Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/fFgtbnHctJVUXeCViDihNjaAwbk.roa
File:                     fFgtbnHctJVUXeCViDihNjaAwbk.roa (raw, json)
Hash identifier:          jsSCl8nzx07tptfUnKmO2wNC/yu+Cu6KesL4SpUardc=
Subject key identifier:   7C:58:2D:6E:71:DC:B4:95:54:5D:E0:95:88:38:A1:36:36:80:C1:B9
Certificate issuer:       /CN=2e249793e5924a9f25f3a0a8dd994b374eb937d2
Certificate serial:       018CC500B2C5581EBFC78BF9EA77A0C5FB05
Authority key identifier: 2E:24:97:93:E5:92:4A:9F:25:F3:A0:A8:DD:99:4B:37:4E:B9:37:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiSXk-WSSp8l86Co3ZlLN065N9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/fFgtbnHctJVUXeCViDihNjaAwbk.roa
Signing time:             Mon 01 Jan 2024 12:30:06 +0000
ROA not before:           Mon 01 Jan 2024 12:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42525
IP address blocks:        185.125.80.0/22 maxlen: 24
                          176.67.184.0/21 maxlen: 24
                          2a06:b740::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/LiSXk-WSSp8l86Co3ZlLN065N9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/LiSXk-WSSp8l86Co3ZlLN065N9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiSXk-WSSp8l86Co3ZlLN065N9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b2:c5:58:1e:bf:c7:8b:f9:ea:77:a0:c5:fb:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e249793e5924a9f25f3a0a8dd994b374eb937d2
        Validity
            Not Before: Jan  1 12:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c582d6e71dcb495545de0958838a1363680c1b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:74:2b:67:a8:34:52:77:dd:80:06:01:c1:fd:
                    42:f8:3d:b4:33:65:47:2a:ed:08:31:8e:14:c5:d2:
                    64:e1:65:b8:32:a3:cd:b8:92:de:54:83:4a:78:98:
                    46:e0:d2:e3:e5:35:45:88:31:89:59:33:45:8c:66:
                    12:19:eb:b0:1a:71:a5:14:9c:8d:91:72:8b:ec:33:
                    9c:cb:8a:03:6a:26:e6:a2:70:7e:54:0f:f3:25:63:
                    6c:f9:45:8b:b9:3d:0b:cc:62:ce:e3:02:1f:70:96:
                    3f:42:a1:a8:d3:17:0f:94:16:0f:f9:7d:8a:92:d3:
                    e9:c2:8d:20:1b:ed:5c:57:05:b7:23:05:b8:f1:84:
                    4b:e4:7e:d6:ce:fc:8e:ac:26:f1:7f:14:d7:9c:61:
                    3c:22:be:c6:7e:ce:bc:12:67:38:b2:fd:c6:c0:4a:
                    f2:1c:d2:17:d7:a8:18:93:79:75:21:99:07:bf:73:
                    9e:ba:19:bd:ce:6e:1f:73:e1:bc:e4:58:94:8b:fb:
                    05:0f:fc:e9:00:01:ff:48:13:e8:f0:97:98:a4:54:
                    65:df:9d:d5:99:48:cd:78:ab:69:61:c5:3c:e3:6e:
                    bc:c5:77:15:ed:44:ee:ad:0d:06:e3:41:bc:1d:a3:
                    15:8c:e6:52:11:85:d1:4e:27:9c:20:71:96:f6:0e:
                    1a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:58:2D:6E:71:DC:B4:95:54:5D:E0:95:88:38:A1:36:36:80:C1:B9
            X509v3 Authority Key Identifier:
                keyid:2E:24:97:93:E5:92:4A:9F:25:F3:A0:A8:DD:99:4B:37:4E:B9:37:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiSXk-WSSp8l86Co3ZlLN065N9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/fFgtbnHctJVUXeCViDihNjaAwbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/LiSXk-WSSp8l86Co3ZlLN065N9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.67.184.0/21
                  185.125.80.0/22
                IPv6:
                  2a06:b740::/29

    Signature Algorithm: sha256WithRSAEncryption
         c8:25:05:d1:13:e9:7f:80:b8:da:2c:c9:dc:dd:a6:d9:7a:b5:
         06:d1:16:e4:c0:94:ae:b4:89:94:4e:79:ae:6e:7e:03:fa:ec:
         e9:83:70:7e:14:1d:78:ae:63:ae:03:8b:69:65:5d:58:b7:86:
         3a:ff:f3:8f:f7:8a:ee:85:a2:f1:fc:68:5c:4b:fa:34:08:8d:
         73:c0:99:46:1c:51:8b:b0:9e:d8:be:2c:5c:e6:5a:18:8f:57:
         7a:c5:a8:38:e5:6e:d4:dd:33:9a:28:d1:63:45:5c:4a:9e:ba:
         11:35:86:e6:84:c5:39:72:90:b6:57:7e:8f:c6:2d:1c:71:14:
         dd:83:80:13:2c:0d:18:7e:c2:00:c5:6e:a2:bb:3e:59:6d:8d:
         2e:60:ff:c9:fc:82:69:0c:bf:e4:45:ca:77:5e:41:69:ce:a2:
         bb:6a:3f:f6:dc:8b:16:bd:32:2d:10:83:80:c3:39:e3:ff:c6:
         3f:d4:a7:36:9c:fe:9b:58:d3:67:e7:4a:2d:55:9e:25:b6:d0:
         6d:bf:c2:b0:99:86:45:a2:0e:e3:42:a9:fe:69:c4:5b:8d:90:
         35:c0:71:d8:38:12:23:50:0a:9c:ab:af:7c:a6:c7:df:93:bb:
         ae:09:76:4e:67:e4:cd:6f:54:3a:1f:be:e6:a8:33:8f:a4:c4:
         b6:af:1f:9f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFALLFWB6/x4v56negxfsFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMjQ5NzkzZTU5MjRhOWYyNWYzYTBhOGRkOTk0YjM3NGVi
OTM3ZDIwHhcNMjQwMTAxMTIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzU4MmQ2ZTcxZGNiNDk1NTQ1ZGUwOTU4ODM4YTEzNjM2ODBjMWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3QrZ6g0UnfdgAYBwf1C+D20M2VH
Ku0IMY4UxdJk4WW4MqPNuJLeVINKeJhG4NLj5TVFiDGJWTNFjGYSGeuwGnGlFJyN
kXKL7DOcy4oDaibmonB+VA/zJWNs+UWLuT0LzGLO4wIfcJY/QqGo0xcPlBYP+X2K
ktPpwo0gG+1cVwW3IwW48YRL5H7WzvyOrCbxfxTXnGE8Ir7Gfs68Emc4sv3GwEry
HNIX16gYk3l1IZkHv3Oeuhm9zm4fc+G85FiUi/sFD/zpAAH/SBPo8JeYpFRl353V
mUjNeKtpYcU84268xXcV7UTurQ0G40G8HaMVjOZSEYXRTiecIHGW9g4aTwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHxYLW5x3LSVVF3glYg4oTY2gMG5MB8GA1UdIwQY
MBaAFC4kl5PlkkqfJfOgqN2ZSzdOuTfSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGlTWGstV1NTcDhsODZDbzNabExOMDY1TjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9iZmJjOGUtZWFiNS00ZjIwLThlZWEt
OTZiZjE0M2ViNDUyLzEvZkZndGJuSGN0SlZVWGVDVmlEaWhOamFBd2JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9iZmJjOGUtZWFiNS00ZjIwLThlZWEtOTZiZjE0M2ViNDUy
LzEvTGlTWGstV1NTcDhsODZDbzNabExOMDY1TjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDsEO4AwQC
uX1QMA0EAgACMAcDBQMqBrdAMA0GCSqGSIb3DQEBCwUAA4IBAQDIJQXRE+l/gLja
LMnc3abZerUG0RbkwJSutImUTnmubn4D+uzpg3B+FB14rmOuA4tpZV1Yt4Y6//OP
94ruhaLx/GhcS/o0CI1zwJlGHFGLsJ7Yvixc5loYj1d6xag45W7U3TOaKNFjRVxK
nroRNYbmhMU5cpC2V36Pxi0ccRTdg4ATLA0YfsIAxW6iuz5ZbY0uYP/J/IJpDL/k
Rcp3XkFpzqK7aj/23IsWvTItEIOAwznj/8Y/1Kc2nP6bWNNn50otVZ4lttBtv8Kw
mYZFog7jQqn+acRbjZA1wHHYOBIjUAqcq698psffk7uuCXZOZ+TNb1Q6H77mqDOP
pMS2rx+f
-----END CERTIFICATE-----