Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/Fwqo1nrAkhQsnstZP3TQVGBMpzI.roa
File:                     Fwqo1nrAkhQsnstZP3TQVGBMpzI.roa (raw, json)
Hash identifier:          US5MynMU5AgeLWjv9x0GGM39Zkh+D/o+s0+mlo++9q0=
Subject key identifier:   17:0A:A8:D6:7A:C0:92:14:2C:9E:CB:59:3F:74:D0:54:60:4C:A7:32
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348D83B3AB778341CD90D8E56652E6C
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/Fwqo1nrAkhQsnstZP3TQVGBMpzI.roa
Signing time:             Mon 01 Jan 2024 04:29:40 +0000
ROA not before:           Mon 01 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41503
IP address blocks:        194.209.23.0/24 maxlen: 24
                          212.243.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 05:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d8:3b:3a:b7:78:34:1c:d9:0d:8e:56:65:2e:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=170aa8d67ac092142c9ecb593f74d054604ca732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:de:b3:4e:a9:45:2f:7e:ad:b1:96:14:6a:7d:
                    49:d2:24:e4:32:fc:ab:32:2c:9b:58:2d:e2:df:bd:
                    00:dc:45:89:48:35:23:33:e4:ab:13:4f:2e:68:e8:
                    d4:3e:59:05:44:11:74:09:f2:95:d4:45:6b:39:f1:
                    ac:0a:09:a4:e5:9b:93:f8:f3:c6:0b:05:37:ed:ca:
                    3d:7e:51:4f:77:89:08:64:e2:e4:04:8c:9f:0f:0f:
                    59:2b:54:c4:58:2b:9f:6a:68:2a:3b:4b:42:d4:96:
                    13:0e:9e:4b:02:5b:82:00:64:e8:8e:fe:4a:bc:55:
                    27:8a:93:a2:96:79:8b:78:3e:f2:06:88:24:53:0c:
                    64:c5:80:25:9a:65:31:d0:17:22:f7:80:51:a5:eb:
                    8d:af:bf:27:9c:9b:8e:c4:bd:15:f6:3b:de:81:94:
                    9c:cb:da:fc:f3:7b:4b:dd:2a:bd:fd:fa:94:3d:dd:
                    5d:3c:6d:0a:ca:67:b5:f3:66:bb:88:8f:f4:31:39:
                    18:6d:44:10:d0:b2:45:3b:0e:43:35:9a:fd:14:a2:
                    c0:2b:c6:56:be:a5:24:fb:43:ee:60:ff:72:fb:b6:
                    5b:e1:7d:94:96:79:1b:0e:5f:fd:46:d4:4b:68:48:
                    68:37:32:c6:12:9e:0d:c9:a8:c0:cd:73:ae:c8:d8:
                    e7:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:0A:A8:D6:7A:C0:92:14:2C:9E:CB:59:3F:74:D0:54:60:4C:A7:32
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/Fwqo1nrAkhQsnstZP3TQVGBMpzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.23.0/24
                  212.243.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:31:1d:3f:6b:ce:07:24:08:90:01:34:a4:f0:9f:f8:78:a1:
         20:24:97:40:15:31:00:47:a0:b6:1f:70:d4:7f:57:8e:ea:ca:
         32:db:fa:83:79:73:b2:a5:bb:38:a2:97:79:49:64:28:68:aa:
         07:ae:ca:47:c9:e3:36:d6:f1:de:c3:1d:d7:23:d5:04:14:16:
         05:6e:61:bd:66:88:7f:00:73:78:75:e8:8a:96:66:ed:52:29:
         13:8e:b7:b5:fe:01:23:ce:c0:d5:4c:ce:a4:d1:3b:bc:33:7c:
         11:23:4f:05:17:35:9d:89:4e:75:49:e8:9d:41:2c:d6:2e:8e:
         cb:70:28:97:60:85:5f:e2:f5:53:82:bd:50:22:5d:87:53:26:
         75:90:d0:1f:63:89:fe:c1:16:22:2e:d7:4a:59:eb:db:af:f1:
         ed:53:52:ae:9d:dd:56:e0:8d:26:e3:62:5c:26:bd:bd:72:61:
         ca:4e:ed:24:07:29:7c:a0:f8:33:af:49:b3:87:b8:a3:ef:a5:
         de:fb:cd:8b:a1:33:10:d7:f1:6b:a5:02:a4:b3:31:b7:2c:35:
         46:2e:78:28:c2:f8:7e:2f:39:81:4b:5d:4d:c7:9f:04:0e:da:
         5b:7b:5c:af:a8:31:13:a8:c0:0d:7a:fc:b9:a6:56:db:f6:0c:
         0e:ec:69:aa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSNg7Ord4NBzZDY5WZS5sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzBhYThkNjdhYzA5MjE0MmM5ZWNiNTkzZjc0ZDA1NDYwNGNhNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh96zTqlFL36tsZYUan1J0iTkMvyr
MiybWC3i370A3EWJSDUjM+SrE08uaOjUPlkFRBF0CfKV1EVrOfGsCgmk5ZuT+PPG
CwU37co9flFPd4kIZOLkBIyfDw9ZK1TEWCufamgqO0tC1JYTDp5LAluCAGTojv5K
vFUnipOilnmLeD7yBogkUwxkxYAlmmUx0Bci94BRpeuNr78nnJuOxL0V9jvegZSc
y9r883tL3Sq9/fqUPd1dPG0Kyme182a7iI/0MTkYbUQQ0LJFOw5DNZr9FKLAK8ZW
vqUk+0PuYP9y+7Zb4X2UlnkbDl/9RtRLaEhoNzLGEp4NyajAzXOuyNjnjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBcKqNZ6wJIULJ7LWT900FRgTKcyMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvRndxbzFuckFraFFzbnN0WlAzVFFWR0JNcHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwtEXAwQA
1PMhMA0GCSqGSIb3DQEBCwUAA4IBAQAQMR0/a84HJAiQATSk8J/4eKEgJJdAFTEA
R6C2H3DUf1eO6soy2/qDeXOypbs4opd5SWQoaKoHrspHyeM21vHewx3XI9UEFBYF
bmG9Zoh/AHN4deiKlmbtUikTjre1/gEjzsDVTM6k0Tu8M3wRI08FFzWdiU51Seid
QSzWLo7LcCiXYIVf4vVTgr1QIl2HUyZ1kNAfY4n+wRYiLtdKWevbr/HtU1Kund1W
4I0m42JcJr29cmHKTu0kByl8oPgzr0mzh7ij76Xe+82LoTMQ1/FrpQKkszG3LDVG
Lngowvh+LzmBS11Nx58EDtpbe1yvqDETqMANevy5plbb9gwO7Gmq
-----END CERTIFICATE-----