Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/def555-9651-4e81-828c-7a94da7d9ee2/1/fWDcUdxTtw9M7xxRmBQR7_1jqgc.roa
File:                     fWDcUdxTtw9M7xxRmBQR7_1jqgc.roa (raw, json)
Hash identifier:          FSnrraQ6fVX1Fd4oEj9ZvdcABXoICd5yXhlTsLyinVE=
Subject key identifier:   7D:60:DC:51:DC:53:B7:0F:4C:EF:1C:51:98:14:11:EF:FD:63:AA:07
Certificate issuer:       /CN=ae6af0d5f38289d34c21ba67c4c39787a42a669e
Certificate serial:       01906F30AA0A1C8FCBAE38AB9C8862A2C83B
Authority key identifier: AE:6A:F0:D5:F3:82:89:D3:4C:21:BA:67:C4:C3:97:87:A4:2A:66:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rmrw1fOCidNMIbpnxMOXh6QqZp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/def555-9651-4e81-828c-7a94da7d9ee2/1/fWDcUdxTtw9M7xxRmBQR7_1jqgc.roa
Signing time:             Mon 01 Jul 2024 16:46:18 +0000
ROA not before:           Mon 01 Jul 2024 16:46:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.11.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/def555-9651-4e81-828c-7a94da7d9ee2/1/rmrw1fOCidNMIbpnxMOXh6QqZp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/def555-9651-4e81-828c-7a94da7d9ee2/1/rmrw1fOCidNMIbpnxMOXh6QqZp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rmrw1fOCidNMIbpnxMOXh6QqZp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 13:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6f:30:aa:0a:1c:8f:cb:ae:38:ab:9c:88:62:a2:c8:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae6af0d5f38289d34c21ba67c4c39787a42a669e
        Validity
            Not Before: Jul  1 16:46:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d60dc51dc53b70f4cef1c51981411effd63aa07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ce:75:8f:24:62:5e:96:27:c8:0a:6e:0b:0d:
                    c4:5f:f7:13:48:72:4d:34:ab:89:29:82:a0:b7:0d:
                    ef:e2:3d:57:19:2d:5d:f0:15:e1:0c:61:1d:fc:35:
                    16:10:e9:a1:c2:0d:d8:6e:f3:fb:3c:0b:4e:67:e3:
                    8d:41:c4:08:c0:0a:09:ae:ae:e1:99:c7:4b:74:2e:
                    6f:fb:25:3d:91:a2:17:15:12:59:38:bb:61:a6:40:
                    a8:36:4d:96:b3:c1:2b:de:cb:24:33:48:b3:cf:9a:
                    af:48:b5:c7:c1:1a:bb:34:8e:73:85:a7:79:4a:1a:
                    34:a2:ce:bd:da:2f:6e:55:22:b6:72:f9:4f:48:4b:
                    fc:64:87:89:5f:1d:07:cc:a5:d5:68:4f:65:f8:77:
                    14:7b:55:5c:56:df:92:f3:57:09:ad:5f:29:b0:8b:
                    80:a0:22:ca:8b:30:65:10:6a:7c:2c:bc:45:e5:67:
                    41:07:04:48:7c:55:1d:16:3e:84:fb:b0:c8:da:f6:
                    4a:d3:db:ae:b2:bd:86:0b:e9:3b:e7:28:6a:e0:8c:
                    30:9f:67:b6:b1:6b:ee:5e:96:6e:3c:ce:74:f7:dc:
                    ae:72:0b:4c:53:8d:39:d6:10:6b:a4:fb:a0:a5:ff:
                    10:8e:c0:f3:ea:03:87:59:c0:92:74:5b:de:fd:c7:
                    f3:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:60:DC:51:DC:53:B7:0F:4C:EF:1C:51:98:14:11:EF:FD:63:AA:07
            X509v3 Authority Key Identifier:
