Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/c067fe-5660-4a97-8d3f-352004bc2282/1/FGSyTgsFny5Z0KXoOJJYE6if7QI.roa
File:                     FGSyTgsFny5Z0KXoOJJYE6if7QI.roa (raw, json)
Hash identifier:          HfZ83Tjwa4M3z0KW/I6XdyqGLr3OLGEOlDdBUu/WQFo=
Subject key identifier:   14:64:B2:4E:0B:05:9F:2E:59:D0:A5:E8:38:92:58:13:A8:9F:ED:02
Certificate issuer:       /CN=5e3bb13ae17c9e554e9ceafcfeb48b41417da7ea
Certificate serial:       018CC42453084913557A46B4D0C771819DAC
Authority key identifier: 5E:3B:B1:3A:E1:7C:9E:55:4E:9C:EA:FC:FE:B4:8B:41:41:7D:A7:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XjuxOuF8nlVOnOr8_rSLQUF9p-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/c067fe-5660-4a97-8d3f-352004bc2282/1/FGSyTgsFny5Z0KXoOJJYE6if7QI.roa
Signing time:             Mon 01 Jan 2024 08:29:24 +0000
ROA not before:           Mon 01 Jan 2024 08:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34372
IP address blocks:        185.192.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/c067fe-5660-4a97-8d3f-352004bc2282/1/XjuxOuF8nlVOnOr8_rSLQUF9p-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/c067fe-5660-4a97-8d3f-352004bc2282/1/XjuxOuF8nlVOnOr8_rSLQUF9p-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XjuxOuF8nlVOnOr8_rSLQUF9p-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:53:08:49:13:55:7a:46:b4:d0:c7:71:81:9d:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e3bb13ae17c9e554e9ceafcfeb48b41417da7ea
        Validity
            Not Before: Jan  1 08:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1464b24e0b059f2e59d0a5e838925813a89fed02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:05:ea:97:5c:db:ad:d6:e8:62:c3:cb:33:c1:
                    66:45:f2:b3:72:a7:ee:ed:d5:bf:08:15:2a:9b:2e:
                    ea:56:3d:df:d9:75:1a:fb:22:a3:23:4a:e9:a9:55:
                    6d:ca:c2:dc:68:c9:2d:75:44:fe:11:8b:86:6f:95:
                    4a:3c:dc:ca:80:3d:ce:ce:6d:7d:d9:2f:d5:ac:d5:
                    b8:de:0b:0f:5b:48:ea:a2:95:cb:87:1e:9d:78:8f:
                    37:3b:3a:dc:e4:b7:4e:f7:2f:2c:51:03:84:55:44:
                    bf:8e:32:82:18:df:d1:e4:bf:ea:99:6f:ef:c5:41:
                    ff:76:2c:3b:48:ae:ec:6b:4d:d0:82:61:13:c6:1c:
                    a5:c7:d4:54:25:98:2e:6a:eb:f3:1f:ff:7d:fd:8a:
                    00:2e:d8:e0:13:b0:29:80:80:cc:3b:c2:e2:28:1f:
                    95:d2:a2:ab:ed:a6:a8:aa:b2:01:72:b2:28:49:bb:
                    b7:c7:06:8e:f3:12:4d:75:61:c4:80:33:91:89:e1:
                    ab:2c:a1:f0:f9:ef:89:55:10:a1:f2:d0:f9:aa:f5:
                    76:c0:1f:ce:e7:31:08:cb:79:f6:89:d7:13:d8:b1:
                    e9:ec:bd:94:b1:13:a2:7d:38:8f:34:ab:93:87:03:
                    2f:64:08:db:19:b1:3e:a6:e7:5e:f9:1b:c1:6e:a4:
                    e8:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:64:B2:4E:0B:05:9F:2E:59:D0:A5:E8:38:92:58:13:A8:9F:ED:02
            X509v3 Authority Key Identifier:
