Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/6520c4-77ce-4638-b2ac-dc9fccd5fe01/1/D4uFIZek-DZu8CsCv5rYpkk_jYo.roa
File:                     D4uFIZek-DZu8CsCv5rYpkk_jYo.roa (raw, json)
Hash identifier:          kmx4ODD0LzVorPgPDTX313g0zO6it97QkKZrsRLmSWs=
Subject key identifier:   0F:8B:85:21:97:A4:F8:36:6E:F0:2B:02:BF:9A:D8:A6:49:3F:8D:8A
Certificate issuer:       /CN=fdf1acf27d1e44bcf91271fb6750155c4355ff39
Certificate serial:       018CC5DC0346F2ED56A2743D0F191FD06741
Authority key identifier: FD:F1:AC:F2:7D:1E:44:BC:F9:12:71:FB:67:50:15:5C:43:55:FF:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_fGs8n0eRLz5EnH7Z1AVXENV_zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/6520c4-77ce-4638-b2ac-dc9fccd5fe01/1/D4uFIZek-DZu8CsCv5rYpkk_jYo.roa
Signing time:             Mon 01 Jan 2024 16:29:39 +0000
ROA not before:           Mon 01 Jan 2024 16:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50143
IP address blocks:        193.104.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/6520c4-77ce-4638-b2ac-dc9fccd5fe01/1/_fGs8n0eRLz5EnH7Z1AVXENV_zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/6520c4-77ce-4638-b2ac-dc9fccd5fe01/1/_fGs8n0eRLz5EnH7Z1AVXENV_zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_fGs8n0eRLz5EnH7Z1AVXENV_zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 04:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:03:46:f2:ed:56:a2:74:3d:0f:19:1f:d0:67:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdf1acf27d1e44bcf91271fb6750155c4355ff39
        Validity
            Not Before: Jan  1 16:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f8b852197a4f8366ef02b02bf9ad8a6493f8d8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:40:ce:e3:f8:b1:4a:50:75:3b:cd:cd:14:cd:
                    49:03:03:8f:76:60:a1:e5:fb:8c:c6:be:f7:b1:81:
                    3d:23:35:e6:bb:e0:f9:f7:e2:f8:ba:26:94:ea:ca:
                    18:bb:43:42:2b:cc:67:cc:35:dc:3d:b3:db:16:3e:
                    50:95:de:24:78:5e:1c:1a:43:99:5a:da:5d:29:c8:
                    b7:2d:2b:ae:2a:55:b1:2f:df:f5:80:a5:11:b5:be:
                    14:69:de:94:11:ba:eb:90:37:c4:60:59:aa:a6:0a:
                    2d:33:13:bf:5f:af:c6:93:63:a8:fc:14:6c:73:e5:
                    4a:f2:7d:a2:f8:00:9b:e9:b4:f6:9a:f9:dc:a1:aa:
                    ac:20:ec:1b:b7:82:23:a2:74:b5:42:80:da:bd:f3:
                    86:00:bf:6f:51:29:12:41:8e:93:51:a2:e3:e3:0d:
                    43:9a:c0:87:ef:3e:d8:b6:a7:9b:59:9a:6a:88:ef:
                    cc:6d:de:73:b6:c8:91:a0:2a:51:cd:d8:d3:1c:7b:
                    c7:6d:6e:d5:af:24:72:de:4d:10:af:67:e2:04:4d:
                    c4:3d:f3:b8:47:2a:70:9e:2d:8b:26:64:0a:ff:eb:
                    87:2c:01:cc:de:76:a2:2c:24:22:72:fb:41:47:2e:
                    94:ec:99:fe:0a:b3:54:a2:96:02:b9:7e:5d:ae:01:
                    ce:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:8B:85:21:97:A4:F8:36:6E:F0:2B:02:BF:9A:D8:A6:49:3F:8D:8A
            X509v3 Authority Key Identifier:
                keyid:FD:F1:AC:F2:7D:1E:44:BC:F9:12:71:FB:67:50:15:5C:43:55:FF:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_fGs8n0eRLz5EnH7Z1AVXENV_zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/6520c4-77ce-4638-b2ac-dc9fccd5fe01/1/D4uFIZek-DZu8CsCv5rYpkk_jYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/6520c4-77ce-4638-b2ac-dc9fccd5fe01/1/_fGs8n0eRLz5EnH7Z1AVXENV_zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:40:27:5c:20:bf:f7:c5:2c:cf:26:39:d0:b7:78:64:44:dd:
         4b:23:40:45:b6:10:48:29:3b:e1:b6:08:45:a2:12:7b:79:4e:
         f3:49:ff:f1:fd:56:df:ef:7c:99:c5:f0:d5:e7:8e:8f:a9:e3:
         b8:2e:d6:21:25:1d:f3:10:89:26:aa:23:6e:08:6d:08:6e:bb:
         0e:ac:41:5b:70:ad:2a:25:37:3b:b5:9c:b9:e3:42:44:e2:a7:
         e8:46:58:47:28:d2:5c:50:77:fd:04:54:f8:7c:ab:e9:6f:e0:
         48:f4:dd:a8:9b:d5:26:b5:bd:f0:b8:82:b2:8c:15:be:42:2e:
         d0:62:20:6f:e6:59:06:30:26:9b:f5:13:97:40:88:31:e6:33:
         79:47:7c:2a:61:38:d8:09:7c:fb:b3:12:16:95:f4:f2:30:f2:
         69:94:82:bd:e7:db:84:b3:95:60:99:33:da:ec:9b:94:f7:1f:
         cd:eb:71:42:4e:ef:7c:73:ce:43:c3:13:ea:59:06:aa:91:1c:
         b2:08:96:ab:99:a6:e4:f3:82:0f:92:5c:0d:c0:81:ec:c0:da:
         de:de:68:3b:a6:1b:9a:31:da:3a:eb:aa:ba:35:f9:7a:e0:a8:
         2b:d7:c8:f7:c3:49:c2:26:a8:6d:d8:5b:e8:86:46:16:77:ef:
         b2:cd:6c:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3ANG8u1WonQ9Dxkf0GdBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZjFhY2YyN2QxZTQ0YmNmOTEyNzFmYjY3NTAxNTVjNDM1
NWZmMzkwHhcNMjQwMTAxMTYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjhiODUyMTk3YTRmODM2NmVmMDJiMDJiZjlhZDhhNjQ5M2Y4ZDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0DO4/ixSlB1O83NFM1JAwOPdmCh
5fuMxr73sYE9IzXmu+D59+L4uiaU6soYu0NCK8xnzDXcPbPbFj5Qld4keF4cGkOZ
WtpdKci3LSuuKlWxL9/1gKURtb4Uad6UEbrrkDfEYFmqpgotMxO/X6/Gk2Oo/BRs
c+VK8n2i+ACb6bT2mvncoaqsIOwbt4IjonS1QoDavfOGAL9vUSkSQY6TUaLj4w1D
msCH7z7YtqebWZpqiO/Mbd5ztsiRoCpRzdjTHHvHbW7VryRy3k0Qr2fiBE3EPfO4
Rypwni2LJmQK/+uHLAHM3naiLCQicvtBRy6U7Jn+CrNUopYCuX5drgHO6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+LhSGXpPg2bvArAr+a2KZJP42KMB8GA1UdIwQY
MBaAFP3xrPJ9HkS8+RJx+2dQFVxDVf85MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2ZHczhuMGVSTHo1RW5IN1oxQVZYRU5WX3prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC82NTIwYzQtNzdjZS00NjM4LWIyYWMt
ZGM5ZmNjZDVmZTAxLzEvRDR1RklaZWstRFp1OENzQ3Y1cllwa2tfallvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC82NTIwYzQtNzdjZS00NjM4LWIyYWMtZGM5ZmNjZDVmZTAx
LzEvX2ZHczhuMGVSTHo1RW5IN1oxQVZYRU5WX3prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWh9MA0G
CSqGSIb3DQEBCwUAA4IBAQCkQCdcIL/3xSzPJjnQt3hkRN1LI0BFthBIKTvhtghF
ohJ7eU7zSf/x/Vbf73yZxfDV546PqeO4LtYhJR3zEIkmqiNuCG0IbrsOrEFbcK0q
JTc7tZy540JE4qfoRlhHKNJcUHf9BFT4fKvpb+BI9N2om9Umtb3wuIKyjBW+Qi7Q
YiBv5lkGMCab9ROXQIgx5jN5R3wqYTjYCXz7sxIWlfTyMPJplIK959uEs5VgmTPa
7JuU9x/N63FCTu98c85DwxPqWQaqkRyyCJarmabk84IPklwNwIHswNre3mg7phua
Mdo666q6Nfl64Kgr18j3w0nCJqht2FvohkYWd++yzWzP
-----END CERTIFICATE-----