:3b:6d:c5:02:ec:db:18:2d:93:31:f2:
         7d:fd:5f:2e:0d:4b:ab:08:b4:2b:3a:4c:e0:6e:ee:b0:86:60:
         90:c0:fe:95:6d:8e:f9:72:f7:52:dc:97:72:74:94:8c:b0:e8:
         09:28:56:6e:54:d0:2d:6e:55:37:09:e5:6f:ba:82:28:39:e3:
         f1:ac:c2:cf:c0:78:8e:92:5d:f2:fb:64:fe:c4:d5:e3:e9:60:
         27:49:fe:7c:d7:ee:40:c0:82:49:4b:a0:9e:34:0d:d7:12:f8:
         0b:47:bb:0f:43:c4:a3:98:2a:a3:3f:1d:a3:f8:f1:4c:c1:09:
         56:d1:8f:c7:57:b9:95:14:df:d1:7b:17:8f:a0:05:9f:f2:36:
         20:e8:d7:9b:eb:2a:a2:86:b5:29:5c:b8:92:c7:5e:bd:ce:3d:
         f4:22:e4:94:f1:59:48:b1:a9:a7:81:dd:98:ba:5c:4b:47:2b:
         ca:e8:88:4a:bc:b7:66:6a:45:e4:23:90:d2:b5:1c:bd:c9:48:
         fc:db:d4:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJusQIOeoL3diBqZPCbV/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzZmI0MDNhMjQxODgzZTU4ZmNlZDUyZDM5ZDgwZWFiZDUy
YmIzNmYwHhcNMjQwMTAxMjIzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDRlMDkwYWI4MjU0MGUxOTY2MzNkY2E0Y2M5NmI0MmY4Yjg0OGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0p2+ZbFnipMaG9L0mc2iMxrCali
EmvDXvMqZgg8fNoamJI/uPCIXtGia06ckO83XmmrJyppRhxqK8OAkcnosHzKVjeC
jJ0kvoj1DGtIPlJZ1DvJ1bU6J4HfLacVam5w0tImCo/HsnqnWuKTEk5uwpY5D0Oi
Zjh257p4Hr2Oovq2Dc57JgzXT1IIPPAeGV4EevtGBl97M9nf8SoY+i32TvFh9Xem
yKtsM8flFkgkXkUpRSXMtd6x14SmL9NMN2taplHX7U7PB/wGQzcsHEUm1wI3vzsG
6xeb6Y7S6AM61VrRGhXxWCtC2j0S1oelOcfsAXg7m7XSX89SHS0GU9iAzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBROCQq4JUDhlmM9ykzJa0L4uEjJMB8GA1UdIwQY
MBaAFMP7QDokGIPlj87VLTnYDqvVK7NvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd190QU9pUVlnLVdQenRVdE9kZ09xOVVyczI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC80ZGM2MjUtN2MxYy00ZGFjLTg5OWUt
YTlhNzc5MDI2ZjBhLzEvRkU0SkNyZ2xRT0dXWXozS1RNbHJRdmk0U01rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC80ZGM2MjUtN2MxYy00ZGFjLTg5OWUtYTlhNzc5MDI2ZjBh
LzEvd190QU9pUVlnLVdQenRVdE9kZ09xOVVyczI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRF/MA0G
CSqGSIb3DQEBCwUAA4IBAQBZp/8uxXkURcLiF4S5EZAee4hJnJQv8O+wW5iYCAFo
UBskU2MQT+DwlWjXAXFTnIt5AdWMvlUP/wofyYLLO23FAuzbGC2TMfJ9/V8uDUur
CLQrOkzgbu6whmCQwP6VbY75cvdS3JdydJSMsOgJKFZuVNAtblU3CeVvuoIoOePx
rMLPwHiOkl3y+2T+xNXj6WAnSf581+5AwIJJS6CeNA3XEvgLR7sPQ8SjmCqjPx2j
+PFMwQlW0Y/HV7mVFN/RexePoAWf8jYg6Neb6yqihrUpXLiSx169zj30IuSU8VlI
samngd2YulxLRyvK6IhKvLdmakXkI5DStRy9yUj829Qx
-----END CERTIFICATE-----