Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/4d9267-4eac-4213-9bcb-28b82c0a14f0/1/fPQxK5A0xSB-SzMeU-_L0vrr8bc.roa
File:                     fPQxK5A0xSB-SzMeU-_L0vrr8bc.roa (raw, json)
Hash identifier:          S00SX4dC0IniP92XchILwgwoGZLWvsCdKHyn+NB9XA4=
Subject key identifier:   7C:F4:31:2B:90:34:C5:20:7E:4B:33:1E:53:EF:CB:D2:FA:EB:F1:B7
Certificate issuer:       /CN=a56316c7129831e0511079532ded81dc12c81da0
Certificate serial:       018CC3492F5FE2BF5181717144387165C2FD
Authority key identifier: A5:63:16:C7:12:98:31:E0:51:10:79:53:2D:ED:81:DC:12:C8:1D:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pWMWxxKYMeBREHlTLe2B3BLIHaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/4d9267-4eac-4213-9bcb-28b82c0a14f0/1/fPQxK5A0xSB-SzMeU-_L0vrr8bc.roa
Signing time:             Mon 01 Jan 2024 04:30:02 +0000
ROA not before:           Mon 01 Jan 2024 04:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64441
IP address blocks:        194.102.162.0/24 maxlen: 24
                          91.206.160.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/4d9267-4eac-4213-9bcb-28b82c0a14f0/1/pWMWxxKYMeBREHlTLe2B3BLIHaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/4d9267-4eac-4213-9bcb-28b82c0a14f0/1/pWMWxxKYMeBREHlTLe2B3BLIHaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pWMWxxKYMeBREHlTLe2B3BLIHaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:2f:5f:e2:bf:51:81:71:71:44:38:71:65:c2:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a56316c7129831e0511079532ded81dc12c81da0
        Validity
            Not Before: Jan  1 04:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cf4312b9034c5207e4b331e53efcbd2faebf1b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b6:7c:1a:92:cb:ef:dd:fd:04:67:34:ed:54:
                    ba:16:bf:d9:41:5a:a5:de:d6:de:6c:6d:63:50:fd:
                    28:65:f6:b1:6d:c5:a5:32:8e:63:67:5a:79:fe:60:
                    46:eb:26:f5:b0:2d:84:35:ed:ac:aa:ca:b7:0e:c2:
                    1a:d6:59:27:67:6f:46:a5:fe:a2:6b:b9:09:f1:0f:
                    95:a8:29:c6:94:77:53:fb:e8:30:2b:40:ca:07:82:
                    1d:a2:40:68:03:1a:74:b4:4c:72:6a:13:c2:7f:8f:
                    b1:14:5b:fa:79:b5:b4:a1:87:a2:96:3f:5d:5d:28:
                    a9:48:78:fd:67:25:14:d1:2f:68:8b:50:4c:44:ca:
                    73:a1:40:86:46:9e:9a:97:7e:d7:87:74:1a:f6:c9:
                    e4:cd:03:ed:a9:eb:6b:a1:7d:8c:38:c0:20:2e:4a:
                    1a:cd:90:ef:37:46:5c:00:99:b9:74:f7:e1:1d:30:
                    c4:ef:09:63:5b:0f:b4:9c:19:8e:f0:bd:2f:4f:a9:
                    72:26:74:0f:20:40:3c:d0:d2:7c:c5:4f:ba:7f:05:
                    2c:29:6e:45:42:f4:cb:6d:a9:62:d6:85:3d:4b:ae:
                    24:54:a8:47:08:dc:a4:05:57:73:0d:61:d3:7d:e4:
                    be:34:e7:51:a4:05:b8:01:65:52:5b:e2:b1:cf:dd:
                    5e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:F4:31:2B:90:34:C5:20:7E:4B:33:1E:53:EF:CB:D2:FA:EB:F1:B7
            X509v3 Authority Key Identifier:
