Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/fn0NgVCt6cnQireFNKgqnH8Wp-8.roa
File:                     fn0NgVCt6cnQireFNKgqnH8Wp-8.roa (raw, json)
Hash identifier:          Z4DBYAbHHkVopNphXCR2ZqVbM9wDf0jkR9ugfx7LkB0=
Subject key identifier:   7E:7D:0D:81:50:AD:E9:C9:D0:8A:B7:85:34:A8:2A:9C:7F:16:A7:EF
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018F0FC17931151C8AB06B30B5726D235A13
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/fn0NgVCt6cnQireFNKgqnH8Wp-8.roa
Signing time:             Wed 24 Apr 2024 10:58:08 +0000
ROA not before:           Wed 24 Apr 2024 10:58:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211557
IP address blocks:        188.240.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:35:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0f:c1:79:31:15:1c:8a:b0:6b:30:b5:72:6d:23:5a:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr 24 10:58:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e7d0d8150ade9c9d08ab78534a82a9c7f16a7ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a7:02:b3:8f:3e:df:a5:5b:75:a1:18:d9:7d:
                    71:4d:eb:e3:85:88:bf:a8:95:5f:27:4d:f5:7a:ea:
                    ac:36:f4:65:31:1e:04:30:36:91:5d:31:ea:f0:a6:
                    e6:c5:81:34:c3:2f:68:bd:8f:b3:1d:55:ac:95:28:
                    17:4c:42:c1:39:bd:f3:58:37:9c:23:d0:0a:7e:df:
                    c6:85:be:c3:99:f1:2a:b9:2f:61:8d:bb:4d:0f:17:
                    15:e8:75:59:66:86:45:19:d1:5a:c2:56:8e:2f:aa:
                    e9:b0:6b:74:47:0a:17:17:fc:7f:b0:7d:9e:5d:ad:
                    91:91:e2:e9:5b:93:4a:00:a9:e3:f2:e8:ab:f2:26:
                    e5:03:1b:fd:71:97:dd:e4:27:81:2d:99:84:63:0e:
                    23:da:f2:de:d4:5d:b8:eb:b0:fe:47:40:5c:4c:d0:
                    fb:71:44:18:20:f3:02:9b:90:52:7d:c7:13:7e:80:
                    cd:f0:fd:ed:95:58:93:0d:7a:8b:9d:00:18:75:54:
                    a0:02:48:db:10:a8:0d:a8:23:a2:dc:45:58:79:3f:
                    70:8a:8d:71:c8:c7:cd:31:f2:ea:19:e5:ca:e5:0b:
                    96:c4:4c:87:76:61:37:b1:1b:ab:ea:4c:88:3d:52:
                    08:2b:c7:dd:2c:06:09:36:e5:69:84:12:31:d7:38:
                    f2:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:7D:0D:81:50:AD:E9:C9:D0:8A:B7:85:34:A8:2A:9C:7F:16:A7:EF
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/fn0NgVCt6cnQireFNKgqnH8Wp-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.240.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:61:2b:d3:77:ed:a7:6a:37:a5:52:a4:b7:0f:58:d0:f1:0f:
         e9:d6:bd:0c:fe:ab:6f:60:a6:1e:07:ff:ca:7b:8b:6f:2c:26:
         0c:3b:35:23:d6:cb:36:0d:83:8f:04:40:c2:c0:30:3f:bc:55:
         55:ad:3f:90:41:20:c2:e5:83:9b:0b:9b:32:a7:6b:7f:f0:9e:
         1d:c7:76:dc:16:a7:f7:9b:ff:68:02:fc:7f:55:f0:7e:4d:87:
         8f:2b:5d:76:d8:50:2b:10:89:77:87:d0:70:64:38:05:ed:60:
         07:97:90:d1:a4:42:25:f9:73:6f:c1:09:63:89:4a:a6:42:74:
         83:16:f7:f7:6b:03:eb:2d:cb:8b:2c:4a:f4:31:f3:30:c4:61:
         6b:43:93:c7:96:e8:58:87:c1:bb:e5:49:ee:d9:f1:50:3f:9f:
         dc:9e:76:b6:73:b4:9b:96:2d:92:2b:9d:00:11:6b:e4:94:02:
         64:0e:64:f1:bc:d8:dd:a6:00:f9:69:b4:87:a8:99:07:96:f3:
         e0:bb:0f:13:d5:c8:d0:78:33:11:3f:6d:a5:8a:3f:87:66:b6:
         dd:45:ce:c1:a2:3a:1b:f6:a0:7a:b5:d3:5e:1c:70:e1:4c:6e:
         44:ab:e5:c9:52:64:c5:2b:35:c2:20:ec:a6:c8:5f:24:89:2f:
         62:51:63:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8PwXkxFRyKsGswtXJtI1oTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwNDI0MTA1ODA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTdkMGQ4MTUwYWRlOWM5ZDA4YWI3ODUzNGE4MmE5YzdmMTZhN2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6cCs48+36VbdaEY2X1xTevjhYi/
qJVfJ031euqsNvRlMR4EMDaRXTHq8KbmxYE0wy9ovY+zHVWslSgXTELBOb3zWDec
I9AKft/Ghb7DmfEquS9hjbtNDxcV6HVZZoZFGdFawlaOL6rpsGt0RwoXF/x/sH2e
Xa2RkeLpW5NKAKnj8uir8iblAxv9cZfd5CeBLZmEYw4j2vLe1F2467D+R0BcTND7
cUQYIPMCm5BSfccTfoDN8P3tlViTDXqLnQAYdVSgAkjbEKgNqCOi3EVYeT9wio1x
yMfNMfLqGeXK5QuWxEyHdmE3sRur6kyIPVIIK8fdLAYJNuVphBIx1zjyKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH59DYFQrenJ0Iq3hTSoKpx/FqfvMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvZm4wTmdWQ3Q2Y25RaXJlRk5LZ3FuSDhXcC04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPBRMA0G
CSqGSIb3DQEBCwUAA4IBAQARYSvTd+2najelUqS3D1jQ8Q/p1r0M/qtvYKYeB//K
e4tvLCYMOzUj1ss2DYOPBEDCwDA/vFVVrT+QQSDC5YObC5syp2t/8J4dx3bcFqf3
m/9oAvx/VfB+TYePK1122FArEIl3h9BwZDgF7WAHl5DRpEIl+XNvwQljiUqmQnSD
Fvf3awPrLcuLLEr0MfMwxGFrQ5PHluhYh8G75Unu2fFQP5/cnna2c7Sbli2SK50A
EWvklAJkDmTxvNjdpgD5abSHqJkHlvPguw8T1cjQeDMRP22lij+HZrbdRc7Bojob
9qB6tdNeHHDhTG5Eq+XJUmTFKzXCIOymyF8kiS9iUWN+
-----END CERTIFICATE-----