Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/00fbb6-dea2-4c7b-afad-4acec647572d/1/FNE1igwCDXQ7G8VCywESo1e1Poo.roa
File:                     FNE1igwCDXQ7G8VCywESo1e1Poo.roa (raw, json)
Hash identifier:          de1QGtAFTg/jy/XW/cPh+ryARLUhJksQRfYzpc+seR0=
Subject key identifier:   14:D1:35:8A:0C:02:0D:74:3B:1B:C5:42:CB:01:12:A3:57:B5:3E:8A
Certificate issuer:       /CN=021ab3dd22c333a79b6ff30aab7f2e036fc370aa
Certificate serial:       018CC8DF60282446E78C47AA8249BE300527
Authority key identifier: 02:1A:B3:DD:22:C3:33:A7:9B:6F:F3:0A:AB:7F:2E:03:6F:C3:70:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ahqz3SLDM6ebb_MKq38uA2_DcKo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/00fbb6-dea2-4c7b-afad-4acec647572d/1/FNE1igwCDXQ7G8VCywESo1e1Poo.roa
Signing time:             Tue 02 Jan 2024 06:32:11 +0000
ROA not before:           Tue 02 Jan 2024 06:32:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197889
IP address blocks:        193.110.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/00fbb6-dea2-4c7b-afad-4acec647572d/1/Ahqz3SLDM6ebb_MKq38uA2_DcKo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/00fbb6-dea2-4c7b-afad-4acec647572d/1/Ahqz3SLDM6ebb_MKq38uA2_DcKo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ahqz3SLDM6ebb_MKq38uA2_DcKo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 18:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:60:28:24:46:e7:8c:47:aa:82:49:be:30:05:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=021ab3dd22c333a79b6ff30aab7f2e036fc370aa
        Validity
            Not Before: Jan  2 06:32:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14d1358a0c020d743b1bc542cb0112a357b53e8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:8a:ac:a6:83:93:f5:87:30:d8:82:aa:22:ed:
                    7a:52:02:e8:c9:eb:67:e0:ed:e5:ae:80:7b:f2:70:
                    8f:93:13:63:47:41:53:21:30:62:e4:24:ca:53:bc:
                    2c:ea:19:90:0f:65:c0:d1:e0:df:ba:68:0d:f3:d8:
                    0e:a2:57:d2:62:71:cf:fb:83:ad:77:3f:75:27:91:
                    6f:0f:b1:e5:92:9d:c2:24:c1:d0:1a:fa:1c:69:8f:
                    10:27:55:d3:9d:f8:f9:eb:6e:37:c6:a3:77:ce:a7:
                    8b:e0:88:a7:6f:fb:ef:d9:49:7f:fe:60:3e:d5:ee:
                    19:fb:3c:c7:a9:51:5c:93:14:eb:23:a3:d0:38:ab:
                    55:27:7a:5a:a6:38:bd:fb:06:70:66:81:36:79:b8:
                    15:bc:4a:37:5f:ad:f2:42:7b:b1:21:99:57:7d:fd:
                    aa:74:5d:8c:3e:51:bb:50:ef:de:ef:ea:16:88:26:
                    2f:2c:d8:66:04:06:5f:19:a7:8a:99:cd:db:cf:58:
                    5b:e4:c8:ea:24:01:68:33:84:c8:55:93:ab:6f:18:
                    30:cb:05:e8:51:c5:0e:33:20:34:db:68:af:16:5d:
                    cd:34:77:f5:50:92:1d:e0:7a:b7:95:4b:11:af:bd:
                    e0:12:a2:c5:59:4a:fe:45:e1:cf:d5:bc:76:cd:1c:
                    e0:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:D1:35:8A:0C:02:0D:74:3B:1B:C5:42:CB:01:12:A3:57:B5:3E:8A
            X509v3 Authority Key Identifier:
