Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/2210c7-9959-44f7-ada6-efd3ae985ee4/1/FcspeF0GZcukrdEqdKy1WB6zbu4.roa
File:                     FcspeF0GZcukrdEqdKy1WB6zbu4.roa (raw, json)
Hash identifier:          54qKQvRQYWmDDW99MPFIqkEivC8K31zKEMjirLBoEek=
Subject key identifier:   15:CB:29:78:5D:06:65:CB:A4:AD:D1:2A:74:AC:B5:58:1E:B3:6E:EE
Certificate issuer:       /CN=82cc171e3dc846711e056e2e36241dac994a600d
Certificate serial:       018CC801515A000B12586BC7A0C6D4369295
Authority key identifier: 82:CC:17:1E:3D:C8:46:71:1E:05:6E:2E:36:24:1D:AC:99:4A:60:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gswXHj3IRnEeBW4uNiQdrJlKYA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/2210c7-9959-44f7-ada6-efd3ae985ee4/1/FcspeF0GZcukrdEqdKy1WB6zbu4.roa
Signing time:             Tue 02 Jan 2024 02:29:38 +0000
ROA not before:           Tue 02 Jan 2024 02:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59579
IP address blocks:        193.41.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/2210c7-9959-44f7-ada6-efd3ae985ee4/1/gswXHj3IRnEeBW4uNiQdrJlKYA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/2210c7-9959-44f7-ada6-efd3ae985ee4/1/gswXHj3IRnEeBW4uNiQdrJlKYA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gswXHj3IRnEeBW4uNiQdrJlKYA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:51:5a:00:0b:12:58:6b:c7:a0:c6:d4:36:92:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82cc171e3dc846711e056e2e36241dac994a600d
        Validity
            Not Before: Jan  2 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15cb29785d0665cba4add12a74acb5581eb36eee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c1:1f:4f:49:03:df:9f:68:ff:80:fe:70:2e:
                    69:db:5e:13:d4:b5:9b:83:14:d3:18:42:60:51:ea:
                    55:60:10:c4:fb:2a:44:1b:f1:4f:d9:70:95:74:41:
                    6c:37:98:dd:fb:a6:e0:1d:c8:9c:b9:15:82:c1:be:
                    9e:2a:9a:0e:48:ef:b3:27:85:90:06:22:77:98:75:
                    fb:51:be:bd:da:b2:14:6c:58:6c:44:fc:ca:48:fc:
                    c4:41:0b:ac:c9:80:08:99:e5:ca:e0:eb:c5:70:e6:
                    8f:8f:9c:ac:3d:2b:1b:4f:09:a3:af:21:f1:de:2f:
                    f2:94:71:f3:77:8d:61:16:a3:68:5c:7e:b6:09:42:
                    85:12:77:0d:65:43:c1:b9:78:e8:0d:27:03:23:d9:
                    a1:d9:9e:f6:b3:d0:a1:69:ac:59:4a:1a:e4:61:f1:
                    8d:d0:a4:78:75:13:c5:4a:d2:74:03:c8:ed:78:21:
                    a1:a2:ad:13:48:3a:72:17:6f:a4:e6:c2:6b:1c:40:
                    08:20:9d:0d:69:f7:59:c4:94:d5:3f:fe:a5:c7:f0:
                    b8:60:ec:b7:f4:87:20:2b:80:9b:80:78:e3:69:cf:
                    74:8d:07:e2:a5:84:27:7e:bf:59:a9:ee:6c:90:6f:
                    5d:7f:ae:1b:73:ef:6b:36:79:be:40:6d:32:00:8c:
                    b6:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:CB:29:78:5D:06:65:CB:A4:AD:D1:2A:74:AC:B5:58:1E:B3:6E:EE
            X509v3 Authority Key Identifier:
