Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/fyq7C57RYZBzlsjMBAhIwRXOIXE.roa
File:                     fyq7C57RYZBzlsjMBAhIwRXOIXE.roa (raw, json)
Hash identifier:          2wDNE0IkxGSv5FGJGagl1MR3dP0Xyal4mzFhIXOAwbM=
Subject key identifier:   7F:2A:BB:0B:9E:D1:61:90:73:96:C8:CC:04:08:48:C1:15:CE:21:71
Certificate issuer:       /CN=2e249793e5924a9f25f3a0a8dd994b374eb937d2
Certificate serial:       018CC500B299F9412BC3315B221D278E6CE2
Authority key identifier: 2E:24:97:93:E5:92:4A:9F:25:F3:A0:A8:DD:99:4B:37:4E:B9:37:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiSXk-WSSp8l86Co3ZlLN065N9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/fyq7C57RYZBzlsjMBAhIwRXOIXE.roa
Signing time:             Mon 01 Jan 2024 12:30:06 +0000
ROA not before:           Mon 01 Jan 2024 12:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        185.125.80.0/22 maxlen: 24
                          176.67.184.0/21 maxlen: 24
                          2a06:b740::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/LiSXk-WSSp8l86Co3ZlLN065N9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/LiSXk-WSSp8l86Co3ZlLN065N9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiSXk-WSSp8l86Co3ZlLN065N9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b2:99:f9:41:2b:c3:31:5b:22:1d:27:8e:6c:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e249793e5924a9f25f3a0a8dd994b374eb937d2
        Validity
            Not Before: Jan  1 12:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f2abb0b9ed161907396c8cc040848c115ce2171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:b9:d6:b2:61:5c:9e:e2:45:9e:ab:02:1e:20:
                    42:f4:f2:54:db:18:f6:c0:3e:3f:4f:35:76:fa:60:
                    e6:72:50:88:74:a5:65:94:f4:22:fc:14:5f:d5:b7:
                    92:9d:7b:d0:fe:4c:54:4b:e9:20:52:39:d4:05:aa:
                    97:80:39:85:97:50:31:7f:cd:21:d6:b0:df:41:d7:
                    58:65:05:4c:2a:8b:ce:69:d6:55:87:78:fa:c9:be:
                    65:29:6d:f3:16:ad:3f:5f:b8:33:81:a9:f6:2e:78:
                    cd:bc:ce:2e:01:91:f0:a6:b6:b7:1a:03:30:16:f1:
                    c7:9d:47:83:97:97:5e:9e:6a:7f:42:5d:54:71:2a:
                    c9:3f:46:8b:b7:d3:5a:2a:a1:49:20:ce:5e:9a:aa:
                    87:93:57:b6:e5:4c:2a:d3:ae:c2:61:25:3e:77:41:
                    8d:88:07:a8:75:05:14:cb:40:96:7e:76:26:df:8c:
                    f2:68:8a:fa:bc:50:62:b6:45:a8:3f:98:de:6e:57:
                    dc:6e:e0:de:22:1a:93:87:77:f5:43:da:bb:29:86:
                    a1:8d:80:c8:fd:56:12:9b:db:21:18:9d:2d:a0:dc:
                    6e:95:8f:ae:82:7e:e0:5f:bc:f7:92:1b:8a:31:0c:
                    56:2c:9d:83:1c:ad:99:26:78:f3:91:df:c0:8d:50:
                    0c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:2A:BB:0B:9E:D1:61:90:73:96:C8:CC:04:08:48:C1:15:CE:21:71
            X509v3 Authority Key Identifier:
                keyid:2E:24:97:93:E5:92:4A:9F:25:F3:A0:A8:DD:99:4B:37:4E:B9:37:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiSXk-WSSp8l86Co3ZlLN065N9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/fyq7C57RYZBzlsjMBAhIwRXOIXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/LiSXk-WSSp8l86Co3ZlLN065N9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.67.184.0/21
                  185.125.80.0/22
                IPv6:
                  2a06:b740::/29

    Signature Algorithm: sha256WithRSAEncryption
         d4:1d:8a:ae:b0:c2:0f:22:20:ed:5c:52:21:72:fd:a3:06:02:
         90:28:7e:ba:3b:56:a7:83:55:62:ae:ff:7c:60:2b:b0:46:06:
         49:74:39:70:29:8a:82:6c:b9:67:b6:77:37:22:a1:88:3a:cb:
         39:ff:c4:41:3d:1d:98:63:5b:63:c0:74:a7:21:41:6a:de:8f:
         20:98:e6:ea:f6:67:e8:c8:3e:12:56:a8:2d:bd:5c:95:7e:d2:
         1a:0f:06:e4:0d:9e:0a:3d:48:e6:42:a3:a2:94:0b:f6:34:c8:
         16:f4:f2:8e:42:d8:54:92:3c:93:68:0e:45:81:99:ae:86:5f:
         22:da:66:97:6e:0b:1e:10:a2:e2:73:72:92:5f:50:d3:44:40:
         8d:14:09:fa:8d:6f:2a:5c:e4:5a:fe:f2:2f:86:8f:d7:a0:5c:
         4f:b7:a3:a1:d2:f3:19:bf:10:9f:f2:50:f6:b1:4d:54:3a:56:
         32:b0:fa:84:44:e0:8d:c2:e9:ec:ff:ad:b9:d7:00:bd:a1:7b:
         95:b7:19:36:bd:64:cf:d0:f1:44:00:12:33:88:07:dd:7d:0e:
         e8:d1:26:1a:98:03:1e:33:d5:d3:fe:b3:ed:1d:65:cd:7f:6d:
         a4:74:c3:ad:aa:26:92:dd:fd:27:ca:18:0e:2f:82:43:2c:8b:
         4f:54:54:59
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFALKZ+UErwzFbIh0njmziMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMjQ5NzkzZTU5MjRhOWYyNWYzYTBhOGRkOTk0YjM3NGVi
OTM3ZDIwHhcNMjQwMTAxMTIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjJhYmIwYjllZDE2MTkwNzM5NmM4Y2MwNDA4NDhjMTE1Y2UyMTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrnWsmFcnuJFnqsCHiBC9PJU2xj2
wD4/TzV2+mDmclCIdKVllPQi/BRf1beSnXvQ/kxUS+kgUjnUBaqXgDmFl1Axf80h
1rDfQddYZQVMKovOadZVh3j6yb5lKW3zFq0/X7gzgan2LnjNvM4uAZHwpra3GgMw
FvHHnUeDl5denmp/Ql1UcSrJP0aLt9NaKqFJIM5emqqHk1e25Uwq067CYSU+d0GN
iAeodQUUy0CWfnYm34zyaIr6vFBitkWoP5jeblfcbuDeIhqTh3f1Q9q7KYahjYDI
/VYSm9shGJ0toNxulY+ugn7gX7z3khuKMQxWLJ2DHK2ZJnjzkd/AjVAMtQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFH8quwue0WGQc5bIzAQISMEVziFxMB8GA1UdIwQY
MBaAFC4kl5PlkkqfJfOgqN2ZSzdOuTfSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGlTWGstV1NTcDhsODZDbzNabExOMDY1TjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9iZmJjOGUtZWFiNS00ZjIwLThlZWEt
OTZiZjE0M2ViNDUyLzEvZnlxN0M1N1JZWkJ6bHNqTUJBaEl3UlhPSVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9iZmJjOGUtZWFiNS00ZjIwLThlZWEtOTZiZjE0M2ViNDUy
LzEvTGlTWGstV1NTcDhsODZDbzNabExOMDY1TjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDsEO4AwQC
uX1QMA0EAgACMAcDBQMqBrdAMA0GCSqGSIb3DQEBCwUAA4IBAQDUHYqusMIPIiDt
XFIhcv2jBgKQKH66O1ang1Virv98YCuwRgZJdDlwKYqCbLlntnc3IqGIOss5/8RB
PR2YY1tjwHSnIUFq3o8gmObq9mfoyD4SVqgtvVyVftIaDwbkDZ4KPUjmQqOilAv2
NMgW9PKOQthUkjyTaA5FgZmuhl8i2maXbgseEKLic3KSX1DTRECNFAn6jW8qXORa
/vIvho/XoFxPt6Oh0vMZvxCf8lD2sU1UOlYysPqEROCNwuns/6251wC9oXuVtxk2
vWTP0PFEABIziAfdfQ7o0SYamAMeM9XT/rPtHWXNf22kdMOtqiaS3f0nyhgOL4JD
LItPVFRZ
-----END CERTIFICATE-----