Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/_FMDz97zmP9d1JHVKIiKjgP6Uqk.roa
File:                     _FMDz97zmP9d1JHVKIiKjgP6Uqk.roa (raw, json)
Hash identifier:          hucwfh1Y1KRd61JRraABpWkGTogS7KMVU2I9KLUZPuQ=
Subject key identifier:   FC:53:03:CF:DE:F3:98:FF:5D:D4:91:D5:28:88:8A:8E:03:FA:52:A9
Certificate issuer:       /CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
Certificate serial:       018CC26D1F38B03C7EA90EFC916DBFB454C9
Authority key identifier: EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/_FMDz97zmP9d1JHVKIiKjgP6Uqk.roa
Signing time:             Mon 01 Jan 2024 00:29:40 +0000
ROA not before:           Mon 01 Jan 2024 00:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205022
IP address blocks:        193.232.73.0/24 maxlen: 24
                          193.232.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1f:38:b0:3c:7e:a9:0e:fc:91:6d:bf:b4:54:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
        Validity
            Not Before: Jan  1 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc5303cfdef398ff5dd491d528888a8e03fa52a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:51:b5:77:a6:3c:22:ba:80:94:a6:83:21:2a:
                    c3:ac:bf:a6:0e:de:88:26:6d:f6:1c:d5:e6:61:58:
                    91:9e:7b:16:34:33:e6:f6:e0:49:1c:e2:c9:37:d9:
                    23:99:00:30:76:a4:20:dc:32:00:50:a9:d1:29:90:
                    11:64:3c:ff:52:29:cb:ba:aa:a0:4e:da:54:94:e0:
                    8d:d7:a9:bb:31:41:16:ea:2c:8b:dc:3e:13:38:3b:
                    93:da:c0:19:f1:9e:fc:e7:6f:30:4d:1f:0c:64:5e:
                    9e:df:5e:95:3a:bd:ff:e0:13:08:7b:c5:b6:e4:70:
                    50:9f:e0:19:5f:6e:c5:8d:e1:44:f4:ee:86:91:f1:
                    97:90:47:41:dd:3d:36:07:dc:a8:e6:ec:02:37:ef:
                    60:34:50:b3:a6:84:a5:09:0c:d5:69:01:3a:95:eb:
                    14:f6:ef:50:cb:42:c1:45:98:0b:3b:b1:ab:21:4a:
                    de:e8:e2:f1:ca:19:76:d4:ca:7c:29:c3:34:d7:1c:
                    b9:72:87:53:27:b5:c3:3e:9a:bb:f6:f5:58:25:c7:
                    b7:67:87:da:b6:3d:f8:29:b9:42:52:d3:57:04:69:
                    55:5e:79:72:aa:96:37:96:e6:dc:91:b7:77:2a:76:
                    43:72:a0:15:1b:a5:e7:55:f4:51:04:71:64:41:ba:
                    f2:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:53:03:CF:DE:F3:98:FF:5D:D4:91:D5:28:88:8A:8E:03:FA:52:A9
            X509v3 Authority Key Identifier:
                keyid:EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/_FMDz97zmP9d1JHVKIiKjgP6Uqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:15:2e:3c:c9:f1:bd:0c:c9:bb:ad:d1:f0:ac:0d:2c:bf:ad:
         f7:bc:21:36:f8:7d:fb:e1:e4:d5:24:08:a2:7d:4a:99:01:6a:
         b5:a3:ac:86:29:ec:e5:06:5c:6c:dd:75:d2:42:9d:0d:d8:b7:
         4d:21:be:33:f9:85:a2:2e:c3:ac:79:14:e0:87:30:6b:26:99:
         21:4a:28:7e:39:59:5b:9f:e4:e7:d3:77:b4:50:eb:d9:06:14:
         d2:b7:f1:c6:b0:fa:7b:14:3a:b8:01:9b:b0:76:10:33:52:b0:
         a5:b9:d3:03:fb:7f:59:cd:50:bf:0e:21:ce:d9:05:3e:60:9e:
         b7:5d:a4:bc:09:12:39:c4:e1:47:83:af:1d:09:a8:9d:54:15:
         7a:88:68:88:b2:ae:b8:a8:2f:cf:06:06:bf:59:fc:06:65:4d:
         87:b6:42:44:8a:88:0a:f6:b5:2b:51:b5:aa:7b:40:b7:00:35:
         10:e3:c6:1d:62:83:8c:c4:d0:3b:ca:0b:84:8d:34:bb:03:1b:
         1c:3e:6f:80:85:f3:b2:1d:45:1f:6c:05:2f:5d:95:13:94:27:
         cf:d1:9a:aa:4f:84:59:57:29:47:15:47:cf:64:f3:72:21:71:
         c6:58:b6:30:0b:f6:62:e0:69:40:93:b1:d3:30:c3:3d:9d:10:
         ce:ee:5c:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbR84sDx+qQ78kW2/tFTJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMWM2NjViMDM4NjkyYjkzYmRmNWQxZDhmM2NlYTNlOTg2
OTdhMDMwHhcNMjQwMTAxMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzUzMDNjZmRlZjM5OGZmNWRkNDkxZDUyODg4OGE4ZTAzZmE1MmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFG1d6Y8IrqAlKaDISrDrL+mDt6I
Jm32HNXmYViRnnsWNDPm9uBJHOLJN9kjmQAwdqQg3DIAUKnRKZARZDz/UinLuqqg
TtpUlOCN16m7MUEW6iyL3D4TODuT2sAZ8Z78528wTR8MZF6e316VOr3/4BMIe8W2
5HBQn+AZX27FjeFE9O6GkfGXkEdB3T02B9yo5uwCN+9gNFCzpoSlCQzVaQE6lesU
9u9Qy0LBRZgLO7GrIUre6OLxyhl21Mp8KcM01xy5codTJ7XDPpq79vVYJce3Z4fa
tj34KblCUtNXBGlVXnlyqpY3lubckbd3KnZDcqAVG6XnVfRRBHFkQbryZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxTA8/e85j/XdSR1SiIio4D+lKpMB8GA1UdIwQY
MBaAFO8cZlsDhpK5O99dHY886j6YaXoDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAt
Njg4ZDMzM2VkOWQ1LzEvX0ZNRHo5N3ptUDlkMUpIVktJaUtqZ1A2VXFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAtNjg4ZDMzM2VkOWQ1
LzEvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwehIMA0G
CSqGSIb3DQEBCwUAA4IBAQB/FS48yfG9DMm7rdHwrA0sv633vCE2+H374eTVJAii
fUqZAWq1o6yGKezlBlxs3XXSQp0N2LdNIb4z+YWiLsOseRTghzBrJpkhSih+OVlb
n+Tn03e0UOvZBhTSt/HGsPp7FDq4AZuwdhAzUrCludMD+39ZzVC/DiHO2QU+YJ63
XaS8CRI5xOFHg68dCaidVBV6iGiIsq64qC/PBga/WfwGZU2HtkJEiogK9rUrUbWq
e0C3ADUQ48YdYoOMxNA7yguEjTS7AxscPm+AhfOyHUUfbAUvXZUTlCfP0ZqqT4RZ
VylHFUfPZPNyIXHGWLYwC/Zi4GlAk7HTMMM9nRDO7lwW
-----END CERTIFICATE-----