Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6bda82-a2e1-45c9-a181-313de4892b8d/1/fxxMed6c_xBSqZCMAe-xGxRae6g.roa
File:                     fxxMed6c_xBSqZCMAe-xGxRae6g.roa (raw, json)
Hash identifier:          UWnFEaYM6dzHaMUDBqsN2mf4BOOWR0FydKIS5bh0J1M=
Subject key identifier:   7F:1C:4C:79:DE:9C:FF:10:52:A9:90:8C:01:EF:B1:1B:14:5A:7B:A8
Certificate issuer:       /CN=a8b3eb443c06a3dcc088e2caa05ce09cf8d4e7a6
Certificate serial:       019035A613307ABC1F6FC2359FEF4DB0A4DD
Authority key identifier: A8:B3:EB:44:3C:06:A3:DC:C0:88:E2:CA:A0:5C:E0:9C:F8:D4:E7:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qLPrRDwGo9zAiOLKoFzgnPjU56Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/6bda82-a2e1-45c9-a181-313de4892b8d/1/fxxMed6c_xBSqZCMAe-xGxRae6g.roa
Signing time:             Thu 20 Jun 2024 12:36:34 +0000
ROA not before:           Thu 20 Jun 2024 12:36:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215329
IP address blocks:        194.56.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/6bda82-a2e1-45c9-a181-313de4892b8d/1/qLPrRDwGo9zAiOLKoFzgnPjU56Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/6bda82-a2e1-45c9-a181-313de4892b8d/1/qLPrRDwGo9zAiOLKoFzgnPjU56Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qLPrRDwGo9zAiOLKoFzgnPjU56Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:35:a6:13:30:7a:bc:1f:6f:c2:35:9f:ef:4d:b0:a4:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8b3eb443c06a3dcc088e2caa05ce09cf8d4e7a6
        Validity
            Not Before: Jun 20 12:36:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f1c4c79de9cff1052a9908c01efb11b145a7ba8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:61:72:e1:f5:94:a9:f3:d7:f2:59:66:cd:b3:
                    ef:4d:45:8e:1a:02:58:06:b3:5f:4b:73:15:90:28:
                    5b:ec:3c:64:a0:03:2a:ff:31:d0:5c:e3:02:c9:19:
                    1a:09:50:9e:5a:9f:7f:fb:9f:3f:a4:96:7c:75:23:
                    8c:23:89:1e:65:4f:88:14:ea:fd:64:d9:2a:19:7a:
                    44:74:95:33:73:e2:e5:a3:3c:59:b8:96:81:3a:44:
                    b1:e6:57:ae:75:66:70:66:a4:82:26:fe:73:c7:f4:
                    c3:2e:5f:70:08:ab:00:f1:16:47:40:5a:6d:aa:61:
                    7e:6b:bc:6f:6e:fb:f5:9b:54:e1:85:fb:c5:e2:4e:
                    b9:e2:d6:9c:41:c0:b7:13:23:97:b8:71:4b:01:c8:
                    54:57:ff:62:fc:ed:f3:61:c5:1f:0a:b9:05:05:fe:
                    5b:81:06:cf:59:31:a1:42:f4:9a:bf:e2:e6:68:ab:
                    03:11:8f:1f:c3:78:fb:6f:2a:74:fd:71:1b:08:e8:
                    8b:45:65:41:7b:fa:b2:a5:d8:07:25:df:7b:70:1e:
                    dc:e8:bd:95:15:74:1e:d9:ed:e0:27:4f:cd:0b:c0:
                    dd:8c:ba:f2:d8:43:b9:6e:29:d0:58:bc:7f:79:47:
                    df:e6:01:3c:33:37:db:92:70:f6:4e:05:ff:6e:38:
                    78:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:1C:4C:79:DE:9C:FF:10:52:A9:90:8C:01:EF:B1:1B:14:5A:7B:A8
            X509v3 Authority Key Identifier:
