Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/474889-6aaf-4c2e-8764-b400600f917a/1/fd9r-f5xHojfcnFd7q_0F-_trtg.roa
File:                     fd9r-f5xHojfcnFd7q_0F-_trtg.roa (raw, json)
Hash identifier:          L7rZnMyPGAJQPgXTBOfYeFq3QRNPy0+yGzCQUOyiBZ4=
Subject key identifier:   7D:DF:6B:F9:FE:71:1E:88:DF:72:71:5D:EE:AF:F4:17:EF:ED:AE:D8
Certificate issuer:       /CN=859fca26d8c52bc165c8e05779fcfe43cc664c13
Certificate serial:       018CC8016CCC52CEDF3B3C441D9562A28E2F
Authority key identifier: 85:9F:CA:26:D8:C5:2B:C1:65:C8:E0:57:79:FC:FE:43:CC:66:4C:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hZ_KJtjFK8FlyOBXefz-Q8xmTBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/474889-6aaf-4c2e-8764-b400600f917a/1/fd9r-f5xHojfcnFd7q_0F-_trtg.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        185.109.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/474889-6aaf-4c2e-8764-b400600f917a/1/hZ_KJtjFK8FlyOBXefz-Q8xmTBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/474889-6aaf-4c2e-8764-b400600f917a/1/hZ_KJtjFK8FlyOBXefz-Q8xmTBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hZ_KJtjFK8FlyOBXefz-Q8xmTBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:04:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6c:cc:52:ce:df:3b:3c:44:1d:95:62:a2:8e:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=859fca26d8c52bc165c8e05779fcfe43cc664c13
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ddf6bf9fe711e88df72715deeaff417efedaed8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:39:47:61:ee:0f:d0:1a:87:ad:28:48:d0:36:
                    7a:97:28:cb:8a:bb:44:04:05:fa:d6:48:e3:69:f2:
                    b6:21:bd:56:f5:ba:e5:cf:c9:94:f3:ef:d3:5a:d2:
                    7a:95:3d:22:e1:5c:95:73:6c:bb:c8:76:b9:16:30:
                    41:a7:81:03:c6:f9:f1:a9:2f:41:51:ea:4f:5d:3e:
                    0c:6b:5a:1f:f7:94:45:7c:ef:4b:6a:94:9a:3d:c6:
                    79:99:80:c3:62:8d:40:a1:f5:ed:91:ac:7c:1a:db:
                    15:54:5b:cd:d1:c4:93:d0:51:dc:75:c3:27:82:25:
                    51:2c:c4:a6:c5:9d:9e:af:db:89:97:de:1a:d9:eb:
                    5a:7d:b9:ec:b9:0f:d8:62:a9:a3:a5:27:81:b1:81:
                    bf:87:a0:bc:62:a6:3a:d4:91:58:93:e4:4d:4f:4e:
                    d7:24:28:b5:82:f7:d7:fc:68:4b:f6:d2:69:c7:d2:
                    ce:92:9a:1a:20:87:55:75:2e:f2:ee:af:f9:05:d2:
                    5e:a4:cf:4e:b2:4d:86:28:55:b5:de:8d:15:01:41:
                    b2:e3:f4:c7:e2:09:9b:2d:de:7f:7d:ef:5e:72:9d:
                    8b:97:6b:75:7e:91:b2:b7:d6:48:40:79:0e:b2:f5:
                    ee:0f:98:20:b7:16:81:93:a4:82:ae:80:54:43:96:
                    8f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:DF:6B:F9:FE:71:1E:88:DF:72:71:5D:EE:AF:F4:17:EF:ED:AE:D8
            X509v3 Authority Key Identifier:
