Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/eadafe-6c9d-4ae0-8733-819a253225cc/1/cfuLvGeWG3K1aQR5SszJ70pKXqY.roa
File:                     cfuLvGeWG3K1aQR5SszJ70pKXqY.roa (raw, json)
Hash identifier:          Zgor1RI90GC5puDqKRTuPkFkX22Jobw/C6c+NR6V5Kc=
Subject key identifier:   71:FB:8B:BC:67:96:1B:72:B5:69:04:79:4A:CC:C9:EF:4A:4A:5E:A6
Certificate issuer:       /CN=1bf14e8d0b3defb0304270130d1147ae0dd92d8b
Certificate serial:       018CC64B02BA31C9C6C520B9F922B7B986C0
Authority key identifier: 1B:F1:4E:8D:0B:3D:EF:B0:30:42:70:13:0D:11:47:AE:0D:D9:2D:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G_FOjQs977AwQnATDRFHrg3ZLYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/eadafe-6c9d-4ae0-8733-819a253225cc/1/cfuLvGeWG3K1aQR5SszJ70pKXqY.roa
Signing time:             Mon 01 Jan 2024 18:30:53 +0000
ROA not before:           Mon 01 Jan 2024 18:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        185.223.104.0/22 maxlen: 24
                          141.91.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/eadafe-6c9d-4ae0-8733-819a253225cc/1/G_FOjQs977AwQnATDRFHrg3ZLYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/eadafe-6c9d-4ae0-8733-819a253225cc/1/G_FOjQs977AwQnATDRFHrg3ZLYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G_FOjQs977AwQnATDRFHrg3ZLYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:02:ba:31:c9:c6:c5:20:b9:f9:22:b7:b9:86:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bf14e8d0b3defb0304270130d1147ae0dd92d8b
        Validity
            Not Before: Jan  1 18:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71fb8bbc67961b72b56904794accc9ef4a4a5ea6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f8:ea:4f:ed:27:e7:31:38:ae:60:fb:cb:5d:
                    a7:ec:08:b4:80:86:3f:aa:98:1a:99:fa:e2:48:6b:
                    85:71:96:81:25:cb:37:8c:f6:12:12:c9:66:7b:d4:
                    53:6c:c0:48:04:03:26:69:81:ca:8e:96:33:2a:1e:
                    7c:63:48:4f:b9:1c:4d:b6:55:c4:09:f9:db:63:b4:
                    65:a8:48:29:75:87:1a:8b:7f:70:17:d5:5e:6f:b0:
                    76:bb:d3:73:95:db:58:27:de:b0:95:d0:b0:fa:67:
                    2d:cc:aa:8d:e3:b8:e5:c8:4d:8b:50:0c:2d:b1:7a:
                    27:a6:15:aa:52:c5:0d:f8:fa:2b:63:23:dd:28:41:
                    7e:79:e6:eb:cf:db:dd:5f:61:3b:b7:2e:9e:0c:b8:
                    17:ed:34:ec:89:cf:41:8e:fe:b5:92:5e:7f:fa:11:
                    72:ef:a0:64:ae:2d:e9:7d:38:98:31:9f:bd:f1:41:
                    36:08:df:c0:49:90:1c:a5:38:15:63:3e:16:23:89:
                    a8:53:b8:d4:d9:03:32:a8:96:fd:c9:fb:17:9e:48:
                    f7:6c:6c:1d:97:7e:4d:4a:06:11:e2:16:51:6a:c4:
                    1c:d1:16:2c:a2:3b:ce:1b:1e:88:0e:9d:c7:5a:81:
                    ea:b0:f5:ee:41:c9:96:df:73:b8:06:cc:1c:12:57:
                    aa:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:FB:8B:BC:67:96:1B:72:B5:69:04:79:4A:CC:C9:EF:4A:4A:5E:A6
            X509v3 Authority Key Identifier:
