Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/67e36c-cd55-4b59-aa12-7442f0e2bd17/1/1-RCqGJ92HDHQUAGJ8DkneJFNOFs.roa
File:                     1-RCqGJ92HDHQUAGJ8DkneJFNOFs.roa (raw, json)
Hash identifier:          C2vFuLXNQhDho2kDMZSP8qYDArH1MXaac5cDgSvBTZ8=
Subject key identifier:   F9:10:AA:18:9F:76:1C:31:D0:50:01:89:F0:39:27:78:91:4D:38:5B
Certificate issuer:       /CN=faf64476ef3945b344ffee38da56caccc5d039b0
Certificate serial:       018CC72735CD091D1F20BB580E46DB9D2154
Authority key identifier: FA:F6:44:76:EF:39:45:B3:44:FF:EE:38:DA:56:CA:CC:C5:D0:39:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-vZEdu85RbNE_-442lbKzMXQObA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/67e36c-cd55-4b59-aa12-7442f0e2bd17/1/1-RCqGJ92HDHQUAGJ8DkneJFNOFs.roa
Signing time:             Mon 01 Jan 2024 22:31:24 +0000
ROA not before:           Mon 01 Jan 2024 22:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208896
IP address blocks:        185.57.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/67e36c-cd55-4b59-aa12-7442f0e2bd17/1/1-vZEdu85RbNE_-442lbKzMXQObA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/67e36c-cd55-4b59-aa12-7442f0e2bd17/1/1-vZEdu85RbNE_-442lbKzMXQObA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-vZEdu85RbNE_-442lbKzMXQObA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:35:cd:09:1d:1f:20:bb:58:0e:46:db:9d:21:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=faf64476ef3945b344ffee38da56caccc5d039b0
        Validity
            Not Before: Jan  1 22:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f910aa189f761c31d0500189f0392778914d385b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:23:db:e4:5d:87:2e:d1:57:b3:b1:c9:11:b2:
                    c3:6f:bc:e0:2a:9e:48:76:4b:66:0a:92:95:19:17:
                    3a:74:20:24:30:76:af:ed:e5:27:15:4a:22:5a:ac:
                    1e:80:fb:c7:bd:31:f9:ad:5e:0c:b2:37:3e:71:ff:
                    e6:8e:a6:4d:57:d0:e3:9c:d6:df:80:bc:d5:0a:4a:
                    ba:1d:02:18:c3:d3:3b:0f:d1:94:c4:5a:be:34:6a:
                    ca:15:66:39:cb:e4:a2:55:c5:75:f7:7e:59:54:5a:
                    b7:2a:a5:9e:9f:5d:63:64:b9:d3:04:f4:d4:31:bf:
                    da:e9:0e:26:f8:bc:8b:61:83:b3:dd:01:d4:34:26:
                    28:83:d3:fa:93:8c:46:7f:a7:87:b3:58:f3:f6:a1:
                    c0:19:28:b8:4d:66:47:69:6f:37:39:ec:e1:d7:3e:
                    16:5b:f7:47:3c:bc:e8:0e:68:c4:0c:98:73:c8:9f:
                    5b:41:89:ac:95:a1:da:f4:2b:59:ec:38:47:9c:a0:
                    7a:ef:0b:15:ad:cc:16:91:64:a8:93:90:03:2f:33:
                    bd:31:df:a5:e6:2b:db:1f:6d:e3:ce:ad:86:a8:a6:
                    16:ab:7c:9b:8b:e6:18:0e:71:b6:2f:ef:f2:5d:ef:
                    fc:41:f2:3a:2f:9b:df:f8:82:51:3a:6b:76:af:f9:
                    e0:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:10:AA:18:9F:76:1C:31:D0:50:01:89:F0:39:27:78:91:4D:38:5B
            X509v3 Authority Key Identifier:
