Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/fnqAI_D626CskJOuSqXrMYR7fss.roa
File:                     fnqAI_D626CskJOuSqXrMYR7fss.roa (raw, json)
Hash identifier:          cjILXmlHjq2IWEKzSWaJxV87umHlgd50teTBeE9+qTk=
Subject key identifier:   7E:7A:80:23:F0:FA:DB:A0:AC:90:93:AE:4A:A5:EB:31:84:7B:7E:CB
Certificate issuer:       /CN=9bed36af13da482fdf79fb5403e5074860eecd0d
Certificate serial:       018CC56EFCE099B1B8D5BA3D50C2416A8A1A
Authority key identifier: 9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/fnqAI_D626CskJOuSqXrMYR7fss.roa
Signing time:             Mon 01 Jan 2024 14:30:34 +0000
ROA not before:           Mon 01 Jan 2024 14:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199311
IP address blocks:        134.19.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 02:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:fc:e0:99:b1:b8:d5:ba:3d:50:c2:41:6a:8a:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bed36af13da482fdf79fb5403e5074860eecd0d
        Validity
            Not Before: Jan  1 14:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e7a8023f0fadba0ac9093ae4aa5eb31847b7ecb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:31:19:12:9b:91:1a:68:16:bc:7e:b4:21:6a:
                    6c:14:5f:0a:bb:82:2b:8a:86:28:ea:ff:88:b7:66:
                    1e:fe:00:a2:89:a6:6c:5b:48:c5:b1:6e:06:e0:ad:
                    dc:7b:02:df:65:74:25:51:c7:98:54:c9:99:0a:51:
                    73:71:fb:da:c8:ac:1c:98:b0:39:12:28:6d:28:15:
                    dc:7c:33:d3:b8:95:4a:1d:62:47:00:92:9f:56:e7:
                    c5:d5:64:a1:ea:64:8e:a6:df:f4:1e:f5:b5:b9:da:
                    b4:8d:34:3e:26:1f:88:87:79:83:22:51:25:22:33:
                    5c:30:b7:c4:8b:03:6b:de:13:4f:ef:2a:b7:3b:ad:
                    ca:b3:fe:ec:a9:71:15:51:3a:9e:05:53:08:d8:71:
                    31:16:11:63:96:9e:6d:91:fc:49:a0:aa:b8:22:3b:
                    53:9b:d8:f9:98:cf:36:b2:16:8e:b8:b8:89:fd:e7:
                    ac:4d:49:c9:89:fd:3d:b2:88:54:e6:37:53:e5:62:
                    8f:be:b1:c9:00:24:bd:45:54:72:54:56:38:25:91:
                    b4:e9:5c:c4:a5:5b:49:51:9e:1d:df:8f:7b:32:f2:
                    3c:c5:4f:73:ca:e6:0c:b5:51:18:b7:18:1d:22:bf:
                    5e:79:6d:1d:4c:2b:0f:7e:2a:e2:15:76:45:f1:f3:
                    70:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:7A:80:23:F0:FA:DB:A0:AC:90:93:AE:4A:A5:EB:31:84:7B:7E:CB
            X509v3 Authority Key Identifier:
                keyid:9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/fnqAI_D626CskJOuSqXrMYR7fss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.19.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:32:32:f5:c3:f1:2d:8c:a0:93:46:9b:84:61:cf:17:a1:c7:
         71:28:c7:56:23:89:84:68:34:47:e1:00:0e:ae:cf:26:da:80:
         b1:82:b6:60:5a:ec:d4:b2:a8:7c:6b:f6:0d:58:4e:20:c6:11:
         85:8f:9e:2f:9b:99:fc:89:ab:45:f7:84:1c:d1:c8:77:9a:3a:
         e5:46:4f:43:87:07:2c:e5:e6:07:13:78:be:ac:73:4c:38:a2:
         12:7f:8f:9f:bf:a3:ee:c1:69:24:91:67:37:ef:b0:50:be:31:
         d1:50:27:88:01:76:8c:4a:ed:4c:63:52:3e:22:dd:e6:f4:95:
         32:a3:d6:e5:9b:5a:a3:85:a9:3b:05:c4:98:ec:ac:30:be:64:
         ce:37:c8:e7:90:4d:cb:df:6a:c7:8c:fe:50:44:33:c3:25:cd:
         2a:9f:66:19:42:3e:79:27:3c:8b:08:66:c6:df:a3:6c:ca:d1:
         cc:ec:82:31:f7:50:e8:e1:77:93:9d:05:ba:0b:7e:44:6c:3e:
         53:ac:31:0a:0f:a1:5e:2f:3c:66:6a:84:48:e7:cf:07:26:e7:
         59:a1:e2:90:b9:11:2b:ed:14:be:02:ff:d3:c9:47:a8:73:c5:
         da:9d:fa:29:1b:63:83:37:57:ba:15:b8:f2:23:94:99:a0:13:
         33:98:d3:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvzgmbG41bo9UMJBaooaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZWQzNmFmMTNkYTQ4MmZkZjc5ZmI1NDAzZTUwNzQ4NjBl
ZWNkMGQwHhcNMjQwMTAxMTQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTdhODAyM2YwZmFkYmEwYWM5MDkzYWU0YWE1ZWIzMTg0N2I3ZWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jEZEpuRGmgWvH60IWpsFF8Ku4Ir
ioYo6v+It2Ye/gCiiaZsW0jFsW4G4K3cewLfZXQlUceYVMmZClFzcfvayKwcmLA5
EihtKBXcfDPTuJVKHWJHAJKfVufF1WSh6mSOpt/0HvW1udq0jTQ+Jh+Ih3mDIlEl
IjNcMLfEiwNr3hNP7yq3O63Ks/7sqXEVUTqeBVMI2HExFhFjlp5tkfxJoKq4IjtT
m9j5mM82shaOuLiJ/eesTUnJif09sohU5jdT5WKPvrHJACS9RVRyVFY4JZG06VzE
pVtJUZ4d3497MvI8xU9zyuYMtVEYtxgdIr9eeW0dTCsPfiriFXZF8fNwDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH56gCPw+tugrJCTrkql6zGEe37LMB8GA1UdIwQY
MBaAFJvtNq8T2kgv33n7VAPlB0hg7s0NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEt
ZDIyMWViZDA4MThkLzEvZm5xQUlfRDYyNkNza0pPdVNxWHJNWVI3ZnNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEtZDIyMWViZDA4MThk
LzEvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAhhPcMA0G
CSqGSIb3DQEBCwUAA4IBAQAeMjL1w/EtjKCTRpuEYc8XocdxKMdWI4mEaDRH4QAO
rs8m2oCxgrZgWuzUsqh8a/YNWE4gxhGFj54vm5n8iatF94Qc0ch3mjrlRk9Dhwcs
5eYHE3i+rHNMOKISf4+fv6PuwWkkkWc377BQvjHRUCeIAXaMSu1MY1I+It3m9JUy
o9blm1qjhak7BcSY7KwwvmTON8jnkE3L32rHjP5QRDPDJc0qn2YZQj55JzyLCGbG
36NsytHM7IIx91Do4XeTnQW6C35EbD5TrDEKD6FeLzxmaoRI588HJudZoeKQuREr
7RS+Av/TyUeoc8XanfopG2ODN1e6FbjyI5SZoBMzmNOE
-----END CERTIFICATE-----