Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/FO85FFxHI7Mrb0n6MpUu3rJ3wEM.roa
File:                     FO85FFxHI7Mrb0n6MpUu3rJ3wEM.roa (raw, json)
Hash identifier:          D3AtVoNF2rj7PikgoyusHzjXeIBlzcYwGsUXr5png+I=
Subject key identifier:   14:EF:39:14:5C:47:23:B3:2B:6F:49:FA:32:95:2E:DE:B2:77:C0:43
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       018CC5DCC25FDD0FEA2BF6ACE3EA1A2F09D8
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/FO85FFxHI7Mrb0n6MpUu3rJ3wEM.roa
Signing time:             Mon 01 Jan 2024 16:30:28 +0000
ROA not before:           Mon 01 Jan 2024 16:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204102
IP address blocks:        212.22.67.0/24 maxlen: 24
                          212.22.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:c2:5f:dd:0f:ea:2b:f6:ac:e3:ea:1a:2f:09:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 16:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14ef39145c4723b32b6f49fa32952edeb277c043
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:e9:9c:39:16:f8:01:b7:94:42:86:33:fb:aa:
                    af:33:6f:18:65:3b:e5:6f:1a:d1:52:ce:b3:1a:72:
                    07:8c:f7:92:30:a9:14:ae:e7:2d:22:ac:5e:e2:02:
                    f9:45:11:96:b6:89:36:73:e6:1b:70:24:8e:b5:1c:
                    6e:19:c3:19:07:df:1e:69:40:40:36:dd:a4:34:0c:
                    6c:c0:05:88:16:3c:59:ce:0d:2b:06:a8:28:36:d8:
                    2e:1e:c0:14:64:18:60:13:a6:f5:70:2d:cf:dc:2d:
                    60:af:c7:a2:25:60:d2:b9:d9:52:99:cf:21:01:d2:
                    eb:03:50:90:5d:30:cf:b2:49:6f:b8:8c:99:a1:86:
                    79:8f:50:97:ab:ce:02:2c:32:ed:fb:7b:8b:c9:77:
                    ac:d8:dc:ba:d6:83:fe:b7:d5:b9:c4:63:ee:a1:90:
                    eb:d8:8d:d0:6b:05:fa:94:ea:6e:a0:39:64:a3:51:
                    89:70:ff:15:21:f8:5d:60:a8:98:df:69:d3:e1:7e:
                    fb:a0:c8:9a:94:83:68:4c:0d:a9:ef:71:fd:b5:ae:
                    53:e9:4c:97:3e:39:6e:8b:e6:8a:e1:6c:9d:c4:72:
                    db:49:a7:f5:cf:a1:93:83:38:fe:43:7c:83:b9:77:
                    8b:f8:34:3a:7a:02:c9:7b:7b:67:ef:d0:f2:ab:6d:
                    18:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:EF:39:14:5C:47:23:B3:2B:6F:49:FA:32:95:2E:DE:B2:77:C0:43
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/FO85FFxHI7Mrb0n6MpUu3rJ3wEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.67.0/24
                  212.22.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:1a:e4:eb:46:b0:17:4c:d4:de:9b:5e:da:b1:61:15:1b:cf:
         38:c5:2f:c7:2a:e6:79:5c:3e:5c:70:01:c9:c2:2c:fc:3f:43:
         57:0a:ae:78:55:e0:ce:06:6f:35:5e:f8:34:60:a6:34:05:85:
         19:9f:04:3f:9e:b6:ff:f1:5b:71:54:7f:aa:22:b8:fc:a8:e3:
         c0:88:ec:72:4b:aa:f2:20:ca:ed:bc:56:e9:73:6d:69:6e:65:
         5c:10:39:fe:d7:14:32:06:dc:dd:87:b6:c4:0a:fc:8b:77:05:
         d3:1a:4c:ef:a0:37:9f:e6:86:08:bf:fd:26:5a:0d:60:65:39:
         9b:cd:cc:da:1c:0f:f2:39:62:52:e7:c6:d3:47:85:c9:ed:29:
         e3:a2:d5:72:11:7f:47:88:e3:27:a9:8c:4f:61:e0:93:1d:75:
         e1:82:aa:44:61:7a:2d:a4:dd:09:f8:8c:ed:e2:77:67:01:64:
         f5:22:87:ce:cf:df:d6:ad:68:1f:c7:c5:04:8f:23:05:7b:76:
         1f:84:ec:d8:70:0a:68:27:7c:05:82:87:46:2e:c4:a1:03:0d:
         18:22:06:70:66:d0:11:bd:34:f2:e6:cb:3c:de:23:3f:66:74:
         b8:df:5a:9c:64:f9:48:64:b3:b9:df:47:3a:ac:87:93:9c:40:
         87:d2:4d:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3MJf3Q/qK/as4+oaLwnYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjQwMTAxMTYzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGVmMzkxNDVjNDcyM2IzMmI2ZjQ5ZmEzMjk1MmVkZWIyNzdjMDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4OmcORb4AbeUQoYz+6qvM28YZTvl
bxrRUs6zGnIHjPeSMKkUructIqxe4gL5RRGWtok2c+YbcCSOtRxuGcMZB98eaUBA
Nt2kNAxswAWIFjxZzg0rBqgoNtguHsAUZBhgE6b1cC3P3C1gr8eiJWDSudlSmc8h
AdLrA1CQXTDPsklvuIyZoYZ5j1CXq84CLDLt+3uLyXes2Ny61oP+t9W5xGPuoZDr
2I3QawX6lOpuoDlko1GJcP8VIfhdYKiY32nT4X77oMialINoTA2p73H9ta5T6UyX
Pjlui+aK4WydxHLbSaf1z6GTgzj+Q3yDuXeL+DQ6egLJe3tn79Dyq20YWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBTvORRcRyOzK29J+jKVLt6yd8BDMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvRk84NUZGeEhJN01yYjBuNk1wVXUzckozd0VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1BZDAwQA
1BZUMA0GCSqGSIb3DQEBCwUAA4IBAQAwGuTrRrAXTNTem17asWEVG884xS/HKuZ5
XD5ccAHJwiz8P0NXCq54VeDOBm81Xvg0YKY0BYUZnwQ/nrb/8VtxVH+qIrj8qOPA
iOxyS6ryIMrtvFbpc21pbmVcEDn+1xQyBtzdh7bECvyLdwXTGkzvoDef5oYIv/0m
Wg1gZTmbzczaHA/yOWJS58bTR4XJ7SnjotVyEX9HiOMnqYxPYeCTHXXhgqpEYXot
pN0J+Izt4ndnAWT1IofOz9/WrWgfx8UEjyMFe3YfhOzYcApoJ3wFgodGLsShAw0Y
IgZwZtARvTTy5ss83iM/ZnS431qcZPlIZLO530c6rIeTnECH0k16
-----END CERTIFICATE-----