Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/db5989-19f6-468d-9fc3-f8a3780c348e/1/FhhIDdpOqwKdad3o2DVtibE_WEE.roa
File:                     FhhIDdpOqwKdad3o2DVtibE_WEE.roa (raw, json)
Hash identifier:          5X8NWChazB0LjuiSmm1hG+HThK/w6qkv6c6MJ7O+pf4=
Subject key identifier:   16:18:48:0D:DA:4E:AB:02:9D:69:DD:E8:D8:35:6D:89:B1:3F:58:41
Certificate issuer:       /CN=b4506bce3f7e1ae3a7e2cb9ad205c4cdfb02ddb5
Certificate serial:       018CC2DB291D23AC6C64E4A790332452A7FE
Authority key identifier: B4:50:6B:CE:3F:7E:1A:E3:A7:E2:CB:9A:D2:05:C4:CD:FB:02:DD:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tFBrzj9-GuOn4sua0gXEzfsC3bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/db5989-19f6-468d-9fc3-f8a3780c348e/1/FhhIDdpOqwKdad3o2DVtibE_WEE.roa
Signing time:             Mon 01 Jan 2024 02:29:51 +0000
ROA not before:           Mon 01 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54990
IP address blocks:        185.193.124.0/24 maxlen: 24
                          2001:67c:235c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/db5989-19f6-468d-9fc3-f8a3780c348e/1/tFBrzj9-GuOn4sua0gXEzfsC3bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/db5989-19f6-468d-9fc3-f8a3780c348e/1/tFBrzj9-GuOn4sua0gXEzfsC3bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tFBrzj9-GuOn4sua0gXEzfsC3bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:29:1d:23:ac:6c:64:e4:a7:90:33:24:52:a7:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4506bce3f7e1ae3a7e2cb9ad205c4cdfb02ddb5
        Validity
            Not Before: Jan  1 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1618480dda4eab029d69dde8d8356d89b13f5841
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:11:aa:18:9a:8f:f7:9b:48:62:42:79:12:da:
                    4d:42:b2:b6:ec:4e:cf:0d:f0:8f:ab:ad:90:41:f3:
                    aa:c6:22:41:81:b0:b4:a1:93:ee:57:e8:c4:6b:6d:
                    e4:e7:87:39:73:07:64:d6:c4:f9:bc:8f:3e:07:6d:
                    4e:c6:a9:6a:eb:8b:f8:85:78:32:23:15:38:ff:ab:
                    13:4d:8d:4e:2c:f3:0c:b8:66:94:df:b9:27:a8:4e:
                    ae:6f:30:7a:75:9a:21:05:9e:4a:16:53:20:a5:60:
                    01:97:e3:8a:e4:a9:2d:03:e8:c6:85:9d:e3:e4:3b:
                    ab:3c:95:ea:ff:64:d4:39:03:2c:fa:c4:86:7c:f9:
                    3e:e9:92:99:50:f5:4f:a1:71:ee:17:13:0c:7a:cb:
                    70:c0:73:c5:59:15:6b:36:46:3a:dd:13:37:8c:f4:
                    51:33:ae:80:5b:63:c1:05:48:57:b0:ca:86:38:b2:
                    d1:c5:16:ea:52:f1:a8:4d:dc:b3:02:dd:df:c8:e9:
                    31:2d:3b:05:20:2d:9b:8e:6e:c9:76:37:85:18:8c:
                    cc:72:5c:f4:e6:bd:2b:a0:21:cb:b6:77:a6:d7:bc:
                    81:9f:b4:72:54:00:4e:4d:0f:c0:d5:ca:f7:a0:cb:
                    b1:ac:e3:17:44:b3:8f:79:16:d2:d6:25:88:0f:ea:
                    18:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:18:48:0D:DA:4E:AB:02:9D:69:DD:E8:D8:35:6D:89:B1:3F:58:41
            X509v3 Authority Key Identifier:
                keyid:B4:50:6B:CE:3F:7E:1A:E3:A7:E2:CB:9A:D2:05:C4:CD:FB:02:DD:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tFBrzj9-GuOn4sua0gXEzfsC3bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/db5989-19f6-468d-9fc3-f8a3780c348e/1/FhhIDdpOqwKdad3o2DVtibE_WEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/db5989-19f6-468d-9fc3-f8a3780c348e/1/tFBrzj9-GuOn4sua0gXEzfsC3bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.124.0/24
                IPv6:
                  2001:67c:235c::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:97:0f:f9:79:0c:1d:cf:e7:32:ca:8b:02:44:a5:ae:97:0d:
         62:ab:7d:55:61:f9:ed:cc:32:b7:0b:bd:87:61:5c:7c:24:be:
         b4:f6:cc:9b:17:33:a2:cf:e0:e3:fc:7c:b8:99:36:28:2c:e0:
         36:a1:79:a7:b5:d5:34:80:8a:a8:22:fb:b5:56:ff:0e:42:4c:
         73:85:67:36:fc:ec:33:dd:fa:8e:d7:58:84:06:dd:52:3a:9b:
         68:a9:e1:a6:74:49:74:32:81:b1:e7:85:b7:41:c4:db:4c:29:
         20:47:0a:1a:cb:2c:2f:32:f9:a1:49:89:14:55:50:1f:5c:f5:
         97:1d:f2:6a:c1:77:4f:02:68:51:60:ef:45:cf:6b:54:39:2e:
         ed:d8:fc:d9:e6:bf:42:fd:60:e4:98:19:95:61:1c:32:a2:c6:
         3a:ab:f8:6f:b9:d5:05:6b:34:5f:07:27:f9:4d:75:de:06:5a:
         fb:43:77:f2:75:bf:f8:74:8d:f7:a5:4a:a2:f9:79:3e:ca:65:
         4c:1d:bd:72:cf:d2:dd:22:4f:9b:7c:a3:4c:34:f0:45:2f:cf:
         21:30:d5:16:d1:e6:f1:3f:6a:f7:5f:62:58:c1:90:c5:02:5e:
         48:13:f5:a8:fa:fd:bd:24:a0:92:83:1f:e8:4d:6d:ff:75:f6:
         f6:c7:2b:8f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzC2ykdI6xsZOSnkDMkUqf+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NTA2YmNlM2Y3ZTFhZTNhN2UyY2I5YWQyMDVjNGNkZmIw
MmRkYjUwHhcNMjQwMTAxMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjE4NDgwZGRhNGVhYjAyOWQ2OWRkZThkODM1NmQ4OWIxM2Y1ODQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxGqGJqP95tIYkJ5EtpNQrK27E7P
DfCPq62QQfOqxiJBgbC0oZPuV+jEa23k54c5cwdk1sT5vI8+B21Oxqlq64v4hXgy
IxU4/6sTTY1OLPMMuGaU37knqE6ubzB6dZohBZ5KFlMgpWABl+OK5KktA+jGhZ3j
5DurPJXq/2TUOQMs+sSGfPk+6ZKZUPVPoXHuFxMMestwwHPFWRVrNkY63RM3jPRR
M66AW2PBBUhXsMqGOLLRxRbqUvGoTdyzAt3fyOkxLTsFIC2bjm7JdjeFGIzMclz0
5r0roCHLtnem17yBn7RyVABOTQ/A1cr3oMuxrOMXRLOPeRbS1iWID+oYFwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBYYSA3aTqsCnWnd6Ng1bYmxP1hBMB8GA1UdIwQY
MBaAFLRQa84/fhrjp+LLmtIFxM37At21MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEZCcnpqOS1HdU9uNHN1YTBnWEV6ZnNDM2JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9kYjU5ODktMTlmNi00NjhkLTlmYzMt
ZjhhMzc4MGMzNDhlLzEvRmhoSURkcE9xd0tkYWQzbzJEVnRpYkVfV0VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9kYjU5ODktMTlmNi00NjhkLTlmYzMtZjhhMzc4MGMzNDhl
LzEvdEZCcnpqOS1HdU9uNHN1YTBnWEV6ZnNDM2JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAucF8MA8E
AgACMAkDBwAgAQZ8I1wwDQYJKoZIhvcNAQELBQADggEBAH6XD/l5DB3P5zLKiwJE
pa6XDWKrfVVh+e3MMrcLvYdhXHwkvrT2zJsXM6LP4OP8fLiZNigs4Daheae11TSA
iqgi+7VW/w5CTHOFZzb87DPd+o7XWIQG3VI6m2ip4aZ0SXQygbHnhbdBxNtMKSBH
ChrLLC8y+aFJiRRVUB9c9Zcd8mrBd08CaFFg70XPa1Q5Lu3Y/Nnmv0L9YOSYGZVh
HDKixjqr+G+51QVrNF8HJ/lNdd4GWvtDd/J1v/h0jfelSqL5eT7KZUwdvXLP0t0i
T5t8o0w08EUvzyEw1RbR5vE/avdfYljBkMUCXkgT9aj6/b0koJKDH+hNbf919vbH
K48=
-----END CERTIFICATE-----