Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/2c3f53-1bab-4d32-8380-d59108b57214/1/Fqah9qTDOIh3eXDpDFh0xwp5BdA.roa
File:                     Fqah9qTDOIh3eXDpDFh0xwp5BdA.roa (raw, json)
Hash identifier:          V0K5U/Hh/PDOosGfjV8gUmVbbgkNkJNP6mkezfhPwPE=
Subject key identifier:   16:A6:A1:F6:A4:C3:38:88:77:79:70:E9:0C:58:74:C7:0A:79:05:D0
Certificate issuer:       /CN=0cc8128491db132ccfcd82ade700deb306b2161a
Certificate serial:       018CC3B722B81833325D2BC01E7956621EB2
Authority key identifier: 0C:C8:12:84:91:DB:13:2C:CF:CD:82:AD:E7:00:DE:B3:06:B2:16:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DMgShJHbEyzPzYKt5wDeswayFho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/2c3f53-1bab-4d32-8380-d59108b57214/1/Fqah9qTDOIh3eXDpDFh0xwp5BdA.roa
Signing time:             Mon 01 Jan 2024 06:30:08 +0000
ROA not before:           Mon 01 Jan 2024 06:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210791
IP address blocks:        92.119.96.0/22 maxlen: 24
                          185.32.136.0/22 maxlen: 24
                          185.78.0.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/2c3f53-1bab-4d32-8380-d59108b57214/1/DMgShJHbEyzPzYKt5wDeswayFho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/2c3f53-1bab-4d32-8380-d59108b57214/1/DMgShJHbEyzPzYKt5wDeswayFho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DMgShJHbEyzPzYKt5wDeswayFho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:22:b8:18:33:32:5d:2b:c0:1e:79:56:62:1e:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0cc8128491db132ccfcd82ade700deb306b2161a
        Validity
            Not Before: Jan  1 06:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16a6a1f6a4c33888777970e90c5874c70a7905d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:67:0e:0f:f2:91:95:15:7f:ca:74:84:d5:a0:
                    1b:34:71:7e:ec:3c:1e:d7:ec:e7:2b:51:ef:16:f7:
                    9e:b9:1e:a0:43:dd:39:69:9b:8b:63:de:c0:2e:da:
                    c0:03:ef:16:19:30:b5:e8:b4:e4:c3:38:4c:c5:68:
                    2a:55:35:37:af:c3:2b:b1:5b:e0:a4:3f:2a:00:5e:
                    3f:73:66:84:b0:c9:da:07:ec:85:17:40:62:09:24:
                    3b:6f:2e:d6:3d:a1:41:bc:70:3d:3b:a3:00:88:da:
                    04:e8:cd:d6:71:b6:ea:3e:ad:fd:d9:5b:dc:fb:89:
                    3c:ff:38:2a:aa:1c:11:3e:1e:dc:7c:f0:ba:23:37:
                    9f:a7:e1:e9:56:a2:18:f9:96:cf:43:dc:48:52:49:
                    7e:cb:81:4b:c2:c4:17:ba:d7:0f:88:34:a8:80:bc:
                    e1:40:1b:fa:ee:77:78:be:8d:b7:0d:9f:60:2b:03:
                    40:ba:5d:a4:13:4f:45:f1:5a:26:3b:c4:cb:26:e5:
                    34:dc:5f:83:51:ed:89:4d:da:f4:0f:32:d7:64:f7:
                    76:67:4e:2d:b8:0f:91:6e:a6:05:9f:a4:a8:83:a0:
                    46:07:a3:be:f8:b3:30:d1:43:da:25:19:79:69:48:
                    15:b5:2e:32:5c:e1:5f:32:7d:22:f0:2a:43:63:d8:
                    5e:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:A6:A1:F6:A4:C3:38:88:77:79:70:E9:0C:58:74:C7:0A:79:05:D0
            X509v3 Authority Key Identifier:
                keyid:0C:C8:12:84:91:DB:13:2C:CF:CD:82:AD:E7:00:DE:B3:06:B2:16:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DMgShJHbEyzPzYKt5wDeswayFho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/2c3f53-1bab-4d32-8380-d59108b57214/1/Fqah9qTDOIh3eXDpDFh0xwp5BdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/2c3f53-1bab-4d32-8380-d59108b57214/1/DMgShJHbEyzPzYKt5wDeswayFho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.96.0/22
                  185.32.136.0/22
                  185.78.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:11:10:d1:b7:9c:98:46:27:c4:18:60:3e:b3:44:8c:6d:7f:
         c5:b1:41:1a:32:86:b8:0a:02:42:7c:ad:c0:35:bb:51:91:47:
         29:c7:53:03:99:c4:cc:99:1a:87:9f:73:07:ed:ae:ee:7a:bf:
         42:62:9d:64:d3:55:03:d8:11:0a:0f:5a:c7:34:3b:02:4f:5d:
         9b:9b:1b:dd:62:00:3c:1a:17:bb:12:a1:4d:34:4c:d5:fb:13:
         af:b1:eb:4a:dc:b7:b3:2c:5c:4c:fd:93:f9:0c:27:a2:c0:71:
         36:87:81:ed:2f:e3:49:03:1e:68:c6:1f:32:89:78:69:00:03:
         f9:bd:11:01:9e:31:dc:a0:32:8c:68:59:d5:23:c4:33:eb:4c:
         4b:e4:8d:55:8f:46:41:6b:87:78:aa:15:32:14:5d:2d:b9:53:
         54:75:5d:73:d9:db:e7:56:41:cc:0d:c7:30:25:ed:20:57:e7:
         02:9e:a5:e0:03:11:49:b7:04:a5:a0:30:04:b0:4a:db:1a:fa:
         d7:72:fa:30:57:16:57:70:43:8e:7f:44:d9:70:94:da:8a:c1:
         c3:39:ee:3f:ca:1f:e4:41:59:02:dc:cd:93:61:5d:65:4a:3a:
         1b:c6:f5:fe:d2:ba:71:da:f0:9d:5c:69:98:aa:a4:90:04:6c:
         fd:78:72:df
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDtyK4GDMyXSvAHnlWYh6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjYzgxMjg0OTFkYjEzMmNjZmNkODJhZGU3MDBkZWIzMDZi
MjE2MWEwHhcNMjQwMTAxMDYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmE2YTFmNmE0YzMzODg4Nzc3OTcwZTkwYzU4NzRjNzBhNzkwNWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2cOD/KRlRV/ynSE1aAbNHF+7Dwe
1+znK1HvFveeuR6gQ905aZuLY97ALtrAA+8WGTC16LTkwzhMxWgqVTU3r8MrsVvg
pD8qAF4/c2aEsMnaB+yFF0BiCSQ7by7WPaFBvHA9O6MAiNoE6M3WcbbqPq392Vvc
+4k8/zgqqhwRPh7cfPC6Izefp+HpVqIY+ZbPQ9xIUkl+y4FLwsQXutcPiDSogLzh
QBv67nd4vo23DZ9gKwNAul2kE09F8VomO8TLJuU03F+DUe2JTdr0DzLXZPd2Z04t
uA+RbqYFn6Sog6BGB6O++LMw0UPaJRl5aUgVtS4yXOFfMn0i8CpDY9heLQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBamofakwziId3lw6QxYdMcKeQXQMB8GA1UdIwQY
MBaAFAzIEoSR2xMsz82CrecA3rMGshYaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE1nU2hKSGJFeXpQellLdDV3RGVzd2F5RmhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8yYzNmNTMtMWJhYi00ZDMyLTgzODAt
ZDU5MTA4YjU3MjE0LzEvRnFhaDlxVERPSWgzZVhEcERGaDB4d3A1QmRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8yYzNmNTMtMWJhYi00ZDMyLTgzODAtZDU5MTA4YjU3MjE0
LzEvRE1nU2hKSGJFeXpQellLdDV3RGVzd2F5RmhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCXHdgAwQC
uSCIAwQCuU4AMA0GCSqGSIb3DQEBCwUAA4IBAQA8ERDRt5yYRifEGGA+s0SMbX/F
sUEaMoa4CgJCfK3ANbtRkUcpx1MDmcTMmRqHn3MH7a7uer9CYp1k01UD2BEKD1rH
NDsCT12bmxvdYgA8Ghe7EqFNNEzV+xOvsetK3LezLFxM/ZP5DCeiwHE2h4HtL+NJ
Ax5oxh8yiXhpAAP5vREBnjHcoDKMaFnVI8Qz60xL5I1Vj0ZBa4d4qhUyFF0tuVNU
dV1z2dvnVkHMDccwJe0gV+cCnqXgAxFJtwSloDAEsErbGvrXcvowVxZXcEOOf0TZ
cJTaisHDOe4/yh/kQVkC3M2TYV1lSjobxvX+0rpx2vCdXGmYqqSQBGz9eHLf
-----END CERTIFICATE-----