Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/fp_r23EPebX0b0paM9OffEo3Mtc.roa
File:                     fp_r23EPebX0b0paM9OffEo3Mtc.roa (raw, json)
Hash identifier:          lACXCPjRPv8ON0OgIAzEYidDZCy+0BUMiL46HQcZ194=
Subject key identifier:   7E:9F:EB:DB:71:0F:79:B5:F4:6F:4A:5A:33:D3:9F:7C:4A:37:32:D7
Certificate issuer:       /CN=c3abdcc49f7d9033b52904679f3c9b783d8c1358
Certificate serial:       018E9F1DA6B4C45F4439CBF64C86C80A371D
Authority key identifier: C3:AB:DC:C4:9F:7D:90:33:B5:29:04:67:9F:3C:9B:78:3D:8C:13:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w6vcxJ99kDO1KQRnnzybeD2ME1g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/fp_r23EPebX0b0paM9OffEo3Mtc.roa
Signing time:             Tue 02 Apr 2024 14:01:44 +0000
ROA not before:           Tue 02 Apr 2024 14:01:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        84.246.110.0/24 maxlen: 24
                          194.104.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/w6vcxJ99kDO1KQRnnzybeD2ME1g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/w6vcxJ99kDO1KQRnnzybeD2ME1g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w6vcxJ99kDO1KQRnnzybeD2ME1g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 15:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9f:1d:a6:b4:c4:5f:44:39:cb:f6:4c:86:c8:0a:37:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3abdcc49f7d9033b52904679f3c9b783d8c1358
        Validity
            Not Before: Apr  2 14:01:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e9febdb710f79b5f46f4a5a33d39f7c4a3732d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:63:2f:a1:1f:88:40:0e:f0:c1:8e:66:b3:6f:
                    74:97:96:94:97:f0:c2:b1:55:7e:7f:3b:1a:77:54:
                    02:6b:d4:8d:8c:66:a9:8d:3a:cc:38:b2:2c:64:1a:
                    37:f1:f3:e4:e5:1f:e0:03:0f:a6:85:d3:f2:13:25:
                    ed:6a:97:8a:a3:59:0a:a7:8a:a3:65:e4:7f:a1:6a:
                    cd:a0:95:a0:81:ce:5b:64:e3:e7:fd:f8:96:a6:c1:
                    cd:7b:a6:2b:50:27:58:d1:e2:ca:bd:f1:f7:5e:83:
                    83:4e:1f:cb:23:31:8b:eb:fb:93:ef:8d:d9:c1:0a:
                    61:5a:75:db:4f:e0:6f:10:72:57:71:cc:da:bf:5b:
                    55:a6:7d:e5:90:76:e5:47:03:a8:94:ef:f7:f9:c6:
                    3f:54:ae:28:33:48:36:d1:38:3e:3d:98:1e:bb:15:
                    ec:dc:7f:27:8f:eb:cf:97:27:6c:cf:18:b9:09:1d:
                    63:49:fe:6b:d9:a3:12:4d:6d:20:9a:3d:8d:e8:d4:
                    11:4d:e2:d1:d6:7f:de:82:66:38:a8:af:71:72:8f:
                    7a:0a:03:d9:1d:7d:29:79:c6:0a:34:e7:f0:a9:2b:
                    6c:36:e5:dc:37:96:3c:5f:f8:5d:0f:10:fa:42:5a:
                    08:52:19:2d:56:f2:3c:5b:7a:e3:96:4b:2e:fa:fa:
                    f7:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:9F:EB:DB:71:0F:79:B5:F4:6F:4A:5A:33:D3:9F:7C:4A:37:32:D7
            X509v3 Authority Key Identifier:
