Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/F_aEh5fiZmwP_Ab1vB3nZAIr3qM.roa
File:                     F_aEh5fiZmwP_Ab1vB3nZAIr3qM.roa (raw, json)
Hash identifier:          D+J48d5ngLGUEIS3LjR/DLLqOdyVovrnqOzYCvPj7mc=
Subject key identifier:   17:F6:84:87:97:E2:66:6C:0F:FC:06:F5:BC:1D:E7:64:02:2B:DE:A3
Certificate issuer:       /CN=126c660b30f5692b2b16e289b24901c518fda520
Certificate serial:       018CC79587B3FB787B0DC15F76D14199F44F
Authority key identifier: 12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/F_aEh5fiZmwP_Ab1vB3nZAIr3qM.roa
Signing time:             Tue 02 Jan 2024 00:31:54 +0000
ROA not before:           Tue 02 Jan 2024 00:31:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213019
IP address blocks:        194.39.71.0/24 maxlen: 24
                          194.39.69.0/24 maxlen: 24
                          194.39.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:87:b3:fb:78:7b:0d:c1:5f:76:d1:41:99:f4:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=126c660b30f5692b2b16e289b24901c518fda520
        Validity
            Not Before: Jan  2 00:31:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17f6848797e2666c0ffc06f5bc1de764022bdea3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3b:2b:79:da:ac:dd:eb:2f:72:88:ec:6f:dd:
                    23:a3:fc:6c:e9:a5:0a:cc:ff:4f:bf:2b:e1:bc:ec:
                    56:98:7f:50:77:23:71:d8:08:2a:a0:77:09:fd:b2:
                    66:0d:4e:74:ce:b3:1e:21:e7:d9:92:b6:54:69:aa:
                    ed:e2:4b:07:ea:b0:69:c0:64:72:17:70:e0:10:3b:
                    87:d7:c1:47:f5:1f:19:79:4b:de:9f:11:d0:f4:ec:
                    01:5d:07:e2:87:88:9c:ac:aa:71:c6:a4:ea:3e:d6:
                    71:fa:72:d9:8a:84:67:b3:07:6d:e2:14:db:4e:45:
                    36:f5:d5:38:bc:3a:74:c4:32:c4:96:e0:e8:00:07:
                    9f:33:82:ca:ec:4f:74:2f:4c:67:e8:19:71:a0:81:
                    53:aa:2c:77:7b:58:f2:5d:79:57:e8:52:d5:c8:79:
                    d9:44:d2:37:0e:14:40:92:cb:b2:98:b3:1e:5f:f9:
                    5c:7f:37:75:75:ac:1f:d0:60:da:28:c7:42:0e:6d:
                    68:03:47:34:6d:f8:5a:fb:2c:20:c4:80:9a:e4:8a:
                    f6:34:a2:32:3b:7a:1b:e7:5a:1a:6d:d5:f9:d9:f8:
                    fe:9a:3e:33:ee:d5:b2:a6:e3:f9:19:eb:70:74:fb:
                    9d:e8:d9:f8:6b:4d:62:77:f7:6c:7f:e3:e2:17:cd:
                    7f:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:F6:84:87:97:E2:66:6C:0F:FC:06:F5:BC:1D:E7:64:02:2B:DE:A3
            X509v3 Authority Key Identifier:
                keyid:12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/F_aEh5fiZmwP_Ab1vB3nZAIr3qM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.69.0-194.39.71.255

    Signature Algorithm: sha256WithRSAEncryption
         c1:77:37:47:4e:24:18:9e:2b:0f:b2:3a:f6:d5:24:0b:9f:f3:
         ab:89:9a:2d:1e:a2:8f:f1:92:a6:35:2f:62:91:c5:1a:f7:af:
         95:f3:dd:72:10:49:74:cf:ba:5e:1f:f3:9b:46:5d:d0:03:8b:
         30:19:d9:45:97:fe:b3:c9:01:9b:c1:1d:f9:eb:96:39:a5:31:
         d0:89:36:4b:40:88:91:b6:33:a2:d6:27:76:3c:2a:7b:c2:a7:
         13:8e:90:4b:70:27:57:91:39:93:f7:1b:32:23:49:66:85:e4:
         6b:c2:dd:a0:58:1d:8c:1f:50:4b:b9:2b:55:7f:d9:c3:a8:4c:
         b0:5b:81:3c:7e:a6:57:eb:4d:0c:c6:fd:8d:aa:5c:e8:27:67:
         eb:d2:9a:87:93:66:1f:6d:12:47:b3:13:a8:c6:37:9d:ba:98:
         11:35:9c:3e:35:f2:70:5a:e4:21:8c:18:37:3b:f3:70:72:bd:
         3e:49:d1:0d:5c:69:a7:b8:ba:13:5b:b9:f4:c1:1c:d8:ad:f1:
         39:ff:e6:e0:96:e7:40:aa:57:4e:f1:5f:9d:b6:a9:0e:64:70:
         15:52:81:65:bd:38:61:1c:27:d3:e4:d6:02:88:93:21:45:1a:
         7d:c8:63:39:5d:6f:59:64:a0:cc:6b:7c:a7:0a:1b:e7:9e:0a:
         3f:5d:0f:72
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlYez+3h7DcFfdtFBmfRPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNmM2NjBiMzBmNTY5MmIyYjE2ZTI4OWIyNDkwMWM1MThm
ZGE1MjAwHhcNMjQwMTAyMDAzMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2Y2ODQ4Nzk3ZTI2NjZjMGZmYzA2ZjViYzFkZTc2NDAyMmJkZWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTsredqs3esvcojsb90jo/xs6aUK
zP9PvyvhvOxWmH9QdyNx2AgqoHcJ/bJmDU50zrMeIefZkrZUaart4ksH6rBpwGRy
F3DgEDuH18FH9R8ZeUvenxHQ9OwBXQfih4icrKpxxqTqPtZx+nLZioRnswdt4hTb
TkU29dU4vDp0xDLEluDoAAefM4LK7E90L0xn6BlxoIFTqix3e1jyXXlX6FLVyHnZ
RNI3DhRAksuymLMeX/lcfzd1dawf0GDaKMdCDm1oA0c0bfha+ywgxICa5Ir2NKIy
O3ob51oabdX52fj+mj4z7tWypuP5GetwdPud6Nn4a01id/dsf+PiF81/FwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBf2hIeX4mZsD/wG9bwd52QCK96jMB8GA1UdIwQY
MBaAFBJsZgsw9WkrKxbiibJJAcUY/aUgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjIt
NDM4YWNiNzJmYzViLzEvRl9hRWg1ZmlabXdQX0FiMXZCM25aQUlyM3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjItNDM4YWNiNzJmYzVi
LzEvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADCJ0UD
BAPCJ0AwDQYJKoZIhvcNAQELBQADggEBAMF3N0dOJBieKw+yOvbVJAuf86uJmi0e
oo/xkqY1L2KRxRr3r5Xz3XIQSXTPul4f85tGXdADizAZ2UWX/rPJAZvBHfnrljml
MdCJNktAiJG2M6LWJ3Y8KnvCpxOOkEtwJ1eROZP3GzIjSWaF5GvC3aBYHYwfUEu5
K1V/2cOoTLBbgTx+plfrTQzG/Y2qXOgnZ+vSmoeTZh9tEkezE6jGN526mBE1nD41
8nBa5CGMGDc783ByvT5J0Q1caae4uhNbufTBHNit8Tn/5uCW50CqV07xX522qQ5k
cBVSgWW9OGEcJ9Pk1gKIkyFFGn3IYzldb1lkoMxrfKcKG+eeCj9dD3I=
-----END CERTIFICATE-----