Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/_FIWyYjOGsXSCTspPnEVChdyDUY.roa
File:                     _FIWyYjOGsXSCTspPnEVChdyDUY.roa (raw, json)
Hash identifier:          tmrax9kQUc1wezcLt81S4dXnjZcDSGNCnhYxs4WswB8=
Subject key identifier:   FC:52:16:C9:88:CE:1A:C5:D2:09:3B:29:3E:71:15:0A:17:72:0D:46
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       01919FC5713CCCBD00ACE14E3A70B1A64F3D
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/_FIWyYjOGsXSCTspPnEVChdyDUY.roa
Signing time:             Thu 29 Aug 2024 20:13:22 +0000
ROA not before:           Thu 29 Aug 2024 20:13:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47447
IP address blocks:        194.124.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9f:c5:71:3c:cc:bd:00:ac:e1:4e:3a:70:b1:a6:4f:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Aug 29 20:13:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc5216c988ce1ac5d2093b293e71150a17720d46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a0:96:8f:92:f7:91:2d:b1:9b:7c:07:d0:0b:
                    4d:28:c6:0f:88:1d:4c:05:4a:82:98:00:c2:1a:f6:
                    96:c0:ac:72:ce:26:11:68:86:2e:4d:20:bf:f2:ab:
                    9c:30:70:95:b5:15:20:0a:1e:c2:c3:d1:67:ef:0c:
                    e0:11:76:db:7a:45:55:e5:68:92:5a:73:0e:37:86:
                    09:74:4f:fa:ea:e1:f5:c0:00:b5:0d:70:9f:d3:3f:
                    d1:b5:5b:dc:fc:ac:4b:6a:5b:89:08:b7:5f:11:2f:
                    82:44:0e:88:ca:bd:ab:82:31:67:77:c1:6a:97:62:
                    74:e9:40:ac:d7:63:2a:9d:33:29:25:f6:ca:77:c2:
                    77:cb:fd:4f:a4:11:0e:d1:35:6b:ab:cb:4f:46:71:
                    b0:08:c5:a5:d9:6f:f8:b2:3f:99:35:86:53:23:75:
                    44:22:b6:98:0c:2e:95:6c:08:fd:ce:e8:e5:22:5b:
                    d5:63:6e:fd:06:c4:6c:29:f0:e8:65:f3:c6:e0:b6:
                    37:b0:ac:d8:6a:ed:09:13:01:35:4f:a2:af:82:37:
                    65:b5:e4:62:81:33:19:35:25:38:52:cb:f1:95:70:
                    00:98:f5:83:41:c1:ca:9b:d3:3a:ff:59:e7:df:de:
                    74:f1:b4:d8:40:5a:d4:92:d9:a3:34:6c:3a:ec:76:
                    67:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:52:16:C9:88:CE:1A:C5:D2:09:3B:29:3E:71:15:0A:17:72:0D:46
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/_FIWyYjOGsXSCTspPnEVChdyDUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.124.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:f4:a1:6e:e8:2f:31:b6:a4:93:c4:28:d3:49:ef:9c:32:0c:
         4f:58:52:b0:98:4e:56:00:de:0a:b5:6f:92:9c:46:40:1e:8e:
         8a:58:20:a9:06:9d:c0:fc:43:2e:68:ac:70:85:fe:ad:32:e8:
         ff:51:6b:36:f1:87:62:03:d2:0f:6c:70:0b:3b:41:fc:21:be:
         93:30:55:1b:4f:0d:c5:f7:72:5e:ab:18:3b:f2:05:1c:fe:56:
         a0:9f:be:be:e8:05:30:3e:28:5b:ba:99:2d:aa:bb:35:33:3d:
         27:c1:d0:21:14:67:69:47:71:57:95:e2:15:62:e6:cf:a5:5e:
         bc:52:dd:23:60:8a:68:a5:f1:db:82:5e:86:f5:1f:e8:ea:e9:
         6d:cd:11:43:b0:a3:31:f5:62:fc:50:9a:b6:4b:f7:f5:ca:8a:
         1c:3b:69:1b:12:c9:42:5b:22:80:46:ce:a0:19:ff:f8:03:5b:
         51:d3:3a:ca:97:a4:20:91:65:c6:15:1a:cb:7e:bc:22:8c:91:
         16:4e:f0:35:c5:65:77:31:48:46:37:20:4d:2d:1b:0d:4b:48:
         ec:cb:a6:9d:15:78:04:45:cb:4b:23:6e:0f:63:11:61:ac:e5:
         0a:8b:73:71:6b:50:78:07:95:4d:0f:49:ba:5d:b0:b4:46:90:
         88:b1:10:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGfxXE8zL0ArOFOOnCxpk89MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjQwODI5MjAxMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzUyMTZjOTg4Y2UxYWM1ZDIwOTNiMjkzZTcxMTUwYTE3NzIwZDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaCWj5L3kS2xm3wH0AtNKMYPiB1M
BUqCmADCGvaWwKxyziYRaIYuTSC/8qucMHCVtRUgCh7Cw9Fn7wzgEXbbekVV5WiS
WnMON4YJdE/66uH1wAC1DXCf0z/RtVvc/KxLaluJCLdfES+CRA6Iyr2rgjFnd8Fq
l2J06UCs12MqnTMpJfbKd8J3y/1PpBEO0TVrq8tPRnGwCMWl2W/4sj+ZNYZTI3VE
IraYDC6VbAj9zujlIlvVY279BsRsKfDoZfPG4LY3sKzYau0JEwE1T6KvgjdlteRi
gTMZNSU4UsvxlXAAmPWDQcHKm9M6/1nn39508bTYQFrUktmjNGw67HZnWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxSFsmIzhrF0gk7KT5xFQoXcg1GMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvX0ZJV3lZak9Hc1hTQ1RzcFBuRVZDaGR5RFVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnwoMA0G
CSqGSIb3DQEBCwUAA4IBAQCk9KFu6C8xtqSTxCjTSe+cMgxPWFKwmE5WAN4KtW+S
nEZAHo6KWCCpBp3A/EMuaKxwhf6tMuj/UWs28YdiA9IPbHALO0H8Ib6TMFUbTw3F
93Jeqxg78gUc/lagn76+6AUwPihbupktqrs1Mz0nwdAhFGdpR3FXleIVYubPpV68
Ut0jYIpopfHbgl6G9R/o6ultzRFDsKMx9WL8UJq2S/f1yoocO2kbEslCWyKARs6g
Gf/4A1tR0zrKl6QgkWXGFRrLfrwijJEWTvA1xWV3MUhGNyBNLRsNS0jsy6adFXgE
RctLI24PYxFhrOUKi3Nxa1B4B5VND0m6XbC0RpCIsRDd
-----END CERTIFICATE-----