Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/3ef386-0571-460e-8991-996a623b633e/1/fCZNNBul4xUuZELdJPpP8JTnMCU.roa
File:                     fCZNNBul4xUuZELdJPpP8JTnMCU.roa (raw, json)
Hash identifier:          X/dGuUq/F9EyabwzWLZK7UnfExHfJozbMdWSzW8lKoQ=
Subject key identifier:   7C:26:4D:34:1B:A5:E3:15:2E:64:42:DD:24:FA:4F:F0:94:E7:30:25
Certificate issuer:       /CN=1d4c6078a5941c5cb157d5f2957cb314d7ed1bed
Certificate serial:       018CCA99B93BAC6718BCEBAB025F7B626528
Authority key identifier: 1D:4C:60:78:A5:94:1C:5C:B1:57:D5:F2:95:7C:B3:14:D7:ED:1B:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUxgeKWUHFyxV9XylXyzFNftG-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/3ef386-0571-460e-8991-996a623b633e/1/fCZNNBul4xUuZELdJPpP8JTnMCU.roa
Signing time:             Tue 02 Jan 2024 14:35:21 +0000
ROA not before:           Tue 02 Jan 2024 14:35:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210425
IP address blocks:        194.60.144.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/3ef386-0571-460e-8991-996a623b633e/1/HUxgeKWUHFyxV9XylXyzFNftG-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/3ef386-0571-460e-8991-996a623b633e/1/HUxgeKWUHFyxV9XylXyzFNftG-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUxgeKWUHFyxV9XylXyzFNftG-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:b9:3b:ac:67:18:bc:eb:ab:02:5f:7b:62:65:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d4c6078a5941c5cb157d5f2957cb314d7ed1bed
        Validity
            Not Before: Jan  2 14:35:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c264d341ba5e3152e6442dd24fa4ff094e73025
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:28:15:d1:8c:b7:59:f8:de:f4:a4:d4:4c:e9:
                    74:37:30:9a:eb:02:b2:72:19:5e:12:f0:5b:35:28:
                    e6:51:ba:05:af:f6:89:40:d4:47:9a:72:4a:48:75:
                    ff:2d:d0:35:46:e1:51:2a:10:01:c5:62:2e:5a:30:
                    37:71:8c:d7:42:04:87:d0:71:a9:0e:e5:d8:c1:4a:
                    66:b7:dd:fe:dc:b6:28:f1:37:63:00:ad:92:34:8e:
                    1d:6d:99:a4:57:c6:9c:34:69:8c:9a:ec:05:5c:6c:
                    c7:d6:95:da:b1:be:b1:fc:18:78:ef:33:54:73:2d:
                    a2:32:c1:1a:03:4c:64:42:34:af:a9:e3:72:9f:34:
                    d3:46:4c:16:33:8e:b5:56:e0:12:d2:0a:08:e5:f4:
                    de:8b:87:c3:eb:f7:11:a3:ed:a3:bd:3f:b8:03:ec:
                    91:28:ab:87:9f:00:10:72:12:e2:4d:41:29:25:84:
                    82:33:8c:73:9d:d7:5b:ed:8e:bf:94:f9:fc:58:6b:
                    c7:7c:e4:4c:9d:f3:37:a3:7b:15:44:18:74:39:e8:
                    8c:68:4b:3b:55:06:16:d8:22:51:c4:8e:2e:e5:c0:
                    3f:4e:05:3a:1e:de:7f:b9:5a:48:75:ff:70:ae:9f:
                    ff:07:7e:cd:95:9b:97:58:61:c7:91:cf:72:21:b2:
                    d3:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:26:4D:34:1B:A5:E3:15:2E:64:42:DD:24:FA:4F:F0:94:E7:30:25
            X509v3 Authority Key Identifier:
                keyid:1D:4C:60:78:A5:94:1C:5C:B1:57:D5:F2:95:7C:B3:14:D7:ED:1B:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUxgeKWUHFyxV9XylXyzFNftG-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/3ef386-0571-460e-8991-996a623b633e/1/fCZNNBul4xUuZELdJPpP8JTnMCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/3ef386-0571-460e-8991-996a623b633e/1/HUxgeKWUHFyxV9XylXyzFNftG-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         bb:93:6f:c6:22:47:2d:43:fd:54:25:5b:51:a5:96:be:46:19:
         b6:d1:cf:97:c3:3d:0e:f8:45:27:5f:0f:ff:79:5e:c6:20:53:
         f4:99:4c:27:51:c5:9a:32:0d:e3:83:cb:11:a1:ce:dd:fd:a2:
         35:d3:fa:84:15:28:93:66:81:a8:71:83:82:be:7b:f0:21:e2:
         13:3c:98:d7:72:47:57:e8:5b:25:dc:9e:b8:b6:a9:58:be:f8:
         2e:49:54:9f:80:d5:48:0b:58:a8:bb:2e:1e:f5:5d:1d:57:fe:
         02:ed:a5:c1:87:bf:9d:43:40:58:1f:b3:9c:ed:e7:3d:3b:55:
         aa:50:dc:02:37:c5:0f:1b:ce:d5:29:5e:25:41:13:f6:77:ee:
         27:c5:00:9c:97:8e:93:14:37:80:f0:ab:c8:3c:48:8e:33:df:
         ed:35:37:19:1c:ac:b8:0e:75:f5:48:80:7a:16:e4:dd:fe:78:
         87:6d:e1:05:92:63:cb:dc:9d:31:81:db:2d:ed:a0:4c:24:e8:
         08:d2:d5:d7:44:b8:34:b3:3c:5d:53:5d:f0:ab:db:e2:09:55:
         5d:83:45:33:68:31:5f:38:25:0a:fd:24:ac:33:8a:89:5b:55:
         1f:3b:5d:f0:5d:f7:1f:f2:1d:85:14:8b:8a:e5:cc:d6:b6:05:
         36:0c:34:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmbk7rGcYvOurAl97YmUoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNGM2MDc4YTU5NDFjNWNiMTU3ZDVmMjk1N2NiMzE0ZDdl
ZDFiZWQwHhcNMjQwMTAyMTQzNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzI2NGQzNDFiYTVlMzE1MmU2NDQyZGQyNGZhNGZmMDk0ZTczMDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmygV0Yy3Wfje9KTUTOl0NzCa6wKy
chleEvBbNSjmUboFr/aJQNRHmnJKSHX/LdA1RuFRKhABxWIuWjA3cYzXQgSH0HGp
DuXYwUpmt93+3LYo8TdjAK2SNI4dbZmkV8acNGmMmuwFXGzH1pXasb6x/Bh47zNU
cy2iMsEaA0xkQjSvqeNynzTTRkwWM461VuAS0goI5fTei4fD6/cRo+2jvT+4A+yR
KKuHnwAQchLiTUEpJYSCM4xznddb7Y6/lPn8WGvHfORMnfM3o3sVRBh0OeiMaEs7
VQYW2CJRxI4u5cA/TgU6Ht5/uVpIdf9wrp//B37NlZuXWGHHkc9yIbLTGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHwmTTQbpeMVLmRC3ST6T/CU5zAlMB8GA1UdIwQY
MBaAFB1MYHillBxcsVfV8pV8sxTX7RvtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFV4Z2VLV1VIRnl4VjlYeWxYeXpGTmZ0Ry0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8zZWYzODYtMDU3MS00NjBlLTg5OTEt
OTk2YTYyM2I2MzNlLzEvZkNaTk5CdWw0eFV1WkVMZEpQcFA4SlRuTUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8zZWYzODYtMDU3MS00NjBlLTg5OTEtOTk2YTYyM2I2MzNl
LzEvSFV4Z2VLV1VIRnl4VjlYeWxYeXpGTmZ0Ry0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwjyQMA0G
CSqGSIb3DQEBCwUAA4IBAQC7k2/GIkctQ/1UJVtRpZa+Rhm20c+Xwz0O+EUnXw//
eV7GIFP0mUwnUcWaMg3jg8sRoc7d/aI10/qEFSiTZoGocYOCvnvwIeITPJjXckdX
6Fsl3J64tqlYvvguSVSfgNVIC1iouy4e9V0dV/4C7aXBh7+dQ0BYH7Oc7ec9O1Wq
UNwCN8UPG87VKV4lQRP2d+4nxQCcl46TFDeA8KvIPEiOM9/tNTcZHKy4DnX1SIB6
FuTd/niHbeEFkmPL3J0xgdst7aBMJOgI0tXXRLg0szxdU13wq9viCVVdg0UzaDFf
OCUK/SSsM4qJW1UfO13wXfcf8h2FFIuK5czWtgU2DDT4
-----END CERTIFICATE-----