Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/fw-kOSOsfayZFU4vk1Ua9xaf6pA.roa
File:                     fw-kOSOsfayZFU4vk1Ua9xaf6pA.roa (raw, json)
Hash identifier:          rRWiURESxxwAifcxJzs9L6TxWVAcoFUjskxZHNfg81A=
Subject key identifier:   7F:0F:A4:39:23:AC:7D:AC:99:15:4E:2F:93:55:1A:F7:16:9F:EA:90
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A0FCAB46E8EFDD578CD85E3C49510
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/fw-kOSOsfayZFU4vk1Ua9xaf6pA.roa
Signing time:             Tue 02 Jan 2024 12:33:23 +0000
ROA not before:           Tue 02 Jan 2024 12:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51503
IP address blocks:        146.120.232.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:0f:ca:b4:6e:8e:fd:d5:78:cd:85:e3:c4:95:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f0fa43923ac7dac99154e2f93551af7169fea90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:f4:21:ad:79:f4:aa:1e:7d:1e:6e:5b:d9:ce:
                    2e:75:08:a5:4b:ef:bd:e1:71:a6:ef:7f:0b:89:87:
                    4a:88:57:f4:7b:14:21:cc:09:6a:25:cc:eb:f1:dc:
                    59:db:5f:78:7b:64:de:3c:12:36:d4:7f:bd:30:77:
                    2f:0d:39:97:c6:58:71:b1:2e:42:88:3c:15:8d:1d:
                    a4:c9:f7:4d:df:09:83:48:d6:df:d4:49:bc:d2:66:
                    5c:62:4b:9f:35:94:e7:01:f2:5c:26:23:6b:36:6d:
                    e8:cd:85:3c:94:6f:a2:d5:51:b6:cd:c8:01:41:f3:
                    17:36:6e:1e:6c:07:bb:61:ac:37:ba:64:b1:df:6a:
                    f7:d2:f9:9c:77:16:31:65:2b:72:18:df:c1:2f:0b:
                    92:e9:7e:5f:9c:af:c1:1a:ec:49:1d:41:c8:5a:0f:
                    42:82:9e:94:c1:b8:a7:18:3d:d0:30:92:21:53:ec:
                    f8:34:93:3f:d5:ee:d0:df:6b:65:47:06:f7:12:65:
                    8e:cf:5d:a2:6c:89:72:b9:ed:98:c2:8c:e8:0d:a1:
                    7f:19:ef:6b:55:2d:88:90:df:01:c1:54:40:22:8a:
                    4e:e1:bb:3b:43:15:87:d0:e7:4a:9a:d8:e3:f4:12:
                    c8:c7:ea:1e:24:01:70:73:f9:7d:9e:92:ae:69:78:
                    ee:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:0F:A4:39:23:AC:7D:AC:99:15:4E:2F:93:55:1A:F7:16:9F:EA:90
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/fw-kOSOsfayZFU4vk1Ua9xaf6pA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ab:61:84:aa:8c:e1:fd:d1:0a:4a:96:5b:1f:42:33:f5:22:a0:
         48:37:a8:87:f5:63:28:26:e4:84:b8:10:62:6c:5a:21:99:24:
         f4:bb:d5:4f:e5:96:c3:12:d3:07:58:54:d4:ed:76:6f:bb:2d:
         7a:c0:a0:18:23:54:4e:f8:e0:36:eb:83:06:3a:2e:d9:d6:e0:
         63:96:84:d8:52:17:27:18:a7:96:4b:e1:90:60:e6:86:5f:00:
         2f:57:b5:01:81:6d:26:f5:f5:0b:ce:1e:80:a9:2b:97:5e:58:
         14:98:e4:2a:58:42:eb:5e:8b:b7:26:c6:2d:bc:1c:a3:65:4c:
         dd:ec:0b:04:c1:50:fb:f2:63:c0:07:3a:60:fa:01:5b:1a:13:
         83:e9:b1:bf:5d:83:4b:92:96:07:90:3f:64:33:be:cf:2d:80:
         62:c2:2a:2c:25:51:05:6a:ea:f6:ff:73:48:17:c5:4e:3a:0c:
         de:ae:50:ea:33:d4:45:0d:3f:b7:21:00:d2:95:b7:1a:7a:f7:
         b8:4c:b1:da:f3:dd:f8:dc:4e:4b:a4:57:fa:83:1e:6b:12:c4:
         43:85:7a:81:63:3d:f7:57:c6:72:a6:61:b1:3c:45:34:ef:bd:
         fa:3f:77:8b:31:0c:db:c3:3c:cf:b1:e2:70:3f:b1:4b:53:3b:
         ac:41:9b:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKg/KtG6O/dV4zYXjxJUQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjBmYTQzOTIzYWM3ZGFjOTkxNTRlMmY5MzU1MWFmNzE2OWZlYTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfQhrXn0qh59Hm5b2c4udQilS++9
4XGm738LiYdKiFf0exQhzAlqJczr8dxZ2194e2TePBI21H+9MHcvDTmXxlhxsS5C
iDwVjR2kyfdN3wmDSNbf1Em80mZcYkufNZTnAfJcJiNrNm3ozYU8lG+i1VG2zcgB
QfMXNm4ebAe7Yaw3umSx32r30vmcdxYxZStyGN/BLwuS6X5fnK/BGuxJHUHIWg9C
gp6UwbinGD3QMJIhU+z4NJM/1e7Q32tlRwb3EmWOz12ibIlyue2YwozoDaF/Ge9r
VS2IkN8BwVRAIopO4bs7QxWH0OdKmtjj9BLIx+oeJAFwc/l9npKuaXjuUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8PpDkjrH2smRVOL5NVGvcWn+qQMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvZncta09TT3NmYXlaRlU0dmsxVWE5eGFmNnBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBknjoMA0G
CSqGSIb3DQEBCwUAA4IBAQCrYYSqjOH90QpKllsfQjP1IqBIN6iH9WMoJuSEuBBi
bFohmST0u9VP5ZbDEtMHWFTU7XZvuy16wKAYI1RO+OA264MGOi7Z1uBjloTYUhcn
GKeWS+GQYOaGXwAvV7UBgW0m9fULzh6AqSuXXlgUmOQqWELrXou3JsYtvByjZUzd
7AsEwVD78mPABzpg+gFbGhOD6bG/XYNLkpYHkD9kM77PLYBiwiosJVEFaur2/3NI
F8VOOgzerlDqM9RFDT+3IQDSlbcaeve4TLHa89343E5LpFf6gx5rEsRDhXqBYz33
V8ZypmGxPEU07736P3eLMQzbwzzPseJwP7FLUzusQZv0
-----END CERTIFICATE-----