Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/ca5e24-6e92-4d3a-9ad5-8935e9079796/1/fkg0PeAH4_4uiyYk2vXv2VdopmI.roa
File:                     fkg0PeAH4_4uiyYk2vXv2VdopmI.roa (raw, json)
Hash identifier:          +ljoMgN+/iFrdBrkhSViokrfwJtHZuA7XWJMFuIXvk4=
Subject key identifier:   7E:48:34:3D:E0:07:E3:FE:2E:8B:26:24:DA:F5:EF:D9:57:68:A6:62
Certificate issuer:       /CN=8ada4bf5f190f3998b80c6149a1463270fbbee15
Certificate serial:       018CC42555EBA841B4AA32CF85FB8F2D41FC
Authority key identifier: 8A:DA:4B:F5:F1:90:F3:99:8B:80:C6:14:9A:14:63:27:0F:BB:EE:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/itpL9fGQ85mLgMYUmhRjJw-77hU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/ca5e24-6e92-4d3a-9ad5-8935e9079796/1/fkg0PeAH4_4uiyYk2vXv2VdopmI.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48851
IP address blocks:        141.226.207.0/24 maxlen: 24
                          141.226.214.0/24 maxlen: 24
                          141.226.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/ca5e24-6e92-4d3a-9ad5-8935e9079796/1/itpL9fGQ85mLgMYUmhRjJw-77hU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/ca5e24-6e92-4d3a-9ad5-8935e9079796/1/itpL9fGQ85mLgMYUmhRjJw-77hU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/itpL9fGQ85mLgMYUmhRjJw-77hU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 19:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:55:eb:a8:41:b4:aa:32:cf:85:fb:8f:2d:41:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ada4bf5f190f3998b80c6149a1463270fbbee15
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e48343de007e3fe2e8b2624daf5efd95768a662
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:4d:9c:f9:40:b9:c1:fb:93:af:1c:1a:7c:63:
                    90:af:51:40:3c:23:0a:d1:81:4b:dd:a7:87:94:a7:
                    f6:97:b9:8f:79:0f:4b:21:38:36:10:45:e0:97:10:
                    f3:1d:b0:67:8c:5f:c2:c0:b1:5d:97:3a:dc:14:9a:
                    35:cf:fd:ea:2d:f7:17:37:cc:71:86:fc:60:89:4d:
                    64:de:9f:cb:46:b9:af:e8:cb:2b:5d:b6:48:eb:6b:
                    5f:ed:2c:fc:ea:c7:0a:f3:89:23:b3:27:51:a0:13:
                    9a:ff:7b:e3:06:14:ef:95:65:c8:64:7f:9a:1e:7f:
                    21:bf:ae:8f:58:36:e9:4e:6d:e8:c3:a0:c5:b6:48:
                    20:5f:34:2b:c8:c7:23:52:f4:d3:35:40:f5:ff:3c:
                    3b:e5:b8:39:26:00:3b:8b:65:2f:db:0b:f0:1c:66:
                    58:37:b0:39:08:fc:1a:e6:8f:5c:3e:78:ce:17:39:
                    44:14:62:b0:05:cc:78:c6:24:d0:b0:d1:fd:dd:b8:
                    3e:f2:56:14:ac:6e:64:b0:b3:e9:96:79:5c:6d:38:
                    60:b3:d3:df:7a:f9:c8:60:19:69:88:14:c3:eb:0d:
                    24:e3:e1:10:22:15:f3:24:20:86:04:31:e3:9f:65:
                    d8:14:f2:40:61:a5:55:35:17:ce:db:89:dc:0e:e0:
                    72:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:48:34:3D:E0:07:E3:FE:2E:8B:26:24:DA:F5:EF:D9:57:68:A6:62
            X509v3 Authority Key Identifier:
