Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/a8007b-08ce-4af4-a383-c4a52dcee23d/1/FB5xJjwPCmPTMiYFWnx_CFKQANg.roa
File:                     FB5xJjwPCmPTMiYFWnx_CFKQANg.roa (raw, json)
Hash identifier:          ISzmdC8uBt6wtSQC7JZyBVEY4XO90iJLJ6IeMmOIB0Q=
Subject key identifier:   14:1E:71:26:3C:0F:0A:63:D3:32:26:05:5A:7C:7F:08:52:90:00:D8
Certificate issuer:       /CN=df798581e73704ee38c9be15e72370f176c60311
Certificate serial:       018CC26CF992CDDD1F1A191173381405757D
Authority key identifier: DF:79:85:81:E7:37:04:EE:38:C9:BE:15:E7:23:70:F1:76:C6:03:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/33mFgec3BO44yb4V5yNw8XbGAxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/a8007b-08ce-4af4-a383-c4a52dcee23d/1/FB5xJjwPCmPTMiYFWnx_CFKQANg.roa
Signing time:             Mon 01 Jan 2024 00:29:30 +0000
ROA not before:           Mon 01 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207680
IP address blocks:        185.128.83.0/24 maxlen: 24
                          185.128.82.0/24 maxlen: 24
                          185.128.81.0/24 maxlen: 24
                          185.128.80.0/22 maxlen: 22
                          185.128.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/a8007b-08ce-4af4-a383-c4a52dcee23d/1/33mFgec3BO44yb4V5yNw8XbGAxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/a8007b-08ce-4af4-a383-c4a52dcee23d/1/33mFgec3BO44yb4V5yNw8XbGAxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/33mFgec3BO44yb4V5yNw8XbGAxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f9:92:cd:dd:1f:1a:19:11:73:38:14:05:75:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df798581e73704ee38c9be15e72370f176c60311
        Validity
            Not Before: Jan  1 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=141e71263c0f0a63d33226055a7c7f08529000d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:de:42:a6:9e:4b:18:48:22:91:fe:fe:d2:c2:
                    f3:fc:3d:5a:5f:27:58:88:db:fa:4b:b1:fb:e5:f3:
                    11:23:57:58:63:0c:c3:53:b1:e5:6a:a6:9a:d9:67:
                    31:2c:c5:ce:64:f5:4c:a1:43:e0:64:3e:0c:c2:ea:
                    a3:c6:e6:e8:c1:b4:22:81:cd:1a:af:07:69:9b:81:
                    18:4b:4c:25:24:df:30:91:dd:65:38:36:33:e0:f4:
                    40:d5:db:b0:3f:91:e1:2a:5c:cb:bb:3b:56:95:aa:
                    20:16:98:03:d1:25:0a:93:e5:29:9e:79:0e:a2:d6:
                    74:7d:7d:fa:6d:9f:6e:8d:72:9b:6f:83:77:bc:d8:
                    50:c9:ce:7c:8a:f7:1e:e3:4d:61:17:ac:8c:a4:90:
                    97:5e:76:81:43:37:4d:18:6d:b0:0d:bf:76:05:f7:
                    66:e3:ac:ff:c7:7f:ff:6e:37:bd:49:a1:7d:d9:57:
                    f9:4f:bc:b8:47:5c:36:ed:6b:40:7b:8b:03:b3:b5:
                    cd:ba:04:07:d2:66:3a:f8:b1:63:2f:d7:ad:65:f2:
                    1a:b7:4a:e0:7e:e9:6a:0e:b3:5a:f5:5b:33:8b:d0:
                    ea:67:b5:d4:45:6a:45:0a:99:b1:63:f9:47:b8:33:
                    88:39:ad:dc:8c:32:e5:43:5d:a4:72:8c:0e:1b:58:
                    e0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:1E:71:26:3C:0F:0A:63:D3:32:26:05:5A:7C:7F:08:52:90:00:D8