                keyid:FA:F6:44:76:EF:39:45:B3:44:FF:EE:38:DA:56:CA:CC:C5:D0:39:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-vZEdu85RbNE_-442lbKzMXQObA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/67e36c-cd55-4b59-aa12-7442f0e2bd17/1/1-RCqGJ92HDHQUAGJ8DkneJFNOFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/67e36c-cd55-4b59-aa12-7442f0e2bd17/1/1-vZEdu85RbNE_-442lbKzMXQObA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:09:39:ad:cb:d7:3e:0b:11:6a:dd:0c:99:8f:14:c0:61:66:
         f5:17:0d:c3:af:97:e7:0f:90:a3:66:47:4f:9e:97:f7:86:e6:
         c3:80:f8:b0:53:d2:45:24:51:43:b4:e7:41:e9:22:7a:e5:df:
         88:45:f3:ea:5e:75:67:74:38:c8:2b:1f:19:38:c1:83:50:3a:
         62:f4:1c:ef:b9:c6:b6:3c:aa:ab:c1:a7:a0:dd:c9:8b:ee:61:
         6d:17:bd:ac:97:48:63:3b:ed:ef:d1:3c:c1:e3:a8:be:c7:9c:
         22:5b:df:c4:6d:dc:df:02:15:47:24:7f:b8:77:d6:2b:bc:45:
         29:08:24:7b:15:59:78:cd:75:97:33:56:a7:8a:fc:44:89:bb:
         69:c6:67:b0:48:70:47:1c:e2:79:6a:92:25:ea:bd:8e:db:1a:
         db:cd:1f:ef:c6:d2:91:4d:3a:01:bc:39:40:b4:18:bd:09:ff:
         d2:d3:c0:70:16:a7:bb:e9:2c:fd:88:08:63:f0:8b:f5:c8:2d:
         9c:8a:4c:88:0a:a3:e0:24:58:04:b0:a4:ec:d3:f2:67:2c:7a:
         82:d5:25:1e:52:12:87:8c:6a:82:b4:07:7e:6d:91:3a:84:bd:
         a8:d3:43:41:18:9a:c1:13:3b:45:c2:31:6f:bb:ab:df:b9:d2:
         1f:ea:d0:9c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJzXNCR0fILtYDkbbnSFUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZjY0NDc2ZWYzOTQ1YjM0NGZmZWUzOGRhNTZjYWNjYzVk
MDM5YjAwHhcNMjQwMTAxMjIzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTEwYWExODlmNzYxYzMxZDA1MDAxODlmMDM5Mjc3ODkxNGQzODViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSPb5F2HLtFXs7HJEbLDb7zgKp5I
dktmCpKVGRc6dCAkMHav7eUnFUoiWqwegPvHvTH5rV4Msjc+cf/mjqZNV9DjnNbf
gLzVCkq6HQIYw9M7D9GUxFq+NGrKFWY5y+SiVcV1935ZVFq3KqWen11jZLnTBPTU
Mb/a6Q4m+LyLYYOz3QHUNCYog9P6k4xGf6eHs1jz9qHAGSi4TWZHaW83Oezh1z4W
W/dHPLzoDmjEDJhzyJ9bQYmslaHa9CtZ7DhHnKB67wsVrcwWkWSok5ADLzO9Md+l
5ivbH23jzq2GqKYWq3ybi+YYDnG2L+/yXe/8QfI6L5vf+IJROmt2r/ngJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPkQqhifdhwx0FABifA5J3iRTThbMB8GA1UdIwQY
MBaAFPr2RHbvOUWzRP/uONpWyszF0DmwMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS12WkVkdTg1UmJORV8tNDQybGJLek1YUU9iQS5jZXIw
gY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgvNjdlMzZjLWNkNTUtNGI1OS1hYTEy
LTc0NDJmMGUyYmQxNy8xLzEtUkNxR0o5MkhESFFVQUdKOERrbmVKRk5PRnMucm9h
MIGCBgNVHR8EezB5MHegdaBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3Np
dG9yeS9ERUZBVUxULzk4LzY3ZTM2Yy1jZDU1LTRiNTktYWExMi03NDQyZjBlMmJk
MTcvMS8xLXZaRWR1ODVSYk5FXy00NDJsYkt6TVhRT2JBLmNybDAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTmk
MA0GCSqGSIb3DQEBCwUAA4IBAQAyCTmty9c+CxFq3QyZjxTAYWb1Fw3Dr5fnD5Cj
ZkdPnpf3hubDgPiwU9JFJFFDtOdB6SJ65d+IRfPqXnVndDjIKx8ZOMGDUDpi9Bzv
uca2PKqrwaeg3cmL7mFtF72sl0hjO+3v0TzB46i+x5wiW9/EbdzfAhVHJH+4d9Yr
vEUpCCR7FVl4zXWXM1anivxEibtpxmewSHBHHOJ5apIl6r2O2xrbzR/vxtKRTToB
vDlAtBi9Cf/S08BwFqe76Sz9iAhj8Iv1yC2cikyICqPgJFgEsKTs0/JnLHqC1SUe
UhKHjGqCtAd+bZE6hL2o00NBGJrBEztFwjFvu6vfudIf6tCc
-----END CERTIFICATE-----