Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/fWbVJX9P1SDkwgPOEDhITBpmXLM.roa
File:                     fWbVJX9P1SDkwgPOEDhITBpmXLM.roa (raw, json)
Hash identifier:          awOhH1+rfmMGsZjb1tXrXloNQmCW+UpADHuSwxUeGDU=
Subject key identifier:   7D:66:D5:25:7F:4F:D5:20:E4:C2:03:CE:10:38:48:4C:1A:66:5C:B3
Certificate issuer:       /CN=fbac50f19d9930aeec09cd27f508fc502ea14d1f
Certificate serial:       018CC6B7A053E7FA03792639830B79BDFFAF
Authority key identifier: FB:AC:50:F1:9D:99:30:AE:EC:09:CD:27:F5:08:FC:50:2E:A1:4D:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/fWbVJX9P1SDkwgPOEDhITBpmXLM.roa
Signing time:             Mon 01 Jan 2024 20:29:32 +0000
ROA not before:           Mon 01 Jan 2024 20:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203420
IP address blocks:        194.50.176.0/24 maxlen: 24
                          2a0a:4540::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a0:53:e7:fa:03:79:26:39:83:0b:79:bd:ff:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbac50f19d9930aeec09cd27f508fc502ea14d1f
        Validity
            Not Before: Jan  1 20:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d66d5257f4fd520e4c203ce1038484c1a665cb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c0:a7:3d:de:c4:68:8b:9e:23:42:09:cb:00:
                    0f:37:bd:77:5c:c9:55:7a:4f:ed:5c:22:84:70:9b:
                    bb:c8:9e:a2:b7:4b:79:a6:e3:bd:fe:2d:c3:4e:3b:
                    1e:45:9d:35:f1:6a:d4:49:8d:c5:d2:ff:88:52:3d:
                    e1:72:81:12:77:ff:ff:14:17:56:2c:e5:41:3a:a1:
                    48:26:88:78:54:e7:11:5c:13:e7:28:a2:42:50:ce:
                    84:c0:05:1a:15:7a:e9:30:4d:e6:fc:d4:01:fa:13:
                    8d:17:fc:08:7b:e3:ac:cb:14:5c:db:83:3c:c9:0d:
                    98:89:77:1e:40:da:f5:0a:6e:89:20:e2:cf:53:69:
                    3e:50:99:80:ed:60:c6:28:c9:94:b9:87:a4:4d:3f:
                    ce:f6:14:a2:2a:93:0b:93:0e:cd:99:4d:a6:a2:22:
                    60:b1:c3:59:59:3b:47:bd:05:f8:09:6e:a8:80:a2:
                    8a:c6:76:c5:c1:72:c5:91:7e:da:df:b7:3f:3f:62:
                    29:6c:8c:17:de:8f:c1:f3:bd:cb:f9:07:97:21:dd:
                    6f:2e:85:1a:10:54:98:2b:9b:0a:e3:13:54:49:41:
                    48:67:23:4f:72:98:98:af:cd:21:56:7c:43:31:aa:
                    53:98:8f:45:74:d3:1c:3d:52:b3:bd:fa:ee:e2:ca:
                    ac:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:66:D5:25:7F:4F:D5:20:E4:C2:03:CE:10:38:48:4C:1A:66:5C:B3
            X509v3 Authority Key Identifier:
                keyid:FB:AC:50:F1:9D:99:30:AE:EC:09:CD:27:F5:08:FC:50:2E:A1:4D:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/fWbVJX9P1SDkwgPOEDhITBpmXLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.176.0/24