            X509v3 Authority Key Identifier:
                keyid:DF:79:85:81:E7:37:04:EE:38:C9:BE:15:E7:23:70:F1:76:C6:03:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33mFgec3BO44yb4V5yNw8XbGAxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/a8007b-08ce-4af4-a383-c4a52dcee23d/1/FB5xJjwPCmPTMiYFWnx_CFKQANg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/a8007b-08ce-4af4-a383-c4a52dcee23d/1/33mFgec3BO44yb4V5yNw8XbGAxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:ec:77:91:43:52:8d:6f:8f:f8:ac:49:37:43:d9:2c:3c:0e:
         ff:c8:7f:08:96:40:04:f5:bb:50:eb:a9:7e:e0:a2:d5:c2:29:
         23:b2:02:30:18:10:c6:83:da:59:28:06:78:24:fa:77:cb:c9:
         a9:61:a4:04:3e:64:ea:71:af:a5:3b:19:b1:56:50:97:6e:71:
         7e:51:e9:1b:42:ef:18:95:08:3c:53:14:78:ad:86:a2:03:c6:
         5d:6e:05:78:57:8f:33:65:99:b2:15:bf:22:f2:73:76:49:1a:
         79:51:8e:b5:a7:84:1e:ff:49:ed:58:bc:e6:98:ee:53:29:c7:
         b0:ff:05:89:ad:5d:38:19:dd:07:c8:94:b0:e2:db:50:bd:4b:
         b8:78:34:91:6d:88:83:ca:74:db:f7:09:3e:9e:33:04:ab:60:
         98:cc:1f:b8:b7:87:c2:c2:c1:74:30:f3:d2:ad:1c:41:33:4f:
         9e:8c:17:0b:fd:07:94:36:1a:be:a3:1b:d7:78:26:bd:b9:8b:
         2a:33:17:cc:30:21:16:6c:46:6b:37:29:3f:cc:bd:ca:90:55:
         2c:a4:de:98:6c:5d:55:3e:bd:34:e8:9c:c0:34:2e:b7:30:c2:
         85:d4:db:29:0a:b9:18:e6:fd:2b:79:ed:65:8e:39:54:f7:f9:
         0e:54:d5:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPmSzd0fGhkRczgUBXV9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmNzk4NTgxZTczNzA0ZWUzOGM5YmUxNWU3MjM3MGYxNzZj
NjAzMTEwHhcNMjQwMTAxMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDFlNzEyNjNjMGYwYTYzZDMzMjI2MDU1YTdjN2YwODUyOTAwMGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjd5Cpp5LGEgikf7+0sLz/D1aXydY
iNv6S7H75fMRI1dYYwzDU7Hlaqaa2WcxLMXOZPVMoUPgZD4MwuqjxubowbQigc0a
rwdpm4EYS0wlJN8wkd1lODYz4PRA1duwP5HhKlzLuztWlaogFpgD0SUKk+UpnnkO
otZ0fX36bZ9ujXKbb4N3vNhQyc58ivce401hF6yMpJCXXnaBQzdNGG2wDb92Bfdm
46z/x3//bje9SaF92Vf5T7y4R1w27WtAe4sDs7XNugQH0mY6+LFjL9etZfIat0rg
fulqDrNa9Vszi9DqZ7XURWpFCpmxY/lHuDOIOa3cjDLlQ12kcowOG1jgzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBQecSY8Dwpj0zImBVp8fwhSkADYMB8GA1UdIwQY
MBaAFN95hYHnNwTuOMm+FecjcPF2xgMRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzNtRmdlYzNCTzQ0eWI0VjV5Tnc4WGJHQXhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9hODAwN2ItMDhjZS00YWY0LWEzODMt
YzRhNTJkY2VlMjNkLzEvRkI1eEpqd1BDbVBUTWlZRldueF9DRktRQU5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9hODAwN2ItMDhjZS00YWY0LWEzODMtYzRhNTJkY2VlMjNk
LzEvMzNtRmdlYzNCTzQ0eWI0VjV5Tnc4WGJHQXhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYBQMA0G
CSqGSIb3DQEBCwUAA4IBAQBu7HeRQ1KNb4/4rEk3Q9ksPA7/yH8IlkAE9btQ66l+
4KLVwikjsgIwGBDGg9pZKAZ4JPp3y8mpYaQEPmTqca+lOxmxVlCXbnF+UekbQu8Y
lQg8UxR4rYaiA8ZdbgV4V48zZZmyFb8i8nN2SRp5UY61p4Qe/0ntWLzmmO5TKcew
/wWJrV04Gd0HyJSw4ttQvUu4eDSRbYiDynTb9wk+njMEq2CYzB+4t4fCwsF0MPPS
rRxBM0+ejBcL/QeUNhq+oxvXeCa9uYsqMxfMMCEWbEZrNyk/zL3KkFUspN6YbF1V
Pr006JzANC63MMKF1NspCrkY5v0ree1ljjlU9/kOVNXQ
-----END CERTIFICATE-----