Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/c0a576-a220-4de0-aac1-7b96a9997718/1/1-FbyRtXhKSPVMDOZpn8tcU-813M.roa
File:                     1-FbyRtXhKSPVMDOZpn8tcU-813M.roa (raw, json)
Hash identifier:          NPeLZqnqc1fGPHOJ+r1EZKw2//+Hh8fwP6vTaz4iBRc=
Subject key identifier:   F8:56:F2:46:D5:E1:29:23:D5:30:33:99:A6:7F:2D:71:4F:BC:D7:73
Certificate issuer:       /CN=0246e8a76d30c7c0495bc5ce8ee5110feab286e6
Certificate serial:       018CC348C61D5AC592BC4A5586CCE90DF796
Authority key identifier: 02:46:E8:A7:6D:30:C7:C0:49:5B:C5:CE:8E:E5:11:0F:EA:B2:86:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Akbop20wx8BJW8XOjuURD-qyhuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/c0a576-a220-4de0-aac1-7b96a9997718/1/1-FbyRtXhKSPVMDOZpn8tcU-813M.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206174
IP address blocks:        193.31.221.0/24 maxlen: 24
                          66.84.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/c0a576-a220-4de0-aac1-7b96a9997718/1/Akbop20wx8BJW8XOjuURD-qyhuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/c0a576-a220-4de0-aac1-7b96a9997718/1/Akbop20wx8BJW8XOjuURD-qyhuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Akbop20wx8BJW8XOjuURD-qyhuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c6:1d:5a:c5:92:bc:4a:55:86:cc:e9:0d:f7:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0246e8a76d30c7c0495bc5ce8ee5110feab286e6
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f856f246d5e12923d5303399a67f2d714fbcd773
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a0:9f:5f:03:83:f9:ad:08:cf:5c:bd:74:32:
                    dc:16:ef:2f:f4:64:3b:05:0d:7a:52:d6:4a:10:f9:
                    34:e0:7f:c5:eb:74:3b:9a:94:b4:98:0c:f7:59:05:
                    84:64:40:40:3c:fd:c0:04:ca:94:a7:89:4e:f1:75:
                    0f:c9:1f:92:6c:18:9c:a0:65:45:61:b6:9c:46:9b:
                    b4:3d:22:50:5b:e7:cc:88:6f:d7:00:1b:15:1f:6f:
                    e3:c8:3e:ae:d6:18:52:2a:a3:1e:70:a0:1b:15:c1:
                    0e:f1:93:e9:12:4f:4b:56:79:d3:f9:b6:2a:2f:12:
                    07:4c:08:68:fc:6b:d8:9d:41:36:43:b1:1e:b7:7b:
                    5d:94:60:0d:76:23:67:e4:d6:0f:89:e3:86:a1:71:
                    62:12:ee:23:4e:39:a2:50:d9:89:3b:ce:0d:43:f0:
                    d0:71:5d:b2:ab:f7:fd:7b:73:9d:ca:0a:83:bd:f8:
                    51:52:d9:ef:20:39:6b:c2:e0:f6:6f:dc:da:c8:1d:
                    28:78:2c:2b:a7:a5:86:f1:9b:ee:83:04:8e:ec:01:
                    d3:d9:63:98:08:6f:0b:07:2d:27:f9:3f:b7:0e:f6:
                    16:40:f2:3c:f8:37:2d:34:55:60:93:45:ef:e6:3d:
                    60:f6:82:bd:6c:37:09:5b:b8:f4:6d:18:16:05:36:
                    4c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:56:F2:46:D5:E1:29:23:D5:30:33:99:A6:7F:2D:71:4F:BC:D7:73
            X509v3 Authority Key Identifier:
                keyid:02:46:E8:A7:6D:30:C7:C0:49:5B:C5:CE:8E:E5:11:0F:EA:B2:86:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Akbop20wx8BJW8XOjuURD-qyhuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/c0a576-a220-4de0-aac1-7b96a9997718/1/1-FbyRtXhKSPVMDOZpn8tcU-813M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/c0a576-a220-4de0-aac1-7b96a9997718/1/Akbop20wx8BJW8XOjuURD-qyhuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.84.72.0/24
                  193.31.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:37:8c:6b:cd:64:d8:4e:ea:e0:bc:67:b2:d7:ba:d2:eb:f9:
         e0:78:c7:87:82:b5:a5:cf:06:13:95:ac:5a:6a:57:d9:6d:e0:
         e1:e2:5f:13:31:39:49:14:18:ef:6a:82:6a:45:3e:ed:6e:43:
         41:17:ea:44:a9:e0:ed:3c:09:a0:00:d7:ab:5e:36:ca:3f:6d:
         8e:53:b0:77:3b:6a:71:f2:72:4e:b4:59:51:61:13:78:1a:48:
         c4:25:39:58:8b:ec:d2:a2:e5:1f:98:23:db:b3:bd:8e:84:03:
         4f:39:84:21:c5:8f:59:02:a3:a3:2e:9d:69:8f:ea:07:24:af:
         69:a0:1e:a4:44:a5:9a:7e:55:dc:72:d5:b5:a9:bd:90:de:9f:
         c8:4b:de:34:8f:ec:23:fd:b0:c7:2d:c9:84:bb:9b:1c:aa:9c:
         b0:0d:07:8d:1b:9c:5e:c6:fb:f0:59:5f:ec:aa:72:06:6e:fd:
         40:52:b6:35:04:72:88:c0:8e:91:56:3e:91:9e:fe:8e:8a:c1:
         62:0a:3c:e5:e3:ef:fe:90:ce:10:ca:0a:b2:4f:66:5a:09:cc:
         77:7d:4e:00:55:98:16:c6:02:56:07:f3:b6:b8:88:a9:a7:fc:
         be:d8:67:ac:16:b5:7e:79:e4:8d:58:3b:f7:da:83:1d:66:fc:
         9a:93:f3:ff
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzDSMYdWsWSvEpVhszpDfeWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyNDZlOGE3NmQzMGM3YzA0OTViYzVjZThlZTUxMTBmZWFi
Mjg2ZTYwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODU2ZjI0NmQ1ZTEyOTIzZDUzMDMzOTlhNjdmMmQ3MTRmYmNkNzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiaCfXwOD+a0Iz1y9dDLcFu8v9GQ7
BQ16UtZKEPk04H/F63Q7mpS0mAz3WQWEZEBAPP3ABMqUp4lO8XUPyR+SbBicoGVF
YbacRpu0PSJQW+fMiG/XABsVH2/jyD6u1hhSKqMecKAbFcEO8ZPpEk9LVnnT+bYq
LxIHTAho/GvYnUE2Q7Eet3tdlGANdiNn5NYPieOGoXFiEu4jTjmiUNmJO84NQ/DQ
cV2yq/f9e3OdygqDvfhRUtnvIDlrwuD2b9zayB0oeCwrp6WG8ZvugwSO7AHT2WOY
CG8LBy0n+T+3DvYWQPI8+DctNFVgk0Xv5j1g9oK9bDcJW7j0bRgWBTZMXwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPhW8kbV4Skj1TAzmaZ/LXFPvNdzMB8GA1UdIwQY
MBaAFAJG6KdtMMfASVvFzo7lEQ/qsobmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWtib3AyMHd4OEJKVzhYT2p1VVJELXF5aHVZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9jMGE1NzYtYTIyMC00ZGUwLWFhYzEt
N2I5NmE5OTk3NzE4LzEvMS1GYnlSdFhoS1NQVk1ET1pwbjh0Y1UtODEzTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODYvYzBhNTc2LWEyMjAtNGRlMC1hYWMxLTdiOTZhOTk5Nzcx
OC8xL0FrYm9wMjB3eDhCSlc4WE9qdVVSRC1xeWh1WS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAEJUSAME
AMEf3TANBgkqhkiG9w0BAQsFAAOCAQEASDeMa81k2E7q4Lxnste60uv54HjHh4K1
pc8GE5WsWmpX2W3g4eJfEzE5SRQY72qCakU+7W5DQRfqRKng7TwJoADXq142yj9t
jlOwdztqcfJyTrRZUWETeBpIxCU5WIvs0qLlH5gj27O9joQDTzmEIcWPWQKjoy6d
aY/qBySvaaAepESlmn5V3HLVtam9kN6fyEveNI/sI/2wxy3JhLubHKqcsA0HjRuc
Xsb78Flf7KpyBm79QFK2NQRyiMCOkVY+kZ7+jorBYgo85ePv/pDOEMoKsk9mWgnM
d31OAFWYFsYCVgfztriIqaf8vthnrBa1fnnkjVg799qDHWb8mpPz/w==
-----END CERTIFICATE-----