Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/40484c-b99f-4dbb-b5db-8c2eac03df86/1/_fJ1mTwEcamLstjORKZQ_b82hbc.roa
File:                     _fJ1mTwEcamLstjORKZQ_b82hbc.roa (raw, json)
Hash identifier:          VA1+1UF83Dfyhig+33zOw/PzkLjqNSd8Vpkp0B8BLxU=
Subject key identifier:   FD:F2:75:99:3C:04:71:A9:8B:B2:D8:CE:44:A6:50:FD:BF:36:85:B7
Certificate issuer:       /CN=48f59bac51d4852d2fc96e8b4cfbb9fff8b4a939
Certificate serial:       018CC9BC5DE57D41BD29BEC12C4A0923748F
Authority key identifier: 48:F5:9B:AC:51:D4:85:2D:2F:C9:6E:8B:4C:FB:B9:FF:F8:B4:A9:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SPWbrFHUhS0vyW6LTPu5__i0qTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/40484c-b99f-4dbb-b5db-8c2eac03df86/1/_fJ1mTwEcamLstjORKZQ_b82hbc.roa
Signing time:             Tue 02 Jan 2024 10:33:34 +0000
ROA not before:           Tue 02 Jan 2024 10:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44478
IP address blocks:        193.84.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/40484c-b99f-4dbb-b5db-8c2eac03df86/1/SPWbrFHUhS0vyW6LTPu5__i0qTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/40484c-b99f-4dbb-b5db-8c2eac03df86/1/SPWbrFHUhS0vyW6LTPu5__i0qTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SPWbrFHUhS0vyW6LTPu5__i0qTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:5d:e5:7d:41:bd:29:be:c1:2c:4a:09:23:74:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48f59bac51d4852d2fc96e8b4cfbb9fff8b4a939
        Validity
            Not Before: Jan  2 10:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdf275993c0471a98bb2d8ce44a650fdbf3685b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:37:8d:c3:93:3e:01:3d:dc:32:bf:0b:bd:c9:
                    16:0c:bc:3a:e3:9f:18:fe:2c:7e:ab:06:9e:82:b7:
                    d3:50:2e:34:6e:bc:7d:a5:ce:77:5a:16:5b:26:e8:
                    6c:61:b1:0a:b0:62:6b:ff:95:26:f2:36:5a:cc:bc:
                    d8:cd:91:17:d5:d3:bd:24:27:d1:9f:7f:17:58:53:
                    c1:2c:21:fb:74:49:fb:f4:9d:b0:08:96:6c:08:76:
                    f8:e7:7f:d6:60:76:3d:01:61:3e:7d:6e:aa:e3:17:
                    27:e9:b2:ae:29:bf:20:cd:07:1c:b8:1a:ed:6b:33:
                    17:05:35:78:fb:b7:a4:df:58:56:48:0d:44:b5:fc:
                    42:3b:f8:d5:ef:5f:1d:9a:c7:af:1a:ac:be:75:44:
                    0a:56:f6:7d:d5:54:a3:07:c1:62:90:bf:a1:21:9d:
                    4d:2d:29:d9:fb:e5:cd:26:ca:48:0d:85:46:2b:6f:
                    48:b9:08:7b:ad:5c:4c:c3:60:48:95:d2:3f:25:01:
                    aa:67:d7:ad:df:87:16:b9:e9:21:74:30:a4:0c:a5:
                    a7:ff:0b:2a:de:a4:b3:71:3b:15:d1:8b:1c:a6:27:
                    fd:74:6b:07:b9:aa:eb:6b:89:1e:e2:c0:b9:be:2a:
                    cf:23:62:54:9c:9e:d0:be:bd:05:7d:6d:00:92:84:
                    79:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:F2:75:99:3C:04:71:A9:8B:B2:D8:CE:44:A6:50:FD:BF:36:85:B7
            X509v3 Authority Key Identifier:
                keyid:48:F5:9B:AC:51:D4:85:2D:2F:C9:6E:8B:4C:FB:B9:FF:F8:B4:A9:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SPWbrFHUhS0vyW6LTPu5__i0qTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/40484c-b99f-4dbb-b5db-8c2eac03df86/1/_fJ1mTwEcamLstjORKZQ_b82hbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/40484c-b99f-4dbb-b5db-8c2eac03df86/1/SPWbrFHUhS0vyW6LTPu5__i0qTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:41:ad:63:21:db:f9:0b:e5:59:a7:3c:e2:ae:42:a7:5b:9f:
         5a:55:13:92:b9:f9:b1:04:15:c4:fa:00:72:48:97:1f:3c:01:
         9a:37:71:0b:a0:21:4b:b6:4c:02:04:e4:a8:47:54:a8:35:fd:
         2b:f3:ca:cd:65:85:f5:57:3b:b1:2a:55:06:cb:5e:4c:d0:18:
         1b:30:4b:6c:3d:49:26:7a:0d:77:a4:84:18:a1:4f:8c:27:29:
         ae:fa:cb:2b:73:84:be:97:78:86:9d:17:d9:33:03:ff:6d:90:
         fa:ec:52:cc:c8:8e:ae:90:3a:b0:c3:dc:23:13:65:56:2b:27:
         4c:6b:db:b4:f8:bb:2a:64:34:1b:bf:02:30:96:cb:d4:37:57:
         d8:5a:a1:2a:e1:1f:dd:ad:f4:45:1a:6e:2b:39:5f:bd:37:c2:
         61:53:18:04:f9:d5:79:47:52:62:f8:bc:a7:fe:bd:1a:52:85:
         d0:ea:f1:ec:ca:a8:c0:2f:3f:e7:ad:74:bc:54:81:0a:d0:7f:
         14:c8:16:03:9d:22:4b:c5:fe:29:74:ae:b1:c7:a5:6e:28:22:
         9c:57:fa:81:d2:8b:6c:78:e5:3c:4f:8d:90:2d:77:8a:6f:4b:
         8f:dc:63:06:85:43:35:15:f5:ad:90:bc:4e:c9:fc:8f:35:84:
         bb:5e:cc:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvF3lfUG9Kb7BLEoJI3SPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4ZjU5YmFjNTFkNDg1MmQyZmM5NmU4YjRjZmJiOWZmZjhi
NGE5MzkwHhcNMjQwMTAyMTAzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGYyNzU5OTNjMDQ3MWE5OGJiMmQ4Y2U0NGE2NTBmZGJmMzY4NWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzeNw5M+AT3cMr8LvckWDLw6458Y
/ix+qwaegrfTUC40brx9pc53WhZbJuhsYbEKsGJr/5Um8jZazLzYzZEX1dO9JCfR
n38XWFPBLCH7dEn79J2wCJZsCHb453/WYHY9AWE+fW6q4xcn6bKuKb8gzQccuBrt
azMXBTV4+7ek31hWSA1EtfxCO/jV718dmsevGqy+dUQKVvZ91VSjB8FikL+hIZ1N
LSnZ++XNJspIDYVGK29IuQh7rVxMw2BIldI/JQGqZ9et34cWuekhdDCkDKWn/wsq
3qSzcTsV0Yscpif9dGsHuarra4ke4sC5virPI2JUnJ7Qvr0FfW0AkoR5DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3ydZk8BHGpi7LYzkSmUP2/NoW3MB8GA1UdIwQY
MBaAFEj1m6xR1IUtL8lui0z7uf/4tKk5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1BXYnJGSFVoUzB2eVc2TFRQdTVfX2kwcVRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy80MDQ4NGMtYjk5Zi00ZGJiLWI1ZGIt
OGMyZWFjMDNkZjg2LzEvX2ZKMW1Ud0VjYW1Mc3RqT1JLWlFfYjgyaGJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy80MDQ4NGMtYjk5Zi00ZGJiLWI1ZGItOGMyZWFjMDNkZjg2
LzEvU1BXYnJGSFVoUzB2eVc2TFRQdTVfX2kwcVRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVRMMA0G
CSqGSIb3DQEBCwUAA4IBAQAPQa1jIdv5C+VZpzzirkKnW59aVROSufmxBBXE+gBy
SJcfPAGaN3ELoCFLtkwCBOSoR1SoNf0r88rNZYX1VzuxKlUGy15M0BgbMEtsPUkm
eg13pIQYoU+MJymu+ssrc4S+l3iGnRfZMwP/bZD67FLMyI6ukDqww9wjE2VWKydM
a9u0+LsqZDQbvwIwlsvUN1fYWqEq4R/drfRFGm4rOV+9N8JhUxgE+dV5R1Ji+Lyn
/r0aUoXQ6vHsyqjALz/nrXS8VIEK0H8UyBYDnSJLxf4pdK6xx6VuKCKcV/qB0ots
eOU8T42QLXeKb0uP3GMGhUM1FfWtkLxOyfyPNYS7Xsyu
-----END CERTIFICATE-----