Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/d10813-fe61-4033-a433-5ee9b62246db/1/1-qjrY22dEn3uoAWsPQH-qIq9qXk.roa
File:                     1-qjrY22dEn3uoAWsPQH-qIq9qXk.roa (raw, json)
Hash identifier:          JBvCySfn+85QKu46DWH2zrsq7O4lp1O5jcXELlk2luI=
Subject key identifier:   FA:A8:EB:63:6D:9D:12:7D:EE:A0:05:AC:3D:01:FE:A8:8A:BD:A9:79
Certificate issuer:       /CN=fbf380b6675b9ccd5f812e069fff175478fb38a4
Certificate serial:       018CCA2ABABBEFDF8BB5D1AA81CF454142AC
Authority key identifier: FB:F3:80:B6:67:5B:9C:CD:5F:81:2E:06:9F:FF:17:54:78:FB:38:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-_OAtmdbnM1fgS4Gn_8XVHj7OKQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/d10813-fe61-4033-a433-5ee9b62246db/1/1-qjrY22dEn3uoAWsPQH-qIq9qXk.roa
Signing time:             Tue 02 Jan 2024 12:34:07 +0000
ROA not before:           Tue 02 Jan 2024 12:34:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57696
IP address blocks:        193.107.64.0/24 maxlen: 24
                          2a07:1780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/d10813-fe61-4033-a433-5ee9b62246db/1/1-_OAtmdbnM1fgS4Gn_8XVHj7OKQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/d10813-fe61-4033-a433-5ee9b62246db/1/1-_OAtmdbnM1fgS4Gn_8XVHj7OKQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-_OAtmdbnM1fgS4Gn_8XVHj7OKQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 04:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:ba:bb:ef:df:8b:b5:d1:aa:81:cf:45:41:42:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbf380b6675b9ccd5f812e069fff175478fb38a4
        Validity
            Not Before: Jan  2 12:34:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=faa8eb636d9d127deea005ac3d01fea88abda979
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ad:41:34:83:2a:42:6f:84:3d:e3:54:94:e2:
                    c7:4b:43:c5:c5:a1:4c:f0:83:06:51:a0:73:de:e8:
                    d9:04:28:e2:ec:19:86:f4:e1:d8:15:da:d0:88:e1:
                    c0:1a:5f:ba:8b:a8:99:aa:9b:b8:09:01:85:fd:b4:
                    c1:c2:cc:67:9f:94:0f:70:46:1d:c0:fa:a0:64:31:
                    a6:2c:50:73:e7:86:be:08:cb:8c:d9:f6:30:67:93:
                    50:94:f0:be:93:da:59:d4:80:b0:30:2d:7a:86:37:
                    0c:00:6b:f8:5c:53:07:4c:65:f7:7c:96:cd:ff:4a:
                    7f:78:e5:6d:fb:81:b0:80:8b:06:69:c4:ed:32:af:
                    f6:47:b4:4f:71:c1:e0:35:fd:3c:8e:a8:e3:1f:c4:
                    76:fb:72:51:7f:ca:a6:64:23:ab:fc:56:c5:4b:0f:
                    b1:ed:38:74:90:94:4d:3f:d0:c0:14:6a:bc:f8:1c:
                    eb:82:f2:93:4b:dd:48:ab:a0:6c:85:76:56:a9:1a:
                    1f:9c:3c:15:5b:5d:b1:12:f1:5e:3b:89:c6:27:db:
                    8d:bf:b1:44:ab:75:22:fb:a8:88:a3:f4:a5:a8:73:
                    5a:28:35:be:cc:fb:97:7d:08:c2:5f:cd:e4:ec:be:
                    2e:de:48:16:25:7c:80:d7:d8:8b:3d:c8:56:0f:b1:
                    03:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:A8:EB:63:6D:9D:12:7D:EE:A0:05:AC:3D:01:FE:A8:8A:BD:A9:79
            X509v3 Authority Key Identifier:
