Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/6f9b09-a59e-4f90-87c7-72448352b807/1/FgHPz4UWWazGWPYg2sCQc-sj60I.roa
File:                     FgHPz4UWWazGWPYg2sCQc-sj60I.roa (raw, json)
Hash identifier:          MYRhEoAcFZZayKsSqGWhdoYFQKc7NGNnyowbpxLMOW0=
Subject key identifier:   16:01:CF:CF:85:16:59:AC:C6:58:F6:20:DA:C0:90:73:EB:23:EB:42
Certificate issuer:       /CN=8d64e43c75bdc511d524f0c85d009cba76956144
Certificate serial:       018CC6B8FCC58F168CEEEE02269D55123A0E
Authority key identifier: 8D:64:E4:3C:75:BD:C5:11:D5:24:F0:C8:5D:00:9C:BA:76:95:61:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jWTkPHW9xRHVJPDIXQCcunaVYUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/6f9b09-a59e-4f90-87c7-72448352b807/1/FgHPz4UWWazGWPYg2sCQc-sj60I.roa
Signing time:             Mon 01 Jan 2024 20:31:01 +0000
ROA not before:           Mon 01 Jan 2024 20:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38965
IP address blocks:        193.178.197.0/24 maxlen: 24
                          2a04:4345:10::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/6f9b09-a59e-4f90-87c7-72448352b807/1/jWTkPHW9xRHVJPDIXQCcunaVYUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/6f9b09-a59e-4f90-87c7-72448352b807/1/jWTkPHW9xRHVJPDIXQCcunaVYUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jWTkPHW9xRHVJPDIXQCcunaVYUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:fc:c5:8f:16:8c:ee:ee:02:26:9d:55:12:3a:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d64e43c75bdc511d524f0c85d009cba76956144
        Validity
            Not Before: Jan  1 20:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1601cfcf851659acc658f620dac09073eb23eb42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:72:7a:86:27:92:4c:4a:da:61:ed:75:1c:5f:
                    34:10:35:0d:c4:0b:5e:29:d8:1b:6c:8f:1d:80:f4:
                    94:53:e8:e0:fb:a7:8b:c4:33:73:df:9e:15:ba:64:
                    fc:db:68:48:9f:b7:7a:8d:f3:8a:d0:ce:eb:cd:93:
                    70:b8:62:9a:37:1a:b2:c0:4f:18:99:9e:76:69:e6:
                    ca:b4:0c:36:18:b1:33:16:af:a3:9e:92:05:9a:2c:
                    4e:7d:9d:e1:cf:f2:32:73:d9:99:74:7a:bf:65:02:
                    b2:1d:59:51:d4:bb:e8:5d:c8:32:72:bc:81:46:d3:
                    45:60:c6:0f:be:c6:ff:29:7e:04:1e:64:42:88:9b:
                    cd:b0:22:7b:6d:ea:e4:51:f6:93:56:17:b4:e0:33:
                    55:40:a9:59:91:57:17:07:35:7e:da:f3:c8:b6:51:
                    10:90:00:0b:6b:17:e0:9a:42:05:22:34:d2:eb:24:
                    0e:92:9c:97:78:b6:5a:07:f4:4d:e8:c6:8c:81:ab:
                    d2:0c:71:c7:eb:f1:f4:08:1b:39:d7:24:21:98:9a:
                    bb:95:3d:c0:1a:2e:d1:76:99:ed:ec:40:89:cc:03:
                    cf:41:10:99:d3:b4:bb:79:a5:1e:b5:4f:70:dd:2c:
                    53:9d:f3:7e:f9:d0:45:9e:5f:0f:44:28:bd:a5:23:
                    51:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:01:CF:CF:85:16:59:AC:C6:58:F6:20:DA:C0:90:73:EB:23:EB:42
            X509v3 Authority Key Identifier:
