Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/1-FnZaP0D_GsE8dtr9-cOJXN4i08.roa
File:                     1-FnZaP0D_GsE8dtr9-cOJXN4i08.roa (raw, json)
Hash identifier:          ZXF+gONjYri1sGnC/kh72MNb8h6oq7h/bJoQKmnUuDs=
Subject key identifier:   F8:59:D9:68:FD:03:FC:6B:04:F1:DB:6B:F7:E7:0E:25:73:78:8B:4F
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       018CC94CA5879D58F72FF641016658180462
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/1-FnZaP0D_GsE8dtr9-cOJXN4i08.roa
Signing time:             Tue 02 Jan 2024 08:31:32 +0000
ROA not before:           Tue 02 Jan 2024 08:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        188.191.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:a5:87:9d:58:f7:2f:f6:41:01:66:58:18:04:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Jan  2 08:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f859d968fd03fc6b04f1db6bf7e70e2573788b4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:68:c2:39:17:fe:00:f8:65:75:cc:8c:7e:49:
                    15:b4:d3:11:08:ce:71:1e:f3:83:db:ca:64:9a:7a:
                    93:fd:70:69:38:ac:55:07:e9:89:28:63:c8:9d:3c:
                    13:a1:c2:fc:a2:ff:a6:b6:f1:6b:81:57:2e:64:8c:
                    e1:b6:b5:f4:27:96:09:48:0f:cc:35:3f:80:92:4a:
                    e9:8e:48:ab:79:f3:9b:b4:29:87:b1:ac:c7:c2:23:
                    8d:ba:e5:a2:89:dd:8a:f2:29:05:22:ad:ae:92:bb:
                    0d:84:48:de:9c:72:d9:0b:55:40:ee:c3:bb:47:d3:
                    f2:29:26:6d:7f:b6:f2:a5:cb:b6:f6:bc:ed:fc:b5:
                    a3:3f:52:8d:ef:cb:5d:e5:ca:2a:57:c7:bb:a4:8c:
                    ac:b0:d0:98:df:09:ed:27:be:8a:42:71:b9:38:24:
                    24:96:a3:63:e8:06:d5:91:51:d6:09:3c:c7:91:50:
                    f3:ac:d8:b3:87:88:05:49:2f:cd:a8:6f:75:3e:90:
                    28:0f:08:e0:ef:19:36:3b:66:f3:36:b3:25:b4:dc:
                    00:71:c8:43:b9:52:ff:b3:6d:47:03:fd:f5:a2:4d:
                    79:cc:38:1a:22:7b:3f:a1:6b:77:6b:c4:8b:17:a0:
                    5d:ef:f5:4b:d2:4f:55:22:55:c1:b8:3d:d4:db:c4:
                    66:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:59:D9:68:FD:03:FC:6B:04:F1:DB:6B:F7:E7:0E:25:73:78:8B:4F
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/1-FnZaP0D_GsE8dtr9-cOJXN4i08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.191.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:80:d0:16:b8:d3:b2:df:a7:34:44:d4:07:fd:b3:61:c4:36:
         fd:a7:fe:69:90:f2:4c:ec:26:17:29:0d:8b:d1:f9:24:f3:a9:
         24:79:9d:86:44:93:ef:b0:30:9b:d7:ff:e6:3e:09:24:0f:3e:
         14:d9:5b:c2:23:ec:fe:ba:d9:7d:36:ce:da:50:35:35:43:80:
         07:9f:c2:57:08:cb:d7:16:9a:1a:18:4c:73:b8:38:1a:0e:9e:
         25:e3:69:0f:87:57:79:e6:b1:de:27:30:6e:f3:68:f1:5c:41:
         3f:21:cc:9f:ab:27:3c:2b:46:5c:9c:13:15:21:93:aa:47:3a:
         bb:40:d4:4c:da:d5:10:84:df:f7:b0:3d:9a:bc:d5:98:66:dd:
         08:8b:05:3e:6c:eb:5e:3d:4a:fa:85:56:d1:50:55:c5:9f:19:
         2f:18:c0:80:37:5a:47:13:1e:d8:43:a8:41:47:6a:69:be:43:
         fe:56:15:2f:3b:8e:3f:fb:71:da:2e:3c:85:eb:08:2c:b9:47:
         65:07:55:c3:55:b6:14:9d:97:d4:fe:2f:28:8e:a7:d2:a4:d2:
         6b:db:55:bd:2f:5d:8d:bf:8b:53:16:c6:72:2e:c7:f7:fb:65:
         4f:55:a6:7c:9b:bb:d2:74:87:55:85:c1:0c:42:65:b7:07:8c:
         85:bc:c9:b2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTKWHnVj3L/ZBAWZYGARiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjQwMTAyMDgzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODU5ZDk2OGZkMDNmYzZiMDRmMWRiNmJmN2U3MGUyNTczNzg4YjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmjCORf+APhldcyMfkkVtNMRCM5x
HvOD28pkmnqT/XBpOKxVB+mJKGPInTwTocL8ov+mtvFrgVcuZIzhtrX0J5YJSA/M
NT+AkkrpjkirefObtCmHsazHwiONuuWiid2K8ikFIq2ukrsNhEjenHLZC1VA7sO7
R9PyKSZtf7bypcu29rzt/LWjP1KN78td5coqV8e7pIyssNCY3wntJ76KQnG5OCQk
lqNj6AbVkVHWCTzHkVDzrNizh4gFSS/NqG91PpAoDwjg7xk2O2bzNrMltNwAcchD
uVL/s21HA/31ok15zDgaIns/oWt3a8SLF6Bd7/VL0k9VIlXBuD3U28Rm9wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPhZ2Wj9A/xrBPHba/fnDiVzeItPMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvMS1GblphUDBEX0dzRThkdHI5LWNPSlhONGkwOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWIvNGFiZjNmLTE1OGYtNGY2Mi1hOWViLWRkZjU2N2VkZWQw
My8xL2pScklQdU9qLVdqV2F0TDk5R0Z1ZTdIazBkYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALy/aDAN
BgkqhkiG9w0BAQsFAAOCAQEAfIDQFrjTst+nNETUB/2zYcQ2/af+aZDyTOwmFykN
i9H5JPOpJHmdhkST77Awm9f/5j4JJA8+FNlbwiPs/rrZfTbO2lA1NUOAB5/CVwjL
1xaaGhhMc7g4Gg6eJeNpD4dXeeax3icwbvNo8VxBPyHMn6snPCtGXJwTFSGTqkc6
u0DUTNrVEITf97A9mrzVmGbdCIsFPmzrXj1K+oVW0VBVxZ8ZLxjAgDdaRxMe2EOo
QUdqab5D/lYVLzuOP/tx2i48hesILLlHZQdVw1W2FJ2X1P4vKI6n0qTSa9tVvS9d
jb+LUxbGci7H9/tlT1WmfJu70nSHVYXBDEJltweMhbzJsg==
-----END CERTIFICATE-----