Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/fCm8BZJ6YxdTCmduOkB-o99y4bA.roa
File:                     fCm8BZJ6YxdTCmduOkB-o99y4bA.roa (raw, json)
Hash identifier:          yNySD1gL658rB+K2NhvejvRvwo6nmjkw0y9iolhtiwQ=
Subject key identifier:   7C:29:BC:05:92:7A:63:17:53:0A:67:6E:3A:40:7E:A3:DF:72:E1:B0
Certificate issuer:       /CN=293e0cd8b3e044edb823aef688aafb0b75de8675
Certificate serial:       018CC6B7ADF9F36F9460062C16098D814875
Authority key identifier: 29:3E:0C:D8:B3:E0:44:ED:B8:23:AE:F6:88:AA:FB:0B:75:DE:86:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KT4M2LPgRO24I672iKr7C3XehnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/fCm8BZJ6YxdTCmduOkB-o99y4bA.roa
Signing time:             Mon 01 Jan 2024 20:29:35 +0000
ROA not before:           Mon 01 Jan 2024 20:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209782
IP address blocks:        185.126.203.0/24 maxlen: 24
                          185.126.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/KT4M2LPgRO24I672iKr7C3XehnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/KT4M2LPgRO24I672iKr7C3XehnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KT4M2LPgRO24I672iKr7C3XehnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:ad:f9:f3:6f:94:60:06:2c:16:09:8d:81:48:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=293e0cd8b3e044edb823aef688aafb0b75de8675
        Validity
            Not Before: Jan  1 20:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c29bc05927a6317530a676e3a407ea3df72e1b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:24:aa:e5:52:2d:2d:e5:70:ad:11:7a:09:24:
                    d3:8d:71:b1:c7:48:6f:7c:aa:8c:ad:25:70:a1:0e:
                    e5:a9:7b:ac:f0:18:f2:a7:92:3b:c9:92:bf:5a:84:
                    06:ef:e0:28:ef:42:38:bd:29:71:c9:48:d8:53:57:
                    43:cd:0c:cb:51:51:89:3a:54:a5:84:77:21:48:2c:
                    24:25:25:61:61:f7:e3:0f:34:2d:47:44:fa:27:40:
                    3c:b4:bf:6b:68:9b:e5:2c:ae:3d:fd:dd:d5:da:00:
                    59:05:3c:0c:27:70:b8:3b:6b:42:b1:8d:dd:5c:be:
                    8a:31:37:0a:2c:3d:4b:9f:d1:d0:1d:ba:06:69:be:
                    04:e4:29:9f:7a:2d:ce:92:99:1c:86:65:4f:67:0d:
                    ff:7c:00:67:64:b8:b2:1f:7f:0c:3c:7a:3c:7a:b5:
                    10:15:74:4b:2d:ac:4a:7a:d8:b4:dc:e6:58:c7:93:
                    fd:86:92:c2:0a:7f:7a:b2:64:be:2a:e5:40:2c:1d:
                    59:33:22:28:b2:44:a4:55:6d:e5:3d:0a:f7:71:80:
                    65:86:e6:1c:1f:09:5c:74:60:30:dc:b6:2b:43:f9:
                    00:91:27:eb:78:90:c8:5e:d2:0b:0d:42:d3:91:41:
                    19:d9:01:d5:c9:50:56:b0:53:8c:c0:f6:28:28:45:
                    e7:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:29:BC:05:92:7A:63:17:53:0A:67:6E:3A:40:7E:A3:DF:72:E1:B0
            X509v3 Authority Key Identifier:
