Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/fEqGf08wZ024bO6ic3Bs_LLRD6A.roa
File:                     fEqGf08wZ024bO6ic3Bs_LLRD6A.roa (raw, json)
Hash identifier:          RU/8ECik+iSgzF47M336xERe9MH6gKysgd8Eda2BbS8=
Subject key identifier:   7C:4A:86:7F:4F:30:67:4D:B8:6C:EE:A2:73:70:6C:FC:B2:D1:0F:A0
Certificate issuer:       /CN=942588b91da9cca81b49e603a988e2b1eabddc98
Certificate serial:       018FDDF7119E90E7BEDC2918D22735CB4FAC
Authority key identifier: 94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/fEqGf08wZ024bO6ic3Bs_LLRD6A.roa
Signing time:             Mon 03 Jun 2024 11:58:27 +0000
ROA not before:           Mon 03 Jun 2024 11:58:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8647
IP address blocks:        185.23.164.0/22 maxlen: 24
                          193.200.175.0/24 maxlen: 24
                          2a0f:3a00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:dd:f7:11:9e:90:e7:be:dc:29:18:d2:27:35:cb:4f:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=942588b91da9cca81b49e603a988e2b1eabddc98
        Validity
            Not Before: Jun  3 11:58:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c4a867f4f30674db86ceea273706cfcb2d10fa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d0:51:14:17:47:57:02:26:04:74:d3:9b:57:
                    26:8a:71:8f:f6:55:73:08:37:69:ed:7d:80:6c:01:
                    7e:04:f0:db:d3:97:d7:b7:af:5c:8d:ec:82:93:e9:
                    17:be:4f:e2:0d:67:54:36:fb:64:de:b2:a1:3d:d0:
                    98:07:93:cb:20:3f:b3:e3:cb:57:cf:7b:99:1d:cd:
                    4b:92:de:50:f9:55:a3:4c:64:37:e6:b2:e0:da:ed:
                    a1:12:b3:2a:45:e5:86:59:30:f0:8a:df:70:ef:9e:
                    d8:63:63:0a:b6:86:a7:39:65:a8:7d:1a:75:ff:09:
                    ef:ae:00:ae:c7:b7:0d:de:de:e0:d8:2e:e1:f0:78:
                    07:4f:37:ce:01:a0:90:37:1d:be:1d:4f:9a:f7:ec:
                    80:a7:c2:b2:4a:f3:6d:61:e3:e1:bd:bc:5a:9d:54:
                    35:f4:3b:03:b8:1a:d0:b8:01:38:2b:a9:50:55:de:
                    bb:26:8d:f4:d6:88:ef:d6:da:0e:c7:15:91:bd:a9:
                    42:76:3a:28:3b:ae:78:36:a7:d9:4f:83:83:5d:3b:
                    b9:05:4b:d2:bc:a5:83:1c:c5:fb:bf:e5:03:1b:25:
                    b6:1f:34:0a:95:40:55:98:3e:9b:85:9c:db:41:b3:
                    10:ec:22:6e:3b:a1:ba:ae:7b:cf:fe:04:93:df:c1:
                    17:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:4A:86:7F:4F:30:67:4D:B8:6C:EE:A2:73:70:6C:FC:B2:D1:0F:A0
            X509v3 Authority Key Identifier:
                keyid:94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/fEqGf08wZ024bO6ic3Bs_LLRD6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.164.0/22
