Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/b7be64-86d4-443b-9686-f66317977968/1/fKVzQRt_5xZx3CmrO_f2gIStbTo.roa
File:                     fKVzQRt_5xZx3CmrO_f2gIStbTo.roa (raw, json)
Hash identifier:          60bDrRN1Bk1SskqcuD9E5MKNXpCL9mQAzUTa6IPmErU=
Subject key identifier:   7C:A5:73:41:1B:7F:E7:16:71:DC:29:AB:3B:F7:F6:80:84:AD:6D:3A
Certificate issuer:       /CN=84bfc451fc4f2411addd00a9fbb17346ad6e8996
Certificate serial:       018CC649E8D96C2D888ABFC34C6D148C8AD3
Authority key identifier: 84:BF:C4:51:FC:4F:24:11:AD:DD:00:A9:FB:B1:73:46:AD:6E:89:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hL_EUfxPJBGt3QCp-7FzRq1uiZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/b7be64-86d4-443b-9686-f66317977968/1/fKVzQRt_5xZx3CmrO_f2gIStbTo.roa
Signing time:             Mon 01 Jan 2024 18:29:41 +0000
ROA not before:           Mon 01 Jan 2024 18:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39647
IP address blocks:        193.164.216.0/23 maxlen: 23
                          185.160.74.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/b7be64-86d4-443b-9686-f66317977968/1/hL_EUfxPJBGt3QCp-7FzRq1uiZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/b7be64-86d4-443b-9686-f66317977968/1/hL_EUfxPJBGt3QCp-7FzRq1uiZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hL_EUfxPJBGt3QCp-7FzRq1uiZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:e8:d9:6c:2d:88:8a:bf:c3:4c:6d:14:8c:8a:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84bfc451fc4f2411addd00a9fbb17346ad6e8996
        Validity
            Not Before: Jan  1 18:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ca573411b7fe71671dc29ab3bf7f68084ad6d3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:3f:bb:4e:f3:bc:83:05:b8:96:fc:1c:ea:ab:
                    47:52:a5:8b:63:66:ea:55:73:97:61:ed:f9:ac:22:
                    f4:fd:7b:ac:1d:31:3f:dd:f4:3d:9c:ae:47:31:4d:
                    55:3f:96:be:00:86:8c:a8:b5:6a:64:dc:35:e5:ed:
                    3b:6f:e8:4d:a0:0d:a3:66:74:d1:35:75:66:eb:7c:
                    9d:fb:50:e0:56:40:05:f5:64:76:06:e7:21:7f:fc:
                    3f:19:06:56:e7:aa:0c:30:27:fe:17:77:f4:f9:03:
                    41:5e:74:58:6e:dc:70:fb:d1:1c:42:c7:be:be:a8:
                    3e:d5:3e:47:25:da:16:a8:1c:ca:47:77:c2:a3:eb:
                    38:9c:2f:1a:c3:75:f6:53:7c:f4:b9:06:00:5c:36:
                    23:ad:82:32:33:67:58:13:fa:5a:dc:2b:0f:d5:7a:
                    66:98:09:23:c1:fe:ba:c9:d3:ed:70:88:dd:3a:04:
                    27:91:01:44:01:6e:e9:13:57:01:a4:8c:25:28:27:
                    02:e4:3c:98:20:13:03:a1:fe:7b:f0:a2:bb:69:07:
                    5f:3d:c3:ea:a7:71:f3:fc:03:ce:23:6b:ca:af:ee:
                    78:9d:d3:5f:c5:47:eb:dd:2c:63:a0:c8:3c:be:04:
                    6d:7d:28:ac:b7:ce:2d:a7:ce:9d:37:71:fe:03:2f:
                    d8:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:A5:73:41:1B:7F:E7:16:71:DC:29:AB:3B:F7:F6:80:84:AD:6D:3A
            X509v3 Authority Key Identifier:
