Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/8154e3-286b-46a3-b8a5-52356cd5da90/1/Fs7BabF-ZpZGbvU-Ngt5EfGGHeo.roa
File:                     Fs7BabF-ZpZGbvU-Ngt5EfGGHeo.roa (raw, json)
Hash identifier:          /LuU1FM11uE5H+ZoAoa4mCVwgty/xJ1+fmu8vGKSmis=
Subject key identifier:   16:CE:C1:69:B1:7E:66:96:46:6E:F5:3E:36:0B:79:11:F1:86:1D:EA
Certificate issuer:       /CN=c5224ea45d081d402ffd6bf4dd95e3ff6f2dc481
Certificate serial:       018CC425306B4C113E313A67E58539E2BC0B
Authority key identifier: C5:22:4E:A4:5D:08:1D:40:2F:FD:6B:F4:DD:95:E3:FF:6F:2D:C4:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xSJOpF0IHUAv_Wv03ZXj_28txIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/8154e3-286b-46a3-b8a5-52356cd5da90/1/Fs7BabF-ZpZGbvU-Ngt5EfGGHeo.roa
Signing time:             Mon 01 Jan 2024 08:30:20 +0000
ROA not before:           Mon 01 Jan 2024 08:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15576
IP address blocks:        193.43.27.0/24 maxlen: 24
                          2001:67c:168::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/8154e3-286b-46a3-b8a5-52356cd5da90/1/xSJOpF0IHUAv_Wv03ZXj_28txIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/8154e3-286b-46a3-b8a5-52356cd5da90/1/xSJOpF0IHUAv_Wv03ZXj_28txIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xSJOpF0IHUAv_Wv03ZXj_28txIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 23:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:30:6b:4c:11:3e:31:3a:67:e5:85:39:e2:bc:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5224ea45d081d402ffd6bf4dd95e3ff6f2dc481
        Validity
            Not Before: Jan  1 08:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16cec169b17e6696466ef53e360b7911f1861dea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:8c:21:95:00:d0:a4:40:98:93:14:c0:b6:15:
                    b7:47:bc:22:ff:3b:f3:82:a2:e6:b7:be:81:45:62:
                    ce:64:3f:0d:fe:5f:73:3d:21:ab:a3:7a:48:2c:f2:
                    71:8f:ea:78:ec:d0:19:b9:32:5f:e9:9a:84:40:61:
                    9c:78:ba:c0:30:b7:18:4b:58:80:55:4b:83:f4:c2:
                    7b:1f:b7:30:80:89:a3:05:65:5c:b8:dc:e2:29:36:
                    56:0e:1b:67:a8:60:86:c4:4d:e6:fe:06:17:ac:ec:
                    ae:00:93:6a:97:4a:0f:3d:48:63:89:bf:0b:31:d4:
                    c8:5c:c4:66:2b:cb:26:93:9d:93:66:63:a7:5a:1a:
                    e3:2a:85:b6:04:73:f5:67:30:5f:ae:ee:92:6b:b7:
                    37:29:b1:ac:6c:e2:82:ac:70:8a:c7:3f:bc:f6:7e:
                    a0:6b:26:d4:84:45:a2:ab:c2:49:83:7d:9b:3e:47:
                    be:ba:5b:b3:6a:b3:88:25:57:e4:98:3d:49:20:f2:
                    11:88:2a:88:ed:ee:ba:83:ab:4c:4a:6d:73:08:98:
                    d3:aa:9c:bb:68:f6:4b:0a:43:01:e7:23:18:d1:b7:
                    14:b0:1c:d0:82:3c:f8:40:ee:fb:94:e2:66:2e:38:
                    ee:b6:1c:ff:70:70:37:03:36:87:40:11:7e:b0:52:
                    fa:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:CE:C1:69:B1:7E:66:96:46:6E:F5:3E:36:0B:79:11:F1:86:1D:EA
            X509v3 Authority Key Identifier:
                keyid:C5:22:4E:A4:5D:08:1D:40:2F:FD:6B:F4:DD:95:E3:FF:6F:2D:C4:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xSJOpF0IHUAv_Wv03ZXj_28txIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/8154e3-286b-46a3-b8a5-52356cd5da90/1/Fs7BabF-ZpZGbvU-Ngt5EfGGHeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/8154e3-286b-46a3-b8a5-52356cd5da90/1/xSJOpF0IHUAv_Wv03ZXj_28txIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.27.0/24
                IPv6:
                  2001:67c:168::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:dd:ac:ff:5a:3c:c2:f5:09:f0:8a:85:5a:eb:52:22:03:79:
         9d:d6:4c:b5:97:1c:2e:74:af:29:8a:40:18:72:5b:1a:b7:35:
         81:95:45:77:57:c0:11:7b:14:a8:50:e3:88:bb:10:26:eb:71:
         c4:c1:e6:f1:cb:ac:56:7e:4c:1b:c5:c2:77:a6:e6:9d:03:38:
         93:7d:7c:2e:e6:2d:b0:62:67:e4:74:c1:bf:0a:fd:88:91:93:
         b3:52:ac:2e:ba:0c:0d:be:92:d2:9d:b5:09:2d:3d:84:31:bd:
         cd:c7:32:a9:15:c3:02:ad:7c:32:19:80:9b:86:7c:bc:9a:80:
         da:65:52:5e:55:77:c0:37:b1:59:c0:0f:dd:2b:df:3b:18:60:
         97:73:d1:f5:e6:ad:55:52:bd:e4:d2:23:5e:b8:bc:65:86:86:
         92:a1:df:11:d1:14:7e:b4:14:60:d2:79:4f:87:a6:7f:ac:ce:
         d3:01:f9:0c:09:6f:27:63:1b:69:63:07:28:c0:e8:aa:6e:9a:
         3e:5e:49:18:8a:53:b3:11:3e:c3:fe:61:37:40:53:d3:37:19:
         d6:81:5d:c4:f4:fa:a9:e3:08:e6:8d:0f:e7:bf:9d:e6:d4:29:
         30:15:3b:2d:ed:e1:9e:4c:71:f6:64:6f:05:5c:85:5f:9e:c7:
         c2:48:08:8c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJTBrTBE+MTpn5YU54rwLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1MjI0ZWE0NWQwODFkNDAyZmZkNmJmNGRkOTVlM2ZmNmYy
ZGM0ODEwHhcNMjQwMTAxMDgzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmNlYzE2OWIxN2U2Njk2NDY2ZWY1M2UzNjBiNzkxMWYxODYxZGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIwhlQDQpECYkxTAthW3R7wi/zvz
gqLmt76BRWLOZD8N/l9zPSGro3pILPJxj+p47NAZuTJf6ZqEQGGceLrAMLcYS1iA
VUuD9MJ7H7cwgImjBWVcuNziKTZWDhtnqGCGxE3m/gYXrOyuAJNql0oPPUhjib8L
MdTIXMRmK8smk52TZmOnWhrjKoW2BHP1ZzBfru6Sa7c3KbGsbOKCrHCKxz+89n6g
aybUhEWiq8JJg32bPke+uluzarOIJVfkmD1JIPIRiCqI7e66g6tMSm1zCJjTqpy7
aPZLCkMB5yMY0bcUsBzQgjz4QO77lOJmLjjuthz/cHA3AzaHQBF+sFL66wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBbOwWmxfmaWRm71PjYLeRHxhh3qMB8GA1UdIwQY
MBaAFMUiTqRdCB1AL/1r9N2V4/9vLcSBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFNKT3BGMElIVUF2X1d2MDNaWGpfMjh0eElFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy84MTU0ZTMtMjg2Yi00NmEzLWI4YTUt
NTIzNTZjZDVkYTkwLzEvRnM3QmFiRi1acFpHYnZVLU5ndDVFZkdHSGVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy84MTU0ZTMtMjg2Yi00NmEzLWI4YTUtNTIzNTZjZDVkYTkw
LzEveFNKT3BGMElIVUF2X1d2MDNaWGpfMjh0eElFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwSsbMA8E
AgACMAkDBwAgAQZ8AWgwDQYJKoZIhvcNAQELBQADggEBAITdrP9aPML1CfCKhVrr
UiIDeZ3WTLWXHC50rymKQBhyWxq3NYGVRXdXwBF7FKhQ44i7ECbrccTB5vHLrFZ+
TBvFwnem5p0DOJN9fC7mLbBiZ+R0wb8K/YiRk7NSrC66DA2+ktKdtQktPYQxvc3H
MqkVwwKtfDIZgJuGfLyagNplUl5Vd8A3sVnAD90r3zsYYJdz0fXmrVVSveTSI164
vGWGhpKh3xHRFH60FGDSeU+Hpn+sztMB+QwJbydjG2ljByjA6Kpumj5eSRiKU7MR
PsP+YTdAU9M3GdaBXcT0+qnjCOaND+e/nebUKTAVOy3t4Z5McfZkbwVchV+ex8JI
CIw=
-----END CERTIFICATE-----