Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/_qEGUBs24kp-lFGWWQFL5oR2mao.roa
File:                     _qEGUBs24kp-lFGWWQFL5oR2mao.roa (raw, json)
Hash identifier:          aqKxwzkGdXqTsoFlt3DPbqi2MgvKUJo+TD03kn5Q2ko=
Subject key identifier:   FE:A1:06:50:1B:36:E2:4A:7E:94:51:96:59:01:4B:E6:84:76:99:AA
Certificate issuer:       /CN=fd21cb4baa15862d1b5773bf2be60ca5f4fc24d4
Certificate serial:       018CC3B6A6E9A9493FFA90C26053B8FAED9A
Authority key identifier: FD:21:CB:4B:AA:15:86:2D:1B:57:73:BF:2B:E6:0C:A5:F4:FC:24:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/_qEGUBs24kp-lFGWWQFL5oR2mao.roa
Signing time:             Mon 01 Jan 2024 06:29:36 +0000
ROA not before:           Mon 01 Jan 2024 06:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57698
IP address blocks:        193.84.108.0/24 maxlen: 24
                          2a10:ba80::/31 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a6:e9:a9:49:3f:fa:90:c2:60:53:b8:fa:ed:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd21cb4baa15862d1b5773bf2be60ca5f4fc24d4
        Validity
            Not Before: Jan  1 06:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fea106501b36e24a7e94519659014be6847699aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:90:de:32:6d:2e:a1:7f:ea:2c:a6:e2:e1:6e:
                    84:f1:80:64:6d:ad:c9:f9:4a:18:02:ed:8e:9a:42:
                    86:bc:91:d0:e9:5c:89:ec:40:ee:94:c8:91:3f:a4:
                    ca:ef:04:a7:3a:0a:17:19:50:5e:cb:da:a9:ac:23:
                    e5:b4:d9:35:1f:10:0f:e1:07:8c:90:2d:a1:f1:8b:
                    ff:3e:32:7e:00:ba:e8:50:0f:c6:16:a8:dd:ef:ff:
                    91:65:a8:bf:fb:71:d1:68:f1:53:cf:e2:33:30:2b:
                    f2:cf:e8:c3:f3:f0:2d:6d:cb:a0:65:ff:48:be:cc:
                    e4:c2:55:e2:ba:80:78:7c:0a:bc:61:a5:09:e9:7b:
                    c3:32:13:80:76:98:b5:c0:c7:be:da:7d:ab:05:04:
                    70:ca:d9:6f:19:a9:e8:e0:6a:c0:2c:6e:f2:28:7f:
                    1d:54:72:6d:52:d8:4d:8f:f7:9e:d0:70:83:53:3f:
                    d0:ad:c3:a3:50:ef:7c:f6:0c:95:c7:3d:5d:2c:75:
                    df:cd:1b:da:18:f5:5e:de:a1:41:8f:75:9e:67:92:
                    0e:99:99:c6:0a:8b:c5:e1:23:39:50:6a:67:d6:d1:
                    79:d0:01:51:3f:b1:1d:7a:42:7c:ea:76:31:8f:d5:
                    d7:9f:81:1a:ce:05:4c:a0:ce:7e:f7:2e:bc:c0:c7:
                    cf:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:A1:06:50:1B:36:E2:4A:7E:94:51:96:59:01:4B:E6:84:76:99:AA
            X509v3 Authority Key Identifier:
                keyid:FD:21:CB:4B:AA:15:86:2D:1B:57:73:BF:2B:E6:0C:A5:F4:FC:24:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/_qEGUBs24kp-lFGWWQFL5oR2mao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/326606-14ba-4436-9985-be5520a5c821/1/_SHLS6oVhi0bV3O_K-YMpfT8JNQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.108.0/24
