Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/FMAFsYwwEiavOydJiJCgPq_gAek.roa
File:                     FMAFsYwwEiavOydJiJCgPq_gAek.roa (raw, json)
Hash identifier:          FclXJumdy0CR6nD2SzXklGL+/qjyD0TRXtGYF7HSZc8=
Subject key identifier:   14:C0:05:B1:8C:30:12:26:AF:3B:27:49:88:90:A0:3E:AF:E0:01:E9
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01910469BF6B6245665C4D577277B6BC7693
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/FMAFsYwwEiavOydJiJCgPq_gAek.roa
Signing time:             Tue 30 Jul 2024 16:12:04 +0000
ROA not before:           Tue 30 Jul 2024 16:12:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     272889
IP address blocks:        185.181.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:04:69:bf:6b:62:45:66:5c:4d:57:72:77:b6:bc:76:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jul 30 16:12:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14c005b18c301226af3b27498890a03eafe001e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b3:97:0e:93:14:2d:09:bd:24:d8:7f:f3:82:
                    9a:84:02:77:cd:5d:27:46:62:ef:a3:b7:da:5f:8f:
                    82:c4:da:27:52:59:1b:2b:16:9e:32:78:ef:39:3a:
                    d2:5d:f6:8e:39:84:09:29:57:1f:e0:82:cd:5e:3d:
                    82:6b:c6:19:03:de:01:5f:55:8e:4c:0f:29:da:2a:
                    04:2c:87:e9:0c:0b:fd:54:6a:26:56:33:cf:6a:9b:
                    6c:57:0f:7b:05:09:f3:27:71:bb:cc:70:aa:87:ec:
                    1c:ac:d1:19:fe:f4:58:e8:a7:a0:51:ae:60:80:3e:
                    d6:4f:40:05:ee:63:7e:f3:ed:6c:d0:86:b9:6a:fb:
                    51:80:5d:16:88:0e:59:a7:3c:7d:e3:7a:73:65:3c:
                    ca:64:df:cb:59:ac:8f:11:ea:4d:af:44:7a:33:81:
                    a5:ba:b5:60:f3:7f:56:af:68:3f:a8:64:52:e5:e8:
                    43:09:db:6d:66:e7:b0:52:40:82:2f:c2:aa:af:d2:
                    b4:33:53:2f:c0:64:4a:a2:c6:7b:b9:2b:5e:27:bd:
                    8e:8f:71:70:b4:81:07:cb:9d:6b:2a:9a:df:e9:3b:
                    78:ff:62:da:a8:76:a9:3f:72:a6:8c:14:e3:dd:e6:
                    36:7c:24:03:5e:d0:d9:7e:36:af:5d:1e:a0:ad:c3:
                    e9:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:C0:05:B1:8C:30:12:26:AF:3B:27:49:88:90:A0:3E:AF:E0:01:E9
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/FMAFsYwwEiavOydJiJCgPq_gAek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:a7:cf:02:d5:cb:06:f3:67:67:07:30:0b:b3:bf:d7:df:e8:
         29:28:46:be:63:f7:9d:c6:1a:22:bb:e8:12:f1:18:43:9f:92:
         88:10:ea:b0:af:7c:be:5a:a7:4f:be:ca:be:6c:10:93:aa:61:
         95:60:23:a6:b3:cd:c2:48:62:de:4b:62:92:d5:0f:01:78:a1:
         33:5d:0c:c2:e5:cc:29:1e:d3:cb:79:1e:cf:b2:f6:16:c3:dd:
         39:d7:27:ee:1e:5e:2a:4d:ec:37:2f:92:c8:e2:b9:21:5f:8a:
         e6:a0:53:8f:7e:dc:10:17:4a:2b:33:e2:6d:7b:ef:2e:c7:68:
         e1:8c:1c:ac:fb:bd:32:91:f8:d1:30:cf:83:99:46:c2:2a:ef:
         1e:ea:4e:ac:72:35:cf:91:cc:79:db:41:bb:26:57:6e:0f:40:
         69:d8:dc:9d:4c:5c:6e:89:1b:33:98:f4:0f:76:03:28:22:c8:
         a3:20:dc:f2:31:b4:81:d7:a9:00:45:fb:71:e2:d6:0c:4d:61:
         f7:c7:a0:c3:5e:eb:02:a9:cc:be:8a:e2:e6:61:03:f4:8b:17:
         a6:45:05:d8:f5:c4:6f:74:cf:f6:8d:2b:36:75:a9:a6:d4:d6:
         72:7d:e6:7b:66:b4:99:26:c6:46:cd:68:77:cc:bf:68:f4:c0:
         78:b1:8f:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEEab9rYkVmXE1Xcne2vHaTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwNzMwMTYxMjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGMwMDViMThjMzAxMjI2YWYzYjI3NDk4ODkwYTAzZWFmZTAwMWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLOXDpMULQm9JNh/84KahAJ3zV0n
RmLvo7faX4+CxNonUlkbKxaeMnjvOTrSXfaOOYQJKVcf4ILNXj2Ca8YZA94BX1WO
TA8p2ioELIfpDAv9VGomVjPPaptsVw97BQnzJ3G7zHCqh+wcrNEZ/vRY6KegUa5g
gD7WT0AF7mN+8+1s0Ia5avtRgF0WiA5Zpzx943pzZTzKZN/LWayPEepNr0R6M4Gl
urVg839Wr2g/qGRS5ehDCdttZuewUkCCL8Kqr9K0M1MvwGRKosZ7uSteJ72Oj3Fw
tIEHy51rKprf6Tt4/2LaqHapP3KmjBTj3eY2fCQDXtDZfjavXR6grcPplwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBTABbGMMBImrzsnSYiQoD6v4AHpMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvRk1BRnNZd3dFaWF2T3lkSmlKQ2dQcV9nQWVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubUjMA0G
CSqGSIb3DQEBCwUAA4IBAQAop88C1csG82dnBzALs7/X3+gpKEa+Y/edxhoiu+gS
8RhDn5KIEOqwr3y+WqdPvsq+bBCTqmGVYCOms83CSGLeS2KS1Q8BeKEzXQzC5cwp
HtPLeR7PsvYWw9051yfuHl4qTew3L5LI4rkhX4rmoFOPftwQF0orM+Jte+8ux2jh
jBys+70ykfjRMM+DmUbCKu8e6k6scjXPkcx520G7JlduD0Bp2NydTFxuiRszmPQP
dgMoIsijINzyMbSB16kARftx4tYMTWH3x6DDXusCqcy+iuLmYQP0ixemRQXY9cRv
dM/2jSs2damm1NZyfeZ7ZrSZJsZGzWh3zL9o9MB4sY9X
-----END CERTIFICATE-----