Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/b15a7d-5aee-4d40-be5a-792a91c5ca2b/1/fDEOKxcueNBpTJHpeQqzIj8JSMo.roa
File:                     fDEOKxcueNBpTJHpeQqzIj8JSMo.roa (raw, json)
Hash identifier:          SH6PGH8t4ErBmQm5X6GU/+OuN4lt9ndBNH4dWe/kQ08=
Subject key identifier:   7C:31:0E:2B:17:2E:78:D0:69:4C:91:E9:79:0A:B3:22:3F:09:48:CA
Certificate issuer:       /CN=02fc5c064f5159c8a1fa4066c8cb8ff701671dd2
Certificate serial:       018CC56EE8338B602B221DE912C3632F2B99
Authority key identifier: 02:FC:5C:06:4F:51:59:C8:A1:FA:40:66:C8:CB:8F:F7:01:67:1D:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AvxcBk9RWcih-kBmyMuP9wFnHdI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/b15a7d-5aee-4d40-be5a-792a91c5ca2b/1/fDEOKxcueNBpTJHpeQqzIj8JSMo.roa
Signing time:             Mon 01 Jan 2024 14:30:29 +0000
ROA not before:           Mon 01 Jan 2024 14:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208731
IP address blocks:        147.78.192.0/23 maxlen: 24
                          185.203.112.0/24 maxlen: 24
                          2a0f:98c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/b15a7d-5aee-4d40-be5a-792a91c5ca2b/1/AvxcBk9RWcih-kBmyMuP9wFnHdI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/b15a7d-5aee-4d40-be5a-792a91c5ca2b/1/AvxcBk9RWcih-kBmyMuP9wFnHdI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AvxcBk9RWcih-kBmyMuP9wFnHdI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e8:33:8b:60:2b:22:1d:e9:12:c3:63:2f:2b:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02fc5c064f5159c8a1fa4066c8cb8ff701671dd2
        Validity
            Not Before: Jan  1 14:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c310e2b172e78d0694c91e9790ab3223f0948ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:35:f8:98:a7:36:92:fd:7e:9b:83:a1:79:54:
                    b1:9b:06:b2:55:32:ab:5a:94:56:a6:c8:25:78:bb:
                    f8:05:3a:6e:09:1e:23:e8:96:85:d5:c7:68:68:db:
                    b1:c2:37:89:73:a8:0b:da:07:39:0d:7b:d0:51:7a:
                    01:61:ef:e0:14:82:9d:d1:76:84:a2:29:ea:1b:ca:
                    55:e7:0f:cb:51:55:bb:34:94:4f:82:e5:07:d6:63:
                    17:48:01:31:0a:83:3d:73:6c:1b:09:56:e9:17:97:
                    d0:67:bf:d4:fc:c9:6f:54:9e:b1:61:e8:58:44:55:
                    47:fc:90:35:ea:90:62:29:bf:7e:50:0d:d2:34:7b:
                    79:59:1a:38:04:64:1a:6e:e0:ca:98:4e:ad:ca:cc:
                    11:cd:aa:40:a9:cb:aa:59:72:0b:cf:aa:91:e3:10:
                    34:e4:b6:02:48:96:36:a6:3e:e6:46:c4:58:87:cb:
                    e2:44:2a:75:b3:30:3a:5f:41:e1:75:e5:10:29:b7:
                    ed:c3:fb:3f:ea:94:05:68:de:da:4a:79:85:43:fe:
                    98:32:4f:e7:f6:8a:25:4f:0c:0e:8a:a3:25:97:65:
                    9b:4a:b8:44:c0:f3:39:3a:95:41:a8:5b:f2:93:e0:
                    a6:88:02:20:f7:c5:43:88:38:0e:fb:d9:88:f1:43:
                    b9:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:31:0E:2B:17:2E:78:D0:69:4C:91:E9:79:0A:B3:22:3F:09:48:CA
            X509v3 Authority Key Identifier:
                keyid:02:FC:5C:06:4F:51:59:C8:A1:FA:40:66:C8:CB:8F:F7:01:67:1D:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AvxcBk9RWcih-kBmyMuP9wFnHdI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/b15a7d-5aee-4d40-be5a-792a91c5ca2b/1/fDEOKxcueNBpTJHpeQqzIj8JSMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/b15a7d-5aee-4d40-be5a-792a91c5ca2b/1/AvxcBk9RWcih-kBmyMuP9wFnHdI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.192.0/23
                  185.203.112.0/24
                IPv6:
                  2a0f:98c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         54:a7:e4:06:72:fd:8e:f3:0f:54:c0:85:e8:8d:11:e6:03:d5:
         55:a4:9c:1b:d4:66:13:75:3e:21:1e:db:61:d7:9e:10:5e:7c:
         71:e0:7e:10:fe:10:37:c9:71:d9:04:7d:74:65:ed:7b:e5:a6:
         50:cd:bd:c3:5b:5d:c9:25:ec:61:df:dc:b5:b6:a2:fe:97:2e:
         75:6c:e6:15:3b:3a:d1:e8:c8:99:03:d1:fd:72:0d:db:dc:79:
         b1:a5:f7:45:bf:0d:13:58:05:f3:08:1e:53:b4:fb:81:00:76:
         12:61:f5:06:f3:5b:9c:c1:1e:2a:5a:62:7e:e4:45:83:6f:63:
         1d:21:d3:d2:91:25:cc:da:3e:4b:3b:80:51:23:2d:57:8a:fd:
         d3:f8:55:c9:8f:b6:4d:bd:fe:8c:cb:f5:9a:17:d3:a5:5d:26:
         f1:8e:e6:22:5b:65:f5:14:73:98:bc:d0:6e:69:95:24:1b:d7:
         67:b1:fd:57:d4:75:01:6c:55:83:8c:27:a4:0f:c8:1f:66:cf:
         98:bb:09:0b:ca:f0:15:96:8e:f6:69:8e:4c:cc:21:da:35:82:
         57:6d:ad:05:21:23:9d:25:ca:b1:ad:96:8f:7d:12:f6:03:af:
         b3:98:54:72:a9:f1:2c:e4:a1:8b:b0:a1:1e:07:57:b2:f1:19:
         ac:05:92:d4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFbugzi2ArIh3pEsNjLyuZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyZmM1YzA2NGY1MTU5YzhhMWZhNDA2NmM4Y2I4ZmY3MDE2
NzFkZDIwHhcNMjQwMTAxMTQzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzMxMGUyYjE3MmU3OGQwNjk0YzkxZTk3OTBhYjMyMjNmMDk0OGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDX4mKc2kv1+m4OheVSxmwayVTKr
WpRWpsgleLv4BTpuCR4j6JaF1cdoaNuxwjeJc6gL2gc5DXvQUXoBYe/gFIKd0XaE
oinqG8pV5w/LUVW7NJRPguUH1mMXSAExCoM9c2wbCVbpF5fQZ7/U/MlvVJ6xYehY
RFVH/JA16pBiKb9+UA3SNHt5WRo4BGQabuDKmE6tyswRzapAqcuqWXILz6qR4xA0
5LYCSJY2pj7mRsRYh8viRCp1szA6X0HhdeUQKbftw/s/6pQFaN7aSnmFQ/6YMk/n
9oolTwwOiqMll2WbSrhEwPM5OpVBqFvyk+CmiAIg98VDiDgO+9mI8UO5FwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHwxDisXLnjQaUyR6XkKsyI/CUjKMB8GA1UdIwQY
MBaAFAL8XAZPUVnIofpAZsjLj/cBZx3SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXZ4Y0JrOVJXY2loLWtCbXlNdVA5d0ZuSGRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9iMTVhN2QtNWFlZS00ZDQwLWJlNWEt
NzkyYTkxYzVjYTJiLzEvZkRFT0t4Y3VlTkJwVEpIcGVRcXpJajhKU01vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9iMTVhN2QtNWFlZS00ZDQwLWJlNWEtNzkyYTkxYzVjYTJi
LzEvQXZ4Y0JrOVJXY2loLWtCbXlNdVA5d0ZuSGRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBk07AAwQA
uctwMA0EAgACMAcDBQMqD5jAMA0GCSqGSIb3DQEBCwUAA4IBAQBUp+QGcv2O8w9U
wIXojRHmA9VVpJwb1GYTdT4hHtth154QXnxx4H4Q/hA3yXHZBH10Ze175aZQzb3D
W13JJexh39y1tqL+ly51bOYVOzrR6MiZA9H9cg3b3HmxpfdFvw0TWAXzCB5TtPuB
AHYSYfUG81ucwR4qWmJ+5EWDb2MdIdPSkSXM2j5LO4BRIy1Xiv3T+FXJj7ZNvf6M
y/WaF9OlXSbxjuYiW2X1FHOYvNBuaZUkG9dnsf1X1HUBbFWDjCekD8gfZs+YuwkL
yvAVlo72aY5MzCHaNYJXba0FISOdJcqxrZaPfRL2A6+zmFRyqfEs5KGLsKEeB1ey
8RmsBZLU
-----END CERTIFICATE-----