Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/a8007b-08ce-4af4-a383-c4a52dcee23d/1/FSJlPLqaM2ChwnRIk6SXXtvpcvo.roa
File:                     FSJlPLqaM2ChwnRIk6SXXtvpcvo.roa (raw, json)
Hash identifier:          7EMFpQ+83k+4w2/zaxXPQN6mUAkB1bd+dpxTlm/pjHc=
Subject key identifier:   15:22:65:3C:BA:9A:33:60:A1:C2:74:48:93:A4:97:5E:DB:E9:72:FA
Certificate issuer:       /CN=df798581e73704ee38c9be15e72370f176c60311
Certificate serial:       018CC26CF92CD97E9207DE3D2ABA03C8F279
Authority key identifier: DF:79:85:81:E7:37:04:EE:38:C9:BE:15:E7:23:70:F1:76:C6:03:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/33mFgec3BO44yb4V5yNw8XbGAxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/a8007b-08ce-4af4-a383-c4a52dcee23d/1/FSJlPLqaM2ChwnRIk6SXXtvpcvo.roa
Signing time:             Mon 01 Jan 2024 00:29:30 +0000
ROA not before:           Mon 01 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24631
IP address blocks:        185.128.83.0/24 maxlen: 24
                          185.128.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/a8007b-08ce-4af4-a383-c4a52dcee23d/1/33mFgec3BO44yb4V5yNw8XbGAxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/a8007b-08ce-4af4-a383-c4a52dcee23d/1/33mFgec3BO44yb4V5yNw8XbGAxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/33mFgec3BO44yb4V5yNw8XbGAxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f9:2c:d9:7e:92:07:de:3d:2a:ba:03:c8:f2:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df798581e73704ee38c9be15e72370f176c60311
        Validity
            Not Before: Jan  1 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1522653cba9a3360a1c2744893a4975edbe972fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e5:3e:88:2c:a1:4c:ff:d1:d5:33:5c:46:4a:
                    f9:05:bc:cb:ad:1d:14:bc:fd:ff:3b:9f:33:9c:92:
                    79:b8:aa:81:4b:4e:f7:57:6f:77:be:dc:c5:73:44:
                    29:8d:2c:ea:4d:03:11:95:32:4c:3e:ae:68:ca:7c:
                    28:a1:fa:91:fe:b0:88:70:0c:3b:bf:23:55:8d:41:
                    d5:f2:1e:59:4c:43:5c:56:fd:b3:05:14:d6:22:a0:
                    1b:73:e9:52:0c:2a:50:7c:b8:39:4e:0a:2d:b2:dd:
                    40:de:2b:07:18:d6:24:6a:bc:30:9c:bf:f0:94:81:
                    8b:93:38:15:73:cb:07:85:26:99:13:2e:fa:15:b4:
                    2f:f8:e6:ed:c6:52:e3:2b:b5:8a:26:66:1d:76:b5:
                    f7:fb:b7:ec:7d:62:e3:9e:0b:ec:07:4f:06:a7:fa:
                    ce:da:43:ba:85:70:9e:ff:9d:d8:4d:0c:d2:48:a7:
                    44:6f:9f:ec:25:82:c8:61:f1:a8:da:2b:58:cf:38:
                    c9:fc:6d:91:21:22:13:26:7c:3e:7a:a8:39:cd:6b:
                    68:75:26:71:a6:13:f9:e9:49:ee:a9:d7:33:83:c9:
                    f0:dc:bd:92:80:ee:09:79:6e:fd:7e:c5:a0:30:22:
                    ae:60:5b:06:68:86:af:3c:4a:3d:88:3d:7e:8d:b5:
                    33:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:22:65:3C:BA:9A:33:60:A1:C2:74:48:93:A4:97:5E:DB:E9:72:FA
            X509v3 Authority Key Identifier:
