Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/ftcYTvhG06Q6UReqMW9as-3ty9s.roa
File:                     ftcYTvhG06Q6UReqMW9as-3ty9s.roa (raw, json)
Hash identifier:          2Jm57SBk5huaaApaSlEleKqgqPWIwGIuSQq5B26G9TI=
Subject key identifier:   7E:D7:18:4E:F8:46:D3:A4:3A:51:17:AA:31:6F:5A:B3:ED:ED:CB:DB
Certificate issuer:       /CN=f84128146b7bec8bd1185bbe0c3b9340aaf5b714
Certificate serial:       018CC56EB24DEBD42334F50DDB4499829B8C
Authority key identifier: F8:41:28:14:6B:7B:EC:8B:D1:18:5B:BE:0C:3B:93:40:AA:F5:B7:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-EEoFGt77IvRGFu-DDuTQKr1txQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/ftcYTvhG06Q6UReqMW9as-3ty9s.roa
Signing time:             Mon 01 Jan 2024 14:30:15 +0000
ROA not before:           Mon 01 Jan 2024 14:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205673
IP address blocks:        185.210.84.0/22 maxlen: 23
                          185.244.168.0/22 maxlen: 23
                          185.235.132.0/22 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/1-EEoFGt77IvRGFu-DDuTQKr1txQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/1-EEoFGt77IvRGFu-DDuTQKr1txQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-EEoFGt77IvRGFu-DDuTQKr1txQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:b2:4d:eb:d4:23:34:f5:0d:db:44:99:82:9b:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f84128146b7bec8bd1185bbe0c3b9340aaf5b714
        Validity
            Not Before: Jan  1 14:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ed7184ef846d3a43a5117aa316f5ab3ededcbdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:af:82:54:c7:95:b8:25:c3:eb:0b:52:b5:69:
                    ea:b4:a5:4e:b5:24:1c:86:a8:ad:39:aa:e2:90:e2:
                    f9:3b:14:55:f1:29:e9:d0:49:ac:2f:7c:07:46:a0:
                    72:10:c7:2f:c1:e1:7c:f0:ed:24:bf:2e:69:91:4d:
                    ed:2a:76:cf:e3:d8:1e:2a:1d:f2:cd:7e:8b:6f:e6:
                    31:f2:9f:07:96:55:25:9d:c8:7b:93:f8:6b:1b:2c:
                    ef:db:5f:87:de:6f:b9:d7:83:99:f7:ae:1a:2e:cf:
                    22:73:99:0f:ea:b9:68:7b:73:b6:f3:6f:40:1c:30:
                    ec:f5:23:d5:66:ad:cb:ff:e2:7e:94:26:4f:d3:49:
                    d9:2d:46:0d:1d:0c:b4:71:b9:19:fe:86:9c:2c:92:
                    d3:e4:f3:8d:a4:4c:32:d2:a1:56:b8:c2:fd:59:be:
                    7e:eb:36:b0:8f:8d:aa:0c:2c:38:b8:19:c0:72:31:
                    77:de:2c:6d:6d:c4:b4:02:50:57:7a:54:fc:50:b9:
                    7a:be:a8:d5:f1:02:ae:9e:ce:4d:73:12:50:df:97:
                    c6:0e:dc:78:a7:d6:61:e4:e7:1f:4d:77:08:66:d0:
                    c3:16:33:e8:c3:00:af:33:87:ee:e7:8c:0c:49:62:
                    0c:aa:9b:0a:1b:9d:af:ac:5b:2b:6f:5c:52:62:ff:
                    2d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:D7:18:4E:F8:46:D3:A4:3A:51:17:AA:31:6F:5A:B3:ED:ED:CB:DB
            X509v3 Authority Key Identifier:
                keyid:F8:41:28:14:6B:7B:EC:8B:D1:18:5B:BE:0C:3B:93:40:AA:F5:B7:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-EEoFGt77IvRGFu-DDuTQKr1txQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/ftcYTvhG06Q6UReqMW9as-3ty9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/1-EEoFGt77IvRGFu-DDuTQKr1txQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.84.0/22
                  185.235.132.0/22
                  185.244.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:f0:3f:29:18:37:80:d1:b2:08:9d:ce:a3:f7:41:8f:aa:22:
         04:12:29:fa:76:5a:c3:e8:f2:05:6f:ad:83:04:ea:15:0c:9f:
         44:3a:23:5a:36:62:76:53:9b:90:ec:5f:28:03:c8:27:70:91:
         8b:d5:d2:cb:9f:af:c5:c6:18:e3:e4:ab:ca:44:cb:27:1b:50:
         2e:72:04:15:45:74:1e:9f:26:8e:b2:ce:1e:25:45:aa:47:4d:
         0d:0e:b7:46:0e:2c:fa:6e:6a:a8:ea:a8:ea:d0:13:aa:df:f4:
         11:ae:46:60:e5:01:6e:6b:6d:62:37:a3:29:0b:61:32:0e:21:
         e0:35:43:ad:1e:5c:0a:e9:38:96:18:52:b7:8b:76:c4:35:c0:
         4c:21:1e:1f:a4:75:51:47:fe:3b:6d:d6:07:7d:c1:20:b6:bf:
         bf:8b:50:c0:ef:41:ca:c0:fb:5a:8a:4a:2e:26:d1:77:09:4c:
         fc:c9:15:f1:9e:37:25:08:fd:d8:58:c4:e4:0d:5c:bb:3f:38:
         33:4a:be:b8:ce:3f:42:a1:37:7f:1f:2c:4a:59:c7:40:6d:72:
         9f:af:10:b3:d9:90:e8:63:4a:30:ab:e0:b4:41:34:50:03:a8:
         65:60:ca:da:1a:4b:26:0b:1e:f8:0b:d1:f9:54:d6:9f:f9:d0:
         b1:a6:10:02
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzFbrJN69QjNPUN20SZgpuMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NDEyODE0NmI3YmVjOGJkMTE4NWJiZTBjM2I5MzQwYWFm
NWI3MTQwHhcNMjQwMTAxMTQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWQ3MTg0ZWY4NDZkM2E0M2E1MTE3YWEzMTZmNWFiM2VkZWRjYmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6+CVMeVuCXD6wtStWnqtKVOtSQc
hqitOarikOL5OxRV8Snp0EmsL3wHRqByEMcvweF88O0kvy5pkU3tKnbP49geKh3y
zX6Lb+Yx8p8HllUlnch7k/hrGyzv21+H3m+514OZ964aLs8ic5kP6rloe3O2829A
HDDs9SPVZq3L/+J+lCZP00nZLUYNHQy0cbkZ/oacLJLT5PONpEwy0qFWuML9Wb5+
6zawj42qDCw4uBnAcjF33ixtbcS0AlBXelT8ULl6vqjV8QKuns5NcxJQ35fGDtx4
p9Zh5OcfTXcIZtDDFjPowwCvM4fu54wMSWIMqpsKG52vrFsrb1xSYv8tnQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFH7XGE74RtOkOlEXqjFvWrPt7cvbMB8GA1UdIwQY
MBaAFPhBKBRre+yL0Rhbvgw7k0Cq9bcUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1FRW9GR3Q3N0l2UkdGdS1ERHVUUUtyMXR4US5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIvZmIyNDExLTQ4NWItNDE0My05MjQx
LTEzODM5NjQwYTYwNC8xL2Z0Y1lUdmhHMDZRNlVSZXFNVzlhcy0zdHk5cy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjIvZmIyNDExLTQ4NWItNDE0My05MjQxLTEzODM5NjQwYTYw
NC8xLzEtRUVvRkd0NzdJdlJHRnUtRER1VFFLcjF0eFEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAK50lQD
BAK564QDBAK59KgwDQYJKoZIhvcNAQELBQADggEBACTwPykYN4DRsgidzqP3QY+q
IgQSKfp2WsPo8gVvrYME6hUMn0Q6I1o2YnZTm5DsXygDyCdwkYvV0sufr8XGGOPk
q8pEyycbUC5yBBVFdB6fJo6yzh4lRapHTQ0Ot0YOLPpuaqjqqOrQE6rf9BGuRmDl
AW5rbWI3oykLYTIOIeA1Q60eXArpOJYYUreLdsQ1wEwhHh+kdVFH/jtt1gd9wSC2
v7+LUMDvQcrA+1qKSi4m0XcJTPzJFfGeNyUI/dhYxOQNXLs/ODNKvrjOP0KhN38f
LEpZx0Btcp+vELPZkOhjSjCr4LRBNFADqGVgytoaSyYLHvgL0flU1p/50LGmEAI=
-----END CERTIFICATE-----