Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/5befa7-87fd-44a2-b1f4-3e8f575eddff/1/fzdlvS_Jjx_8geDx6te490fgTcg.roa
File:                     fzdlvS_Jjx_8geDx6te490fgTcg.roa (raw, json)
Hash identifier:          gZPjHug4Om2dCE3QZyd9kxHGdKw3n0l/s2g5p/A1bUU=
Subject key identifier:   7F:37:65:BD:2F:C9:8F:1F:FC:81:E0:F1:EA:D7:B8:F7:47:E0:4D:C8
Certificate issuer:       /CN=761c05753b19bcdb532fdc7f6f47e97e935ba0a2
Certificate serial:       018CC8DCEA1A0A9EB461D752D82628BA7E6F
Authority key identifier: 76:1C:05:75:3B:19:BC:DB:53:2F:DC:7F:6F:47:E9:7E:93:5B:A0:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhwFdTsZvNtTL9x_b0fpfpNboKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/5befa7-87fd-44a2-b1f4-3e8f575eddff/1/fzdlvS_Jjx_8geDx6te490fgTcg.roa
Signing time:             Tue 02 Jan 2024 06:29:30 +0000
ROA not before:           Tue 02 Jan 2024 06:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211329
IP address blocks:        147.236.192.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/5befa7-87fd-44a2-b1f4-3e8f575eddff/1/dhwFdTsZvNtTL9x_b0fpfpNboKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/5befa7-87fd-44a2-b1f4-3e8f575eddff/1/dhwFdTsZvNtTL9x_b0fpfpNboKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhwFdTsZvNtTL9x_b0fpfpNboKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:ea:1a:0a:9e:b4:61:d7:52:d8:26:28:ba:7e:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761c05753b19bcdb532fdc7f6f47e97e935ba0a2
        Validity
            Not Before: Jan  2 06:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f3765bd2fc98f1ffc81e0f1ead7b8f747e04dc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:10:00:ef:04:85:4b:cb:31:49:73:66:a4:a3:
                    36:89:5e:90:63:eb:da:54:c3:13:9c:a6:b3:ff:45:
                    2d:e7:36:45:e4:bb:e2:d7:af:c2:82:8d:ad:f0:b8:
                    e3:c3:29:87:55:62:47:3a:02:8f:df:b4:22:63:fc:
                    9a:58:5c:7f:b3:18:5b:0d:96:2d:92:93:71:be:72:
                    25:58:dd:ff:d4:b4:f4:a1:4c:7f:15:0e:e7:f2:a0:
                    87:d8:4f:9f:f6:49:0f:77:b0:ca:b4:8f:e3:78:a8:
                    c7:42:bd:c9:a2:60:6f:de:9d:52:1e:72:3c:2f:3e:
                    12:70:36:6f:e3:56:67:39:b0:48:fc:8e:70:93:61:
                    ee:5e:74:4d:6c:7b:d9:5c:9e:2a:1a:86:91:48:64:
                    1c:d3:35:cb:2f:cc:62:ae:8b:02:4a:b1:e7:aa:d9:
                    b8:06:f5:61:e8:a2:b1:e4:8e:08:34:aa:f5:d2:74:
                    d1:a8:e0:56:44:7f:d5:37:c1:18:52:da:06:03:16:
                    55:e5:16:bb:7d:db:b7:d4:7d:da:05:5c:f8:04:b3:
                    69:af:e2:c6:55:38:9c:5c:5e:7b:ce:91:51:20:36:
                    c3:55:9d:54:c9:be:c4:ad:62:d2:05:52:cc:37:57:
                    ad:fb:19:f6:5c:3b:20:df:9a:3d:59:52:0d:40:cf:
                    71:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:37:65:BD:2F:C9:8F:1F:FC:81:E0:F1:EA:D7:B8:F7:47:E0:4D:C8
            X509v3 Authority Key Identifier:
