Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/79d746-03f9-4c71-afc7-e5d0b76de5b8/1/_El-cY4SzZsVPc54pqFhufhiYlI.roa
File:                     _El-cY4SzZsVPc54pqFhufhiYlI.roa (raw, json)
Hash identifier:          R9XADtqJcAu54bW2XBVj19XR/S5xBSuFnA/46Bth9y8=
Subject key identifier:   FC:49:7E:71:8E:12:CD:9B:15:3D:CE:78:A6:A1:61:B9:F8:62:62:52
Certificate issuer:       /CN=fb3bad7d0685995ced35108b2e11525a7aab1418
Certificate serial:       018CC86F76752983D7E1C082005CA469A684
Authority key identifier: FB:3B:AD:7D:06:85:99:5C:ED:35:10:8B:2E:11:52:5A:7A:AB:14:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zutfQaFmVztNRCLLhFSWnqrFBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/79d746-03f9-4c71-afc7-e5d0b76de5b8/1/_El-cY4SzZsVPc54pqFhufhiYlI.roa
Signing time:             Tue 02 Jan 2024 04:29:57 +0000
ROA not before:           Tue 02 Jan 2024 04:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208025
IP address blocks:        217.198.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/79d746-03f9-4c71-afc7-e5d0b76de5b8/1/1-zutfQaFmVztNRCLLhFSWnqrFBg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/79d746-03f9-4c71-afc7-e5d0b76de5b8/1/1-zutfQaFmVztNRCLLhFSWnqrFBg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-zutfQaFmVztNRCLLhFSWnqrFBg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:76:75:29:83:d7:e1:c0:82:00:5c:a4:69:a6:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb3bad7d0685995ced35108b2e11525a7aab1418
        Validity
            Not Before: Jan  2 04:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc497e718e12cd9b153dce78a6a161b9f8626252
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:47:3e:96:81:c4:11:80:56:60:4e:79:24:96:
                    11:d9:8d:3f:5b:ce:94:0b:2f:69:04:d3:4f:b5:fa:
                    df:20:08:5a:6d:8c:f0:be:eb:33:ee:ff:2d:9b:fe:
                    9d:c7:91:aa:35:76:c2:8e:2e:2e:79:11:89:89:bb:
                    36:47:ab:7c:62:eb:dd:2d:26:96:ee:a7:20:fa:f6:
                    21:75:5f:19:9a:1e:bf:bd:b2:b7:44:1d:f8:35:ad:
                    a7:aa:07:68:30:48:60:c2:f0:8a:0f:4e:31:27:b5:
                    31:c3:d8:68:c8:87:cc:b9:ea:87:00:27:f7:c7:b6:
                    22:fa:1b:07:7d:89:9c:33:72:10:c0:76:05:2e:1b:
                    1c:91:ef:6f:47:35:74:3f:a6:90:96:78:0a:1d:2a:
                    f2:8c:63:06:0b:0d:3f:be:23:2b:e2:22:c8:07:89:
                    ae:6a:50:01:32:18:e7:13:7c:1a:8a:a9:7e:56:fd:
                    8d:6a:83:55:e9:34:8e:d3:e4:48:0a:03:d0:17:e3:
                    e6:0b:79:89:e4:fd:b6:1b:9d:01:90:38:10:7c:33:
                    5d:f5:cc:1c:10:31:db:03:5d:dd:b8:89:8e:fa:59:
                    f4:ae:fa:0b:e1:7d:4c:76:76:40:fc:ef:9b:b5:0c:
                    12:70:57:8a:34:ce:fb:40:b9:88:a8:a8:70:74:73:
                    96:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:49:7E:71:8E:12:CD:9B:15:3D:CE:78:A6:A1:61:B9:F8:62:62:52
            X509v3 Authority Key Identifier:
                keyid:FB:3B:AD:7D:06:85:99:5C:ED:35:10:8B:2E:11:52:5A:7A:AB:14:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zutfQaFmVztNRCLLhFSWnqrFBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/79d746-03f9-4c71-afc7-e5d0b76de5b8/1/_El-cY4SzZsVPc54pqFhufhiYlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/79d746-03f9-4c71-afc7-e5d0b76de5b8/1/1-zutfQaFmVztNRCLLhFSWnqrFBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.198.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:84:84:44:ef:fc:cd:d4:ce:ca:30:ae:9c:fb:6c:6d:6a:06:
         05:90:ac:17:ec:eb:1f:c3:79:5d:e8:49:01:8d:f1:23:68:9c:
         d8:5c:13:5f:01:00:84:ce:fa:62:3f:7b:ce:a5:d5:ff:e1:af:
         e3:9b:17:3d:b4:f7:36:82:55:3e:10:6c:88:e5:77:c6:25:8f:
         01:63:69:3c:c4:b1:ca:63:3e:bd:f9:c5:f4:f4:c6:b2:c7:c3:
         45:a3:28:ee:bc:7f:3f:86:ef:32:d6:8d:33:6d:f0:f6:10:a9:
         c8:0b:d6:c1:41:a6:c3:a5:80:8a:10:ac:ee:a8:c6:34:88:07:
         14:75:ab:47:68:36:e2:79:af:28:20:93:25:03:dc:e4:67:2b:
         ae:e0:97:17:fe:f0:b2:58:03:b6:f4:d2:89:22:47:ac:7c:f1:
         0f:28:65:ea:46:3b:27:99:28:b3:05:40:ae:21:66:95:7b:04:
         6c:20:65:41:d7:fc:f2:18:54:bb:a2:c4:60:a8:ff:d1:52:4f:
         5c:8d:36:bd:28:36:95:6e:03:20:cb:61:da:e6:cd:ce:d1:52:
         16:22:8c:a9:d8:99:7d:a3:c3:c3:a5:c1:81:97:36:74:57:9d:
         ba:d5:64:a3:c3:13:a5:37:23:4e:6e:8f:34:16:df:11:e1:09:
         e8:a0:81:55
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIb3Z1KYPX4cCCAFykaaaEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiM2JhZDdkMDY4NTk5NWNlZDM1MTA4YjJlMTE1MjVhN2Fh
YjE0MTgwHhcNMjQwMTAyMDQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzQ5N2U3MThlMTJjZDliMTUzZGNlNzhhNmExNjFiOWY4NjI2MjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEc+loHEEYBWYE55JJYR2Y0/W86U
Cy9pBNNPtfrfIAhabYzwvusz7v8tm/6dx5GqNXbCji4ueRGJibs2R6t8YuvdLSaW
7qcg+vYhdV8Zmh6/vbK3RB34Na2nqgdoMEhgwvCKD04xJ7Uxw9hoyIfMueqHACf3
x7Yi+hsHfYmcM3IQwHYFLhscke9vRzV0P6aQlngKHSryjGMGCw0/viMr4iLIB4mu
alABMhjnE3waiql+Vv2NaoNV6TSO0+RICgPQF+PmC3mJ5P22G50BkDgQfDNd9cwc
EDHbA13duImO+ln0rvoL4X1MdnZA/O+btQwScFeKNM77QLmIqKhwdHOWrQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPxJfnGOEs2bFT3OeKahYbn4YmJSMB8GA1UdIwQY
MBaAFPs7rX0GhZlc7TUQiy4RUlp6qxQYMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16dXRmUWFGbVZ6dE5SQ0xMaEZTV25xckZCZy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2EvNzlkNzQ2LTAzZjktNGM3MS1hZmM3
LWU1ZDBiNzZkZTViOC8xL19FbC1jWTRTelpzVlBjNTRwcUZodWZoaVlsSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2EvNzlkNzQ2LTAzZjktNGM3MS1hZmM3LWU1ZDBiNzZkZTVi
OC8xLzEtenV0ZlFhRm1WenROUkNMTGhGU1ducXJGQmcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADZxrkw
DQYJKoZIhvcNAQELBQADggEBAFyEhETv/M3Uzsowrpz7bG1qBgWQrBfs6x/DeV3o
SQGN8SNonNhcE18BAITO+mI/e86l1f/hr+ObFz209zaCVT4QbIjld8YljwFjaTzE
scpjPr35xfT0xrLHw0WjKO68fz+G7zLWjTNt8PYQqcgL1sFBpsOlgIoQrO6oxjSI
BxR1q0doNuJ5ryggkyUD3ORnK67glxf+8LJYA7b00okiR6x88Q8oZepGOyeZKLMF
QK4hZpV7BGwgZUHX/PIYVLuixGCo/9FST1yNNr0oNpVuAyDLYdrmzc7RUhYijKnY
mX2jw8OlwYGXNnRXnbrVZKPDE6U3I05ujzQW3xHhCeiggVU=
-----END CERTIFICATE-----