Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/FjiPdMB3GSAPFhKMLS_lHhwZOHg.roa
File:                     FjiPdMB3GSAPFhKMLS_lHhwZOHg.roa (raw, json)
Hash identifier:          ZF6thwdNVy7hKtdBThmuIq45euuZH7Dwk52B1CwSG7U=
Subject key identifier:   16:38:8F:74:C0:77:19:20:0F:16:12:8C:2D:2F:E5:1E:1C:19:38:78
Certificate issuer:       /CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Certificate serial:       018CC2DB1339B2166C87D03D86E381989209
Authority key identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/FjiPdMB3GSAPFhKMLS_lHhwZOHg.roa
Signing time:             Mon 01 Jan 2024 02:29:46 +0000
ROA not before:           Mon 01 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6665
IP address blocks:        194.20.232.0/21 maxlen: 24
                          194.20.240.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:13:39:b2:16:6c:87:d0:3d:86:e3:81:98:92:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7539b7a123417aa719325946aa89e0f30ab0ca09
        Validity
            Not Before: Jan  1 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16388f74c07719200f16128c2d2fe51e1c193878
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:8c:a8:22:b1:e6:97:05:6e:48:92:95:83:03:
                    4f:a1:d3:bf:43:a9:90:fd:ea:8a:24:4e:79:1e:ef:
                    87:28:90:d4:85:c1:e4:27:17:7d:53:2a:df:ed:94:
                    f7:4b:3c:3b:2d:ef:f2:69:a0:08:e5:38:45:33:ae:
                    bf:66:13:bc:d2:d2:26:08:fa:54:00:0e:9d:8e:83:
                    1b:36:0e:0e:c9:a1:d5:36:70:fd:55:cc:81:6c:ad:
                    32:17:7e:e0:0a:8f:85:c3:f6:8b:13:5a:a0:a4:27:
                    2d:c5:f3:be:3b:92:78:15:42:a1:85:6e:71:d3:28:
                    cc:31:bd:f4:0e:ae:37:d1:59:74:23:55:2c:24:67:
                    db:84:a7:23:e9:d2:b9:cd:64:9f:03:4b:87:74:09:
                    5f:2d:34:f8:13:e7:d3:3e:71:fe:63:9b:ca:1f:b2:
                    41:67:77:a4:a1:27:e7:cf:2b:ed:ab:ce:ba:e8:cb:
                    b3:af:e2:4d:43:34:f1:0c:bf:d2:56:aa:ac:f3:8f:
                    94:6d:83:cc:8f:a6:15:c3:0a:f5:2c:2f:dd:d4:ba:
                    fe:e4:3e:b4:4a:db:9a:28:80:fa:d2:fa:88:f5:ce:
                    54:d1:74:5d:1a:be:c5:37:fe:d2:18:be:f7:8d:e7:
                    36:05:5a:45:56:31:ba:15:a6:65:fd:e2:53:fc:ee:
                    30:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:38:8F:74:C0:77:19:20:0F:16:12:8C:2D:2F:E5:1E:1C:19:38:78
            X509v3 Authority Key Identifier:
                keyid:75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/FjiPdMB3GSAPFhKMLS_lHhwZOHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.20.232.0-194.20.247.255

    Signature Algorithm: sha256WithRSAEncryption
         13:74:b5:3c:13:18:a3:e7:fa:df:65:4c:4e:0e:20:bd:95:4a:
         73:c2:5a:3b:c4:b4:a1:aa:60:f4:f4:8e:cd:60:d4:71:6e:33:
         17:df:19:d6:f7:48:14:9a:16:59:bf:24:77:d1:a1:7f:0e:8b:
         fb:b3:33:07:59:6a:c0:93:eb:d3:f8:64:ed:38:7c:94:57:cf:
         a3:ca:58:a0:85:d2:63:25:9b:b8:36:e8:ff:86:19:36:81:d5:
         01:17:ca:32:2e:3b:75:7c:45:e5:c6:27:09:7a:e3:d3:da:ac:
         05:ba:b7:7c:a9:e0:e1:a7:8d:ba:87:51:fe:a5:f0:1c:9d:8c:
         87:a4:9b:67:95:9f:13:c9:cd:5a:37:57:f1:cc:82:eb:a7:9f:
         53:17:fa:ee:95:4f:d0:00:6e:45:c3:ef:ab:93:09:1b:86:71:
         9c:c9:c4:72:ee:97:fb:41:06:fc:40:d2:20:b1:c9:8b:c2:3f:
         ab:43:28:c6:a7:b1:73:11:2f:31:a3:49:a9:f1:98:3e:e3:6d:
         78:c1:2c:00:2e:df:ce:29:80:a6:de:2e:d5:6e:fd:3c:c9:db:
         45:bf:9e:91:4e:43:1a:7f:de:df:47:91:8d:c3:a2:05:f6:93:
         33:b9:1a:e9:97:20:2a:a0:af:49:bf:ce:fc:00:92:de:83:99:
         42:56:6b:58
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzC2xM5shZsh9A9huOBmJIJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MzliN2ExMjM0MTdhYTcxOTMyNTk0NmFhODllMGYzMGFi
MGNhMDkwHhcNMjQwMTAxMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjM4OGY3NGMwNzcxOTIwMGYxNjEyOGMyZDJmZTUxZTFjMTkzODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4yoIrHmlwVuSJKVgwNPodO/Q6mQ
/eqKJE55Hu+HKJDUhcHkJxd9Uyrf7ZT3Szw7Le/yaaAI5ThFM66/ZhO80tImCPpU
AA6djoMbNg4OyaHVNnD9VcyBbK0yF37gCo+Fw/aLE1qgpCctxfO+O5J4FUKhhW5x
0yjMMb30Dq430Vl0I1UsJGfbhKcj6dK5zWSfA0uHdAlfLTT4E+fTPnH+Y5vKH7JB
Z3ekoSfnzyvtq8666Muzr+JNQzTxDL/SVqqs84+UbYPMj6YVwwr1LC/d1Lr+5D60
StuaKID60vqI9c5U0XRdGr7FN/7SGL73jec2BVpFVjG6FaZl/eJT/O4wTQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBY4j3TAdxkgDxYSjC0v5R4cGTh4MB8GA1UdIwQY
MBaAFHU5t6EjQXqnGTJZRqqJ4PMKsMoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjct
NWI1ZTMzY2U3MGFkLzEvRmppUGRNQjNHU0FQRmhLTUxTX2xIaHdaT0hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjctNWI1ZTMzY2U3MGFk
LzEvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAPCFOgD
BAPCFPAwDQYJKoZIhvcNAQELBQADggEBABN0tTwTGKPn+t9lTE4OIL2VSnPCWjvE
tKGqYPT0js1g1HFuMxffGdb3SBSaFlm/JHfRoX8Oi/uzMwdZasCT69P4ZO04fJRX
z6PKWKCF0mMlm7g26P+GGTaB1QEXyjIuO3V8ReXGJwl649ParAW6t3yp4OGnjbqH
Uf6l8BydjIekm2eVnxPJzVo3V/HMguunn1MX+u6VT9AAbkXD76uTCRuGcZzJxHLu
l/tBBvxA0iCxyYvCP6tDKMansXMRLzGjSanxmD7jbXjBLAAu384pgKbeLtVu/TzJ
20W/npFOQxp/3t9HkY3DogX2kzO5GumXICqgr0m/zvwAkt6DmUJWa1g=
-----END CERTIFICATE-----