Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/FhfnTGLFLOTVkD-4Qli6NqbVcc4.roa
File:                     FhfnTGLFLOTVkD-4Qli6NqbVcc4.roa (raw, json)
Hash identifier:          7A/BPwkEFngVpxxrdiCRLHa6LtU1wzpmX5XKnUoyuNM=
Subject key identifier:   16:17:E7:4C:62:C5:2C:E4:D5:90:3F:B8:42:58:BA:36:A6:D5:71:CE
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B87284F44E4FCC8E1E54036B22D2D
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/FhfnTGLFLOTVkD-4Qli6NqbVcc4.roa
Signing time:             Mon 01 Jan 2024 18:31:27 +0000
ROA not before:           Mon 01 Jan 2024 18:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56324
IP address blocks:        185.244.96.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:87:28:4f:44:e4:fc:c8:e1:e5:40:36:b2:2d:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1617e74c62c52ce4d5903fb84258ba36a6d571ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a3:b7:2b:37:9f:66:88:0e:d3:b8:7f:d5:61:
                    26:70:05:61:1f:85:0a:f0:c7:45:67:3d:78:18:9f:
                    01:51:b3:cc:cd:a0:27:2a:64:99:bb:22:5d:6f:56:
                    f0:3a:2f:25:0c:0f:2e:a5:45:48:44:63:91:7d:43:
                    fd:64:f6:4d:aa:51:7d:bc:00:3a:92:20:7c:6e:48:
                    42:c0:91:41:08:2c:83:7d:0b:08:8a:d0:48:d5:59:
                    db:2c:34:2f:b5:42:e9:ba:ca:0e:64:b0:6e:6a:d4:
                    88:2d:4f:7b:75:d3:a9:33:3f:67:45:be:3a:ce:cd:
                    39:ab:a1:76:5b:2c:5a:f3:a2:4b:37:f2:fe:66:ff:
                    bd:5f:ed:e6:ed:69:63:21:71:31:ad:58:29:b1:04:
                    c0:8c:5d:ee:7e:70:07:79:da:a1:c6:1b:e1:60:ca:
                    db:c1:b9:67:ba:4f:04:d2:a5:be:c2:9c:99:73:84:
                    31:06:4e:2d:17:c0:75:ca:64:59:24:16:72:2c:56:
                    bf:94:93:30:fa:f0:0e:5c:ef:a5:04:b0:b9:dd:8e:
                    13:76:19:58:1d:86:92:7f:b4:00:df:eb:68:93:40:
                    5c:8e:ab:78:01:65:ba:89:8c:5e:e0:31:f3:f9:90:
                    af:c1:30:2a:32:19:2b:7b:38:6f:b3:94:73:f9:79:
                    83:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:17:E7:4C:62:C5:2C:E4:D5:90:3F:B8:42:58:BA:36:A6:D5:71:CE
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/FhfnTGLFLOTVkD-4Qli6NqbVcc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:08:ee:51:88:af:45:9f:03:43:a7:52:2a:00:48:83:c1:d7:
         41:fa:ea:25:d9:c3:28:b7:f4:0f:80:b8:91:f7:a9:27:48:34:
         59:61:5e:f7:b8:7d:a5:4d:72:15:5f:09:20:ea:c0:41:58:e3:
         ce:2a:55:19:cb:5c:38:07:34:b1:d6:f1:f2:82:86:dd:0a:01:
         34:3a:4e:b1:ef:57:eb:84:fa:66:eb:fa:0d:d5:41:85:52:3d:
         85:3e:a3:7c:5d:68:6a:25:ec:9e:12:17:ef:55:2c:ce:1b:38:
         54:e5:8d:90:65:7c:e2:3c:c4:35:c1:5c:e1:3e:33:91:1f:1a:
         52:a1:cf:2d:b4:61:fe:32:53:27:1e:58:f5:94:67:24:62:0a:
         15:28:9e:ed:48:6b:81:ba:fd:2d:ab:07:af:25:f2:01:3b:06:
         3a:64:fb:12:01:ee:e2:28:4d:3e:5a:51:b9:fc:ee:bd:df:43:
         fb:14:b1:63:72:15:12:57:ce:c5:91:55:e9:ef:b9:60:36:f7:
         c1:db:0e:49:f1:03:a1:49:7d:76:74:cd:33:35:17:a0:7e:ab:
         66:03:ee:dc:e5:cf:94:38:62:ea:03:50:4e:4d:f1:55:b0:79:
         a4:dd:f7:8a:ed:99:07:f2:81:a5:26:8f:eb:1f:f9:64:3f:1f:
         14:7d:17:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4coT0Tk/Mjh5UA2si0tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjE3ZTc0YzYyYzUyY2U0ZDU5MDNmYjg0MjU4YmEzNmE2ZDU3MWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqO3KzefZogO07h/1WEmcAVhH4UK
8MdFZz14GJ8BUbPMzaAnKmSZuyJdb1bwOi8lDA8upUVIRGORfUP9ZPZNqlF9vAA6
kiB8bkhCwJFBCCyDfQsIitBI1VnbLDQvtULpusoOZLBuatSILU97ddOpMz9nRb46
zs05q6F2Wyxa86JLN/L+Zv+9X+3m7WljIXExrVgpsQTAjF3ufnAHedqhxhvhYMrb
wblnuk8E0qW+wpyZc4QxBk4tF8B1ymRZJBZyLFa/lJMw+vAOXO+lBLC53Y4TdhlY
HYaSf7QA3+tok0Bcjqt4AWW6iYxe4DHz+ZCvwTAqMhkrezhvs5Rz+XmD+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYX50xixSzk1ZA/uEJYujam1XHOMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvRmhmblRHTEZMT1RWa0QtNFFsaTZOcWJWY2M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufRgMA0G
CSqGSIb3DQEBCwUAA4IBAQB0CO5RiK9FnwNDp1IqAEiDwddB+uol2cMot/QPgLiR
96knSDRZYV73uH2lTXIVXwkg6sBBWOPOKlUZy1w4BzSx1vHygobdCgE0Ok6x71fr
hPpm6/oN1UGFUj2FPqN8XWhqJeyeEhfvVSzOGzhU5Y2QZXziPMQ1wVzhPjORHxpS
oc8ttGH+MlMnHlj1lGckYgoVKJ7tSGuBuv0tqwevJfIBOwY6ZPsSAe7iKE0+WlG5
/O6930P7FLFjchUSV87FkVXp77lgNvfB2w5J8QOhSX12dM0zNRegfqtmA+7c5c+U
OGLqA1BOTfFVsHmk3feK7ZkH8oGlJo/rH/lkPx8UfRfI
-----END CERTIFICATE-----