Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/2884a1-c124-4565-b841-e104c982d7a0/1/FXvGvAgk-6ZXgSbrWxY5lxu-jfU.roa
File:                     FXvGvAgk-6ZXgSbrWxY5lxu-jfU.roa (raw, json)
Hash identifier:          CNHsod5ytuNtsPlOHteXKxtUqLL/uMdj+qTChmo5638=
Subject key identifier:   15:7B:C6:BC:08:24:FB:A6:57:81:26:EB:5B:16:39:97:1B:BE:8D:F5
Certificate issuer:       /CN=4b93c6a10d141f00aefade01bcd3492f754f4e83
Certificate serial:       018CC9BCDBA03D36CF6594940BF634202831
Authority key identifier: 4B:93:C6:A1:0D:14:1F:00:AE:FA:DE:01:BC:D3:49:2F:75:4F:4E:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S5PGoQ0UHwCu-t4BvNNJL3VPToM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/2884a1-c124-4565-b841-e104c982d7a0/1/FXvGvAgk-6ZXgSbrWxY5lxu-jfU.roa
Signing time:             Tue 02 Jan 2024 10:34:06 +0000
ROA not before:           Tue 02 Jan 2024 10:34:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35524
IP address blocks:        195.200.90.0/23 maxlen: 23
                          193.84.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/2884a1-c124-4565-b841-e104c982d7a0/1/S5PGoQ0UHwCu-t4BvNNJL3VPToM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/2884a1-c124-4565-b841-e104c982d7a0/1/S5PGoQ0UHwCu-t4BvNNJL3VPToM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S5PGoQ0UHwCu-t4BvNNJL3VPToM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:db:a0:3d:36:cf:65:94:94:0b:f6:34:20:28:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b93c6a10d141f00aefade01bcd3492f754f4e83
        Validity
            Not Before: Jan  2 10:34:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=157bc6bc0824fba6578126eb5b1639971bbe8df5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c4:03:5b:9a:80:f7:d9:03:91:8e:03:fc:3b:
                    e1:9d:7b:3d:9f:12:0a:50:a9:a8:8b:4c:9c:52:c9:
                    92:4d:df:34:67:ca:f6:b0:bc:78:9c:4a:56:18:fa:
                    9a:13:a0:30:d6:1b:7f:48:1f:c6:f8:6b:f9:9f:10:
                    9d:1e:b5:75:56:da:25:35:5a:81:24:6b:a8:59:d9:
                    b4:04:bd:12:82:41:10:45:b2:c6:ab:12:8f:fe:14:
                    b0:d6:ac:f6:32:42:eb:02:5f:43:26:91:ae:17:e8:
                    7b:a9:f2:5c:be:1d:ed:4d:72:34:15:a9:3e:47:9b:
                    c4:1d:10:65:72:37:60:ac:d7:94:b9:49:07:59:b4:
                    1f:7a:bb:eb:de:71:92:16:62:24:04:63:0f:3c:d8:
                    f6:8f:e3:ee:35:4c:23:14:c0:eb:54:cb:00:95:ce:
                    a0:3e:9b:82:66:e9:f7:49:cc:04:37:c8:e3:b9:04:
                    f8:d5:e8:0d:ef:57:02:09:60:aa:bb:8f:10:17:93:
                    df:d7:06:95:21:67:33:72:de:1b:1f:6a:78:96:cb:
                    20:ca:ed:02:e4:ee:5b:b8:d7:48:ef:34:ea:a3:9f:
                    22:3c:36:da:a5:50:ed:3e:7a:76:ba:21:ff:52:45:
                    61:14:69:cf:86:d7:c5:c4:80:ab:65:6d:9e:96:29:
                    80:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:7B:C6:BC:08:24:FB:A6:57:81:26:EB:5B:16:39:97:1B:BE:8D:F5
            X509v3 Authority Key Identifier:
