Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/fJz8iq2WzzgYxR6a66bzWIUioQY.roa
File:                     fJz8iq2WzzgYxR6a66bzWIUioQY.roa (raw, json)
Hash identifier:          O+lgL6aNeFLX84DNasILqeWmvQPKW3rxkeprdzLxQTs=
Subject key identifier:   7C:9C:FC:8A:AD:96:CF:38:18:C5:1E:9A:EB:A6:F3:58:85:22:A1:06
Certificate issuer:       /CN=cecd391c660c3e57c53b87c0b52ec0d2f2f42775
Certificate serial:       018D3FFF97FAB3ADD0C65F5690B07BB67AC2
Authority key identifier: CE:CD:39:1C:66:0C:3E:57:C5:3B:87:C0:B5:2E:C0:D2:F2:F4:27:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zs05HGYMPlfFO4fAtS7A0vL0J3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/fJz8iq2WzzgYxR6a66bzWIUioQY.roa
Signing time:             Thu 25 Jan 2024 09:42:11 +0000
ROA not before:           Thu 25 Jan 2024 09:42:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44066
IP address blocks:        193.107.120.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/zs05HGYMPlfFO4fAtS7A0vL0J3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/zs05HGYMPlfFO4fAtS7A0vL0J3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zs05HGYMPlfFO4fAtS7A0vL0J3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3f:ff:97:fa:b3:ad:d0:c6:5f:56:90:b0:7b:b6:7a:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cecd391c660c3e57c53b87c0b52ec0d2f2f42775
        Validity
            Not Before: Jan 25 09:42:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c9cfc8aad96cf3818c51e9aeba6f3588522a106
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c7:c2:ff:3c:00:05:bd:db:a5:54:57:37:a4:
                    fe:40:46:19:49:03:b2:4b:ee:b3:b2:a3:7f:38:9e:
                    12:74:67:6f:b9:e9:b6:c7:c1:17:a3:75:21:e4:63:
                    09:9e:a9:6f:ad:ca:62:54:77:22:8b:3e:66:48:cc:
                    f7:06:fa:97:3a:82:5a:00:f7:16:a5:1f:9f:f1:1f:
                    9d:e2:c5:6f:26:e9:fe:0b:81:6b:d3:68:15:0f:59:
                    48:f9:09:6d:4d:aa:73:d7:d5:03:c1:54:17:4d:25:
                    61:e7:9e:be:68:c4:d9:60:eb:5b:8b:29:85:63:40:
                    d6:9f:33:3f:dd:1d:3e:a9:3b:ec:29:ff:55:d4:c2:
                    ed:0b:3d:f4:34:27:93:7a:94:67:27:38:98:1b:ed:
                    a8:21:fa:71:12:57:3b:a2:ae:56:dc:0a:18:a2:b6:
                    97:f4:db:1f:00:c7:a4:d0:b2:2c:fb:cd:5d:3f:d3:
                    a8:42:2f:d6:43:d2:58:80:d7:b7:af:51:b6:27:cd:
                    70:06:25:f7:de:b9:8a:2a:c3:0d:5f:a1:a6:57:fa:
                    37:57:81:ab:60:15:45:06:e0:f4:5f:7b:02:16:ce:
                    09:99:78:6d:71:12:26:bf:6b:cc:c1:42:7c:78:0a:
                    09:6c:c6:e0:88:7f:fe:82:c5:91:eb:a8:3f:a4:7e:
                    db:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:9C:FC:8A:AD:96:CF:38:18:C5:1E:9A:EB:A6:F3:58:85:22:A1:06
            X509v3 Authority Key Identifier:
                keyid:CE:CD:39:1C:66:0C:3E:57:C5:3B:87:C0:B5:2E:C0:D2:F2:F4:27:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zs05HGYMPlfFO4fAtS7A0vL0J3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/fJz8iq2WzzgYxR6a66bzWIUioQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/zs05HGYMPlfFO4fAtS7A0vL0J3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:01:1f:52:73:6a:7e:04:df:96:bb:42:2c:ee:20:d2:4b:75:
         82:34:d3:84:ea:c1:65:52:0b:8a:0b:fb:c8:bb:68:83:fb:62:
         b4:0a:e7:e8:fb:75:6a:38:20:a5:8f:02:ad:e3:64:1f:99:78:
         db:e9:93:d7:46:0d:c9:30:27:8f:8f:06:ab:76:ca:e4:79:ac:
         f8:9f:67:0d:85:4c:05:da:ef:2b:8b:df:2f:76:c0:c8:60:d2:
         19:12:4b:a0:09:c4:ff:e8:47:8f:71:1e:3f:4c:e6:5c:c4:d5:
         b0:9e:1f:12:51:b2:50:01:a9:11:58:de:0f:01:c2:24:00:58:
         d9:89:4a:73:ab:f6:5a:ca:86:e4:56:66:b7:3a:fc:5e:ab:87:
         57:dc:2b:92:55:1f:ba:f5:39:c4:18:ae:ce:89:1b:79:aa:b8:
         7b:43:5d:13:bc:26:99:f5:d3:b6:f7:35:97:19:cc:bb:cf:2b:
         ed:dd:d8:ee:c1:94:e4:56:8f:e1:9d:50:5a:fc:f8:05:92:bf:
         fb:58:96:dd:da:f4:e9:ca:06:fc:34:7f:9d:96:c5:ab:1c:12:
         84:f8:eb:29:f5:3d:1a:93:66:0a:ad:66:3e:2e:11:66:56:7d:
         20:f1:ac:02:48:8f:2b:e3:a4:ad:d4:36:4e:5a:ad:e1:cc:b6:
         29:b8:48:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0//5f6s63Qxl9WkLB7tnrCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlY2QzOTFjNjYwYzNlNTdjNTNiODdjMGI1MmVjMGQyZjJm
NDI3NzUwHhcNMjQwMTI1MDk0MjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzljZmM4YWFkOTZjZjM4MThjNTFlOWFlYmE2ZjM1ODg1MjJhMTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcfC/zwABb3bpVRXN6T+QEYZSQOy
S+6zsqN/OJ4SdGdvuem2x8EXo3Uh5GMJnqlvrcpiVHciiz5mSMz3BvqXOoJaAPcW
pR+f8R+d4sVvJun+C4Fr02gVD1lI+QltTapz19UDwVQXTSVh556+aMTZYOtbiymF
Y0DWnzM/3R0+qTvsKf9V1MLtCz30NCeTepRnJziYG+2oIfpxElc7oq5W3AoYoraX
9NsfAMek0LIs+81dP9OoQi/WQ9JYgNe3r1G2J81wBiX33rmKKsMNX6GmV/o3V4Gr
YBVFBuD0X3sCFs4JmXhtcRImv2vMwUJ8eAoJbMbgiH/+gsWR66g/pH7bAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHyc/Iqtls84GMUemuum81iFIqEGMB8GA1UdIwQY
MBaAFM7NORxmDD5XxTuHwLUuwNLy9Cd1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenMwNUhHWU1QbGZGTzRmQXRTN0EwdkwwSjNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8wYTJlMDEtOWFhNi00OGM5LWI3OWEt
YTRkMzU5ZDkxMjUxLzEvZkp6OGlxMld6emdZeFI2YTY2YnpXSVVpb1FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8wYTJlMDEtOWFhNi00OGM5LWI3OWEtYTRkMzU5ZDkxMjUx
LzEvenMwNUhHWU1QbGZGTzRmQXRTN0EwdkwwSjNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwWt4MA0G
CSqGSIb3DQEBCwUAA4IBAQBuAR9Sc2p+BN+Wu0Is7iDSS3WCNNOE6sFlUguKC/vI
u2iD+2K0Cufo+3VqOCCljwKt42QfmXjb6ZPXRg3JMCePjwardsrkeaz4n2cNhUwF
2u8ri98vdsDIYNIZEkugCcT/6EePcR4/TOZcxNWwnh8SUbJQAakRWN4PAcIkAFjZ
iUpzq/ZayobkVma3Ovxeq4dX3CuSVR+69TnEGK7OiRt5qrh7Q10TvCaZ9dO29zWX
Gcy7zyvt3djuwZTkVo/hnVBa/PgFkr/7WJbd2vTpygb8NH+dlsWrHBKE+Osp9T0a
k2YKrWY+LhFmVn0g8awCSI8r46St1DZOWq3hzLYpuEgP
-----END CERTIFICATE-----