Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/0079e8-c246-4c38-9052-673670e6ef09/1/FEpjWXEZJeNhdjer9k9eB_mKUSw.roa
File:                     FEpjWXEZJeNhdjer9k9eB_mKUSw.roa (raw, json)
Hash identifier:          FiNEEFRoSK/m9Pghq1smeBdlv9bLniHLhsXiURSZpug=
Subject key identifier:   14:4A:63:59:71:19:25:E3:61:76:37:AB:F6:4F:5E:07:F9:8A:51:2C
Certificate issuer:       /CN=ddf09cf96e5fc874ee939097c5651c8bd842e6ad
Certificate serial:       01921F1231C264C1DAFBB787DFD561766543
Authority key identifier: DD:F0:9C:F9:6E:5F:C8:74:EE:93:90:97:C5:65:1C:8B:D8:42:E6:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fCc-W5fyHTuk5CXxWUci9hC5q0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/0079e8-c246-4c38-9052-673670e6ef09/1/FEpjWXEZJeNhdjer9k9eB_mKUSw.roa
Signing time:             Mon 23 Sep 2024 13:28:58 +0000
ROA not before:           Mon 23 Sep 2024 13:28:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50487
IP address blocks:        195.191.104.0/23 maxlen: 23
                          195.191.104.0/24 maxlen: 24
                          195.191.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/0079e8-c246-4c38-9052-673670e6ef09/1/3fCc-W5fyHTuk5CXxWUci9hC5q0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/0079e8-c246-4c38-9052-673670e6ef09/1/3fCc-W5fyHTuk5CXxWUci9hC5q0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3fCc-W5fyHTuk5CXxWUci9hC5q0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1f:12:31:c2:64:c1:da:fb:b7:87:df:d5:61:76:65:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf09cf96e5fc874ee939097c5651c8bd842e6ad
        Validity
            Not Before: Sep 23 13:28:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=144a6359711925e3617637abf64f5e07f98a512c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:52:08:b7:b6:77:ee:e8:2a:6b:2c:f4:90:54:
                    ac:58:ee:12:f7:42:e6:b8:3b:14:a9:cc:65:ec:70:
                    96:fd:19:5a:97:0a:a8:ec:79:e5:08:92:b5:d1:17:
                    a0:64:e2:7d:35:45:24:f3:b0:69:f5:f8:8a:94:51:
                    d0:50:3b:00:f6:75:6b:8d:fd:ad:cb:48:71:bc:a9:
                    3f:6e:61:cf:f9:d0:9b:24:1a:f8:c5:ea:b1:fa:cc:
                    63:7a:b7:51:55:13:55:40:27:a9:1a:e5:08:45:b5:
                    58:34:91:64:c8:4e:c6:0e:bc:e6:88:f3:bd:0d:39:
                    fe:96:63:06:e0:25:f4:fc:b4:78:7b:77:fc:bb:21:
                    7a:07:e5:7c:9d:a4:a4:76:ec:72:cc:38:33:4b:a8:
                    b0:44:df:4a:db:92:a2:ac:c2:bb:85:d6:60:d4:bc:
                    43:25:25:78:93:c1:2f:b8:01:3e:25:a3:c9:52:a1:
                    56:af:a9:b9:31:24:9d:bb:f4:24:8e:aa:7f:fd:23:
                    b1:da:fe:55:cf:02:f1:0c:af:37:33:bf:d6:49:1d:
                    49:59:73:36:58:13:8c:cb:19:fe:eb:e4:84:6f:ce:
                    99:e1:bc:34:95:4a:0f:a2:3f:4d:29:7d:79:5b:86:
                    64:fe:f7:a8:c9:8d:f2:ba:ab:43:6a:d1:b5:c1:ad:
                    ea:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:4A:63:59:71:19:25:E3:61:76:37:AB:F6:4F:5E:07:F9:8A:51:2C