                IPv6:
                  2a0a:4540::/48

    Signature Algorithm: sha256WithRSAEncryption
         37:26:f8:f7:17:2c:c7:08:8f:a0:2f:8a:a0:3f:24:a4:05:ac:
         61:29:49:80:19:d7:ef:83:30:17:2d:a1:d8:5d:56:56:1a:40:
         fd:1d:37:53:c6:dd:ef:ba:9a:64:bf:f3:d9:44:ac:89:5c:27:
         b3:5a:17:e9:54:7c:fc:9a:b8:2c:28:56:ac:78:fc:50:25:d7:
         a2:78:8a:a8:e4:37:d7:b4:b4:6b:98:23:1d:c8:8e:52:07:af:
         77:f3:d9:aa:3e:d2:e0:63:83:a9:7b:93:b0:d5:e4:8d:09:e6:
         fa:f2:e1:35:43:33:34:14:6c:91:8f:a0:19:a9:04:12:3e:16:
         75:72:a6:03:65:cf:e6:34:b2:b8:15:e8:31:b5:e5:a0:a1:37:
         43:80:03:8d:57:cd:30:92:31:a0:3f:7c:16:48:45:c5:de:b1:
         61:2a:31:1b:62:a0:67:c4:68:2c:b1:77:e0:f9:fc:9f:08:63:
         ee:b3:ba:72:b9:5d:9d:98:37:b0:9d:54:23:3d:e5:69:b6:c4:
         15:a8:a1:af:67:72:79:e2:1a:30:32:74:a5:d4:f8:db:59:4c:
         4c:4b:e8:b5:c6:41:8d:59:dc:b2:55:af:80:3a:90:d7:29:fe:
         fe:2c:39:b5:3e:24:99:f9:90:a2:fc:96:4e:3f:e5:32:c7:9e:
         d3:a1:d9:34
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAYzGt6BT5/oDeSY5gwt5vf+vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYWM1MGYxOWQ5OTMwYWVlYzA5Y2QyN2Y1MDhmYzUwMmVh
MTRkMWYwHhcNMjQwMTAxMjAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDY2ZDUyNTdmNGZkNTIwZTRjMjAzY2UxMDM4NDg0YzFhNjY1Y2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucCnPd7EaIueI0IJywAPN713XMlV
ek/tXCKEcJu7yJ6it0t5puO9/i3DTjseRZ018WrUSY3F0v+IUj3hcoESd///FBdW
LOVBOqFIJoh4VOcRXBPnKKJCUM6EwAUaFXrpME3m/NQB+hONF/wIe+OsyxRc24M8
yQ2YiXceQNr1Cm6JIOLPU2k+UJmA7WDGKMmUuYekTT/O9hSiKpMLkw7NmU2moiJg
scNZWTtHvQX4CW6ogKKKxnbFwXLFkX7a37c/P2IpbIwX3o/B873L+QeXId1vLoUa
EFSYK5sK4xNUSUFIZyNPcpiYr80hVnxDMapTmI9FdNMcPVKzvfru4sqsqwIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFH1m1SV/T9Ug5MIDzhA4SEwaZlyzMB8GA1UdIwQY
MBaAFPusUPGdmTCu7AnNJ/UI/FAuoU0fMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS02eFE4WjJaTUs3c0NjMG45UWo4VUM2aFRSOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvOGZjMDlkLTdkMjUtNDI1Yy04Yjkx
LWQ2MmU0NTRiZjM3Zi8xL2ZXYlZKWDlQMVNEa3dnUE9FRGhJVEJwbVhMTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvOGZjMDlkLTdkMjUtNDI1Yy04YjkxLWQ2MmU0NTRiZjM3
Zi8xLzEtNnhROFoyWk1LN3NDYzBuOVFqOFVDNmhUUjguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMAYIKwYBBQUHAQcBAf8EITAfMAwEAgABMAYDBADCMrAw
DwQCAAIwCQMHACoKRUAAADANBgkqhkiG9w0BAQsFAAOCAQEANyb49xcsxwiPoC+K
oD8kpAWsYSlJgBnX74MwFy2h2F1WVhpA/R03U8bd77qaZL/z2USsiVwns1oX6VR8
/Jq4LChWrHj8UCXXoniKqOQ317S0a5gjHciOUgevd/PZqj7S4GODqXuTsNXkjQnm
+vLhNUMzNBRskY+gGakEEj4WdXKmA2XP5jSyuBXoMbXloKE3Q4ADjVfNMJIxoD98
FkhFxd6xYSoxG2KgZ8RoLLF34Pn8nwhj7rO6crldnZg3sJ1UIz3labbEFaihr2dy
eeIaMDJ0pdT421lMTEvotcZBjVncslWvgDqQ1yn+/iw5tT4kmfmQovyWTj/lMsee
06HZNA==
-----END CERTIFICATE-----