Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/3f2772-3da3-4921-9c52-b0b06eb344fb/1/FU1B4H1gdLJJNXlTWnSMMlGMnAA.roa
File:                     FU1B4H1gdLJJNXlTWnSMMlGMnAA.roa (raw, json)
Hash identifier:          hL0J1W9dyKx6iCtZ6Jw/B155ULtW4QczHC1mKDffVVM=
Subject key identifier:   15:4D:41:E0:7D:60:74:B2:49:35:79:53:5A:74:8C:32:51:8C:9C:00
Certificate issuer:       /CN=4ba5c404266deb16d9c78aa92e802d83fba26c71
Certificate serial:       018F1544613ECA5AE62F19EC54A1D090076B
Authority key identifier: 4B:A5:C4:04:26:6D:EB:16:D9:C7:8A:A9:2E:80:2D:83:FB:A2:6C:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S6XEBCZt6xbZx4qpLoAtg_uibHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/3f2772-3da3-4921-9c52-b0b06eb344fb/1/FU1B4H1gdLJJNXlTWnSMMlGMnAA.roa
Signing time:             Thu 25 Apr 2024 12:39:13 +0000
ROA not before:           Thu 25 Apr 2024 12:39:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8453
IP address blocks:        194.11.136.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/3f2772-3da3-4921-9c52-b0b06eb344fb/1/S6XEBCZt6xbZx4qpLoAtg_uibHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/3f2772-3da3-4921-9c52-b0b06eb344fb/1/S6XEBCZt6xbZx4qpLoAtg_uibHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S6XEBCZt6xbZx4qpLoAtg_uibHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:15:44:61:3e:ca:5a:e6:2f:19:ec:54:a1:d0:90:07:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ba5c404266deb16d9c78aa92e802d83fba26c71
        Validity
            Not Before: Apr 25 12:39:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=154d41e07d6074b2493579535a748c32518c9c00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:7e:84:6a:9e:72:ac:7f:cc:7a:9e:6f:cb:59:
                    2f:b9:a9:ff:4c:5c:32:0a:9b:2b:6d:ce:31:46:ea:
                    f9:91:10:e9:f1:85:bd:fe:0b:a9:af:b1:50:6c:cb:
                    d3:d7:52:56:23:89:f8:97:47:b7:91:a0:03:44:a9:
                    b2:90:3f:88:4c:3e:32:1a:f2:88:13:b1:cf:3b:08:
                    d2:71:40:6b:42:7d:8b:4c:13:93:49:98:4a:96:38:
                    00:ff:f0:ad:71:77:83:e1:c6:28:4a:d9:c6:a2:6c:
                    ee:4b:45:28:2e:07:f9:de:6c:08:2a:6f:78:cd:01:
                    cd:5c:22:07:af:d5:84:e4:c2:9d:62:10:92:d3:2f:
                    84:bd:b0:c8:b7:a3:5f:fb:d0:ff:2b:3f:28:17:e9:
                    66:e2:6f:6d:d2:d5:83:f3:cc:27:47:94:83:45:00:
                    6a:55:bf:b6:37:dd:cb:94:1b:01:fa:b3:c1:ec:61:
                    0e:ed:e7:a7:57:81:c6:c1:46:d1:f8:73:8b:63:70:
                    2b:95:45:b1:8f:0b:a8:d6:64:c8:e7:56:b3:cb:cb:
                    8b:6d:9b:1d:1a:1e:35:ce:9d:7b:1f:c8:1e:07:54:
                    50:f1:9e:b3:28:d6:c9:10:04:65:30:1b:d2:5f:d8:
                    2c:49:18:2c:9a:47:07:e1:2d:e2:ef:05:53:78:8a:
                    29:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:4D:41:E0:7D:60:74:B2:49:35:79:53:5A:74:8C:32:51:8C:9C:00
            X509v3 Authority Key Identifier:
                keyid:4B:A5:C4:04:26:6D:EB:16:D9:C7:8A:A9:2E:80:2D:83:FB:A2:6C:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S6XEBCZt6xbZx4qpLoAtg_uibHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/3f2772-3da3-4921-9c52-b0b06eb344fb/1/FU1B4H1gdLJJNXlTWnSMMlGMnAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/3f2772-3da3-4921-9c52-b0b06eb344fb/1/S6XEBCZt6xbZx4qpLoAtg_uibHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         30:7f:1a:e3:3a:56:bb:bb:2c:29:c9:8d:8e:37:19:56:8f:ae:
         d2:72:ae:0c:e8:17:34:7c:07:38:46:cc:0b:79:94:62:e9:69:
         31:6d:f8:b8:77:2a:37:c8:44:e8:fb:cc:d8:6f:60:00:60:bd:
         c6:5a:41:af:e8:f9:26:2c:8d:d3:09:50:5b:f8:c3:27:da:05:
         a6:65:c1:dc:c7:7f:2e:96:ee:9b:78:e6:90:88:6b:50:44:e1:
         29:e5:ad:3b:53:c4:4f:fb:37:84:d6:68:b5:25:05:5f:cb:13:
         5a:83:02:16:a4:89:3f:4c:13:2d:9e:f9:bf:72:64:87:bb:f7:
         3b:b8:43:f9:85:4c:6b:d3:fb:8e:20:30:41:5b:7b:ca:86:f3:
         0d:60:15:3c:16:3c:4a:ef:81:da:b8:e0:fd:d6:78:c0:bf:6f:
         bd:41:2a:6c:ff:bf:47:84:82:d3:cd:d8:46:3a:77:d5:97:06:
         be:8b:3b:a5:b3:25:43:25:5a:06:1d:b3:74:23:70:32:cb:b2:
         6f:4a:3e:01:55:88:16:71:19:8d:83:ba:50:17:b4:c7:e0:8a:
         a4:ea:de:43:da:8a:53:a0:69:25:e4:93:34:07:8c:22:c1:7c:
         7c:36:69:98:aa:ba:78:e9:dc:b6:f0:77:7e:32:70:54:7b:b2:
         1c:bc:b5:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8VRGE+ylrmLxnsVKHQkAdrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiYTVjNDA0MjY2ZGViMTZkOWM3OGFhOTJlODAyZDgzZmJh
MjZjNzEwHhcNMjQwNDI1MTIzOTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTRkNDFlMDdkNjA3NGIyNDkzNTc5NTM1YTc0OGMzMjUxOGM5YzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgH6Eap5yrH/Mep5vy1kvuan/TFwy
Cpsrbc4xRur5kRDp8YW9/gupr7FQbMvT11JWI4n4l0e3kaADRKmykD+ITD4yGvKI
E7HPOwjScUBrQn2LTBOTSZhKljgA//CtcXeD4cYoStnGomzuS0UoLgf53mwIKm94
zQHNXCIHr9WE5MKdYhCS0y+EvbDIt6Nf+9D/Kz8oF+lm4m9t0tWD88wnR5SDRQBq
Vb+2N93LlBsB+rPB7GEO7eenV4HGwUbR+HOLY3ArlUWxjwuo1mTI51azy8uLbZsd
Gh41zp17H8geB1RQ8Z6zKNbJEARlMBvSX9gsSRgsmkcH4S3i7wVTeIopbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVNQeB9YHSySTV5U1p0jDJRjJwAMB8GA1UdIwQY
MBaAFEulxAQmbesW2ceKqS6ALYP7omxxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzZYRUJDWnQ2eGJaeDRxcExvQXRnX3VpYkhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8zZjI3NzItM2RhMy00OTIxLTljNTIt
YjBiMDZlYjM0NGZiLzEvRlUxQjRIMWdkTEpKTlhsVFduU01NbEdNbkFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8zZjI3NzItM2RhMy00OTIxLTljNTItYjBiMDZlYjM0NGZi
LzEvUzZYRUJDWnQ2eGJaeDRxcExvQXRnX3VpYkhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwguIMA0G
CSqGSIb3DQEBCwUAA4IBAQAwfxrjOla7uywpyY2ONxlWj67Scq4M6Bc0fAc4RswL
eZRi6Wkxbfi4dyo3yETo+8zYb2AAYL3GWkGv6PkmLI3TCVBb+MMn2gWmZcHcx38u
lu6beOaQiGtQROEp5a07U8RP+zeE1mi1JQVfyxNagwIWpIk/TBMtnvm/cmSHu/c7
uEP5hUxr0/uOIDBBW3vKhvMNYBU8FjxK74HauOD91njAv2+9QSps/79HhILTzdhG
OnfVlwa+izulsyVDJVoGHbN0I3Ayy7JvSj4BVYgWcRmNg7pQF7TH4Iqk6t5D2opT
oGkl5JM0B4wiwXx8NmmYqrp46dy28Hd+MnBUe7IcvLXZ
-----END CERTIFICATE-----