                keyid:29:3E:0C:D8:B3:E0:44:ED:B8:23:AE:F6:88:AA:FB:0B:75:DE:86:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KT4M2LPgRO24I672iKr7C3XehnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/fCm8BZJ6YxdTCmduOkB-o99y4bA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/KT4M2LPgRO24I672iKr7C3XehnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         14:c7:13:26:51:fc:82:a9:9c:9c:81:c4:80:8a:d4:53:96:a7:
         2b:c0:c1:9d:bd:0b:0e:7c:6a:fd:22:32:46:3a:e6:2f:77:a5:
         1f:ef:21:15:32:45:36:bd:15:0f:10:16:32:5b:c0:a7:c7:9d:
         07:92:50:5e:f3:4d:80:6b:d6:8d:87:9f:f1:3f:ff:29:f6:59:
         69:3b:48:ef:aa:87:80:d8:67:e0:1a:bc:57:d6:87:31:87:1f:
         2e:76:5c:07:b8:43:e5:60:1a:53:bf:1a:d1:63:8c:fd:fb:c0:
         dd:2d:70:a2:a4:61:80:a8:85:70:a9:bf:f0:3c:8c:f5:c7:7f:
         8b:8d:1d:b4:76:8f:c7:a4:a2:7c:61:23:80:98:b7:42:a8:85:
         b9:ac:87:ce:56:48:25:cf:c9:94:d9:77:03:13:23:cd:ca:b7:
         8b:97:c1:3c:29:72:1a:ae:03:6f:df:1f:5d:b9:24:4f:fe:a8:
         cd:af:6b:df:75:a3:b6:80:75:74:e2:4a:79:9e:13:07:ee:f2:
         0a:1e:39:df:7a:75:57:5a:9d:b8:7d:56:ad:8d:44:82:ea:d5:
         53:42:1d:d9:4f:28:3f:31:2d:06:d2:5c:b0:da:e2:6f:c1:83:
         64:89:a7:e4:16:12:7c:ec:f4:68:c3:58:c3:38:e9:2e:66:08:
         ca:5b:79:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt63582+UYAYsFgmNgUh1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5M2UwY2Q4YjNlMDQ0ZWRiODIzYWVmNjg4YWFmYjBiNzVk
ZTg2NzUwHhcNMjQwMTAxMjAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzI5YmMwNTkyN2E2MzE3NTMwYTY3NmUzYTQwN2VhM2RmNzJlMWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ySq5VItLeVwrRF6CSTTjXGxx0hv
fKqMrSVwoQ7lqXus8Bjyp5I7yZK/WoQG7+Ao70I4vSlxyUjYU1dDzQzLUVGJOlSl
hHchSCwkJSVhYffjDzQtR0T6J0A8tL9raJvlLK49/d3V2gBZBTwMJ3C4O2tCsY3d
XL6KMTcKLD1Ln9HQHboGab4E5Cmfei3OkpkchmVPZw3/fABnZLiyH38MPHo8erUQ
FXRLLaxKeti03OZYx5P9hpLCCn96smS+KuVALB1ZMyIoskSkVW3lPQr3cYBlhuYc
HwlcdGAw3LYrQ/kAkSfreJDIXtILDULTkUEZ2QHVyVBWsFOMwPYoKEXnkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHwpvAWSemMXUwpnbjpAfqPfcuGwMB8GA1UdIwQY
MBaAFCk+DNiz4ETtuCOu9oiq+wt13oZ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1Q0TTJMUGdSTzI0STY3MmlLcjdDM1hlaG5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC82ZGExYzItMjUyZC00YmQyLWI1NmMt
YmIyMTdjYzNiNzhkLzEvZkNtOEJaSjZZeGRUQ21kdU9rQi1vOTl5NGJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC82ZGExYzItMjUyZC00YmQyLWI1NmMtYmIyMTdjYzNiNzhk
LzEvS1Q0TTJMUGdSTzI0STY3MmlLcjdDM1hlaG5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuX7KMA0G
CSqGSIb3DQEBCwUAA4IBAQAUxxMmUfyCqZycgcSAitRTlqcrwMGdvQsOfGr9IjJG
OuYvd6Uf7yEVMkU2vRUPEBYyW8Cnx50HklBe802Aa9aNh5/xP/8p9llpO0jvqoeA
2GfgGrxX1ocxhx8udlwHuEPlYBpTvxrRY4z9+8DdLXCipGGAqIVwqb/wPIz1x3+L
jR20do/HpKJ8YSOAmLdCqIW5rIfOVkglz8mU2XcDEyPNyreLl8E8KXIargNv3x9d
uSRP/qjNr2vfdaO2gHV04kp5nhMH7vIKHjnfenVXWp24fVatjUSC6tVTQh3ZTyg/
MS0G0lyw2uJvwYNkiafkFhJ87PRow1jDOOkuZgjKW3lo
-----END CERTIFICATE-----