Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/FpGarJny3tPSLe4nbWHe-N8My_4.roa
File:                     FpGarJny3tPSLe4nbWHe-N8My_4.roa (raw, json)
Hash identifier:          Z+oqhvoRp20/+8FGYTGfMamG2ds0SDiH8uaDu3Z/8Do=
Subject key identifier:   16:91:9A:AC:99:F2:DE:D3:D2:2D:EE:27:6D:61:DE:F8:DF:0C:CB:FE
Certificate issuer:       /CN=0e91de17437a0025fd1ede10f710f17a3080b3ab
Certificate serial:       0190C0F3B0A68EF2F0E557B9E1DC9C31ABA0
Authority key identifier: 0E:91:DE:17:43:7A:00:25:FD:1E:DE:10:F7:10:F1:7A:30:80:B3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/FpGarJny3tPSLe4nbWHe-N8My_4.roa
Signing time:             Wed 17 Jul 2024 13:48:34 +0000
ROA not before:           Wed 17 Jul 2024 13:48:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211462
IP address blocks:        185.207.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c0:f3:b0:a6:8e:f2:f0:e5:57:b9:e1:dc:9c:31:ab:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e91de17437a0025fd1ede10f710f17a3080b3ab
        Validity
            Not Before: Jul 17 13:48:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16919aac99f2ded3d22dee276d61def8df0ccbfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:75:fe:67:12:b5:81:3d:c8:b6:35:e0:ff:80:
                    1b:31:b9:47:8b:14:1e:2e:e7:ff:9b:14:e7:f9:35:
                    de:ef:e2:96:a6:56:58:ba:c3:00:ad:80:41:7f:e5:
                    84:ec:d6:3e:a2:c8:87:59:87:fc:2d:fe:5b:25:22:
                    a0:cb:85:62:27:e4:99:80:cc:3f:39:b0:d4:9b:71:
                    b8:b9:83:71:f4:c4:19:06:5c:fd:22:60:d4:09:9e:
                    5f:a0:47:5e:61:21:b6:00:6b:4e:1b:06:f6:01:12:
                    33:d7:4b:bf:ee:41:85:d1:90:93:94:48:7b:11:49:
                    bd:6c:79:16:20:e4:42:de:6d:0c:35:3b:bc:88:22:
                    57:e0:d9:06:61:57:8d:fc:c0:a8:3b:ef:94:90:2a:
                    46:e1:c8:14:7d:6c:d5:bc:cd:1a:4a:30:a2:89:0c:
                    d9:b8:b2:73:7f:d9:b3:e2:2f:41:07:51:3e:e4:cb:
                    1c:3c:bb:5d:36:f8:ec:22:68:52:97:f8:f6:b4:37:
                    d8:5a:77:e0:d1:61:5d:88:65:e8:97:9f:e6:ac:34:
                    b2:9c:2e:59:c8:d0:21:e6:46:66:1c:64:63:9e:97:
                    06:9a:dd:10:93:18:72:d6:9d:3e:85:f0:5c:1a:5f:
                    f5:c7:b6:38:a5:e6:84:39:4d:a5:bb:60:15:c9:41:
                    9a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:91:9A:AC:99:F2:DE:D3:D2:2D:EE:27:6D:61:DE:F8:DF:0C:CB:FE
            X509v3 Authority Key Identifier:
                keyid:0E:91:DE:17:43:7A:00:25:FD:1E:DE:10:F7:10:F1:7A:30:80:B3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/FpGarJny3tPSLe4nbWHe-N8My_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:7e:d7:ea:7c:7b:4a:3e:bd:a1:a9:35:bd:69:0c:23:b3:ca:
         9d:e7:8e:18:aa:e0:c5:49:10:6a:53:13:3b:0b:28:a1:eb:0d:
         a0:71:3d:b6:cc:2f:17:3e:38:c1:19:fa:80:f4:50:5e:b2:cc:
         c0:2b:d6:2c:97:f9:c7:71:d5:98:9c:0c:8f:07:c1:0b:d7:ea:
         64:bd:b3:7a:cd:c5:76:44:37:5e:55:11:f0:02:eb:48:26:8d:
         b0:99:b6:6f:c8:f3:95:3d:4a:bc:da:10:4d:ce:b6:e6:d1:14:
         6c:44:43:05:88:49:4b:87:7f:28:9e:f8:be:52:66:89:48:ab:
         3a:fe:28:c2:53:34:29:63:05:fa:50:1b:00:43:ca:8f:c7:46:
         ac:fe:52:1b:6f:5c:18:2b:08:b0:70:df:be:0a:6f:1b:6e:b2:
         bf:28:34:b7:ce:c2:27:5c:46:19:42:05:de:c2:1c:07:f2:a6:
         c7:3b:20:2e:4f:b2:f2:2c:c2:db:f3:9a:15:51:0f:fd:12:02:
         32:1e:a6:f9:d7:cd:b4:83:1b:7f:55:93:20:b4:7f:d4:bf:cf:
         56:87:9c:0c:d3:67:a9:90:f4:40:a0:05:28:b4:0b:10:3a:80:
         bd:68:13:76:20:87:e6:cc:eb:e6:d8:0e:98:5a:64:88:91:04:
         fd:77:5e:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDA87CmjvLw5Ve54dycMaugMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlOTFkZTE3NDM3YTAwMjVmZDFlZGUxMGY3MTBmMTdhMzA4
MGIzYWIwHhcNMjQwNzE3MTM0ODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjkxOWFhYzk5ZjJkZWQzZDIyZGVlMjc2ZDYxZGVmOGRmMGNjYmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2HX+ZxK1gT3ItjXg/4AbMblHixQe
Luf/mxTn+TXe7+KWplZYusMArYBBf+WE7NY+osiHWYf8Lf5bJSKgy4ViJ+SZgMw/
ObDUm3G4uYNx9MQZBlz9ImDUCZ5foEdeYSG2AGtOGwb2ARIz10u/7kGF0ZCTlEh7
EUm9bHkWIORC3m0MNTu8iCJX4NkGYVeN/MCoO++UkCpG4cgUfWzVvM0aSjCiiQzZ
uLJzf9mz4i9BB1E+5MscPLtdNvjsImhSl/j2tDfYWnfg0WFdiGXol5/mrDSynC5Z
yNAh5kZmHGRjnpcGmt0Qkxhy1p0+hfBcGl/1x7Y4peaEOU2lu2AVyUGa8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBaRmqyZ8t7T0i3uJ21h3vjfDMv+MB8GA1UdIwQY
MBaAFA6R3hdDegAl/R7eEPcQ8XowgLOrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHBIZUYwTjZBQ1g5SHQ0UTl4RHhlakNBczZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9iYWVmNTctYzQ4NC00NTIzLWIxNGUt
ODhlYmJmOTk3ODBiLzEvRnBHYXJKbnkzdFBTTGU0bmJXSGUtTjhNeV80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9iYWVmNTctYzQ4NC00NTIzLWIxNGUtODhlYmJmOTk3ODBi
LzEvRHBIZUYwTjZBQ1g5SHQ0UTl4RHhlakNBczZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc99MA0G
CSqGSIb3DQEBCwUAA4IBAQCGftfqfHtKPr2hqTW9aQwjs8qd544YquDFSRBqUxM7
Cyih6w2gcT22zC8XPjjBGfqA9FBesszAK9Ysl/nHcdWYnAyPB8EL1+pkvbN6zcV2
RDdeVRHwAutIJo2wmbZvyPOVPUq82hBNzrbm0RRsREMFiElLh38onvi+UmaJSKs6
/ijCUzQpYwX6UBsAQ8qPx0as/lIbb1wYKwiwcN++Cm8bbrK/KDS3zsInXEYZQgXe
whwH8qbHOyAuT7LyLMLb85oVUQ/9EgIyHqb51820gxt/VZMgtH/Uv89Wh5wM02ep
kPRAoAUotAsQOoC9aBN2IIfmzOvm2A6YWmSIkQT9d17F
-----END CERTIFICATE-----