                  193.200.175.0/24
                IPv6:
                  2a0f:3a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:a5:dc:ec:6e:82:1e:8e:96:7a:8b:2d:ea:45:01:6e:ed:22:
         29:02:32:a1:c9:26:47:c6:1e:ef:8e:a8:15:a8:8b:67:c7:54:
         ba:7a:83:72:24:cb:1a:df:5e:d3:ff:69:f2:02:21:c0:0f:1d:
         33:1d:13:f4:b6:f1:28:80:50:a1:03:e3:3c:97:e9:70:90:4f:
         30:f0:47:0d:7b:d3:97:99:31:54:2c:d9:83:17:d2:0c:86:c2:
         3c:5b:0d:52:29:ab:cd:57:8d:3d:ce:70:43:81:4e:c4:52:65:
         d9:a1:17:8f:67:16:c7:e3:2d:14:e7:28:04:84:74:78:ad:d1:
         52:f9:82:34:02:ea:ea:45:6d:fa:6f:84:02:8b:6a:50:b6:a5:
         e2:ce:49:88:95:5f:54:9a:1b:68:ec:33:3d:be:10:fe:25:ad:
         aa:c6:69:ef:34:f8:ff:a8:bb:9d:1b:2a:7e:56:ae:9e:dd:ec:
         e5:4e:d6:81:bc:d7:0e:73:19:7b:0b:3b:86:e5:40:a3:d2:fc:
         ca:e2:1f:79:07:7c:2e:39:b0:05:92:38:d9:16:52:2c:6f:39:
         fa:38:a2:93:2f:7c:97:bf:cc:ae:56:21:ca:c5:1a:a6:9b:f2:
         b1:c5:b1:30:9c:8c:3e:88:cd:bb:42:e3:10:a6:ad:ef:b7:7f:
         16:51:b0:ac
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY/d9xGekOe+3CkY0ic1y0+sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MjU4OGI5MWRhOWNjYTgxYjQ5ZTYwM2E5ODhlMmIxZWFi
ZGRjOTgwHhcNMjQwNjAzMTE1ODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzRhODY3ZjRmMzA2NzRkYjg2Y2VlYTI3MzcwNmNmY2IyZDEwZmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNBRFBdHVwImBHTTm1cminGP9lVz
CDdp7X2AbAF+BPDb05fXt69cjeyCk+kXvk/iDWdUNvtk3rKhPdCYB5PLID+z48tX
z3uZHc1Lkt5Q+VWjTGQ35rLg2u2hErMqReWGWTDwit9w757YY2MKtoanOWWofRp1
/wnvrgCux7cN3t7g2C7h8HgHTzfOAaCQNx2+HU+a9+yAp8KySvNtYePhvbxanVQ1
9DsDuBrQuAE4K6lQVd67Jo301ojv1toOxxWRvalCdjooO654NqfZT4ODXTu5BUvS
vKWDHMX7v+UDGyW2HzQKlUBVmD6bhZzbQbMQ7CJuO6G6rnvP/gST38EXRwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHxKhn9PMGdNuGzuonNwbPyy0Q+gMB8GA1UdIwQY
MBaAFJQliLkdqcyoG0nmA6mI4rHqvdyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQt
NjVkYWFkNjMyOTU3LzEvZkVxR2YwOHdaMDI0Yk82aWMzQnNfTExSRDZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQtNjVkYWFkNjMyOTU3
LzEvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuRekAwQA
wcivMA0EAgACMAcDBQMqDzoAMA0GCSqGSIb3DQEBCwUAA4IBAQBlpdzsboIejpZ6
iy3qRQFu7SIpAjKhySZHxh7vjqgVqItnx1S6eoNyJMsa317T/2nyAiHADx0zHRP0
tvEogFChA+M8l+lwkE8w8EcNe9OXmTFULNmDF9IMhsI8Ww1SKavNV409znBDgU7E
UmXZoRePZxbH4y0U5ygEhHR4rdFS+YI0AurqRW36b4QCi2pQtqXizkmIlV9Umhto
7DM9vhD+Ja2qxmnvNPj/qLudGyp+Vq6e3ezlTtaBvNcOcxl7CzuG5UCj0vzK4h95
B3wuObAFkjjZFlIsbzn6OKKTL3yXv8yuViHKxRqmm/KxxbEwnIw+iM27QuMQpq3v
t38WUbCs
-----END CERTIFICATE-----