                keyid:C3:AB:DC:C4:9F:7D:90:33:B5:29:04:67:9F:3C:9B:78:3D:8C:13:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w6vcxJ99kDO1KQRnnzybeD2ME1g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/fp_r23EPebX0b0paM9OffEo3Mtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/w6vcxJ99kDO1KQRnnzybeD2ME1g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.246.110.0/24
                  194.104.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:63:ff:4a:ee:d9:54:9f:8c:85:13:11:11:11:d2:36:0f:03:
         1d:14:02:25:c8:77:50:ef:7c:37:3c:02:0c:b6:50:08:e5:1e:
         74:cb:62:10:69:a7:77:67:5f:a0:df:50:39:bb:4f:97:d0:f9:
         e5:55:e0:5e:31:57:72:2a:dd:19:16:8b:6b:85:05:40:8c:39:
         10:a3:40:ec:1c:07:30:29:d1:2d:de:89:0a:a9:34:38:72:1b:
         5f:cb:d6:ac:21:fc:6e:3b:d4:38:ba:49:21:e8:50:26:e8:a0:
         38:74:02:b7:a0:46:2d:f4:d4:97:e7:51:c2:a3:b6:0d:89:bf:
         92:6a:4a:81:00:87:08:df:6b:25:14:79:15:bc:b0:7b:33:f9:
         82:5f:56:bf:ac:3e:d5:ec:dc:0f:47:c9:ff:bf:66:02:95:d7:
         41:e3:d5:46:ee:be:d2:b8:f9:1b:41:93:96:ce:28:81:63:d1:
         d6:9e:2f:65:27:28:dc:7d:66:7a:5b:a1:47:53:20:f6:cb:10:
         18:15:07:b9:98:bf:dc:e5:fe:16:2a:68:a7:49:ca:39:4e:cf:
         58:06:cb:ed:1d:90:71:36:5c:67:fe:4b:a0:3c:43:02:45:1a:
         f0:4a:49:ff:ae:cf:3d:2c:93:d1:60:c6:3e:b5:4c:bb:2d:e7:
         4c:17:8c:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6fHaa0xF9EOcv2TIbICjcdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYWJkY2M0OWY3ZDkwMzNiNTI5MDQ2NzlmM2M5Yjc4M2Q4
YzEzNTgwHhcNMjQwNDAyMTQwMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTlmZWJkYjcxMGY3OWI1ZjQ2ZjRhNWEzM2QzOWY3YzRhMzczMmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmMvoR+IQA7wwY5ms290l5aUl/DC
sVV+fzsad1QCa9SNjGapjTrMOLIsZBo38fPk5R/gAw+mhdPyEyXtapeKo1kKp4qj
ZeR/oWrNoJWggc5bZOPn/fiWpsHNe6YrUCdY0eLKvfH3XoODTh/LIzGL6/uT743Z
wQphWnXbT+BvEHJXcczav1tVpn3lkHblRwOolO/3+cY/VK4oM0g20Tg+PZgeuxXs
3H8nj+vPlydszxi5CR1jSf5r2aMSTW0gmj2N6NQRTeLR1n/egmY4qK9xco96CgPZ
HX0pecYKNOfwqStsNuXcN5Y8X/hdDxD6QloIUhktVvI8W3rjlksu+vr3aQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH6f69txD3m19G9KWjPTn3xKNzLXMB8GA1UdIwQY
MBaAFMOr3MSffZAztSkEZ588m3g9jBNYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzZ2Y3hKOTlrRE8xS1FSbm56eWJlRDJNRTFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny82NzI4ODMtZmViNC00MTRmLTlkMDAt
NGQ5MTI3ZmJhM2FkLzEvZnBfcjIzRVBlYlgwYjBwYU05T2ZmRW8zTXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny82NzI4ODMtZmViNC00MTRmLTlkMDAtNGQ5MTI3ZmJhM2Fk
LzEvdzZ2Y3hKOTlrRE8xS1FSbm56eWJlRDJNRTFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVPZuAwQA
wmjjMA0GCSqGSIb3DQEBCwUAA4IBAQB3Y/9K7tlUn4yFExEREdI2DwMdFAIlyHdQ
73w3PAIMtlAI5R50y2IQaad3Z1+g31A5u0+X0PnlVeBeMVdyKt0ZFotrhQVAjDkQ
o0DsHAcwKdEt3okKqTQ4chtfy9asIfxuO9Q4ukkh6FAm6KA4dAK3oEYt9NSX51HC
o7YNib+SakqBAIcI32slFHkVvLB7M/mCX1a/rD7V7NwPR8n/v2YClddB49VG7r7S
uPkbQZOWziiBY9HWni9lJyjcfWZ6W6FHUyD2yxAYFQe5mL/c5f4WKminSco5Ts9Y
BsvtHZBxNlxn/kugPEMCRRrwSkn/rs89LJPRYMY+tUy7LedMF4xC
-----END CERTIFICATE-----