                keyid:4B:93:C6:A1:0D:14:1F:00:AE:FA:DE:01:BC:D3:49:2F:75:4F:4E:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5PGoQ0UHwCu-t4BvNNJL3VPToM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/2884a1-c124-4565-b841-e104c982d7a0/1/FXvGvAgk-6ZXgSbrWxY5lxu-jfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/2884a1-c124-4565-b841-e104c982d7a0/1/S5PGoQ0UHwCu-t4BvNNJL3VPToM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.77.0/24
                  195.200.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:b4:c6:e7:1f:26:9f:b1:4e:f6:6c:5b:8d:ef:19:cf:88:43:
         06:8b:a8:d1:6b:90:d4:d9:33:7c:ee:e0:a0:80:82:0c:a2:b6:
         d5:c9:50:38:3a:07:a4:78:98:15:19:80:73:7a:14:9b:93:32:
         b3:f9:12:f6:10:e6:fd:84:32:c0:aa:8c:31:2c:d2:17:e1:9a:
         b6:70:d9:30:71:f7:dd:95:37:8c:4a:ed:4b:95:1d:cb:a3:4b:
         08:a6:e7:e6:a8:ca:b4:bb:0b:3f:80:2e:8e:fb:23:fd:ec:1c:
         d5:30:44:e0:eb:75:90:15:fe:f2:cd:ae:98:ba:25:55:59:cf:
         57:4e:07:1f:31:a5:cf:d2:c3:bc:3c:fb:09:89:03:7f:25:2b:
         64:24:9e:d0:56:ed:aa:d7:e5:5c:2b:ff:81:e2:b4:d0:c1:aa:
         b0:46:1b:10:1a:6e:01:65:16:6e:fb:04:e7:f0:38:55:0c:b2:
         5a:26:57:a6:fc:e5:c0:de:05:25:61:da:bc:af:0d:39:52:89:
         1d:57:d9:90:d5:97:dc:88:31:68:6c:28:4c:6f:36:70:b5:94:
         ba:42:1d:42:f4:ab:4d:50:ce:cd:0f:a5:8a:3b:8c:82:d7:8d:
         1d:58:ca:d9:80:f9:3f:61:3c:f5:19:43:ca:f8:2e:70:ae:5d:
         a2:6b:3a:77
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvNugPTbPZZSUC/Y0ICgxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTNjNmExMGQxNDFmMDBhZWZhZGUwMWJjZDM0OTJmNzU0
ZjRlODMwHhcNMjQwMTAyMTAzNDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTdiYzZiYzA4MjRmYmE2NTc4MTI2ZWI1YjE2Mzk5NzFiYmU4ZGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsQDW5qA99kDkY4D/DvhnXs9nxIK
UKmoi0ycUsmSTd80Z8r2sLx4nEpWGPqaE6Aw1ht/SB/G+Gv5nxCdHrV1VtolNVqB
JGuoWdm0BL0SgkEQRbLGqxKP/hSw1qz2MkLrAl9DJpGuF+h7qfJcvh3tTXI0Fak+
R5vEHRBlcjdgrNeUuUkHWbQfervr3nGSFmIkBGMPPNj2j+PuNUwjFMDrVMsAlc6g
PpuCZun3ScwEN8jjuQT41egN71cCCWCqu48QF5Pf1waVIWczct4bH2p4lssgyu0C
5O5buNdI7zTqo58iPDbapVDtPnp2uiH/UkVhFGnPhtfFxICrZW2elimAqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBV7xrwIJPumV4Em61sWOZcbvo31MB8GA1UdIwQY
MBaAFEuTxqENFB8ArvreAbzTSS91T06DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVQR29RMFVId0N1LXQ0QnZOTkpMM1ZQVG9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8yODg0YTEtYzEyNC00NTY1LWI4NDEt
ZTEwNGM5ODJkN2EwLzEvRlh2R3ZBZ2stNlpYZ1Nicld4WTVseHUtamZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8yODg0YTEtYzEyNC00NTY1LWI4NDEtZTEwNGM5ODJkN2Ew
LzEvUzVQR29RMFVId0N1LXQ0QnZOTkpMM1ZQVG9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwVRNAwQB
w8haMA0GCSqGSIb3DQEBCwUAA4IBAQCPtMbnHyafsU72bFuN7xnPiEMGi6jRa5DU
2TN87uCggIIMorbVyVA4OgekeJgVGYBzehSbkzKz+RL2EOb9hDLAqowxLNIX4Zq2
cNkwcffdlTeMSu1LlR3Lo0sIpufmqMq0uws/gC6O+yP97BzVMETg63WQFf7yza6Y
uiVVWc9XTgcfMaXP0sO8PPsJiQN/JStkJJ7QVu2q1+VcK/+B4rTQwaqwRhsQGm4B
ZRZu+wTn8DhVDLJaJlem/OXA3gUlYdq8rw05UokdV9mQ1ZfciDFobChMbzZwtZS6
Qh1C9KtNUM7ND6WKO4yC140dWMrZgPk/YTz1GUPK+C5wrl2iazp3
-----END CERTIFICATE-----