Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/FqmHfLNT4EFJB_7UIBZtLdY_WfQ.roa
File:                     FqmHfLNT4EFJB_7UIBZtLdY_WfQ.roa (raw, json)
Hash identifier:          R0ggo712+LEhzhJiNr4DlcRuGDZDdBTA4HdOxT4AgfE=
Subject key identifier:   16:A9:87:7C:B3:53:E0:41:49:07:FE:D4:20:16:6D:2D:D6:3F:59:F4
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018CC424F8F16EA90FBA9DE04E2912CA04F4
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/FqmHfLNT4EFJB_7UIBZtLdY_WfQ.roa
Signing time:             Mon 01 Jan 2024 08:30:06 +0000
ROA not before:           Mon 01 Jan 2024 08:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211327
IP address blocks:        185.254.28.0/24 maxlen: 24
                          185.249.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 22:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:f8:f1:6e:a9:0f:ba:9d:e0:4e:29:12:ca:04:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 08:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16a9877cb353e0414907fed420166d2dd63f59f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:0e:4d:47:a1:75:15:d1:be:e1:53:57:d2:72:
                    26:da:dd:89:7a:8b:e6:83:9d:0c:02:2c:eb:b6:f8:
                    8a:44:3d:02:b0:63:0d:4a:81:17:45:b5:13:6a:e4:
                    65:14:e9:00:83:09:05:44:b6:ae:66:cf:2b:ba:23:
                    cd:91:35:86:78:73:bd:65:c5:b6:ce:ef:c0:74:f2:
                    e0:cf:0d:f5:bb:c6:0a:6c:00:89:17:b3:9c:1f:56:
                    12:af:52:d2:9c:ab:89:24:d0:c6:32:3c:c9:a3:b0:
                    ab:40:48:cf:d4:27:d7:ec:ca:96:95:89:8d:5e:40:
                    93:56:ba:0d:cc:58:5d:fb:28:d6:dc:11:ec:8e:4a:
                    bc:99:22:e8:dd:85:b8:b9:48:ad:57:a8:e7:01:be:
                    c0:23:0f:36:bd:8a:b4:30:b6:86:d7:9e:14:c8:48:
                    e2:b3:d7:95:df:cf:d0:b6:d1:bb:1e:02:c8:1f:1d:
                    67:90:a1:2c:3b:ed:6e:88:39:18:9b:56:b8:3a:9b:
                    ed:87:f5:dc:c9:cb:6c:96:29:43:06:b1:5f:bc:c7:
                    ed:b1:95:1f:0c:ef:91:3f:f1:50:e1:19:82:86:29:
                    d7:39:32:ab:ee:3b:e6:71:f4:3e:ca:a9:f2:b4:2c:
                    b2:07:3e:54:d8:79:a7:76:60:db:42:62:3b:d8:7e:
                    58:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:A9:87:7C:B3:53:E0:41:49:07:FE:D4:20:16:6D:2D:D6:3F:59:F4
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/FqmHfLNT4EFJB_7UIBZtLdY_WfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.202.0/24
                  185.254.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:55:9f:85:aa:d8:ea:00:a0:e6:68:96:36:a9:22:90:87:b4:
         26:c5:cc:4c:54:2d:80:96:ca:bb:2e:1e:57:38:73:ac:27:55:
         4f:5b:3c:d8:16:3a:bd:79:b2:07:54:d0:82:7c:be:ca:fe:73:
         1f:af:24:97:b2:91:4c:61:a1:4c:e9:30:b4:eb:ee:2e:ce:40:
         04:3d:d9:77:26:4c:14:3d:b6:d7:0b:ad:88:90:ad:d9:05:69:
         12:f9:7c:b6:9f:5f:0e:54:9a:fd:7b:8f:37:52:1c:98:1e:90:
         7e:b5:06:34:4e:57:da:c7:a2:dc:9e:8e:f1:0c:6a:9d:40:8d:
         a4:f6:94:1d:23:27:75:a3:1a:3d:94:93:da:f3:b6:df:6b:1c:
         52:65:a4:02:a7:5c:5d:f7:d8:6e:38:c7:ef:99:f5:dc:36:af:
         0a:41:e9:83:0f:54:9b:f0:fc:2c:99:5e:5f:7a:03:e5:00:32:
         72:fe:9e:1f:cf:a2:0e:bd:05:0a:ea:b4:5f:43:0b:cc:b7:52:
         39:24:13:df:d4:91:30:b2:71:32:9e:59:36:50:0e:ec:55:01:
         22:29:57:c4:f4:4d:b7:81:dc:dd:c2:53:f6:6e:56:88:24:7a:
         ee:81:8f:e5:ea:9b:de:a2:65:d2:26:e2:62:73:cb:2d:8b:ca:
         55:ca:12:89
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJPjxbqkPup3gTikSygT0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTAxMDgzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmE5ODc3Y2IzNTNlMDQxNDkwN2ZlZDQyMDE2NmQyZGQ2M2Y1OWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhA5NR6F1FdG+4VNX0nIm2t2Jeovm
g50MAizrtviKRD0CsGMNSoEXRbUTauRlFOkAgwkFRLauZs8ruiPNkTWGeHO9ZcW2
zu/AdPLgzw31u8YKbACJF7OcH1YSr1LSnKuJJNDGMjzJo7CrQEjP1CfX7MqWlYmN
XkCTVroNzFhd+yjW3BHsjkq8mSLo3YW4uUitV6jnAb7AIw82vYq0MLaG154UyEji
s9eV38/QttG7HgLIHx1nkKEsO+1uiDkYm1a4Opvth/XcyctslilDBrFfvMftsZUf
DO+RP/FQ4RmChinXOTKr7jvmcfQ+yqnytCyyBz5U2HmndmDbQmI72H5YZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBaph3yzU+BBSQf+1CAWbS3WP1n0MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvRnFtSGZMTlQ0RUZKQl83VUlCWnRMZFlfV2ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAufnKAwQA
uf4cMA0GCSqGSIb3DQEBCwUAA4IBAQAJVZ+FqtjqAKDmaJY2qSKQh7QmxcxMVC2A
lsq7Lh5XOHOsJ1VPWzzYFjq9ebIHVNCCfL7K/nMfrySXspFMYaFM6TC06+4uzkAE
Pdl3JkwUPbbXC62IkK3ZBWkS+Xy2n18OVJr9e483UhyYHpB+tQY0Tlfax6Lcno7x
DGqdQI2k9pQdIyd1oxo9lJPa87bfaxxSZaQCp1xd99huOMfvmfXcNq8KQemDD1Sb
8PwsmV5fegPlADJy/p4fz6IOvQUK6rRfQwvMt1I5JBPf1JEwsnEynlk2UA7sVQEi
KVfE9E23gdzdwlP2blaIJHrugY/l6pveomXSJuJic8sti8pVyhKJ
-----END CERTIFICATE-----