                keyid:02:1A:B3:DD:22:C3:33:A7:9B:6F:F3:0A:AB:7F:2E:03:6F:C3:70:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ahqz3SLDM6ebb_MKq38uA2_DcKo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/00fbb6-dea2-4c7b-afad-4acec647572d/1/FNE1igwCDXQ7G8VCywESo1e1Poo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/00fbb6-dea2-4c7b-afad-4acec647572d/1/Ahqz3SLDM6ebb_MKq38uA2_DcKo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:2a:42:27:a6:1f:7d:b0:2e:ad:e8:ac:f9:04:eb:92:0d:f7:
         a3:3d:aa:2e:c6:94:54:f3:47:fb:15:ee:70:ea:b5:bc:81:5f:
         88:80:c3:6b:08:76:5f:3f:e4:43:1c:48:20:4e:ba:d8:07:5c:
         97:7d:ab:d1:7e:5e:c0:fd:f9:16:e3:06:f1:4f:95:a3:90:c5:
         a2:38:85:37:94:e4:ec:b9:45:8e:8b:75:0b:5e:4c:fd:6d:56:
         9a:e9:74:00:23:5b:af:c3:a8:98:21:4e:86:26:23:20:71:27:
         1a:80:3c:3d:32:36:07:70:a2:8e:bd:b9:12:ae:ef:33:97:56:
         c9:0c:04:29:54:c7:c6:46:94:de:62:b0:10:19:07:52:3f:f3:
         c4:32:06:47:93:9c:ca:0c:a5:02:c9:9a:bc:cb:b7:1d:98:9d:
         30:3d:e5:e2:fb:70:a3:20:85:0e:14:1c:6d:e1:de:ee:70:bb:
         22:d9:ac:bb:81:54:13:b7:5c:09:d4:b6:b9:5b:57:ba:a7:1b:
         ab:e9:d2:3c:d9:cf:e8:a8:0a:1e:1d:96:89:d7:ba:2b:c5:3c:
         ea:ee:e2:f7:8d:73:bd:bd:41:cd:da:c0:2e:6d:cb:0f:51:d7:
         34:2f:03:98:12:1b:1e:59:eb:36:7a:3c:c0:17:a4:07:df:75:
         4f:6d:e3:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI32AoJEbnjEeqgkm+MAUnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyMWFiM2RkMjJjMzMzYTc5YjZmZjMwYWFiN2YyZTAzNmZj
MzcwYWEwHhcNMjQwMTAyMDYzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGQxMzU4YTBjMDIwZDc0M2IxYmM1NDJjYjAxMTJhMzU3YjUzZThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIqspoOT9Ycw2IKqIu16UgLoyetn
4O3lroB78nCPkxNjR0FTITBi5CTKU7ws6hmQD2XA0eDfumgN89gOolfSYnHP+4Ot
dz91J5FvD7Hlkp3CJMHQGvocaY8QJ1XTnfj56243xqN3zqeL4Iinb/vv2Ul//mA+
1e4Z+zzHqVFckxTrI6PQOKtVJ3papji9+wZwZoE2ebgVvEo3X63yQnuxIZlXff2q
dF2MPlG7UO/e7+oWiCYvLNhmBAZfGaeKmc3bz1hb5MjqJAFoM4TIVZOrbxgwywXo
UcUOMyA022ivFl3NNHf1UJId4Hq3lUsRr73gEqLFWUr+ReHP1bx2zRzg9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBTRNYoMAg10OxvFQssBEqNXtT6KMB8GA1UdIwQY
MBaAFAIas90iwzOnm2/zCqt/LgNvw3CqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWhxejNTTERNNmViYl9NS3EzOHVBMl9EY0tvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMGZiYjYtZGVhMi00YzdiLWFmYWQt
NGFjZWM2NDc1NzJkLzEvRk5FMWlnd0NEWFE3RzhWQ3l3RVNvMWUxUG9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMGZiYjYtZGVhMi00YzdiLWFmYWQtNGFjZWM2NDc1NzJk
LzEvQWhxejNTTERNNmViYl9NS3EzOHVBMl9EY0tvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW5TMA0G
CSqGSIb3DQEBCwUAA4IBAQALKkInph99sC6t6Kz5BOuSDfejPaouxpRU80f7Fe5w
6rW8gV+IgMNrCHZfP+RDHEggTrrYB1yXfavRfl7A/fkW4wbxT5WjkMWiOIU3lOTs
uUWOi3ULXkz9bVaa6XQAI1uvw6iYIU6GJiMgcScagDw9MjYHcKKOvbkSru8zl1bJ
DAQpVMfGRpTeYrAQGQdSP/PEMgZHk5zKDKUCyZq8y7cdmJ0wPeXi+3CjIIUOFBxt
4d7ucLsi2ay7gVQTt1wJ1La5W1e6pxur6dI82c/oqAoeHZaJ17orxTzq7uL3jXO9
vUHN2sAubcsPUdc0LwOYEhseWes2ejzAF6QH33VPbeOK
-----END CERTIFICATE-----