                keyid:5E:3B:B1:3A:E1:7C:9E:55:4E:9C:EA:FC:FE:B4:8B:41:41:7D:A7:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XjuxOuF8nlVOnOr8_rSLQUF9p-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/c067fe-5660-4a97-8d3f-352004bc2282/1/FGSyTgsFny5Z0KXoOJJYE6if7QI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/c067fe-5660-4a97-8d3f-352004bc2282/1/XjuxOuF8nlVOnOr8_rSLQUF9p-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:c6:30:2a:33:d5:df:3b:34:de:24:11:c9:35:46:cf:32:be:
         aa:fe:80:e8:fe:82:73:a0:a4:6f:00:7d:87:05:f0:a2:be:45:
         18:4b:ac:c5:ee:cc:40:78:39:a5:b8:b3:03:77:76:ca:bf:30:
         a0:e0:c8:bc:17:fe:9a:c8:2a:55:fb:ed:9a:dc:d5:db:c4:9a:
         6b:ae:f3:4a:a0:02:89:95:13:a5:8d:b0:9c:fb:56:e5:66:1a:
         50:e4:72:e5:3e:1e:97:ec:15:b7:dd:9c:40:d1:b5:6a:64:5b:
         67:0f:90:4a:43:17:49:4d:00:54:bc:31:f5:8f:99:1c:70:d8:
         d7:a1:87:c8:6a:30:3f:75:09:f0:9f:eb:68:d4:87:5c:78:52:
         f5:a3:08:fa:ee:af:7a:71:48:16:40:b1:49:55:ed:f5:a4:47:
         a7:cf:71:e7:3c:e1:16:ef:18:7b:ab:05:d3:9e:01:db:d0:3c:
         a1:d0:2a:13:04:27:cf:21:c7:2a:4e:47:46:25:89:ff:d1:9b:
         31:85:a9:c8:5c:03:d8:be:da:5b:ba:ee:cf:d7:6c:a0:f1:bb:
         36:33:f9:1c:a0:b8:37:d3:67:6b:e1:cc:8e:45:58:21:a9:be:
         f4:85:27:28:97:1b:3f:e2:21:3e:7f:37:e0:06:25:82:76:a6:
         bf:d2:52:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFMISRNVeka00MdxgZ2sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlM2JiMTNhZTE3YzllNTU0ZTljZWFmY2ZlYjQ4YjQxNDE3
ZGE3ZWEwHhcNMjQwMTAxMDgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDY0YjI0ZTBiMDU5ZjJlNTlkMGE1ZTgzODkyNTgxM2E4OWZlZDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQXql1zbrdboYsPLM8FmRfKzcqfu
7dW/CBUqmy7qVj3f2XUa+yKjI0rpqVVtysLcaMktdUT+EYuGb5VKPNzKgD3Ozm19
2S/VrNW43gsPW0jqopXLhx6deI83Ozrc5LdO9y8sUQOEVUS/jjKCGN/R5L/qmW/v
xUH/diw7SK7sa03QgmETxhylx9RUJZguauvzH/99/YoALtjgE7ApgIDMO8LiKB+V
0qKr7aaoqrIBcrIoSbu3xwaO8xJNdWHEgDORieGrLKHw+e+JVRCh8tD5qvV2wB/O
5zEIy3n2idcT2LHp7L2UsROifTiPNKuThwMvZAjbGbE+pude+RvBbqToXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRksk4LBZ8uWdCl6DiSWBOon+0CMB8GA1UdIwQY
MBaAFF47sTrhfJ5VTpzq/P60i0FBfafqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGp1eE91RjhubFZPbk9yOF9yU0xRVUY5cC1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9jMDY3ZmUtNTY2MC00YTk3LThkM2Yt
MzUyMDA0YmMyMjgyLzEvRkdTeVRnc0ZueTVaMEtYb09KSllFNmlmN1FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9jMDY3ZmUtNTY2MC00YTk3LThkM2YtMzUyMDA0YmMyMjgy
LzEvWGp1eE91RjhubFZPbk9yOF9yU0xRVUY5cC1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucBMMA0G
CSqGSIb3DQEBCwUAA4IBAQBAxjAqM9XfOzTeJBHJNUbPMr6q/oDo/oJzoKRvAH2H
BfCivkUYS6zF7sxAeDmluLMDd3bKvzCg4Mi8F/6ayCpV++2a3NXbxJprrvNKoAKJ
lROljbCc+1blZhpQ5HLlPh6X7BW33ZxA0bVqZFtnD5BKQxdJTQBUvDH1j5kccNjX
oYfIajA/dQnwn+to1IdceFL1owj67q96cUgWQLFJVe31pEenz3HnPOEW7xh7qwXT
ngHb0Dyh0CoTBCfPIccqTkdGJYn/0ZsxhanIXAPYvtpbuu7P12yg8bs2M/kcoLg3
02dr4cyORVghqb70hScolxs/4iE+fzfgBiWCdqa/0lJ2
-----END CERTIFICATE-----