            X509v3 Authority Key Identifier:
                keyid:DD:F0:9C:F9:6E:5F:C8:74:EE:93:90:97:C5:65:1C:8B:D8:42:E6:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fCc-W5fyHTuk5CXxWUci9hC5q0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/0079e8-c246-4c38-9052-673670e6ef09/1/FEpjWXEZJeNhdjer9k9eB_mKUSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/0079e8-c246-4c38-9052-673670e6ef09/1/3fCc-W5fyHTuk5CXxWUci9hC5q0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:4b:77:eb:a0:ee:dc:30:85:54:90:ae:ee:7a:fe:98:fc:b2:
         85:45:9a:08:58:f9:64:94:dd:d0:3e:56:21:dc:0a:37:28:49:
         61:08:29:09:89:58:f9:4e:64:15:fd:f2:09:03:50:4d:d3:a7:
         c6:c8:9c:8e:77:de:8e:64:89:87:ae:d8:79:bd:ff:2f:bb:f0:
         c9:4e:e1:04:27:f6:05:a2:d4:09:48:c5:2a:4f:2b:f8:1f:c3:
         26:25:f1:26:f3:66:dc:1e:89:75:ce:35:3c:cc:3d:85:2b:7c:
         e5:33:12:de:2a:2d:10:58:31:40:e5:b1:31:b9:4e:39:f3:e1:
         2c:ce:6d:3b:5a:3c:54:11:0e:df:2e:ef:60:a6:2a:09:79:38:
         b4:a0:d0:f1:74:84:c3:f3:06:fd:74:bc:32:bf:bc:b4:28:17:
         30:b5:fc:03:a9:9b:3d:4d:11:2f:82:a5:1e:fe:0b:f3:f4:58:
         e4:b7:cb:91:91:47:ca:28:a0:ae:a2:c2:e8:11:59:fc:8b:d3:
         87:05:bc:f0:aa:5e:76:5d:63:ab:82:5b:50:a0:51:9c:c3:f2:
         5e:e2:71:da:d9:5f:df:79:90:28:20:a0:e6:7c:25:b1:81:6d:
         c9:46:60:44:89:2c:d4:79:d6:42:86:18:3a:62:f9:f9:db:9b:
         0a:cb:7d:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIfEjHCZMHa+7eH39VhdmVDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjA5Y2Y5NmU1ZmM4NzRlZTkzOTA5N2M1NjUxYzhiZDg0
MmU2YWQwHhcNMjQwOTIzMTMyODU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDRhNjM1OTcxMTkyNWUzNjE3NjM3YWJmNjRmNWUwN2Y5OGE1MTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA91IIt7Z37ugqayz0kFSsWO4S90Lm
uDsUqcxl7HCW/Rlalwqo7HnlCJK10RegZOJ9NUUk87Bp9fiKlFHQUDsA9nVrjf2t
y0hxvKk/bmHP+dCbJBr4xeqx+sxjerdRVRNVQCepGuUIRbVYNJFkyE7GDrzmiPO9
DTn+lmMG4CX0/LR4e3f8uyF6B+V8naSkduxyzDgzS6iwRN9K25KirMK7hdZg1LxD
JSV4k8EvuAE+JaPJUqFWr6m5MSSdu/Qkjqp//SOx2v5VzwLxDK83M7/WSR1JWXM2
WBOMyxn+6+SEb86Z4bw0lUoPoj9NKX15W4Zk/veoyY3yuqtDatG1wa3qeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRKY1lxGSXjYXY3q/ZPXgf5ilEsMB8GA1UdIwQY
MBaAFN3wnPluX8h07pOQl8VlHIvYQuatMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZDYy1XNWZ5SFR1azVDWHhXVWNpOWhDNXEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wMDc5ZTgtYzI0Ni00YzM4LTkwNTIt
NjczNjcwZTZlZjA5LzEvRkVwaldYRVpKZU5oZGplcjlrOWVCX21LVVN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wMDc5ZTgtYzI0Ni00YzM4LTkwNTItNjczNjcwZTZlZjA5
LzEvM2ZDYy1XNWZ5SFR1azVDWHhXVWNpOWhDNXEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw79oMA0G
CSqGSIb3DQEBCwUAA4IBAQCKS3froO7cMIVUkK7uev6Y/LKFRZoIWPlklN3QPlYh
3Ao3KElhCCkJiVj5TmQV/fIJA1BN06fGyJyOd96OZImHrth5vf8vu/DJTuEEJ/YF
otQJSMUqTyv4H8MmJfEm82bcHol1zjU8zD2FK3zlMxLeKi0QWDFA5bExuU458+Es
zm07WjxUEQ7fLu9gpioJeTi0oNDxdITD8wb9dLwyv7y0KBcwtfwDqZs9TREvgqUe
/gvz9Fjkt8uRkUfKKKCuosLoEVn8i9OHBbzwql52XWOrgltQoFGcw/Je4nHa2V/f
eZAoIKDmfCWxgW3JRmBEiSzUedZChhg6Yvn525sKy31k
-----END CERTIFICATE-----