                keyid:A8:B3:EB:44:3C:06:A3:DC:C0:88:E2:CA:A0:5C:E0:9C:F8:D4:E7:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qLPrRDwGo9zAiOLKoFzgnPjU56Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6bda82-a2e1-45c9-a181-313de4892b8d/1/fxxMed6c_xBSqZCMAe-xGxRae6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6bda82-a2e1-45c9-a181-313de4892b8d/1/qLPrRDwGo9zAiOLKoFzgnPjU56Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:06:e8:bf:fc:ca:09:23:6c:14:05:b2:c5:e8:5a:af:7c:51:
         43:d8:ae:82:f7:d0:d7:6e:f6:c5:30:db:8e:ed:17:d8:ca:2a:
         0f:41:ba:90:09:17:90:2a:0d:2a:d7:90:da:4a:f1:c6:5f:2b:
         76:eb:7c:c1:07:93:a5:5b:31:1d:65:c2:4f:b0:f6:35:37:2b:
         c6:2a:cb:f8:a8:c8:97:6f:47:ea:3c:0f:ee:7e:f3:37:69:e5:
         63:26:cd:c3:38:96:a3:4b:12:1a:fa:ef:e7:9f:05:6b:c8:51:
         88:af:24:8e:84:e7:bc:32:8b:b8:4e:df:8e:bf:00:41:8b:d8:
         27:55:39:00:79:b2:09:67:72:a5:2e:fc:11:e0:e5:36:ec:c7:
         d1:b8:4b:61:18:55:74:7e:77:b2:60:68:b7:e6:ea:c0:95:0a:
         c8:5f:a3:da:99:c7:01:52:ec:23:1a:0b:d0:78:14:ff:67:d2:
         1b:ed:8e:15:bc:77:69:4e:cb:03:13:35:8a:5c:2f:22:ff:7d:
         9c:fa:3b:75:bd:d7:78:06:1a:54:24:15:1d:36:f3:53:e2:7b:
         67:9b:e0:68:ae:02:c2:6c:80:7f:08:03:5f:c7:7e:72:e4:58:
         94:39:f4:82:38:e6:0b:ed:9e:e4:22:d6:0c:20:20:c0:26:2d:
         18:d8:24:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZA1phMwerwfb8I1n+9NsKTdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4YjNlYjQ0M2MwNmEzZGNjMDg4ZTJjYWEwNWNlMDljZjhk
NGU3YTYwHhcNMjQwNjIwMTIzNjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjFjNGM3OWRlOWNmZjEwNTJhOTkwOGMwMWVmYjExYjE0NWE3YmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWFy4fWUqfPX8llmzbPvTUWOGgJY
BrNfS3MVkChb7DxkoAMq/zHQXOMCyRkaCVCeWp9/+58/pJZ8dSOMI4keZU+IFOr9
ZNkqGXpEdJUzc+LlozxZuJaBOkSx5leudWZwZqSCJv5zx/TDLl9wCKsA8RZHQFpt
qmF+a7xvbvv1m1ThhfvF4k654tacQcC3EyOXuHFLAchUV/9i/O3zYcUfCrkFBf5b
gQbPWTGhQvSav+LmaKsDEY8fw3j7byp0/XEbCOiLRWVBe/qypdgHJd97cB7c6L2V
FXQe2e3gJ0/NC8DdjLry2EO5binQWLx/eUff5gE8MzfbknD2TgX/bjh4IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8cTHnenP8QUqmQjAHvsRsUWnuoMB8GA1UdIwQY
MBaAFKiz60Q8BqPcwIjiyqBc4Jz41OemMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUxQclJEd0dvOXpBaU9MS29GemduUGpVNTZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82YmRhODItYTJlMS00NWM5LWExODEt
MzEzZGU0ODkyYjhkLzEvZnh4TWVkNmNfeEJTcVpDTUFlLXhHeFJhZTZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82YmRhODItYTJlMS00NWM5LWExODEtMzEzZGU0ODkyYjhk
LzEvcUxQclJEd0dvOXpBaU9MS29GemduUGpVNTZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjjUMA0G
CSqGSIb3DQEBCwUAA4IBAQCtBui//MoJI2wUBbLF6FqvfFFD2K6C99DXbvbFMNuO
7RfYyioPQbqQCReQKg0q15DaSvHGXyt263zBB5OlWzEdZcJPsPY1NyvGKsv4qMiX
b0fqPA/ufvM3aeVjJs3DOJajSxIa+u/nnwVryFGIrySOhOe8Mou4Tt+OvwBBi9gn
VTkAebIJZ3KlLvwR4OU27MfRuEthGFV0fneyYGi35urAlQrIX6PamccBUuwjGgvQ
eBT/Z9Ib7Y4VvHdpTssDEzWKXC8i/32c+jt1vdd4BhpUJBUdNvNT4ntnm+BorgLC
bIB/CANfx35y5FiUOfSCOOYL7Z7kItYMICDAJi0Y2CTy
-----END CERTIFICATE-----