                keyid:A5:63:16:C7:12:98:31:E0:51:10:79:53:2D:ED:81:DC:12:C8:1D:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pWMWxxKYMeBREHlTLe2B3BLIHaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/4d9267-4eac-4213-9bcb-28b82c0a14f0/1/fPQxK5A0xSB-SzMeU-_L0vrr8bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/4d9267-4eac-4213-9bcb-28b82c0a14f0/1/pWMWxxKYMeBREHlTLe2B3BLIHaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.160.0/23
                  194.102.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:05:78:31:b4:5d:56:88:9a:10:4a:57:04:54:9f:7e:7a:d7:
         0a:be:dd:00:a7:91:51:f1:7f:88:d8:d2:8b:45:27:8e:4d:60:
         77:ad:3e:1e:19:65:31:47:ed:fe:49:eb:36:5c:f8:5f:92:fa:
         f9:81:02:3e:c9:9b:b1:53:9f:65:59:4e:de:a1:1a:59:6d:ed:
         18:76:43:0b:85:ca:76:53:51:e6:c8:a7:32:cd:26:21:76:93:
         dd:dd:6a:e4:3c:b7:56:f2:69:ad:a1:be:d5:f5:a5:2a:94:f6:
         ef:e3:04:52:6c:c3:31:4d:ad:4e:d0:89:81:5a:1c:e0:fc:45:
         82:12:ee:59:69:9b:80:30:02:b8:6c:c4:49:ce:60:c5:5b:be:
         ef:01:4f:2a:43:fb:c2:df:f6:89:d7:c4:20:dd:12:17:d2:a2:
         8b:25:6f:be:59:77:0e:73:31:9a:b4:02:c2:72:15:75:1e:02:
         5d:a7:79:cf:5b:9e:7a:92:8f:70:be:d4:3e:97:0c:7e:7b:00:
         1e:fe:f0:5c:da:26:00:a4:a6:ad:4f:af:bc:18:37:78:c4:da:
         06:15:65:f4:00:cd:8c:9c:3f:e2:d0:63:34:c6:a1:4a:0b:99:
         63:a9:7f:2f:a0:25:56:d2:9d:cd:14:1a:40:ca:f9:35:49:05:
         7a:3d:9a:c5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSS9f4r9RgXFxRDhxZcL9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NjMxNmM3MTI5ODMxZTA1MTEwNzk1MzJkZWQ4MWRjMTJj
ODFkYTAwHhcNMjQwMTAxMDQzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2Y0MzEyYjkwMzRjNTIwN2U0YjMzMWU1M2VmY2JkMmZhZWJmMWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7Z8GpLL7939BGc07VS6Fr/ZQVql
3tbebG1jUP0oZfaxbcWlMo5jZ1p5/mBG6yb1sC2ENe2sqsq3DsIa1lknZ29Gpf6i
a7kJ8Q+VqCnGlHdT++gwK0DKB4IdokBoAxp0tExyahPCf4+xFFv6ebW0oYeilj9d
XSipSHj9ZyUU0S9oi1BMRMpzoUCGRp6al37Xh3Qa9snkzQPtqetroX2MOMAgLkoa
zZDvN0ZcAJm5dPfhHTDE7wljWw+0nBmO8L0vT6lyJnQPIEA80NJ8xU+6fwUsKW5F
QvTLbali1oU9S64kVKhHCNykBVdzDWHTfeS+NOdRpAW4AWVSW+Kxz91ehQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHz0MSuQNMUgfkszHlPvy9L66/G3MB8GA1UdIwQY
MBaAFKVjFscSmDHgURB5Uy3tgdwSyB2gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFdNV3h4S1lNZUJSRUhsVExlMkIzQkxJSGFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS80ZDkyNjctNGVhYy00MjEzLTliY2It
MjhiODJjMGExNGYwLzEvZlBReEs1QTB4U0ItU3pNZVUtX0wwdnJyOGJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS80ZDkyNjctNGVhYy00MjEzLTliY2ItMjhiODJjMGExNGYw
LzEvcFdNV3h4S1lNZUJSRUhsVExlMkIzQkxJSGFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW86gAwQA
wmaiMA0GCSqGSIb3DQEBCwUAA4IBAQC5BXgxtF1WiJoQSlcEVJ9+etcKvt0Ap5FR
8X+I2NKLRSeOTWB3rT4eGWUxR+3+Ses2XPhfkvr5gQI+yZuxU59lWU7eoRpZbe0Y
dkMLhcp2U1HmyKcyzSYhdpPd3WrkPLdW8mmtob7V9aUqlPbv4wRSbMMxTa1O0ImB
Whzg/EWCEu5ZaZuAMAK4bMRJzmDFW77vAU8qQ/vC3/aJ18Qg3RIX0qKLJW++WXcO
czGatALCchV1HgJdp3nPW556ko9wvtQ+lwx+ewAe/vBc2iYApKatT6+8GDd4xNoG
FWX0AM2MnD/i0GM0xqFKC5ljqX8voCVW0p3NFBpAyvk1SQV6PZrF
-----END CERTIFICATE-----