                IPv6:
                  2a10:ba80::/31

    Signature Algorithm: sha256WithRSAEncryption
         ca:3c:74:f9:6f:ec:ae:c7:64:a3:6a:34:d0:2c:10:a2:05:c8:
         3b:f0:0f:e7:3e:b3:98:aa:82:28:b4:ba:67:c6:1f:48:cb:22:
         45:35:e6:ad:58:ec:de:82:1d:4f:83:d7:f9:84:41:a9:77:72:
         3a:8e:01:e9:4a:69:58:b1:aa:78:7e:63:bf:8a:5a:b6:51:dd:
         2c:e6:b8:18:66:f0:65:d3:8a:8a:84:3f:b5:97:5b:ae:d7:04:
         e4:a7:64:19:27:f6:b4:d2:12:60:7f:2f:4e:2b:c5:1e:ac:89:
         a5:7d:ed:e2:55:53:07:8b:b7:d5:f1:bf:5d:4a:09:86:d2:e1:
         44:70:ac:87:d0:74:db:4c:79:d5:00:04:ff:72:4f:ca:0c:fd:
         c3:10:97:34:0f:a7:1f:03:7c:14:96:22:f6:f0:02:53:39:1a:
         44:1d:22:60:c5:aa:83:5e:4a:5f:f5:fa:18:da:69:eb:9d:ef:
         fe:76:59:82:af:7d:e5:bf:12:35:78:f1:d4:fb:27:93:9b:d4:
         4e:d7:e8:d5:af:ce:83:e3:41:c9:31:c3:16:02:a7:f7:09:1b:
         a2:01:c2:8c:3a:b9:8b:d1:79:f9:49:73:27:8d:c7:cf:a8:29:
         5a:3c:9d:fd:97:4c:db:50:42:e0:c3:68:0e:26:8b:c0:cd:72:
         b3:78:1e:93
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtqbpqUk/+pDCYFO4+u2aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMjFjYjRiYWExNTg2MmQxYjU3NzNiZjJiZTYwY2E1ZjRm
YzI0ZDQwHhcNMjQwMTAxMDYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWExMDY1MDFiMzZlMjRhN2U5NDUxOTY1OTAxNGJlNjg0NzY5OWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5DeMm0uoX/qLKbi4W6E8YBkba3J
+UoYAu2OmkKGvJHQ6VyJ7EDulMiRP6TK7wSnOgoXGVBey9qprCPltNk1HxAP4QeM
kC2h8Yv/PjJ+ALroUA/GFqjd7/+RZai/+3HRaPFTz+IzMCvyz+jD8/AtbcugZf9I
vszkwlXiuoB4fAq8YaUJ6XvDMhOAdpi1wMe+2n2rBQRwytlvGano4GrALG7yKH8d
VHJtUthNj/ee0HCDUz/QrcOjUO989gyVxz1dLHXfzRvaGPVe3qFBj3WeZ5IOmZnG
CovF4SM5UGpn1tF50AFRP7EdekJ86nYxj9XXn4EazgVMoM5+9y68wMfPsQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP6hBlAbNuJKfpRRllkBS+aEdpmqMB8GA1UdIwQY
MBaAFP0hy0uqFYYtG1dzvyvmDKX0/CTUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1NITFM2b1ZoaTBiVjNPX0stWU1wZlQ4Sk5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8zMjY2MDYtMTRiYS00NDM2LTk5ODUt
YmU1NTIwYTVjODIxLzEvX3FFR1VCczI0a3AtbEZHV1dRRkw1b1IybWFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8zMjY2MDYtMTRiYS00NDM2LTk5ODUtYmU1NTIwYTVjODIx
LzEvX1NITFM2b1ZoaTBiVjNPX0stWU1wZlQ4Sk5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwVRsMA0E
AgACMAcDBQEqELqAMA0GCSqGSIb3DQEBCwUAA4IBAQDKPHT5b+yux2SjajTQLBCi
Bcg78A/nPrOYqoIotLpnxh9IyyJFNeatWOzegh1Pg9f5hEGpd3I6jgHpSmlYsap4
fmO/ilq2Ud0s5rgYZvBl04qKhD+1l1uu1wTkp2QZJ/a00hJgfy9OK8UerImlfe3i
VVMHi7fV8b9dSgmG0uFEcKyH0HTbTHnVAAT/ck/KDP3DEJc0D6cfA3wUliL28AJT
ORpEHSJgxaqDXkpf9foY2mnrne/+dlmCr33lvxI1ePHU+yeTm9RO1+jVr86D40HJ
McMWAqf3CRuiAcKMOrmL0Xn5SXMnjcfPqClaPJ39l0zbUELgw2gOJovAzXKzeB6T
-----END CERTIFICATE-----