Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/f0c9e3-1c40-4f33-95ce-98d2fee0f87a/1/fbjUmw1dPx_hDTZWTzUhyeTrFNc.roa
File:                     fbjUmw1dPx_hDTZWTzUhyeTrFNc.roa (raw, json)
Hash identifier:          PM/dbxFHCQ87u1Kq1kvqnxboYWMySsCjRzVAGFs5/VU=
Subject key identifier:   7D:B8:D4:9B:0D:5D:3F:1F:E1:0D:36:56:4F:35:21:C9:E4:EB:14:D7
Certificate issuer:       /CN=215a409d27b9a69346324004694da11beae02dbb
Certificate serial:       018CC348A07DC0797278FCA3764128B12510
Authority key identifier: 21:5A:40:9D:27:B9:A6:93:46:32:40:04:69:4D:A1:1B:EA:E0:2D:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVpAnSe5ppNGMkAEaU2hG-rgLbs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/f0c9e3-1c40-4f33-95ce-98d2fee0f87a/1/fbjUmw1dPx_hDTZWTzUhyeTrFNc.roa
Signing time:             Mon 01 Jan 2024 04:29:25 +0000
ROA not before:           Mon 01 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199557
IP address blocks:        185.134.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/f0c9e3-1c40-4f33-95ce-98d2fee0f87a/1/IVpAnSe5ppNGMkAEaU2hG-rgLbs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/f0c9e3-1c40-4f33-95ce-98d2fee0f87a/1/IVpAnSe5ppNGMkAEaU2hG-rgLbs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IVpAnSe5ppNGMkAEaU2hG-rgLbs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a0:7d:c0:79:72:78:fc:a3:76:41:28:b1:25:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215a409d27b9a69346324004694da11beae02dbb
        Validity
            Not Before: Jan  1 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7db8d49b0d5d3f1fe10d36564f3521c9e4eb14d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e7:61:75:3a:41:1c:88:fe:9a:fd:d7:58:d4:
                    17:68:67:bd:a1:b3:d0:8c:b7:74:ee:f9:d8:04:f2:
                    5a:bd:5b:f5:87:0c:8e:21:e2:e7:d5:86:6e:2a:a9:
                    5f:79:4b:b2:78:7a:88:d2:1f:1e:9e:86:b8:b1:d1:
                    84:e6:ff:e7:1e:03:ee:db:b6:2e:29:5b:7a:a0:b5:
                    dd:e0:36:96:28:23:c3:eb:a4:3e:f4:28:38:bd:df:
                    32:7b:34:c9:21:89:d2:a4:b6:78:3a:dd:d5:fe:6e:
                    4b:95:e8:df:09:46:e6:4a:18:70:d3:29:05:19:04:
                    26:0b:66:f5:1d:9a:fb:95:4e:9f:b0:3a:60:f5:bb:
                    e9:fd:04:98:2f:0d:11:e9:00:fa:cb:2a:a1:83:8e:
                    73:df:a0:fc:e1:2f:12:f0:3e:1c:cf:34:a5:dc:f6:
                    b5:34:2b:4d:1e:af:ab:4d:f1:4e:de:d4:db:ce:62:
                    eb:07:ab:54:4b:a8:f4:78:b7:bd:89:06:1a:3b:35:
                    0d:aa:9c:87:47:52:1f:10:c2:95:57:8c:62:e9:a7:
                    02:eb:bd:64:e9:1e:8e:a0:be:4e:b3:14:09:55:19:
                    f7:02:11:0a:47:43:ea:53:73:1c:14:19:f2:f5:b7:
                    a3:17:16:d8:22:2d:14:b7:ae:a2:15:e5:76:5c:fc:
                    fe:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:B8:D4:9B:0D:5D:3F:1F:E1:0D:36:56:4F:35:21:C9:E4:EB:14:D7
            X509v3 Authority Key Identifier:
                keyid:21:5A:40:9D:27:B9:A6:93:46:32:40:04:69:4D:A1:1B:EA:E0:2D:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVpAnSe5ppNGMkAEaU2hG-rgLbs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/f0c9e3-1c40-4f33-95ce-98d2fee0f87a/1/fbjUmw1dPx_hDTZWTzUhyeTrFNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/f0c9e3-1c40-4f33-95ce-98d2fee0f87a/1/IVpAnSe5ppNGMkAEaU2hG-rgLbs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:92:6b:e1:10:c1:4a:02:f2:e1:3e:24:08:1a:b7:e9:d0:60:
         41:43:a1:8a:d2:4b:77:b3:13:6b:2e:4d:bb:0a:9f:60:50:98:
         08:fd:31:47:49:44:5d:c8:62:fa:0a:8c:cc:2e:6c:bb:9b:cc:
         32:1b:50:f7:87:97:94:cb:09:b3:2e:f4:1b:76:68:9f:ab:e7:
         2b:bb:f3:f6:21:20:6b:51:38:5e:c4:f9:30:32:68:07:fa:cc:
         b2:3b:f4:6a:ef:1c:2b:75:fd:24:ef:48:90:45:15:8b:50:24:
         b8:e0:c8:78:a2:89:52:03:3d:1e:32:4e:66:d9:71:b5:c0:e1:
         87:aa:c3:ba:7f:30:62:7c:46:72:d3:7b:fd:64:c2:72:4a:15:
         04:b3:38:d4:3e:b8:03:d4:60:16:46:b1:69:6e:2c:3b:1f:89:
         00:a7:cd:90:39:6d:20:9e:d3:59:c6:8b:7a:63:72:b8:da:5e:
         59:ac:2e:9e:e6:8e:2f:ef:be:d3:9c:e4:74:26:a7:2c:b8:f6:
         50:a4:4e:37:11:75:be:a0:6c:31:87:6e:82:d1:2b:06:b0:f6:
         6c:4c:52:63:ec:3c:07:31:6f:31:21:ab:0f:e1:55:4d:97:fc:
         b8:0c:d4:13:a8:8b:06:77:39:d4:d8:f3:a3:0e:f9:ba:95:93:
         8d:b2:e0:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKB9wHlyePyjdkEosSUQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNWE0MDlkMjdiOWE2OTM0NjMyNDAwNDY5NGRhMTFiZWFl
MDJkYmIwHhcNMjQwMTAxMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGI4ZDQ5YjBkNWQzZjFmZTEwZDM2NTY0ZjM1MjFjOWU0ZWIxNGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqudhdTpBHIj+mv3XWNQXaGe9obPQ
jLd07vnYBPJavVv1hwyOIeLn1YZuKqlfeUuyeHqI0h8enoa4sdGE5v/nHgPu27Yu
KVt6oLXd4DaWKCPD66Q+9Cg4vd8yezTJIYnSpLZ4Ot3V/m5LlejfCUbmShhw0ykF
GQQmC2b1HZr7lU6fsDpg9bvp/QSYLw0R6QD6yyqhg45z36D84S8S8D4czzSl3Pa1
NCtNHq+rTfFO3tTbzmLrB6tUS6j0eLe9iQYaOzUNqpyHR1IfEMKVV4xi6acC671k
6R6OoL5OsxQJVRn3AhEKR0PqU3McFBny9bejFxbYIi0Ut66iFeV2XPz+GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH241JsNXT8f4Q02Vk81Icnk6xTXMB8GA1UdIwQY
MBaAFCFaQJ0nuaaTRjJABGlNoRvq4C27MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZwQW5TZTVwcE5HTWtBRWFVMmhHLXJnTGJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9mMGM5ZTMtMWM0MC00ZjMzLTk1Y2Ut
OThkMmZlZTBmODdhLzEvZmJqVW13MWRQeF9oRFRaV1R6VWh5ZVRyRk5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9mMGM5ZTMtMWM0MC00ZjMzLTk1Y2UtOThkMmZlZTBmODdh
LzEvSVZwQW5TZTVwcE5HTWtBRWFVMmhHLXJnTGJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYawMA0G
CSqGSIb3DQEBCwUAA4IBAQCzkmvhEMFKAvLhPiQIGrfp0GBBQ6GK0kt3sxNrLk27
Cp9gUJgI/TFHSURdyGL6CozMLmy7m8wyG1D3h5eUywmzLvQbdmifq+cru/P2ISBr
UThexPkwMmgH+syyO/Rq7xwrdf0k70iQRRWLUCS44Mh4oolSAz0eMk5m2XG1wOGH
qsO6fzBifEZy03v9ZMJyShUEszjUPrgD1GAWRrFpbiw7H4kAp82QOW0gntNZxot6
Y3K42l5ZrC6e5o4v777TnOR0JqcsuPZQpE43EXW+oGwxh26C0SsGsPZsTFJj7DwH
MW8xIasP4VVNl/y4DNQTqIsGdznU2POjDvm6lZONsuB1
-----END CERTIFICATE-----