                keyid:76:1C:05:75:3B:19:BC:DB:53:2F:DC:7F:6F:47:E9:7E:93:5B:A0:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhwFdTsZvNtTL9x_b0fpfpNboKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/5befa7-87fd-44a2-b1f4-3e8f575eddff/1/fzdlvS_Jjx_8geDx6te490fgTcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/5befa7-87fd-44a2-b1f4-3e8f575eddff/1/dhwFdTsZvNtTL9x_b0fpfpNboKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.236.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:b9:fe:f8:00:c2:3d:f5:ce:a4:60:69:f1:aa:fb:37:62:16:
         a2:88:ba:f2:c5:81:94:a0:41:65:cd:4a:bc:de:3d:cf:e2:f9:
         eb:02:37:64:d2:ac:4a:1b:d9:e1:eb:1d:66:9f:93:c0:73:cf:
         d0:6b:f8:d5:64:9b:c2:0f:95:5b:99:49:49:92:e4:fa:01:cf:
         7a:d5:89:e0:7d:0c:7d:37:ff:38:85:a8:d1:0c:b0:e1:05:b0:
         88:55:aa:39:a4:ec:6d:c1:42:6a:f7:d7:6e:5d:ab:2e:10:ee:
         d8:2a:02:de:e4:5d:52:bf:67:61:d7:20:08:40:8f:b1:e3:a4:
         2e:41:e2:ab:69:e0:be:66:9f:87:15:f8:81:5f:f0:09:b6:d3:
         f7:ad:84:10:47:56:93:6f:67:a6:17:76:fd:5d:6f:37:a6:ce:
         ee:62:63:c6:32:fe:3a:82:07:a5:80:55:97:40:fe:0d:6d:b6:
         d3:eb:67:90:7b:d3:37:58:ce:51:a9:2d:f0:8a:bf:d1:7e:bd:
         1a:e9:83:e5:4f:f9:58:0e:cc:87:b8:bb:41:c4:e5:1a:71:d2:
         57:df:ac:dd:30:32:db:99:f9:dd:28:7e:03:2b:00:1c:b4:75:
         6b:69:4b:9e:5a:07:ba:99:85:a3:6a:45:16:85:dc:7d:2a:bf:
         de:04:53:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3OoaCp60YddS2CYoun5vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2MWMwNTc1M2IxOWJjZGI1MzJmZGM3ZjZmNDdlOTdlOTM1
YmEwYTIwHhcNMjQwMTAyMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjM3NjViZDJmYzk4ZjFmZmM4MWUwZjFlYWQ3YjhmNzQ3ZTA0ZGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxAA7wSFS8sxSXNmpKM2iV6QY+va
VMMTnKaz/0Ut5zZF5Lvi16/Cgo2t8LjjwymHVWJHOgKP37QiY/yaWFx/sxhbDZYt
kpNxvnIlWN3/1LT0oUx/FQ7n8qCH2E+f9kkPd7DKtI/jeKjHQr3JomBv3p1SHnI8
Lz4ScDZv41ZnObBI/I5wk2HuXnRNbHvZXJ4qGoaRSGQc0zXLL8xirosCSrHnqtm4
BvVh6KKx5I4INKr10nTRqOBWRH/VN8EYUtoGAxZV5Ra7fdu31H3aBVz4BLNpr+LG
VTicXF57zpFRIDbDVZ1Uyb7ErWLSBVLMN1et+xn2XDsg35o9WVINQM9xQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH83Zb0vyY8f/IHg8erXuPdH4E3IMB8GA1UdIwQY
MBaAFHYcBXU7GbzbUy/cf29H6X6TW6CiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGh3RmRUc1p2TnRUTDl4X2IwZnBmcE5ib0tJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy81YmVmYTctODdmZC00NGEyLWIxZjQt
M2U4ZjU3NWVkZGZmLzEvZnpkbHZTX0pqeF84Z2VEeDZ0ZTQ5MGZnVGNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy81YmVmYTctODdmZC00NGEyLWIxZjQtM2U4ZjU3NWVkZGZm
LzEvZGh3RmRUc1p2TnRUTDl4X2IwZnBmcE5ib0tJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCk+zAMA0G
CSqGSIb3DQEBCwUAA4IBAQCWuf74AMI99c6kYGnxqvs3YhaiiLryxYGUoEFlzUq8
3j3P4vnrAjdk0qxKG9nh6x1mn5PAc8/Qa/jVZJvCD5VbmUlJkuT6Ac961YngfQx9
N/84hajRDLDhBbCIVao5pOxtwUJq99duXasuEO7YKgLe5F1Sv2dh1yAIQI+x46Qu
QeKraeC+Zp+HFfiBX/AJttP3rYQQR1aTb2emF3b9XW83ps7uYmPGMv46ggelgFWX
QP4NbbbT62eQe9M3WM5RqS3wir/Rfr0a6YPlT/lYDsyHuLtBxOUacdJX36zdMDLb
mfndKH4DKwActHVraUueWge6mYWjakUWhdx9Kr/eBFNp
-----END CERTIFICATE-----