Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/dc1c50-650d-43c4-9e76-ccd4fad950ed/1/FZJ5t2rcr5_7B7y7_AAg3aw8UqI.roa
File:                     FZJ5t2rcr5_7B7y7_AAg3aw8UqI.roa (raw, json)
Hash identifier:          XYDTjYMWOpVOceAmOkPRno0S0CgsNWidjh6PPigrdMQ=
Subject key identifier:   15:92:79:B7:6A:DC:AF:9F:FB:07:BC:BB:FC:00:20:DD:AC:3C:52:A2
Certificate issuer:       /CN=bebf09c2f8fff97ef8aec2f8173578d0a3a74c81
Certificate serial:       018CC8DE14D96176BCEBCCCCD6577F8203ED
Authority key identifier: BE:BF:09:C2:F8:FF:F9:7E:F8:AE:C2:F8:17:35:78:D0:A3:A7:4C:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vr8Jwvj_-X74rsL4FzV40KOnTIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/dc1c50-650d-43c4-9e76-ccd4fad950ed/1/FZJ5t2rcr5_7B7y7_AAg3aw8UqI.roa
Signing time:             Tue 02 Jan 2024 06:30:46 +0000
ROA not before:           Tue 02 Jan 2024 06:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43014
IP address blocks:        193.200.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/dc1c50-650d-43c4-9e76-ccd4fad950ed/1/vr8Jwvj_-X74rsL4FzV40KOnTIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/dc1c50-650d-43c4-9e76-ccd4fad950ed/1/vr8Jwvj_-X74rsL4FzV40KOnTIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vr8Jwvj_-X74rsL4FzV40KOnTIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:14:d9:61:76:bc:eb:cc:cc:d6:57:7f:82:03:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bebf09c2f8fff97ef8aec2f8173578d0a3a74c81
        Validity
            Not Before: Jan  2 06:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=159279b76adcaf9ffb07bcbbfc0020ddac3c52a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:a4:c5:3a:de:bf:e4:9f:84:ed:3b:c3:61:58:
                    a5:4c:4f:13:29:65:c1:69:75:bb:bc:61:73:c9:73:
                    da:06:81:60:89:0b:ad:1c:43:18:5a:76:27:c8:c6:
                    2a:22:47:f1:33:b5:e0:95:ed:4a:f4:f7:20:41:c3:
                    cd:c5:96:a2:df:e9:b1:c0:dd:f9:0a:e7:e4:46:ad:
                    b6:34:dc:bc:a6:0a:c4:32:f1:5b:6f:c5:81:c1:d5:
                    e1:76:2d:2c:50:dd:f1:53:33:f1:83:52:53:5e:c5:
                    59:41:e0:fe:e9:d7:83:66:b2:30:5d:c0:5e:ba:ba:
                    1f:04:03:09:3a:45:9b:3d:2f:ec:79:d0:c4:e0:4a:
                    29:cc:c7:0e:35:ca:37:0c:bd:10:0d:ae:a8:5a:b9:
                    ad:02:eb:f5:96:7b:a0:a2:10:37:52:60:3c:f9:8e:
                    ce:ad:86:da:57:51:d6:80:b7:84:cb:35:7c:a8:15:
                    25:51:27:19:7c:11:c3:0d:c8:fb:d4:fe:b5:42:3e:
                    96:28:8f:97:5f:cc:99:81:ed:1c:9a:54:59:30:82:
                    d7:7a:f7:bb:2b:0a:19:58:a4:e1:c0:d6:44:fd:05:
                    9b:a0:ba:b6:f3:ec:df:62:9c:79:a0:bc:48:13:c9:
                    bf:f5:e7:5c:2a:cc:57:f0:d1:2a:31:ad:af:88:ef:
                    31:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:92:79:B7:6A:DC:AF:9F:FB:07:BC:BB:FC:00:20:DD:AC:3C:52:A2
            X509v3 Authority Key Identifier:
                keyid:BE:BF:09:C2:F8:FF:F9:7E:F8:AE:C2:F8:17:35:78:D0:A3:A7:4C:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vr8Jwvj_-X74rsL4FzV40KOnTIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/dc1c50-650d-43c4-9e76-ccd4fad950ed/1/FZJ5t2rcr5_7B7y7_AAg3aw8UqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/dc1c50-650d-43c4-9e76-ccd4fad950ed/1/vr8Jwvj_-X74rsL4FzV40KOnTIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:6f:95:e2:14:45:9a:a1:93:f8:39:ba:51:8d:d1:5d:74:aa:
         2b:3c:3e:47:7a:a1:1f:9d:b4:96:d9:ca:ca:25:9c:7f:4b:7a:
         1a:9d:e9:19:22:b9:02:d1:e9:85:76:e3:90:5e:fc:f4:2b:ab:
         66:f5:cf:f2:aa:fd:b9:30:f3:80:47:05:ce:7e:ff:ec:aa:1c:
         67:b9:ed:0e:0c:8f:7a:2a:09:15:f3:16:1e:2b:29:d9:97:5a:
         ca:a5:8d:c1:42:48:26:99:12:ac:4c:20:34:c9:95:c4:bc:2e:
         1b:8e:32:30:8b:73:5b:13:43:ac:11:39:fc:d5:4c:20:de:43:
         fa:95:36:5d:6e:46:31:19:f1:0e:d1:0d:ba:2e:ff:92:33:ca:
         fd:1a:9e:31:9e:49:5a:66:3a:b2:af:73:51:a6:f9:06:b4:cb:
         f8:86:20:e9:94:36:1c:d3:ab:30:6f:7e:37:0a:7c:b8:99:3b:
         1b:66:46:5a:a0:4d:76:a8:07:26:a8:2b:74:ff:e4:3c:6e:0f:
         3c:bf:bc:4e:37:f4:88:3d:64:08:8e:d5:a3:4f:0e:39:c6:eb:
         5b:62:af:7e:c4:f1:87:cb:a3:2f:53:06:fb:22:30:53:53:3e:
         b5:ce:f5:6b:53:b8:19:98:f0:4a:1d:60:81:18:92:34:c7:a0:
         a2:d2:3c:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3hTZYXa868zM1ld/ggPtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYmYwOWMyZjhmZmY5N2VmOGFlYzJmODE3MzU3OGQwYTNh
NzRjODEwHhcNMjQwMTAyMDYzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTkyNzliNzZhZGNhZjlmZmIwN2JjYmJmYzAwMjBkZGFjM2M1MmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6TFOt6/5J+E7TvDYVilTE8TKWXB
aXW7vGFzyXPaBoFgiQutHEMYWnYnyMYqIkfxM7Xgle1K9PcgQcPNxZai3+mxwN35
CufkRq22NNy8pgrEMvFbb8WBwdXhdi0sUN3xUzPxg1JTXsVZQeD+6deDZrIwXcBe
urofBAMJOkWbPS/sedDE4EopzMcONco3DL0QDa6oWrmtAuv1lnugohA3UmA8+Y7O
rYbaV1HWgLeEyzV8qBUlUScZfBHDDcj71P61Qj6WKI+XX8yZge0cmlRZMILXeve7
KwoZWKThwNZE/QWboLq28+zfYpx5oLxIE8m/9edcKsxX8NEqMa2viO8xSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBWSebdq3K+f+we8u/wAIN2sPFKiMB8GA1UdIwQY
MBaAFL6/CcL4//l++K7C+Bc1eNCjp0yBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnI4Snd2al8tWDc0cnNMNEZ6VjQwS09uVElFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9kYzFjNTAtNjUwZC00M2M0LTllNzYt
Y2NkNGZhZDk1MGVkLzEvRlpKNXQycmNyNV83Qjd5N19BQWczYXc4VXFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9kYzFjNTAtNjUwZC00M2M0LTllNzYtY2NkNGZhZDk1MGVk
LzEvdnI4Snd2al8tWDc0cnNMNEZ6VjQwS09uVElFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcixMA0G
CSqGSIb3DQEBCwUAA4IBAQBtb5XiFEWaoZP4ObpRjdFddKorPD5HeqEfnbSW2crK
JZx/S3oanekZIrkC0emFduOQXvz0K6tm9c/yqv25MPOARwXOfv/sqhxnue0ODI96
KgkV8xYeKynZl1rKpY3BQkgmmRKsTCA0yZXEvC4bjjIwi3NbE0OsETn81Uwg3kP6
lTZdbkYxGfEO0Q26Lv+SM8r9Gp4xnklaZjqyr3NRpvkGtMv4hiDplDYc06swb343
Cny4mTsbZkZaoE12qAcmqCt0/+Q8bg88v7xON/SIPWQIjtWjTw45xutbYq9+xPGH
y6MvUwb7IjBTUz61zvVrU7gZmPBKHWCBGJI0x6Ci0jx+
-----END CERTIFICATE-----