Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/bc48d2-28e8-405d-9f9a-03897f4cb35d/1/7F4hoTdmt0FLp7vLmGFnxY3ONBA.roa
File:                     7F4hoTdmt0FLp7vLmGFnxY3ONBA.roa (raw, json)
Hash identifier:          +5u2pP0JLq/oHdO491BsQEnypqUd5Kg9060fKHo2RP0=
Subject key identifier:   EC:5E:21:A1:37:66:B7:41:4B:A7:BB:CB:98:61:67:C5:8D:CE:34:10
Certificate issuer:       /CN=fc96311f207e30e04e5ed18960b31fb3ba67d9cc
Certificate serial:       018CC5DBF66841083925438FE481A4C7F5A3
Authority key identifier: FC:96:31:1F:20:7E:30:E0:4E:5E:D1:89:60:B3:1F:B3:BA:67:D9:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_JYxHyB-MOBOXtGJYLMfs7pn2cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/bc48d2-28e8-405d-9f9a-03897f4cb35d/1/7F4hoTdmt0FLp7vLmGFnxY3ONBA.roa
Signing time:             Mon 01 Jan 2024 16:29:36 +0000
ROA not before:           Mon 01 Jan 2024 16:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206317
IP address blocks:        185.187.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/bc48d2-28e8-405d-9f9a-03897f4cb35d/1/_JYxHyB-MOBOXtGJYLMfs7pn2cw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/bc48d2-28e8-405d-9f9a-03897f4cb35d/1/_JYxHyB-MOBOXtGJYLMfs7pn2cw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_JYxHyB-MOBOXtGJYLMfs7pn2cw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f6:68:41:08:39:25:43:8f:e4:81:a4:c7:f5:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc96311f207e30e04e5ed18960b31fb3ba67d9cc
        Validity
            Not Before: Jan  1 16:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec5e21a13766b7414ba7bbcb986167c58dce3410
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f3:88:4b:e0:6f:67:b5:ad:f0:f2:13:a4:51:
                    10:d7:c5:54:03:b2:42:c2:56:8e:b1:3c:4a:9c:ff:
                    a2:61:7c:0f:cd:b3:cd:54:17:17:a6:49:14:78:34:
                    ba:70:1b:6d:a1:d8:33:d6:cb:ff:52:30:a5:c2:75:
                    f2:7c:35:a1:f8:e9:80:94:33:3a:f3:b7:72:2a:3a:
                    05:ec:ee:86:6e:b5:a5:5e:1b:a7:f2:b7:a2:7d:b2:
                    fa:33:37:ec:08:9c:62:0e:52:9d:ae:6c:46:3e:e5:
                    6e:67:96:6b:ee:e7:fb:60:3f:43:bc:2c:03:48:f1:
                    a5:c1:45:3d:de:ba:98:8c:39:2f:d9:d1:47:42:7e:
                    a0:e9:e3:82:59:7e:f8:6b:44:18:a0:45:68:09:1c:
                    b0:e2:b1:b0:40:5e:15:90:2f:45:fc:5f:78:8f:60:
                    9c:4f:cd:42:08:bb:56:ab:02:22:56:f8:a5:33:87:
                    1b:0b:da:5c:e3:ba:2f:02:fc:80:4e:c6:5f:cf:be:
                    b6:29:c0:e2:e4:af:4a:6e:17:57:19:2e:f3:62:00:
                    d5:9c:39:09:b6:b2:2c:90:ca:43:63:28:99:15:85:
                    be:a3:2a:15:8a:c9:fc:15:84:f8:8a:03:80:7d:64:
                    43:21:5f:fa:2f:32:39:20:6e:9f:73:da:72:c2:d5:
                    63:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:5E:21:A1:37:66:B7:41:4B:A7:BB:CB:98:61:67:C5:8D:CE:34:10
            X509v3 Authority Key Identifier:
