Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/f6bbd3-ae27-4dc7-b669-c5263b3303b9/1/fGS4Qm6bByFCPY6OBq6viKOXubc.roa
File:                     fGS4Qm6bByFCPY6OBq6viKOXubc.roa (raw, json)
Hash identifier:          wbYq/hZalUp/of08mx8csnnDXC37XPFhDtHcUlz3U10=
Subject key identifier:   7C:64:B8:42:6E:9B:07:21:42:3D:8E:8E:06:AE:AF:88:A3:97:B9:B7
Certificate issuer:       /CN=9f3f9871536d60bf74bdf69060c90d54107d8e38
Certificate serial:       018CC94C16E349F68840B7D8B77EE826B6A0
Authority key identifier: 9F:3F:98:71:53:6D:60:BF:74:BD:F6:90:60:C9:0D:54:10:7D:8E:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nz-YcVNtYL90vfaQYMkNVBB9jjg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/f6bbd3-ae27-4dc7-b669-c5263b3303b9/1/fGS4Qm6bByFCPY6OBq6viKOXubc.roa
Signing time:             Tue 02 Jan 2024 08:30:56 +0000
ROA not before:           Tue 02 Jan 2024 08:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60111
IP address blocks:        185.254.128.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/f6bbd3-ae27-4dc7-b669-c5263b3303b9/1/nz-YcVNtYL90vfaQYMkNVBB9jjg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/f6bbd3-ae27-4dc7-b669-c5263b3303b9/1/nz-YcVNtYL90vfaQYMkNVBB9jjg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nz-YcVNtYL90vfaQYMkNVBB9jjg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:16:e3:49:f6:88:40:b7:d8:b7:7e:e8:26:b6:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f3f9871536d60bf74bdf69060c90d54107d8e38
        Validity
            Not Before: Jan  2 08:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c64b8426e9b0721423d8e8e06aeaf88a397b9b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:70:77:ee:9a:cf:6b:22:a7:30:b5:4c:df:39:
                    a7:9c:66:e2:a0:43:82:a2:19:61:7b:61:33:b8:a6:
                    5e:6d:6e:1e:4d:df:f6:cc:b6:97:40:c0:a6:ce:b2:
                    5c:6e:5f:0d:ad:dd:68:53:35:6b:9e:d7:87:8b:c4:
                    87:f5:0f:3a:5a:fa:5d:33:61:ca:8d:3e:74:b3:bb:
                    65:6c:67:3a:a0:29:61:84:f9:02:d2:01:d0:d5:80:
                    e0:1f:08:a6:1e:c4:2f:e6:f1:22:f4:c5:9a:48:77:
                    65:b4:65:94:8e:b3:45:fd:b7:a5:ac:ad:02:09:33:
                    43:83:80:c9:b7:82:91:52:c0:1d:21:84:27:be:04:
                    4d:ec:71:ea:d5:a4:02:a9:a8:5b:6b:97:3a:2f:d2:
                    30:00:34:50:82:0c:d1:41:af:15:56:b7:39:92:dc:
                    40:d6:2c:6f:bb:58:71:ca:46:c4:79:cc:c9:5b:65:
                    35:94:c9:ac:79:2a:ca:08:16:0d:83:9c:c2:95:99:
                    7a:32:6b:f9:e7:25:bc:6b:41:29:ed:5a:ca:f5:c3:
                    70:e4:8e:de:ab:89:95:fe:37:22:f5:e3:0b:1a:a0:
                    25:5c:3b:0f:e6:2c:1b:a0:90:da:db:62:15:92:a9:
                    df:80:bd:0c:52:26:ed:d2:62:6b:66:84:35:5a:b2:
                    a7:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:64:B8:42:6E:9B:07:21:42:3D:8E:8E:06:AE:AF:88:A3:97:B9:B7
            X509v3 Authority Key Identifier:
                keyid:9F:3F:98:71:53:6D:60:BF:74:BD:F6:90:60:C9:0D:54:10:7D:8E:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nz-YcVNtYL90vfaQYMkNVBB9jjg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f6bbd3-ae27-4dc7-b669-c5263b3303b9/1/fGS4Qm6bByFCPY6OBq6viKOXubc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f6bbd3-ae27-4dc7-b669-c5263b3303b9/1/nz-YcVNtYL90vfaQYMkNVBB9jjg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:cc:b5:0b:ef:0f:5a:b6:e5:78:76:4f:d3:64:d6:4f:b6:a4:
         1a:6b:3e:04:4a:61:3d:ab:a3:b4:45:94:83:67:a3:80:6d:3c:
         2a:17:27:9c:8d:fd:16:a9:07:d5:24:88:8c:d8:72:b4:a0:45:
         31:7b:0e:84:38:e2:71:0d:75:6d:f4:38:cf:20:c6:5d:db:94:
         13:49:e5:e4:18:0e:6d:5f:4e:b7:be:75:9f:a8:98:1f:5a:0d:
         1c:fc:3f:27:d3:9a:d8:14:f7:4b:6a:a2:01:0c:b3:c4:e0:09:
         89:89:0b:15:3a:73:94:37:51:90:c3:e7:c1:36:56:3c:7f:bb:
         5b:90:e2:07:a8:37:8f:e8:8e:f2:86:16:92:d0:8d:89:00:08:
         5a:e5:59:92:3d:b2:b5:8a:93:f6:b4:2b:bc:fb:ac:f4:50:d3:
         68:70:e1:b6:38:e3:58:e9:7b:06:ba:cb:10:f9:6d:18:ec:0c:
         d0:34:80:83:05:00:d2:a7:97:ac:18:12:9c:d9:29:89:33:d7:
         dc:a7:08:48:ff:92:2a:78:a7:a0:c1:33:37:30:4b:a4:9f:b6:
         71:66:29:06:68:ba:52:62:58:ce:b2:a1:2a:3a:d3:0e:7d:dc:
         9b:87:12:4d:c4:aa:71:df:a6:14:4c:41:7a:65:ee:c4:7f:16:
         9f:d7:2c:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTBbjSfaIQLfYt37oJragMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmM2Y5ODcxNTM2ZDYwYmY3NGJkZjY5MDYwYzkwZDU0MTA3
ZDhlMzgwHhcNMjQwMTAyMDgzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzY0Yjg0MjZlOWIwNzIxNDIzZDhlOGUwNmFlYWY4OGEzOTdiOWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnB37prPayKnMLVM3zmnnGbioEOC
ohlhe2EzuKZebW4eTd/2zLaXQMCmzrJcbl8Nrd1oUzVrnteHi8SH9Q86WvpdM2HK
jT50s7tlbGc6oClhhPkC0gHQ1YDgHwimHsQv5vEi9MWaSHdltGWUjrNF/belrK0C
CTNDg4DJt4KRUsAdIYQnvgRN7HHq1aQCqahba5c6L9IwADRQggzRQa8VVrc5ktxA
1ixvu1hxykbEeczJW2U1lMmseSrKCBYNg5zClZl6Mmv55yW8a0Ep7VrK9cNw5I7e
q4mV/jci9eMLGqAlXDsP5iwboJDa22IVkqnfgL0MUibt0mJrZoQ1WrKnDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHxkuEJumwchQj2Ojgaur4ijl7m3MB8GA1UdIwQY
MBaAFJ8/mHFTbWC/dL32kGDJDVQQfY44MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnotWWNWTnRZTDkwdmZhUVlNa05WQkI5ampnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9mNmJiZDMtYWUyNy00ZGM3LWI2Njkt
YzUyNjNiMzMwM2I5LzEvZkdTNFFtNmJCeUZDUFk2T0JxNnZpS09YdWJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9mNmJiZDMtYWUyNy00ZGM3LWI2NjktYzUyNjNiMzMwM2I5
LzEvbnotWWNWTnRZTDkwdmZhUVlNa05WQkI5ampnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuf6AMA0G
CSqGSIb3DQEBCwUAA4IBAQBZzLUL7w9atuV4dk/TZNZPtqQaaz4ESmE9q6O0RZSD
Z6OAbTwqFyecjf0WqQfVJIiM2HK0oEUxew6EOOJxDXVt9DjPIMZd25QTSeXkGA5t
X063vnWfqJgfWg0c/D8n05rYFPdLaqIBDLPE4AmJiQsVOnOUN1GQw+fBNlY8f7tb
kOIHqDeP6I7yhhaS0I2JAAha5VmSPbK1ipP2tCu8+6z0UNNocOG2OONY6XsGussQ
+W0Y7AzQNICDBQDSp5esGBKc2SmJM9fcpwhI/5IqeKegwTM3MEukn7ZxZikGaLpS
YljOsqEqOtMOfdybhxJNxKpx36YUTEF6Ze7Efxaf1yzO
-----END CERTIFICATE-----