Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/fdJvn7uWGWCuksQqJtE4pl-UZrU.roa
File:                     fdJvn7uWGWCuksQqJtE4pl-UZrU.roa (raw, json)
Hash identifier:          5e1x9Xg/Vmh5CzstEhhD0DPt3qckyU+VQw5FDK8i8s8=
Subject key identifier:   7D:D2:6F:9F:BB:96:19:60:AE:92:C4:2A:26:D1:38:A6:5F:94:66:B5
Certificate issuer:       /CN=a088b0547f09fe9224050d70a523da5bedbe0738
Certificate serial:       0193409163B6163BBEB432414AEED5062BD9
Authority key identifier: A0:88:B0:54:7F:09:FE:92:24:05:0D:70:A5:23:DA:5B:ED:BE:07:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/fdJvn7uWGWCuksQqJtE4pl-UZrU.roa
Signing time:             Mon 18 Nov 2024 18:38:10 +0000
ROA not before:           Mon 18 Nov 2024 18:38:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7979
IP address blocks:        185.83.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:40:91:63:b6:16:3b:be:b4:32:41:4a:ee:d5:06:2b:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a088b0547f09fe9224050d70a523da5bedbe0738
        Validity
            Not Before: Nov 18 18:38:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7dd26f9fbb961960ae92c42a26d138a65f9466b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:0f:31:56:bf:09:25:80:17:47:50:9f:1e:24:
                    5b:e0:eb:1b:cc:9f:67:68:70:8d:fd:e5:0c:c4:c5:
                    76:f8:fc:ba:0e:9f:bb:9f:40:6f:9b:a9:b6:08:6e:
                    a7:bf:55:0b:0d:82:60:05:f9:4e:4d:34:cd:04:b2:
                    e5:ab:2d:e3:31:eb:9b:71:8d:18:b7:3e:7a:6e:08:
                    02:d8:d9:6e:7b:3a:52:fe:3b:80:8e:d4:53:c5:2b:
                    1e:c4:ae:d4:19:a3:9c:69:fb:8e:84:ee:fc:bb:5b:
                    75:3c:fe:8f:17:e7:1e:bc:62:6a:cc:03:a5:82:90:
                    6b:a1:33:bc:0c:51:40:db:3a:b9:5d:09:5e:57:53:
                    1f:44:42:18:23:69:6c:97:e7:1a:4f:18:5d:66:ff:
                    49:a0:37:8b:3c:14:2b:0c:f5:b9:0c:8d:d9:97:b4:
                    3a:2f:8d:b2:b5:f4:94:49:62:7a:69:3c:18:39:93:
                    7b:2c:bf:fd:dc:da:8d:da:a5:52:28:3f:8e:db:e7:
                    b5:1e:d9:5a:43:2a:20:f1:0c:df:c8:a7:1f:62:c0:
                    f4:a4:80:6f:5b:30:63:41:33:24:13:a5:42:9d:96:
                    c8:60:bc:19:a9:7d:18:b5:a2:1a:16:0a:4f:6f:79:
                    4f:a3:9f:b4:01:eb:7a:cb:cb:73:d6:48:cf:1c:c9:
                    b5:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:D2:6F:9F:BB:96:19:60:AE:92:C4:2A:26:D1:38:A6:5F:94:66:B5
            X509v3 Authority Key Identifier:
                keyid:A0:88:B0:54:7F:09:FE:92:24:05:0D:70:A5:23:DA:5B:ED:BE:07:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/fdJvn7uWGWCuksQqJtE4pl-UZrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:82:b0:f7:55:dd:1d:c2:12:e5:2c:f9:2b:0d:77:d8:ff:1e:
         b9:4b:d8:2d:91:3a:de:2a:82:42:06:52:8d:5d:26:35:64:da:
         3a:39:ab:5c:ed:e2:86:3d:c1:db:e7:69:fa:74:d4:3a:07:e4:
         49:b4:fe:bc:e7:73:80:5a:fd:9a:8a:33:cb:76:f4:36:16:10:
         7c:3a:25:42:c8:b2:08:b9:78:e2:4c:77:06:f7:0b:f0:df:78:
         db:c3:f2:39:3b:21:f4:00:64:69:c0:55:fc:cd:ff:0b:8d:4f:
         2f:26:9a:61:3a:13:93:68:3d:4d:6b:c5:0b:81:c7:89:52:18:
         80:0a:7d:a5:7b:99:a1:17:b4:33:4f:cd:7d:f7:8f:4f:13:6a:
         f5:7d:4c:3e:96:cb:7a:0d:18:e9:69:5b:73:26:7f:36:41:3d:
         67:3c:99:e2:9b:91:9c:01:e4:ab:11:95:d7:d5:30:af:2a:a3:
         61:29:db:39:54:04:f7:9a:cd:e4:b7:13:80:ef:92:fc:d6:94:
         b3:40:56:76:e7:40:01:10:e4:54:db:d8:be:90:ce:ec:a5:0d:
         ff:be:bf:9d:c2:7b:36:3d:8e:a7:e1:da:f3:94:2d:0a:23:32:
         95:36:01:64:0c:85:2a:79:5f:d9:13:f2:98:c5:fd:73:ff:ad:
         2d:7c:1b:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNAkWO2Fju+tDJBSu7VBivZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwODhiMDU0N2YwOWZlOTIyNDA1MGQ3MGE1MjNkYTViZWRi
ZTA3MzgwHhcNMjQxMTE4MTgzODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGQyNmY5ZmJiOTYxOTYwYWU5MmM0MmEyNmQxMzhhNjVmOTQ2NmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAig8xVr8JJYAXR1CfHiRb4OsbzJ9n
aHCN/eUMxMV2+Py6Dp+7n0Bvm6m2CG6nv1ULDYJgBflOTTTNBLLlqy3jMeubcY0Y
tz56bggC2NluezpS/juAjtRTxSsexK7UGaOcafuOhO78u1t1PP6PF+cevGJqzAOl
gpBroTO8DFFA2zq5XQleV1MfREIYI2lsl+caTxhdZv9JoDeLPBQrDPW5DI3Zl7Q6
L42ytfSUSWJ6aTwYOZN7LL/93NqN2qVSKD+O2+e1HtlaQyog8QzfyKcfYsD0pIBv
WzBjQTMkE6VCnZbIYLwZqX0YtaIaFgpPb3lPo5+0Aet6y8tz1kjPHMm1EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3Sb5+7lhlgrpLEKibROKZflGa1MB8GA1UdIwQY
MBaAFKCIsFR/Cf6SJAUNcKUj2lvtvgc4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0lpd1ZIOEpfcElrQlExd3BTUGFXLTItQnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9kOTA2MzUtYjI4Mi00ZTg2LTllNTMt
ZGY4MmZhODk3MzI2LzEvZmRKdm43dVdHV0N1a3NRcUp0RTRwbC1VWnJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9kOTA2MzUtYjI4Mi00ZTg2LTllNTMtZGY4MmZhODk3MzI2
LzEvb0lpd1ZIOEpfcElrQlExd3BTUGFXLTItQnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVObMA0G
CSqGSIb3DQEBCwUAA4IBAQBPgrD3Vd0dwhLlLPkrDXfY/x65S9gtkTreKoJCBlKN
XSY1ZNo6Oatc7eKGPcHb52n6dNQ6B+RJtP6853OAWv2aijPLdvQ2FhB8OiVCyLII
uXjiTHcG9wvw33jbw/I5OyH0AGRpwFX8zf8LjU8vJpphOhOTaD1Na8ULgceJUhiA
Cn2le5mhF7QzT819949PE2r1fUw+lst6DRjpaVtzJn82QT1nPJnim5GcAeSrEZXX
1TCvKqNhKds5VAT3ms3ktxOA75L81pSzQFZ250ABEORU29i+kM7spQ3/vr+dwns2
PY6n4drzlC0KIzKVNgFkDIUqeV/ZE/KYxf1z/60tfBtO
-----END CERTIFICATE-----