                keyid:85:9F:CA:26:D8:C5:2B:C1:65:C8:E0:57:79:FC:FE:43:CC:66:4C:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hZ_KJtjFK8FlyOBXefz-Q8xmTBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/474889-6aaf-4c2e-8764-b400600f917a/1/fd9r-f5xHojfcnFd7q_0F-_trtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/474889-6aaf-4c2e-8764-b400600f917a/1/hZ_KJtjFK8FlyOBXefz-Q8xmTBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.109.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:32:50:cf:b1:a7:be:41:a0:e2:13:17:cb:86:ea:9d:1c:b0:
         96:90:d6:ff:11:78:1b:55:c8:8a:02:e9:e3:dc:d2:6d:fc:f5:
         de:6d:37:df:14:89:ee:86:09:ef:b2:65:0e:a7:7f:3e:f2:92:
         96:d1:bc:71:cc:bf:f7:f3:ed:ae:93:55:a4:95:22:2d:cc:5b:
         98:61:81:e5:6e:75:8d:7a:31:59:28:fe:d1:0d:bd:e9:40:6d:
         b3:95:72:33:15:03:d2:9d:3a:7f:55:c1:2f:a4:39:0f:d2:6e:
         1e:8f:97:17:89:fc:a0:33:d5:ff:71:eb:03:f4:d1:1b:b5:e7:
         8f:db:87:e4:af:39:82:18:43:f5:08:37:63:2d:97:f7:08:47:
         bf:ca:93:81:14:78:22:15:2d:67:b6:b5:d2:b8:77:b7:b5:03:
         12:1a:8b:3c:9a:10:18:3b:cf:f9:d8:7b:73:82:25:e4:1d:a7:
         c4:52:d9:ee:22:49:8f:4a:d6:41:b5:f2:de:93:39:91:d5:fa:
         e1:62:f0:e8:11:e8:a3:96:8f:37:3d:c3:a2:d8:d0:f8:6b:18:
         18:28:7a:fa:32:d1:5b:af:6d:aa:8c:09:0a:cd:af:c9:76:1f:
         90:07:aa:18:bc:e2:67:20:30:87:d0:e1:3e:05:aa:20:1b:1e:
         64:6e:03:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWzMUs7fOzxEHZVioo4vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1OWZjYTI2ZDhjNTJiYzE2NWM4ZTA1Nzc5ZmNmZTQzY2M2
NjRjMTMwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGRmNmJmOWZlNzExZTg4ZGY3MjcxNWRlZWFmZjQxN2VmZWRhZWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjlHYe4P0BqHrShI0DZ6lyjLirtE
BAX61kjjafK2Ib1W9brlz8mU8+/TWtJ6lT0i4VyVc2y7yHa5FjBBp4EDxvnxqS9B
UepPXT4Ma1of95RFfO9LapSaPcZ5mYDDYo1AofXtkax8GtsVVFvN0cST0FHcdcMn
giVRLMSmxZ2er9uJl94a2etafbnsuQ/YYqmjpSeBsYG/h6C8YqY61JFYk+RNT07X
JCi1gvfX/GhL9tJpx9LOkpoaIIdVdS7y7q/5BdJepM9Osk2GKFW13o0VAUGy4/TH
4gmbLd5/fe9ecp2Ll2t1fpGyt9ZIQHkOsvXuD5ggtxaBk6SCroBUQ5aPnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3fa/n+cR6I33JxXe6v9Bfv7a7YMB8GA1UdIwQY
MBaAFIWfyibYxSvBZcjgV3n8/kPMZkwTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFpfS0p0akZLOEZseU9CWGVmei1ROHhtVEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni80NzQ4ODktNmFhZi00YzJlLTg3NjQt
YjQwMDYwMGY5MTdhLzEvZmQ5ci1mNXhIb2pmY25GZDdxXzBGLV90cnRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni80NzQ4ODktNmFhZi00YzJlLTg3NjQtYjQwMDYwMGY5MTdh
LzEvaFpfS0p0akZLOEZseU9CWGVmei1ROHhtVEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuW3tMA0G
CSqGSIb3DQEBCwUAA4IBAQA5MlDPsae+QaDiExfLhuqdHLCWkNb/EXgbVciKAunj
3NJt/PXebTffFInuhgnvsmUOp38+8pKW0bxxzL/38+2uk1WklSItzFuYYYHlbnWN
ejFZKP7RDb3pQG2zlXIzFQPSnTp/VcEvpDkP0m4ej5cXifygM9X/cesD9NEbteeP
24fkrzmCGEP1CDdjLZf3CEe/ypOBFHgiFS1ntrXSuHe3tQMSGos8mhAYO8/52Htz
giXkHafEUtnuIkmPStZBtfLekzmR1frhYvDoEeijlo83PcOi2ND4axgYKHr6MtFb
r22qjAkKza/Jdh+QB6oYvOJnIDCH0OE+BaogGx5kbgO2
-----END CERTIFICATE-----