                keyid:84:BF:C4:51:FC:4F:24:11:AD:DD:00:A9:FB:B1:73:46:AD:6E:89:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hL_EUfxPJBGt3QCp-7FzRq1uiZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/b7be64-86d4-443b-9686-f66317977968/1/fKVzQRt_5xZx3CmrO_f2gIStbTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/b7be64-86d4-443b-9686-f66317977968/1/hL_EUfxPJBGt3QCp-7FzRq1uiZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.74.0/23
                  193.164.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:37:e7:1a:b4:d6:7e:db:4a:e8:65:9c:8c:03:61:bd:01:bc:
         ab:1f:88:49:4d:1c:18:18:5e:25:eb:db:ca:53:d7:2e:b1:3d:
         06:67:5b:8f:d1:66:69:83:c5:64:37:eb:29:e6:c7:6a:ed:a2:
         a6:95:5c:db:b1:fa:94:49:3e:c0:9e:fe:d8:9d:5b:5d:8e:e5:
         26:36:fd:96:b8:52:9e:0a:a4:17:6d:38:c0:43:95:a1:53:69:
         c3:e2:e5:6b:1e:8f:36:d2:f7:d6:18:90:40:a8:f9:83:ef:50:
         97:b8:18:ef:92:dd:c6:d8:a9:6f:e1:57:53:51:4a:f2:4d:44:
         79:e4:f1:c2:0d:0b:81:60:84:ec:07:5c:91:4c:99:9b:fb:ae:
         cc:43:d1:e6:53:dc:25:33:64:6d:10:7d:bb:e5:d7:6f:90:c1:
         7c:25:9d:d8:1f:8f:c4:24:24:b8:52:38:48:42:d8:e1:09:e6:
         cd:c6:e2:3a:0f:84:b9:77:8f:0d:0e:0e:2b:15:33:fe:ce:dc:
         18:39:6c:3f:e0:96:57:ae:85:bd:86:d0:ab:bb:7f:ef:ad:df:
         49:ce:d6:f7:69:18:14:8a:75:f3:94:2a:5c:b4:ee:5e:16:bc:
         c2:bc:b8:fc:b7:97:00:21:f7:1e:4e:f2:19:b9:c9:ca:37:9f:
         fb:e6:04:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSejZbC2Iir/DTG0UjIrTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YmZjNDUxZmM0ZjI0MTFhZGRkMDBhOWZiYjE3MzQ2YWQ2
ZTg5OTYwHhcNMjQwMTAxMTgyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2E1NzM0MTFiN2ZlNzE2NzFkYzI5YWIzYmY3ZjY4MDg0YWQ2ZDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsD+7TvO8gwW4lvwc6qtHUqWLY2bq
VXOXYe35rCL0/XusHTE/3fQ9nK5HMU1VP5a+AIaMqLVqZNw15e07b+hNoA2jZnTR
NXVm63yd+1DgVkAF9WR2Buchf/w/GQZW56oMMCf+F3f0+QNBXnRYbtxw+9EcQse+
vqg+1T5HJdoWqBzKR3fCo+s4nC8aw3X2U3z0uQYAXDYjrYIyM2dYE/pa3CsP1Xpm
mAkjwf66ydPtcIjdOgQnkQFEAW7pE1cBpIwlKCcC5DyYIBMDof578KK7aQdfPcPq
p3Hz/APOI2vKr+54ndNfxUfr3SxjoMg8vgRtfSist84tp86dN3H+Ay/YrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHylc0Ebf+cWcdwpqzv39oCErW06MB8GA1UdIwQY
MBaAFIS/xFH8TyQRrd0Aqfuxc0atbomWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExfRVVmeFBKQkd0M1FDcC03RnpScTF1aVpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9iN2JlNjQtODZkNC00NDNiLTk2ODYt
ZjY2MzE3OTc3OTY4LzEvZktWelFSdF81eFp4M0Ntck9fZjJnSVN0YlRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9iN2JlNjQtODZkNC00NDNiLTk2ODYtZjY2MzE3OTc3OTY4
LzEvaExfRVVmeFBKQkd0M1FDcC03RnpScTF1aVpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuaBKAwQB
waTYMA0GCSqGSIb3DQEBCwUAA4IBAQArN+catNZ+20roZZyMA2G9AbyrH4hJTRwY
GF4l69vKU9cusT0GZ1uP0WZpg8VkN+sp5sdq7aKmlVzbsfqUST7Anv7YnVtdjuUm
Nv2WuFKeCqQXbTjAQ5WhU2nD4uVrHo820vfWGJBAqPmD71CXuBjvkt3G2Klv4VdT
UUryTUR55PHCDQuBYITsB1yRTJmb+67MQ9HmU9wlM2RtEH275ddvkMF8JZ3YH4/E
JCS4UjhIQtjhCebNxuI6D4S5d48NDg4rFTP+ztwYOWw/4JZXroW9htCru3/vrd9J
ztb3aRgUinXzlCpctO5eFrzCvLj8t5cAIfceTvIZucnKN5/75gQv
-----END CERTIFICATE-----