                keyid:AE:6A:F0:D5:F3:82:89:D3:4C:21:BA:67:C4:C3:97:87:A4:2A:66:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rmrw1fOCidNMIbpnxMOXh6QqZp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/def555-9651-4e81-828c-7a94da7d9ee2/1/fWDcUdxTtw9M7xxRmBQR7_1jqgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/def555-9651-4e81-828c-7a94da7d9ee2/1/rmrw1fOCidNMIbpnxMOXh6QqZp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:f5:6d:99:5a:fa:b7:44:de:f2:78:73:48:e0:b9:38:48:46:
         de:3a:e9:0d:0d:e1:c8:01:0d:c3:fa:eb:fd:38:4f:db:fb:1a:
         25:98:ec:43:a3:5e:94:2f:3d:a6:fc:52:e5:f6:c9:96:33:db:
         99:3d:7b:50:2c:ba:5e:cb:fc:33:d4:a4:bc:cd:3f:ef:07:82:
         f1:ef:f0:70:e8:50:1f:ac:16:7a:d4:4d:c3:e2:99:de:72:46:
         94:11:f2:fb:65:cf:57:e8:e2:78:9d:14:81:88:a1:21:55:8d:
         28:a6:aa:da:fe:16:5a:b5:a3:27:84:2e:db:6b:f1:4e:1f:3b:
         3f:7b:d1:3a:38:06:b2:4f:c8:e5:86:9b:fe:02:d8:2d:06:6d:
         94:49:cc:9e:b4:8d:3e:06:f6:f1:19:c1:09:d2:05:35:6d:5f:
         e3:95:64:b0:36:89:76:0f:c5:09:aa:dc:32:92:0d:4a:de:12:
         93:1a:cb:1b:db:bf:83:3f:a5:ac:04:f5:3e:2e:30:97:0b:d2:
         84:48:64:ae:df:37:77:64:70:ab:ef:cb:9b:ed:81:88:e7:79:
         47:0a:d8:d3:07:ee:1b:73:ff:b9:0d:e0:ea:f7:4c:dd:08:22:
         e3:98:91:0d:47:de:c0:f9:6d:d8:09:e0:df:a3:b3:9d:2e:2b:
         d0:47:80:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBvMKoKHI/LrjirnIhiosg7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNmFmMGQ1ZjM4Mjg5ZDM0YzIxYmE2N2M0YzM5Nzg3YTQy
YTY2OWUwHhcNMjQwNzAxMTY0NjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDYwZGM1MWRjNTNiNzBmNGNlZjFjNTE5ODE0MTFlZmZkNjNhYTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuM51jyRiXpYnyApuCw3EX/cTSHJN
NKuJKYKgtw3v4j1XGS1d8BXhDGEd/DUWEOmhwg3YbvP7PAtOZ+ONQcQIwAoJrq7h
mcdLdC5v+yU9kaIXFRJZOLthpkCoNk2Ws8Er3sskM0izz5qvSLXHwRq7NI5zhad5
Sho0os692i9uVSK2cvlPSEv8ZIeJXx0HzKXVaE9l+HcUe1VcVt+S81cJrV8psIuA
oCLKizBlEGp8LLxF5WdBBwRIfFUdFj6E+7DI2vZK09uusr2GC+k75yhq4Iwwn2e2
sWvuXpZuPM5099yucgtMU4051hBrpPugpf8QjsDz6gOHWcCSdFve/cfzqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH1g3FHcU7cPTO8cUZgUEe/9Y6oHMB8GA1UdIwQY
MBaAFK5q8NXzgonTTCG6Z8TDl4ekKmaeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm1ydzFmT0NpZE5NSWJwbnhNT1hoNlFxWnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9kZWY1NTUtOTY1MS00ZTgxLTgyOGMt
N2E5NGRhN2Q5ZWUyLzEvZldEY1VkeFR0dzlNN3h4Um1CUVI3XzFqcWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9kZWY1NTUtOTY1MS00ZTgxLTgyOGMtN2E5NGRhN2Q5ZWUy
LzEvcm1ydzFmT0NpZE5NSWJwbnhNT1hoNlFxWnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQtoMA0G
CSqGSIb3DQEBCwUAA4IBAQCe9W2ZWvq3RN7yeHNI4Lk4SEbeOukNDeHIAQ3D+uv9
OE/b+xolmOxDo16ULz2m/FLl9smWM9uZPXtQLLpey/wz1KS8zT/vB4Lx7/Bw6FAf
rBZ61E3D4pneckaUEfL7Zc9X6OJ4nRSBiKEhVY0opqra/hZataMnhC7ba/FOHzs/
e9E6OAayT8jlhpv+AtgtBm2UScyetI0+BvbxGcEJ0gU1bV/jlWSwNol2D8UJqtwy
kg1K3hKTGssb27+DP6WsBPU+LjCXC9KESGSu3zd3ZHCr78ub7YGI53lHCtjTB+4b
c/+5DeDq90zdCCLjmJENR97A+W3YCeDfo7OdLivQR4BG
-----END CERTIFICATE-----