Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/fb4934-a937-4324-9f17-eead3b8bccb9/1/1-_-mTlMGS671UfIxMha9nJJohwI.roa
File:                     1-_-mTlMGS671UfIxMha9nJJohwI.roa (raw, json)
Hash identifier:          euEFv6JOKAxwAayR9cezKE2yuPZkl+3D+yNXa/UOcK4=
Subject key identifier:   FB:FF:A6:4E:53:06:4B:AE:F5:51:F2:31:32:16:BD:9C:92:68:87:02
Certificate issuer:       /CN=697ea60aca0ddae5eddfbc260cb7da261624e91d
Certificate serial:       018CC2DB09E0380FB348D62B7665346C2D54
Authority key identifier: 69:7E:A6:0A:CA:0D:DA:E5:ED:DF:BC:26:0C:B7:DA:26:16:24:E9:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aX6mCsoN2uXt37wmDLfaJhYk6R0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/fb4934-a937-4324-9f17-eead3b8bccb9/1/1-_-mTlMGS671UfIxMha9nJJohwI.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47426
IP address blocks:        195.43.157.0/24 maxlen: 24
                          2001:67c:348::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/fb4934-a937-4324-9f17-eead3b8bccb9/1/aX6mCsoN2uXt37wmDLfaJhYk6R0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/fb4934-a937-4324-9f17-eead3b8bccb9/1/aX6mCsoN2uXt37wmDLfaJhYk6R0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aX6mCsoN2uXt37wmDLfaJhYk6R0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:09:e0:38:0f:b3:48:d6:2b:76:65:34:6c:2d:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=697ea60aca0ddae5eddfbc260cb7da261624e91d
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbffa64e53064baef551f2313216bd9c92688702
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:66:35:da:7e:0e:b3:c9:ee:85:ba:21:4a:44:
                    97:29:d8:5e:c8:eb:a7:a5:f3:28:03:a0:c4:61:14:
                    33:1a:a0:f7:9c:71:93:52:06:2f:70:70:53:96:87:
                    7d:a5:1e:42:63:fb:18:a1:50:9c:e5:1a:f8:4c:5d:
                    e4:7b:99:39:a1:9d:ae:a7:70:3c:2b:15:30:19:aa:
                    34:bf:a1:54:80:ba:69:8b:0a:39:10:9d:e5:71:59:
                    5a:3c:40:99:f5:30:05:2f:a6:cc:39:7e:41:f8:64:
                    9e:ad:78:a0:7b:35:d0:34:ec:db:3b:31:39:3f:68:
                    52:84:f4:11:f3:ac:cf:d2:91:a1:37:55:84:af:e8:
                    d7:b3:a7:0e:51:29:c2:04:89:c2:bd:ee:58:92:62:
                    f5:8a:9c:00:b7:cc:1c:70:b6:1c:6e:df:60:ce:c5:
                    d9:55:54:1d:4b:76:30:b0:c9:0b:5b:84:25:0b:ae:
                    f5:62:a0:2a:21:5a:85:ce:58:cd:fd:06:47:84:ee:
                    c0:3d:cf:db:54:b3:f7:5e:d5:6e:04:24:3c:7b:3e:
                    48:30:ee:37:33:02:83:96:68:33:ab:cf:49:21:0b:
                    a1:06:7d:42:76:c2:18:ff:40:5a:e0:2a:78:97:f6:
                    b6:25:df:07:38:b1:30:37:75:78:96:05:55:1a:17:
                    b6:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:FF:A6:4E:53:06:4B:AE:F5:51:F2:31:32:16:BD:9C:92:68:87:02
            X509v3 Authority Key Identifier:
                keyid:69:7E:A6:0A:CA:0D:DA:E5:ED:DF:BC:26:0C:B7:DA:26:16:24:E9:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aX6mCsoN2uXt37wmDLfaJhYk6R0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/fb4934-a937-4324-9f17-eead3b8bccb9/1/1-_-mTlMGS671UfIxMha9nJJohwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/fb4934-a937-4324-9f17-eead3b8bccb9/1/aX6mCsoN2uXt37wmDLfaJhYk6R0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.157.0/24
                IPv6:
                  2001:67c:348::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:76:f3:91:0d:0a:97:1a:e1:06:81:d9:c5:35:d6:0a:75:77:
         02:98:13:bb:ad:56:38:0c:df:aa:23:01:6f:0f:8a:9d:cf:01:
         2f:81:75:99:ab:fe:0b:1b:c5:1f:b3:59:91:5c:a3:55:46:b4:
         60:75:7f:72:e6:e7:3f:68:a4:4a:a5:e2:59:90:f9:f5:e7:1c:
         07:e3:c6:ab:28:65:58:1b:3d:f0:b2:49:b5:1a:06:d9:7e:af:
         d1:24:dd:04:6b:dc:0e:61:ee:9c:91:7b:84:3b:fe:1c:6e:c1:
         82:d5:da:52:f2:9d:f4:e4:59:f3:eb:ec:7a:76:cc:93:a3:51:
         2f:e9:32:7c:09:7e:c3:29:31:b7:19:2a:82:54:f8:2d:a3:26:
         d4:31:0f:54:3b:41:21:8f:24:4f:94:22:50:14:1f:a5:57:4e:
         08:41:51:5a:17:3a:f4:2b:0d:4d:9f:e3:35:56:d7:6f:0a:53:
         99:9a:10:54:ec:c7:6d:0d:21:0a:19:b5:63:72:48:ab:cf:f2:
         72:84:52:bb:7f:6b:c7:01:84:fd:15:57:18:26:19:f3:8b:b4:
         aa:dc:2f:81:9e:ba:4d:05:51:41:65:d5:fa:f6:32:f2:cc:5c:
         79:89:04:73:f6:dd:dc:aa:de:f4:6e:8a:0f:e0:37:14:d9:0b:
         1a:0a:cf:c4
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzC2wngOA+zSNYrdmU0bC1UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5N2VhNjBhY2EwZGRhZTVlZGRmYmMyNjBjYjdkYTI2MTYy
NGU5MWQwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmZmYTY0ZTUzMDY0YmFlZjU1MWYyMzEzMjE2YmQ5YzkyNjg4NzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhWY12n4Os8nuhbohSkSXKdheyOun
pfMoA6DEYRQzGqD3nHGTUgYvcHBTlod9pR5CY/sYoVCc5Rr4TF3ke5k5oZ2up3A8
KxUwGao0v6FUgLppiwo5EJ3lcVlaPECZ9TAFL6bMOX5B+GSerXigezXQNOzbOzE5
P2hShPQR86zP0pGhN1WEr+jXs6cOUSnCBInCve5YkmL1ipwAt8wccLYcbt9gzsXZ
VVQdS3YwsMkLW4QlC671YqAqIVqFzljN/QZHhO7APc/bVLP3XtVuBCQ8ez5IMO43
MwKDlmgzq89JIQuhBn1CdsIY/0Ba4Cp4l/a2Jd8HOLEwN3V4lgVVGhe2/QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPv/pk5TBkuu9VHyMTIWvZySaIcCMB8GA1UdIwQY
MBaAFGl+pgrKDdrl7d+8Jgy32iYWJOkdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVg2bUNzb04ydVh0Mzd3bURMZmFKaFlrNlIwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9mYjQ5MzQtYTkzNy00MzI0LTlmMTct
ZWVhZDNiOGJjY2I5LzEvMS1fLW1UbE1HUzY3MVVmSXhNaGE5bkpKb2h3SS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmYvZmI0OTM0LWE5MzctNDMyNC05ZjE3LWVlYWQzYjhiY2Ni
OS8xL2FYNm1Dc29OMnVYdDM3d21ETGZhSmhZazZSMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEAMMrnTAP
BAIAAjAJAwcAIAEGfANIMA0GCSqGSIb3DQEBCwUAA4IBAQBRdvORDQqXGuEGgdnF
NdYKdXcCmBO7rVY4DN+qIwFvD4qdzwEvgXWZq/4LG8Ufs1mRXKNVRrRgdX9y5uc/
aKRKpeJZkPn15xwH48arKGVYGz3wskm1GgbZfq/RJN0Ea9wOYe6ckXuEO/4cbsGC
1dpS8p305Fnz6+x6dsyTo1Ev6TJ8CX7DKTG3GSqCVPgtoybUMQ9UO0EhjyRPlCJQ
FB+lV04IQVFaFzr0Kw1Nn+M1VtdvClOZmhBU7MdtDSEKGbVjckirz/JyhFK7f2vH
AYT9FVcYJhnzi7Sq3C+BnrpNBVFBZdX69jLyzFx5iQRz9t3cqt70booP4DcU2Qsa
Cs/E
-----END CERTIFICATE-----