Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/FnnMqjYBcfSotGYxsm0skgZFnd4.roa
File:                     FnnMqjYBcfSotGYxsm0skgZFnd4.roa (raw, json)
Hash identifier:          iEAwGjam1cAyA33L4MgVAWpWSOoYGN7e5K/QHe4H8L4=
Subject key identifier:   16:79:CC:AA:36:01:71:F4:A8:B4:66:31:B2:6D:2C:92:06:45:9D:DE
Certificate issuer:       /CN=9863354a111af6d5e1ad10da38ad8144b6be868e
Certificate serial:       018CC727302FABE9652757E278F09CE969DF
Authority key identifier: 98:63:35:4A:11:1A:F6:D5:E1:AD:10:DA:38:AD:81:44:B6:BE:86:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGM1ShEa9tXhrRDaOK2BRLa-ho4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/FnnMqjYBcfSotGYxsm0skgZFnd4.roa
Signing time:             Mon 01 Jan 2024 22:31:23 +0000
ROA not before:           Mon 01 Jan 2024 22:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.135.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/mGM1ShEa9tXhrRDaOK2BRLa-ho4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/mGM1ShEa9tXhrRDaOK2BRLa-ho4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGM1ShEa9tXhrRDaOK2BRLa-ho4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:30:2f:ab:e9:65:27:57:e2:78:f0:9c:e9:69:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9863354a111af6d5e1ad10da38ad8144b6be868e
        Validity
            Not Before: Jan  1 22:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1679ccaa360171f4a8b46631b26d2c9206459dde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f7:bf:5c:4d:42:b1:9c:48:4a:8e:db:40:6b:
                    0a:4a:8e:17:63:51:5a:2d:0d:90:20:14:96:64:3a:
                    39:f8:01:a3:c4:95:b1:07:58:45:55:d7:cc:66:a2:
                    1f:53:e6:d8:4a:48:bf:de:35:d8:43:ae:f6:43:82:
                    9a:97:0d:67:2a:1c:2b:8f:32:c9:e2:e7:a0:f7:f4:
                    9f:fd:28:66:8a:b5:6a:c3:fd:fb:a0:eb:b6:58:6b:
                    fc:52:2e:5c:4f:41:2f:09:2a:be:ba:3d:7a:6c:77:
                    09:44:04:c7:e8:9a:60:65:e8:22:ea:53:1f:42:c3:
                    0b:4d:b7:e6:25:74:90:a9:54:01:55:e1:52:fc:79:
                    a8:f9:97:da:0b:04:36:94:c7:ab:30:6d:60:7f:f3:
                    3c:7c:61:9a:95:db:4f:10:11:e7:59:2e:c7:c6:19:
                    de:1b:fe:be:6e:b8:76:a5:4a:3c:34:93:6c:fa:28:
                    ff:4d:1b:5c:d0:39:ba:1a:c4:ff:fc:17:f8:a2:3e:
                    48:4e:7a:73:48:38:d6:b7:45:92:b2:25:cb:6f:72:
                    e8:91:69:ae:05:fd:ba:83:54:5f:76:28:c8:62:ac:
                    58:44:a3:07:5d:1d:38:70:7c:bf:60:97:80:9d:da:
                    02:f6:fb:c1:46:8e:5a:e7:af:00:12:43:30:db:63:
                    e9:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:79:CC:AA:36:01:71:F4:A8:B4:66:31:B2:6D:2C:92:06:45:9D:DE
            X509v3 Authority Key Identifier:
                keyid:98:63:35:4A:11:1A:F6:D5:E1:AD:10:DA:38:AD:81:44:B6:BE:86:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGM1ShEa9tXhrRDaOK2BRLa-ho4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/FnnMqjYBcfSotGYxsm0skgZFnd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/mGM1ShEa9tXhrRDaOK2BRLa-ho4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:77:fc:dd:b9:1d:f3:93:d6:f0:1a:ea:54:ca:a9:72:aa:74:
         fd:6f:9e:b5:b2:d0:10:dd:93:6d:c4:96:67:60:59:51:ad:59:
         f1:0d:2e:a0:6a:65:bf:9d:8d:0c:4f:31:0c:88:a7:6e:8f:25:
         6a:44:12:a3:75:e7:98:0f:19:5d:c5:62:5f:c9:01:6e:20:65:
         3d:d8:a5:a6:f0:ad:9b:e9:c4:8e:1d:ce:4a:73:5b:b7:82:05:
         62:ce:6e:87:ed:24:f0:17:ca:5b:8e:30:95:ea:87:db:84:56:
         fe:ee:55:c5:ab:6f:0d:58:88:ea:e0:4e:e9:99:52:12:c8:35:
         20:d7:9b:04:c6:2f:73:90:4d:e6:2c:0a:f9:c2:27:ff:89:02:
         8c:3e:ca:f2:d9:89:db:23:dd:99:c6:ab:ff:14:b6:2a:64:21:
         06:80:88:41:56:92:e5:90:ff:85:d1:20:d3:31:5f:d2:d4:fe:
         de:f7:ed:f8:6c:7e:07:8f:4a:9e:05:9b:a6:92:6c:bb:de:78:
         2d:18:1a:f3:29:85:77:e1:26:63:c4:df:44:48:2f:7b:3b:10:
         fc:a2:4c:26:64:c8:93:e6:0f:3e:cf:42:24:ed:40:3c:c5:ea:
         2f:e7:8b:50:45:95:a7:47:dd:a8:8e:b5:77:fc:62:e9:86:b5:
         d3:b3:88:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzAvq+llJ1fiePCc6WnfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NjMzNTRhMTExYWY2ZDVlMWFkMTBkYTM4YWQ4MTQ0YjZi
ZTg2OGUwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjc5Y2NhYTM2MDE3MWY0YThiNDY2MzFiMjZkMmM5MjA2NDU5ZGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/e/XE1CsZxISo7bQGsKSo4XY1Fa
LQ2QIBSWZDo5+AGjxJWxB1hFVdfMZqIfU+bYSki/3jXYQ672Q4Kalw1nKhwrjzLJ
4ueg9/Sf/ShmirVqw/37oOu2WGv8Ui5cT0EvCSq+uj16bHcJRATH6JpgZegi6lMf
QsMLTbfmJXSQqVQBVeFS/Hmo+ZfaCwQ2lMerMG1gf/M8fGGaldtPEBHnWS7Hxhne
G/6+brh2pUo8NJNs+ij/TRtc0Dm6GsT//Bf4oj5ITnpzSDjWt0WSsiXLb3LokWmu
Bf26g1RfdijIYqxYRKMHXR04cHy/YJeAndoC9vvBRo5a568AEkMw22PpawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZ5zKo2AXH0qLRmMbJtLJIGRZ3eMB8GA1UdIwQY
MBaAFJhjNUoRGvbV4a0Q2jitgUS2voaOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdNMVNoRWE5dFhoclJEYU9LMkJSTGEtaG80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9iZWE4NDctYTc4My00ODlkLWFlNGIt
NTNmNTc1MDRlZjM1LzEvRm5uTXFqWUJjZlNvdEdZeHNtMHNrZ1pGbmQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9iZWE4NDctYTc4My00ODlkLWFlNGItNTNmNTc1MDRlZjM1
LzEvbUdNMVNoRWE5dFhoclJEYU9LMkJSTGEtaG80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYdlMA0G
CSqGSIb3DQEBCwUAA4IBAQAHd/zduR3zk9bwGupUyqlyqnT9b561stAQ3ZNtxJZn
YFlRrVnxDS6gamW/nY0MTzEMiKdujyVqRBKjdeeYDxldxWJfyQFuIGU92KWm8K2b
6cSOHc5Kc1u3ggVizm6H7STwF8pbjjCV6ofbhFb+7lXFq28NWIjq4E7pmVISyDUg
15sExi9zkE3mLAr5wif/iQKMPsry2YnbI92Zxqv/FLYqZCEGgIhBVpLlkP+F0SDT
MV/S1P7e9+34bH4Hj0qeBZumkmy73ngtGBrzKYV34SZjxN9ESC97OxD8okwmZMiT
5g8+z0Ik7UA8xeov54tQRZWnR92ojrV3/GLphrXTs4hH
-----END CERTIFICATE-----