                keyid:82:CC:17:1E:3D:C8:46:71:1E:05:6E:2E:36:24:1D:AC:99:4A:60:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gswXHj3IRnEeBW4uNiQdrJlKYA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/2210c7-9959-44f7-ada6-efd3ae985ee4/1/FcspeF0GZcukrdEqdKy1WB6zbu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/2210c7-9959-44f7-ada6-efd3ae985ee4/1/gswXHj3IRnEeBW4uNiQdrJlKYA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:ca:32:db:b9:9f:43:1d:14:48:65:39:53:00:80:90:3b:b5:
         a1:4a:1f:2f:65:7c:86:6d:a3:18:48:f7:6a:8e:ea:c6:4d:c2:
         75:80:54:aa:f3:ae:de:f2:3a:f9:ab:d5:58:68:c7:5a:10:9b:
         a3:fe:6c:0f:89:cb:b2:df:28:b5:f8:b3:3a:56:f3:5a:4b:a9:
         84:2f:f6:27:2b:4a:37:ba:db:bf:45:16:88:ea:35:51:a6:72:
         8d:f6:09:6b:e4:83:87:54:9c:76:2a:77:eb:49:86:81:d3:b2:
         65:87:8e:4d:f7:6a:b1:b1:1c:f6:f8:e9:1f:56:d9:0d:d9:a8:
         15:fb:23:42:1b:59:1c:94:af:da:18:9a:9a:c9:2f:22:f7:57:
         ec:e7:36:c1:6e:34:c9:64:38:7e:1d:5c:f0:a0:67:ec:d3:7e:
         9d:cb:1a:81:17:e1:9f:18:ea:f4:da:a3:f2:08:e4:38:e9:72:
         be:9c:9a:fc:98:4f:83:df:c3:c8:24:d2:66:64:93:62:ff:3d:
         d2:68:1d:db:7e:65:4a:f9:a9:c2:f8:30:c2:b3:0a:8f:07:6d:
         bb:bf:ab:5e:68:b3:c2:0c:f2:f2:92:73:19:b3:2a:80:18:e2:
         8f:8a:79:53:37:a1:89:ab:4b:bf:35:ef:81:4d:99:a7:3a:ef:
         3e:18:20:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVFaAAsSWGvHoMbUNpKVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyY2MxNzFlM2RjODQ2NzExZTA1NmUyZTM2MjQxZGFjOTk0
YTYwMGQwHhcNMjQwMTAyMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWNiMjk3ODVkMDY2NWNiYTRhZGQxMmE3NGFjYjU1ODFlYjM2ZWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8EfT0kD359o/4D+cC5p214T1LWb
gxTTGEJgUepVYBDE+ypEG/FP2XCVdEFsN5jd+6bgHcicuRWCwb6eKpoOSO+zJ4WQ
BiJ3mHX7Ub692rIUbFhsRPzKSPzEQQusyYAImeXK4OvFcOaPj5ysPSsbTwmjryHx
3i/ylHHzd41hFqNoXH62CUKFEncNZUPBuXjoDScDI9mh2Z72s9ChaaxZShrkYfGN
0KR4dRPFStJ0A8jteCGhoq0TSDpyF2+k5sJrHEAIIJ0NafdZxJTVP/6lx/C4YOy3
9IcgK4CbgHjjac90jQfipYQnfr9Zqe5skG9df64bc+9rNnm+QG0yAIy28wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBXLKXhdBmXLpK3RKnSstVges27uMB8GA1UdIwQY
MBaAFILMFx49yEZxHgVuLjYkHayZSmANMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3N3WEhqM0lSbkVlQlc0dU5pUWRySmxLWUEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8yMjEwYzctOTk1OS00NGY3LWFkYTYt
ZWZkM2FlOTg1ZWU0LzEvRmNzcGVGMEdaY3VrcmRFcWRLeTFXQjZ6YnU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8yMjEwYzctOTk1OS00NGY3LWFkYTYtZWZkM2FlOTg1ZWU0
LzEvZ3N3WEhqM0lSbkVlQlc0dU5pUWRySmxLWUEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSksMA0G
CSqGSIb3DQEBCwUAA4IBAQA6yjLbuZ9DHRRIZTlTAICQO7WhSh8vZXyGbaMYSPdq
jurGTcJ1gFSq867e8jr5q9VYaMdaEJuj/mwPicuy3yi1+LM6VvNaS6mEL/YnK0o3
utu/RRaI6jVRpnKN9glr5IOHVJx2KnfrSYaB07Jlh45N92qxsRz2+OkfVtkN2agV
+yNCG1kclK/aGJqayS8i91fs5zbBbjTJZDh+HVzwoGfs036dyxqBF+GfGOr02qPy
COQ46XK+nJr8mE+D38PIJNJmZJNi/z3SaB3bfmVK+anC+DDCswqPB227v6teaLPC
DPLyknMZsyqAGOKPinlTN6GJq0u/Ne+BTZmnOu8+GCBe
-----END CERTIFICATE-----