                keyid:FB:F3:80:B6:67:5B:9C:CD:5F:81:2E:06:9F:FF:17:54:78:FB:38:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_OAtmdbnM1fgS4Gn_8XVHj7OKQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/d10813-fe61-4033-a433-5ee9b62246db/1/1-qjrY22dEn3uoAWsPQH-qIq9qXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/d10813-fe61-4033-a433-5ee9b62246db/1/1-_OAtmdbnM1fgS4Gn_8XVHj7OKQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.64.0/24
                IPv6:
                  2a07:1780::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:03:a1:fb:69:5f:85:f5:d6:01:57:e3:ef:04:3f:7d:ff:a5:
         20:4d:bb:74:78:62:35:8b:ab:a2:40:cf:16:51:5f:e3:b0:52:
         fa:5f:52:4e:86:71:49:b0:14:c8:f2:bd:75:b1:d8:39:eb:e5:
         1a:41:c0:e9:7d:f7:7d:fd:86:f2:98:91:38:94:c3:84:94:5d:
         44:9e:b4:22:de:47:aa:fd:19:df:77:4c:e6:17:46:73:b1:47:
         d8:fc:9b:e0:3d:72:b7:3d:e2:d2:3a:a2:aa:52:fe:64:82:1f:
         93:94:3c:e1:cf:f9:b5:88:5e:0b:24:3d:02:44:4c:67:12:d8:
         8c:03:39:09:32:9e:d3:4a:01:35:43:76:59:35:b2:b4:6e:2d:
         c4:b7:42:06:6c:cf:fd:0e:7e:44:d1:d0:05:1d:49:62:65:27:
         bc:6d:b8:92:fa:d5:06:d3:93:b1:b3:9d:45:89:aa:47:16:6b:
         40:2c:66:0d:78:42:6b:20:88:b9:a6:e9:00:6a:a4:b9:e4:9f:
         d6:52:ec:88:c7:fb:14:1d:1a:a9:55:82:88:37:83:f2:5f:35:
         e6:ea:4a:1a:71:80:3e:c0:d6:36:9e:3d:8d:2a:e9:83:d0:08:
         a6:ef:3a:2c:a6:ff:0a:ff:b4:3f:f7:6a:4b:a5:0a:02:32:b2:
         9b:01:a5:fd
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzKKrq779+LtdGqgc9FQUKsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjM4MGI2Njc1YjljY2Q1ZjgxMmUwNjlmZmYxNzU0Nzhm
YjM4YTQwHhcNMjQwMTAyMTIzNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWE4ZWI2MzZkOWQxMjdkZWVhMDA1YWMzZDAxZmVhODhhYmRhOTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkK1BNIMqQm+EPeNUlOLHS0PFxaFM
8IMGUaBz3ujZBCji7BmG9OHYFdrQiOHAGl+6i6iZqpu4CQGF/bTBwsxnn5QPcEYd
wPqgZDGmLFBz54a+CMuM2fYwZ5NQlPC+k9pZ1ICwMC16hjcMAGv4XFMHTGX3fJbN
/0p/eOVt+4GwgIsGacTtMq/2R7RPccHgNf08jqjjH8R2+3JRf8qmZCOr/FbFSw+x
7Th0kJRNP9DAFGq8+BzrgvKTS91Iq6BshXZWqRofnDwVW12xEvFeO4nGJ9uNv7FE
q3Ui+6iIo/SlqHNaKDW+zPuXfQjCX83k7L4u3kgWJXyA19iLPchWD7EDewIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPqo62NtnRJ97qAFrD0B/qiKval5MB8GA1UdIwQY
MBaAFPvzgLZnW5zNX4EuBp//F1R4+zikMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fT0F0bWRibk0xZmdTNEduXzhYVkhqN09LUS5jZXIw
gY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmMvZDEwODEzLWZlNjEtNDAzMy1hNDMz
LTVlZTliNjIyNDZkYi8xLzEtcWpyWTIyZEVuM3VvQVdzUFFILXFJcTlxWGsucm9h
MIGCBgNVHR8EezB5MHegdaBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3Np
dG9yeS9ERUZBVUxULzZjL2QxMDgxMy1mZTYxLTQwMzMtYTQzMy01ZWU5YjYyMjQ2
ZGIvMS8xLV9PQXRtZGJuTTFmZ1M0R25fOFhWSGo3T0tRLmNybDAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwWtA
MA0EAgACMAcDBQMqBxeAMA0GCSqGSIb3DQEBCwUAA4IBAQBfA6H7aV+F9dYBV+Pv
BD99/6UgTbt0eGI1i6uiQM8WUV/jsFL6X1JOhnFJsBTI8r11sdg56+UaQcDpffd9
/YbymJE4lMOElF1EnrQi3keq/Rnfd0zmF0ZzsUfY/JvgPXK3PeLSOqKqUv5kgh+T
lDzhz/m1iF4LJD0CRExnEtiMAzkJMp7TSgE1Q3ZZNbK0bi3Et0IGbM/9Dn5E0dAF
HUliZSe8bbiS+tUG05Oxs51FiapHFmtALGYNeEJrIIi5pukAaqS55J/WUuyIx/sU
HRqpVYKIN4PyXzXm6koacYA+wNY2nj2NKumD0Aim7zospv8K/7Q/92pLpQoCMrKb
AaX9
-----END CERTIFICATE-----