                keyid:8A:DA:4B:F5:F1:90:F3:99:8B:80:C6:14:9A:14:63:27:0F:BB:EE:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/itpL9fGQ85mLgMYUmhRjJw-77hU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/ca5e24-6e92-4d3a-9ad5-8935e9079796/1/fkg0PeAH4_4uiyYk2vXv2VdopmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/ca5e24-6e92-4d3a-9ad5-8935e9079796/1/itpL9fGQ85mLgMYUmhRjJw-77hU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.226.207.0/24
                  141.226.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:99:55:86:a6:d2:8c:be:04:79:3b:08:91:87:71:73:ab:47:
         af:47:db:74:c9:1e:c8:0b:50:29:b9:bb:49:2a:bc:90:5d:13:
         e9:f8:46:d2:b9:6b:60:9e:a8:a2:f4:9b:c7:89:84:dc:ac:53:
         aa:fe:ba:95:47:06:9a:ad:a5:4f:e5:86:41:aa:0a:61:89:be:
         46:4f:89:41:71:fc:ff:47:e5:2d:b3:33:6d:cb:b8:95:6e:b4:
         c9:c0:b3:fc:3e:50:a1:07:03:eb:58:90:82:91:60:aa:9f:14:
         ea:7b:a0:16:81:2d:cc:d3:09:c5:d4:4e:01:1b:13:a9:c7:8b:
         e4:90:e0:36:59:ca:d1:83:06:10:a8:51:45:db:ef:9e:6e:51:
         fa:bf:d3:66:33:d2:10:fb:ff:2c:20:fe:02:fc:94:02:f8:41:
         2c:8a:32:47:17:93:c8:1f:0d:12:15:ba:c8:c9:45:32:72:cb:
         7b:c3:ef:f1:4f:94:b1:36:27:43:4b:4d:e6:f0:ff:fe:6d:fd:
         7e:5b:bb:38:5d:21:54:63:56:22:3a:32:5c:f8:50:ca:82:e3:
         1b:69:87:af:6c:75:b9:bd:40:2a:9b:ba:af:22:28:39:63:1d:
         cb:df:5f:e8:64:9e:13:6d:71:af:03:95:6d:02:e8:9a:f1:b0:
         9d:b3:d8:ff
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJVXrqEG0qjLPhfuPLUH8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZGE0YmY1ZjE5MGYzOTk4YjgwYzYxNDlhMTQ2MzI3MGZi
YmVlMTUwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTQ4MzQzZGUwMDdlM2ZlMmU4YjI2MjRkYWY1ZWZkOTU3NjhhNjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0E2c+UC5wfuTrxwafGOQr1FAPCMK
0YFL3aeHlKf2l7mPeQ9LITg2EEXglxDzHbBnjF/CwLFdlzrcFJo1z/3qLfcXN8xx
hvxgiU1k3p/LRrmv6MsrXbZI62tf7Sz86scK84kjsydRoBOa/3vjBhTvlWXIZH+a
Hn8hv66PWDbpTm3ow6DFtkggXzQryMcjUvTTNUD1/zw75bg5JgA7i2Uv2wvwHGZY
N7A5CPwa5o9cPnjOFzlEFGKwBcx4xiTQsNH93bg+8lYUrG5ksLPplnlcbThgs9Pf
evnIYBlpiBTD6w0k4+EQIhXzJCCGBDHjn2XYFPJAYaVVNRfO24ncDuByAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH5IND3gB+P+LosmJNr179lXaKZiMB8GA1UdIwQY
MBaAFIraS/XxkPOZi4DGFJoUYycPu+4VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXRwTDlmR1E4NW1MZ01ZVW1oUmpKdy03N2hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9jYTVlMjQtNmU5Mi00ZDNhLTlhZDUt
ODkzNWU5MDc5Nzk2LzEvZmtnMFBlQUg0XzR1aXlZazJ2WHYyVmRvcG1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9jYTVlMjQtNmU5Mi00ZDNhLTlhZDUtODkzNWU5MDc5Nzk2
LzEvaXRwTDlmR1E4NW1MZ01ZVW1oUmpKdy03N2hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjeLPAwQB
jeLWMA0GCSqGSIb3DQEBCwUAA4IBAQBzmVWGptKMvgR5OwiRh3Fzq0evR9t0yR7I
C1ApubtJKryQXRPp+EbSuWtgnqii9JvHiYTcrFOq/rqVRwaaraVP5YZBqgphib5G
T4lBcfz/R+UtszNty7iVbrTJwLP8PlChBwPrWJCCkWCqnxTqe6AWgS3M0wnF1E4B
GxOpx4vkkOA2WcrRgwYQqFFF2++eblH6v9NmM9IQ+/8sIP4C/JQC+EEsijJHF5PI
Hw0SFbrIyUUycst7w+/xT5SxNidDS03m8P/+bf1+W7s4XSFUY1YiOjJc+FDKguMb
aYevbHW5vUAqm7qvIig5Yx3L31/oZJ4TbXGvA5VtAuia8bCds9j/
-----END CERTIFICATE-----