Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/bfa07b-87c2-452a-bd0c-8aae43063bca/1/ftYQc55qBcuOs8zhVrwLlApI8HA.roa
File:                     ftYQc55qBcuOs8zhVrwLlApI8HA.roa (raw, json)
Hash identifier:          y9lxBtX6tSrzKy1inmRE/v2g/DFtLdWD22sGXh8oTkw=
Subject key identifier:   7E:D6:10:73:9E:6A:05:CB:8E:B3:CC:E1:56:BC:0B:94:0A:48:F0:70
Certificate issuer:       /CN=699bb10a5572175b03a3c7cbfbe938b7b1441ac0
Certificate serial:       018CC64AF725E2C3C70FD110CC15A03512F0
Authority key identifier: 69:9B:B1:0A:55:72:17:5B:03:A3:C7:CB:FB:E9:38:B7:B1:44:1A:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZuxClVyF1sDo8fL--k4t7FEGsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/bfa07b-87c2-452a-bd0c-8aae43063bca/1/ftYQc55qBcuOs8zhVrwLlApI8HA.roa
Signing time:             Mon 01 Jan 2024 18:30:50 +0000
ROA not before:           Mon 01 Jan 2024 18:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209199
IP address blocks:        185.124.160.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/bfa07b-87c2-452a-bd0c-8aae43063bca/1/aZuxClVyF1sDo8fL--k4t7FEGsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/bfa07b-87c2-452a-bd0c-8aae43063bca/1/aZuxClVyF1sDo8fL--k4t7FEGsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZuxClVyF1sDo8fL--k4t7FEGsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f7:25:e2:c3:c7:0f:d1:10:cc:15:a0:35:12:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=699bb10a5572175b03a3c7cbfbe938b7b1441ac0
        Validity
            Not Before: Jan  1 18:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ed610739e6a05cb8eb3cce156bc0b940a48f070
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d3:4c:aa:6f:9e:02:a4:d5:95:3c:52:cb:38:
                    1b:df:39:d1:ce:44:7e:9b:e0:9c:a9:e9:cc:dc:1d:
                    da:6f:f4:d9:3a:2d:50:b7:16:a6:3e:b4:a0:40:04:
                    31:e2:44:2d:fa:72:96:b2:dc:64:a5:5a:f1:df:d2:
                    62:20:14:6c:be:50:ce:c9:17:ec:e6:3e:a6:c7:1e:
                    ec:47:18:b9:fb:09:82:27:61:71:ea:a7:14:45:ab:
                    fa:87:09:cc:cc:81:09:ff:09:b2:dc:10:c9:ca:fd:
                    c5:7c:84:66:85:1f:b6:2f:9c:2a:0c:3b:d9:16:e9:
                    8a:fb:3a:a9:7b:12:c3:5e:2e:a1:16:d0:27:db:6f:
                    a1:43:64:dc:60:db:d5:21:46:01:a6:08:f4:a5:05:
                    08:6f:52:d2:ab:86:ae:9b:3e:48:09:d4:95:f3:30:
                    df:52:27:e5:92:ae:32:28:36:95:4c:48:b8:9f:d0:
                    f4:91:5c:d8:0a:04:24:c1:63:08:77:51:16:53:c2:
                    3d:d0:15:cf:e9:ce:1b:bc:bf:58:b7:70:ee:c5:f7:
                    8c:1d:79:30:5c:35:7b:ae:ad:3b:ad:f0:a8:8c:f9:
                    6c:52:38:0d:6a:a4:1e:6e:7e:6f:3a:e2:19:67:5d:
                    21:ea:da:6e:80:05:ec:37:da:50:2a:59:90:59:22:
                    da:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:D6:10:73:9E:6A:05:CB:8E:B3:CC:E1:56:BC:0B:94:0A:48:F0:70
            X509v3 Authority Key Identifier:
                keyid:69:9B:B1:0A:55:72:17:5B:03:A3:C7:CB:FB:E9:38:B7:B1:44:1A:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZuxClVyF1sDo8fL--k4t7FEGsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/bfa07b-87c2-452a-bd0c-8aae43063bca/1/ftYQc55qBcuOs8zhVrwLlApI8HA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/bfa07b-87c2-452a-bd0c-8aae43063bca/1/aZuxClVyF1sDo8fL--k4t7FEGsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:34:3b:48:c5:31:a2:b3:60:12:e6:90:48:3c:12:8a:c1:3a:
         8d:f3:df:38:e3:33:0b:4e:ed:57:3f:f8:75:02:44:ce:2e:4d:
         59:6c:f7:9c:c8:68:ba:94:3c:07:d6:d7:16:0c:9d:c0:79:46:
         ac:cc:2d:a3:25:37:c7:04:3b:91:04:2e:07:ca:c5:6a:4f:21:
         95:7f:cc:a6:bf:5e:51:43:25:cb:78:00:00:9c:56:54:ce:4d:
         35:d1:5c:f4:64:db:0c:58:cf:54:13:a1:0f:68:43:67:7d:7e:
         1b:14:c8:f6:74:2f:90:29:4b:d9:73:3e:b7:29:c9:f6:e5:b7:
         96:33:94:d0:96:65:c2:eb:00:7e:ea:41:fd:98:e2:fa:11:88:
         37:9b:8d:95:46:55:a3:d1:67:7a:b9:76:6a:b2:60:af:47:50:
         a3:63:32:d8:b3:d2:ea:3d:1f:30:0a:67:5d:93:c2:9c:3b:9f:
         8a:1f:cb:28:fa:86:18:7d:ba:5f:2e:95:07:d9:c7:25:ec:29:
         30:d6:ec:b2:ec:6a:b6:c0:d6:ec:78:bb:8e:ee:89:59:21:b1:
         81:4d:b9:a4:24:ac:a7:1a:ab:c5:2a:ba:14:6d:a2:3f:ad:65:
         e3:c2:6d:eb:fc:74:a6:60:05:46:80:5a:79:c4:1a:20:9f:55:
         0d:be:2a:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSvcl4sPHD9EQzBWgNRLwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OWJiMTBhNTU3MjE3NWIwM2EzYzdjYmZiZTkzOGI3YjE0
NDFhYzAwHhcNMjQwMTAxMTgzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWQ2MTA3MzllNmEwNWNiOGViM2NjZTE1NmJjMGI5NDBhNDhmMDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNNMqm+eAqTVlTxSyzgb3znRzkR+
m+CcqenM3B3ab/TZOi1QtxamPrSgQAQx4kQt+nKWstxkpVrx39JiIBRsvlDOyRfs
5j6mxx7sRxi5+wmCJ2Fx6qcURav6hwnMzIEJ/wmy3BDJyv3FfIRmhR+2L5wqDDvZ
FumK+zqpexLDXi6hFtAn22+hQ2TcYNvVIUYBpgj0pQUIb1LSq4aumz5ICdSV8zDf
Uiflkq4yKDaVTEi4n9D0kVzYCgQkwWMId1EWU8I90BXP6c4bvL9Yt3DuxfeMHXkw
XDV7rq07rfCojPlsUjgNaqQebn5vOuIZZ10h6tpugAXsN9pQKlmQWSLaFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7WEHOeagXLjrPM4Va8C5QKSPBwMB8GA1UdIwQY
MBaAFGmbsQpVchdbA6PHy/vpOLexRBrAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVp1eENsVnlGMXNEbzhmTC0tazR0N0ZFR3NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9iZmEwN2ItODdjMi00NTJhLWJkMGMt
OGFhZTQzMDYzYmNhLzEvZnRZUWM1NXFCY3VPczh6aFZyd0xsQXBJOEhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9iZmEwN2ItODdjMi00NTJhLWJkMGMtOGFhZTQzMDYzYmNh
LzEvYVp1eENsVnlGMXNEbzhmTC0tazR0N0ZFR3NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXygMA0G
CSqGSIb3DQEBCwUAA4IBAQAkNDtIxTGis2AS5pBIPBKKwTqN89844zMLTu1XP/h1
AkTOLk1ZbPecyGi6lDwH1tcWDJ3AeUaszC2jJTfHBDuRBC4HysVqTyGVf8ymv15R
QyXLeAAAnFZUzk010Vz0ZNsMWM9UE6EPaENnfX4bFMj2dC+QKUvZcz63Kcn25beW
M5TQlmXC6wB+6kH9mOL6EYg3m42VRlWj0Wd6uXZqsmCvR1CjYzLYs9LqPR8wCmdd
k8KcO5+KH8so+oYYfbpfLpUH2ccl7Ckw1uyy7Gq2wNbseLuO7olZIbGBTbmkJKyn
GqvFKroUbaI/rWXjwm3r/HSmYAVGgFp5xBogn1UNvirp
-----END CERTIFICATE-----