                keyid:8D:64:E4:3C:75:BD:C5:11:D5:24:F0:C8:5D:00:9C:BA:76:95:61:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jWTkPHW9xRHVJPDIXQCcunaVYUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/6f9b09-a59e-4f90-87c7-72448352b807/1/FgHPz4UWWazGWPYg2sCQc-sj60I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/6f9b09-a59e-4f90-87c7-72448352b807/1/jWTkPHW9xRHVJPDIXQCcunaVYUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.197.0/24
                IPv6:
                  2a04:4345:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         dc:bd:a9:98:58:83:56:5b:5b:3e:81:8e:3c:95:21:be:ce:58:
         8a:10:43:74:6d:26:81:04:ee:ae:14:9a:b7:44:a3:1b:0f:2c:
         67:b2:c3:c4:07:92:28:96:63:95:4e:27:79:f4:0a:a8:5b:86:
         ac:20:ec:37:23:6b:36:b5:44:24:9a:a8:49:1c:a4:b6:b3:08:
         a7:66:52:35:27:5b:4e:2b:1d:7c:50:c8:16:61:87:a6:7b:69:
         d2:e2:51:70:ca:b4:c1:a7:b1:20:99:48:71:c5:50:13:a8:b4:
         84:aa:1b:0c:f8:ad:4b:96:b5:2b:01:3d:14:4c:54:57:36:3b:
         65:70:b8:c4:7c:de:c2:37:a6:1d:06:d7:56:f8:79:7f:f2:ab:
         4b:14:ec:67:45:95:5d:5c:20:d7:a2:6a:ee:08:ed:90:6d:b4:
         e3:77:0d:62:73:ee:e7:3e:28:fb:10:95:ff:52:3c:75:66:86:
         7d:00:55:7a:de:66:56:e5:fc:2f:31:95:e6:7e:f4:b4:96:b8:
         5b:3f:ae:29:c4:7e:6c:1d:df:ab:bc:b1:2c:1c:49:8c:61:91:
         1f:4a:53:50:06:2b:a1:a0:30:aa:53:6c:85:d8:ed:9b:bc:f3:
         ee:0a:68:25:15:eb:04:82:52:46:7c:83:f6:77:6a:b6:1a:59:
         2e:6a:3e:98
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGuPzFjxaM7u4CJp1VEjoOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNjRlNDNjNzViZGM1MTFkNTI0ZjBjODVkMDA5Y2JhNzY5
NTYxNDQwHhcNMjQwMTAxMjAzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjAxY2ZjZjg1MTY1OWFjYzY1OGY2MjBkYWMwOTA3M2ViMjNlYjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3J6hieSTEraYe11HF80EDUNxAte
KdgbbI8dgPSUU+jg+6eLxDNz354VumT822hIn7d6jfOK0M7rzZNwuGKaNxqywE8Y
mZ52aebKtAw2GLEzFq+jnpIFmixOfZ3hz/Iyc9mZdHq/ZQKyHVlR1LvoXcgycryB
RtNFYMYPvsb/KX4EHmRCiJvNsCJ7berkUfaTVhe04DNVQKlZkVcXBzV+2vPItlEQ
kAALaxfgmkIFIjTS6yQOkpyXeLZaB/RN6MaMgavSDHHH6/H0CBs51yQhmJq7lT3A
Gi7Rdpnt7ECJzAPPQRCZ07S7eaUetU9w3SxTnfN++dBFnl8PRCi9pSNRUwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBYBz8+FFlmsxlj2INrAkHPrI+tCMB8GA1UdIwQY
MBaAFI1k5Dx1vcUR1STwyF0AnLp2lWFEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaldUa1BIVzl4UkhWSlBESVhRQ2N1bmFWWVVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS82ZjliMDktYTU5ZS00ZjkwLTg3Yzct
NzI0NDgzNTJiODA3LzEvRmdIUHo0VVdXYXpHV1BZZzJzQ1FjLXNqNjBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS82ZjliMDktYTU5ZS00ZjkwLTg3YzctNzI0NDgzNTJiODA3
LzEvaldUa1BIVzl4UkhWSlBESVhRQ2N1bmFWWVVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwbLFMA8E
AgACMAkDBwQqBENFABAwDQYJKoZIhvcNAQELBQADggEBANy9qZhYg1ZbWz6BjjyV
Ib7OWIoQQ3RtJoEE7q4UmrdEoxsPLGeyw8QHkiiWY5VOJ3n0Cqhbhqwg7Dcjaza1
RCSaqEkcpLazCKdmUjUnW04rHXxQyBZhh6Z7adLiUXDKtMGnsSCZSHHFUBOotISq
Gwz4rUuWtSsBPRRMVFc2O2VwuMR83sI3ph0G11b4eX/yq0sU7GdFlV1cINeiau4I
7ZBttON3DWJz7uc+KPsQlf9SPHVmhn0AVXreZlbl/C8xleZ+9LSWuFs/rinEfmwd
36u8sSwcSYxhkR9KU1AGK6GgMKpTbIXY7Zu88+4KaCUV6wSCUkZ8g/Z3arYaWS5q
Ppg=
-----END CERTIFICATE-----