                keyid:DF:79:85:81:E7:37:04:EE:38:C9:BE:15:E7:23:70:F1:76:C6:03:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33mFgec3BO44yb4V5yNw8XbGAxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/a8007b-08ce-4af4-a383-c4a52dcee23d/1/FSJlPLqaM2ChwnRIk6SXXtvpcvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/a8007b-08ce-4af4-a383-c4a52dcee23d/1/33mFgec3BO44yb4V5yNw8XbGAxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.81.0/24
                  185.128.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:f2:07:05:71:70:08:0f:c6:2b:db:82:65:91:21:e0:04:7f:
         10:23:ab:05:b5:7a:b4:65:b1:da:ba:eb:4a:9d:19:cd:66:38:
         d9:6a:ad:02:75:cc:bf:35:46:a7:24:a4:5b:19:ba:71:47:e0:
         1e:fb:31:e9:d2:76:ce:8f:2e:66:43:09:34:93:5c:c6:ab:e1:
         e2:37:ce:e8:1c:c4:61:8d:ab:21:ac:b0:aa:40:b9:8a:c6:b2:
         83:93:bc:02:40:d7:d5:90:44:b6:f7:08:10:ed:d1:7f:bd:18:
         ae:87:7d:77:34:22:00:f7:92:55:06:56:00:8c:0f:31:e8:e1:
         9f:39:05:f6:57:00:0b:f9:95:89:51:b4:51:91:a2:b4:e4:38:
         ff:e1:96:44:c3:1c:c1:27:cf:fa:8c:09:a2:38:ac:33:29:4a:
         ac:51:4b:69:6e:12:bf:46:48:d4:5c:9a:e7:6d:68:e7:1a:6a:
         0d:4a:ab:49:76:28:6f:ec:9e:0a:1b:b7:fd:72:bb:ea:d9:3b:
         13:ea:cc:5b:ff:d3:25:23:61:c7:b0:56:fa:35:df:1b:6d:6f:
         42:2e:ee:ba:a1:b8:3b:10:fa:e0:54:5e:56:54:f1:52:7a:bb:
         7a:43:b2:dc:ad:79:57:1e:35:ff:31:df:cf:87:ff:7b:db:16:
         d5:b9:4a:3d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbPks2X6SB949KroDyPJ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmNzk4NTgxZTczNzA0ZWUzOGM5YmUxNWU3MjM3MGYxNzZj
NjAzMTEwHhcNMjQwMTAxMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTIyNjUzY2JhOWEzMzYwYTFjMjc0NDg5M2E0OTc1ZWRiZTk3MmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+U+iCyhTP/R1TNcRkr5BbzLrR0U
vP3/O58znJJ5uKqBS073V293vtzFc0QpjSzqTQMRlTJMPq5oynwoofqR/rCIcAw7
vyNVjUHV8h5ZTENcVv2zBRTWIqAbc+lSDCpQfLg5Tgotst1A3isHGNYkarwwnL/w
lIGLkzgVc8sHhSaZEy76FbQv+ObtxlLjK7WKJmYddrX3+7fsfWLjngvsB08Gp/rO
2kO6hXCe/53YTQzSSKdEb5/sJYLIYfGo2itYzzjJ/G2RISITJnw+eqg5zWtodSZx
phP56Unuqdczg8nw3L2SgO4JeW79fsWgMCKuYFsGaIavPEo9iD1+jbUzXQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBUiZTy6mjNgocJ0SJOkl17b6XL6MB8GA1UdIwQY
MBaAFN95hYHnNwTuOMm+FecjcPF2xgMRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzNtRmdlYzNCTzQ0eWI0VjV5Tnc4WGJHQXhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9hODAwN2ItMDhjZS00YWY0LWEzODMt
YzRhNTJkY2VlMjNkLzEvRlNKbFBMcWFNMkNod25SSWs2U1hYdHZwY3ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9hODAwN2ItMDhjZS00YWY0LWEzODMtYzRhNTJkY2VlMjNk
LzEvMzNtRmdlYzNCTzQ0eWI0VjV5Tnc4WGJHQXhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuYBRAwQA
uYBTMA0GCSqGSIb3DQEBCwUAA4IBAQAn8gcFcXAID8Yr24JlkSHgBH8QI6sFtXq0
ZbHauutKnRnNZjjZaq0Cdcy/NUanJKRbGbpxR+Ae+zHp0nbOjy5mQwk0k1zGq+Hi
N87oHMRhjashrLCqQLmKxrKDk7wCQNfVkES29wgQ7dF/vRiuh313NCIA95JVBlYA
jA8x6OGfOQX2VwAL+ZWJUbRRkaK05Dj/4ZZEwxzBJ8/6jAmiOKwzKUqsUUtpbhK/
RkjUXJrnbWjnGmoNSqtJdihv7J4KG7f9crvq2TsT6sxb/9MlI2HHsFb6Nd8bbW9C
Lu66obg7EPrgVF5WVPFSert6Q7LcrXlXHjX/Md/Ph/972xbVuUo9
-----END CERTIFICATE-----