                keyid:1B:F1:4E:8D:0B:3D:EF:B0:30:42:70:13:0D:11:47:AE:0D:D9:2D:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G_FOjQs977AwQnATDRFHrg3ZLYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/eadafe-6c9d-4ae0-8733-819a253225cc/1/cfuLvGeWG3K1aQR5SszJ70pKXqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/eadafe-6c9d-4ae0-8733-819a253225cc/1/G_FOjQs977AwQnATDRFHrg3ZLYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.91.0.0/16
                  185.223.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:21:6e:71:45:27:35:3e:c9:9e:11:06:d2:9a:40:b8:4e:32:
         eb:c3:42:9f:07:49:ef:22:ac:30:c9:02:4e:43:11:e8:6c:bb:
         e8:95:25:59:98:06:87:15:3c:f7:e5:e9:6f:7a:95:f0:b8:74:
         28:09:a7:8b:90:e8:cf:0e:02:5a:d0:cc:59:1d:50:72:80:02:
         b3:71:d3:49:95:90:64:db:97:24:e2:07:fc:52:39:6e:84:c0:
         61:5a:cd:19:ae:dc:be:45:4d:03:11:8c:d1:00:5e:02:ed:61:
         4f:f6:b3:7e:97:14:b4:a2:14:23:bc:93:3b:36:76:c5:45:6b:
         e9:26:3a:4c:83:8e:7e:87:59:81:f9:fb:17:ff:c9:ea:63:7e:
         63:25:9e:2f:4f:ad:d5:ce:68:10:f3:b1:da:1f:22:dd:e1:34:
         82:cd:9f:f7:c6:e9:0b:90:29:97:c1:c1:db:45:5e:6d:ae:40:
         5f:b4:85:43:b8:58:dd:28:08:47:a9:31:b5:5b:f4:bd:30:c4:
         25:9b:b3:f1:cc:3d:84:f1:05:97:ed:64:ef:78:68:15:70:1c:
         42:97:cc:93:62:a4:0a:d4:e7:88:83:e7:ed:3c:2b:64:90:5c:
         80:a2:c6:a0:e2:3e:77:d6:e0:ea:e8:7b:a0:d1:1f:85:cc:e9:
         d4:54:f4:9e
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzGSwK6McnGxSC5+SK3uYbAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZjE0ZThkMGIzZGVmYjAzMDQyNzAxMzBkMTE0N2FlMGRk
OTJkOGIwHhcNMjQwMTAxMTgzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWZiOGJiYzY3OTYxYjcyYjU2OTA0Nzk0YWNjYzllZjRhNGE1ZWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/jqT+0n5zE4rmD7y12n7Ai0gIY/
qpgamfriSGuFcZaBJcs3jPYSEslme9RTbMBIBAMmaYHKjpYzKh58Y0hPuRxNtlXE
CfnbY7RlqEgpdYcai39wF9Veb7B2u9NzldtYJ96wldCw+mctzKqN47jlyE2LUAwt
sXonphWqUsUN+PorYyPdKEF+eebrz9vdX2E7ty6eDLgX7TTsic9Bjv61kl5/+hFy
76Bkri3pfTiYMZ+98UE2CN/ASZAcpTgVYz4WI4moU7jU2QMyqJb9yfsXnkj3bGwd
l35NSgYR4hZRasQc0RYsojvOGx6IDp3HWoHqsPXuQcmW33O4BswcEleqGQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFHH7i7xnlhtytWkEeUrMye9KSl6mMB8GA1UdIwQY
MBaAFBvxTo0LPe+wMEJwEw0RR64N2S2LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR19GT2pRczk3N0F3UW5BVERSRkhyZzNaTFlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9lYWRhZmUtNmM5ZC00YWUwLTg3MzMt
ODE5YTI1MzIyNWNjLzEvY2Z1THZHZVdHM0sxYVFSNVNzeko3MHBLWHFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9lYWRhZmUtNmM5ZC00YWUwLTg3MzMtODE5YTI1MzIyNWNj
LzEvR19GT2pRczk3N0F3UW5BVERSRkhyZzNaTFlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAjVsDBAK5
32gwDQYJKoZIhvcNAQELBQADggEBAIshbnFFJzU+yZ4RBtKaQLhOMuvDQp8HSe8i
rDDJAk5DEehsu+iVJVmYBocVPPfl6W96lfC4dCgJp4uQ6M8OAlrQzFkdUHKAArNx
00mVkGTblyTiB/xSOW6EwGFazRmu3L5FTQMRjNEAXgLtYU/2s36XFLSiFCO8kzs2
dsVFa+kmOkyDjn6HWYH5+xf/yepjfmMlni9PrdXOaBDzsdofIt3hNILNn/fG6QuQ
KZfBwdtFXm2uQF+0hUO4WN0oCEepMbVb9L0wxCWbs/HMPYTxBZftZO94aBVwHEKX
zJNipArU54iD5+08K2SQXICixqDiPnfW4Oroe6DRH4XM6dRU9J4=
-----END CERTIFICATE-----