                keyid:FC:96:31:1F:20:7E:30:E0:4E:5E:D1:89:60:B3:1F:B3:BA:67:D9:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_JYxHyB-MOBOXtGJYLMfs7pn2cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/bc48d2-28e8-405d-9f9a-03897f4cb35d/1/7F4hoTdmt0FLp7vLmGFnxY3ONBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/bc48d2-28e8-405d-9f9a-03897f4cb35d/1/_JYxHyB-MOBOXtGJYLMfs7pn2cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:8e:b8:c5:7d:70:eb:e6:ac:92:2d:9e:57:75:04:bd:d3:d5:
         e6:e6:48:ff:f1:0f:7e:90:1f:18:58:69:99:f3:10:78:5c:47:
         77:44:90:c4:0d:c8:ae:07:96:60:63:b3:57:85:5f:2f:a3:2a:
         c8:a6:63:07:06:a5:6f:2f:90:9c:79:64:25:63:24:39:fa:4d:
         e8:63:eb:2c:99:36:08:b1:dd:e7:67:d5:89:66:7f:04:0c:5d:
         7f:f9:cc:25:e9:8a:e8:60:e4:30:c3:fd:26:c2:9b:8c:a0:26:
         3a:b0:b6:cf:31:13:1f:1d:6b:7c:da:c7:7d:55:72:de:94:f8:
         f8:19:24:28:72:ee:38:4a:cc:1d:97:24:4d:ed:8a:6a:e3:e7:
         d3:3f:e8:ae:e1:23:9d:ed:1d:0a:94:6f:0a:6d:c5:8b:11:e8:
         41:11:33:b0:39:1d:b6:fe:fe:99:b1:2d:14:59:3f:94:09:97:
         24:0f:59:93:b4:12:06:69:66:60:0d:d5:8a:a8:2c:d1:01:52:
         08:f7:d4:16:27:3a:23:80:bd:d7:b3:1b:82:19:26:c5:0d:31:
         b2:e1:5d:16:3d:c3:09:6a:a5:7c:ff:52:d7:49:0f:54:f5:af:
         60:fb:39:26:ba:6a:a7:fc:c2:0a:a9:ee:38:c3:09:c3:f7:e1:
         1f:d5:fd:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/ZoQQg5JUOP5IGkx/WjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjOTYzMTFmMjA3ZTMwZTA0ZTVlZDE4OTYwYjMxZmIzYmE2
N2Q5Y2MwHhcNMjQwMTAxMTYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzVlMjFhMTM3NjZiNzQxNGJhN2JiY2I5ODYxNjdjNThkY2UzNDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPOIS+BvZ7Wt8PITpFEQ18VUA7JC
wlaOsTxKnP+iYXwPzbPNVBcXpkkUeDS6cBttodgz1sv/UjClwnXyfDWh+OmAlDM6
87dyKjoF7O6GbrWlXhun8reifbL6MzfsCJxiDlKdrmxGPuVuZ5Zr7uf7YD9DvCwD
SPGlwUU93rqYjDkv2dFHQn6g6eOCWX74a0QYoEVoCRyw4rGwQF4VkC9F/F94j2Cc
T81CCLtWqwIiVvilM4cbC9pc47ovAvyATsZfz762KcDi5K9KbhdXGS7zYgDVnDkJ
trIskMpDYyiZFYW+oyoVisn8FYT4igOAfWRDIV/6LzI5IG6fc9pywtVjIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOxeIaE3ZrdBS6e7y5hhZ8WNzjQQMB8GA1UdIwQY
MBaAFPyWMR8gfjDgTl7RiWCzH7O6Z9nMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0pZeEh5Qi1NT0JPWHRHSllMTWZzN3BuMmN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9iYzQ4ZDItMjhlOC00MDVkLTlmOWEt
MDM4OTdmNGNiMzVkLzEvN0Y0aG9UZG10MEZMcDd2TG1HRm54WTNPTkJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9iYzQ4ZDItMjhlOC00MDVkLTlmOWEtMDM4OTdmNGNiMzVk
LzEvX0pZeEh5Qi1NT0JPWHRHSllMTWZzN3BuMmN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubt2MA0G
CSqGSIb3DQEBCwUAA4IBAQCFjrjFfXDr5qySLZ5XdQS909Xm5kj/8Q9+kB8YWGmZ
8xB4XEd3RJDEDciuB5ZgY7NXhV8voyrIpmMHBqVvL5CceWQlYyQ5+k3oY+ssmTYI
sd3nZ9WJZn8EDF1/+cwl6YroYOQww/0mwpuMoCY6sLbPMRMfHWt82sd9VXLelPj4
GSQocu44SswdlyRN7Ypq4+fTP+iu4SOd7R0KlG8KbcWLEehBETOwOR22/v6ZsS0U
WT+UCZckD1mTtBIGaWZgDdWKqCzRAVII99QWJzojgL3XsxuCGSbFDTGy4V0WPcMJ
aqV8/1LXSQ9U9a9g+zkmumqn/MIKqe44wwnD9+Ef1f1W
-----END CERTIFICATE-----