Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/fbbdfa-dcfa-4ded-97a1-4e3807a38158/1/_GRGndfY-8qwiMy33ZkHUZfMhBM.roa
File:                     _GRGndfY-8qwiMy33ZkHUZfMhBM.roa (raw, json)
Hash identifier:          UcqRa69NORg9mIKl4ZUgMw5nXJ7SMgHAbomdRf7mIGA=
Subject key identifier:   FC:64:46:9D:D7:D8:FB:CA:B0:88:CC:B7:DD:99:07:51:97:CC:84:13
Certificate issuer:       /CN=1740132e505f78bad0112f91b55986879535cac0
Certificate serial:       018CC64A67C692D3904F592289A17A90BF61
Authority key identifier: 17:40:13:2E:50:5F:78:BA:D0:11:2F:91:B5:59:86:87:95:35:CA:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F0ATLlBfeLrQES-RtVmGh5U1ysA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/fbbdfa-dcfa-4ded-97a1-4e3807a38158/1/_GRGndfY-8qwiMy33ZkHUZfMhBM.roa
Signing time:             Mon 01 Jan 2024 18:30:14 +0000
ROA not before:           Mon 01 Jan 2024 18:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51236
IP address blocks:        185.140.248.0/24 maxlen: 24
                          2a13:1080::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/fbbdfa-dcfa-4ded-97a1-4e3807a38158/1/F0ATLlBfeLrQES-RtVmGh5U1ysA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/fbbdfa-dcfa-4ded-97a1-4e3807a38158/1/F0ATLlBfeLrQES-RtVmGh5U1ysA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F0ATLlBfeLrQES-RtVmGh5U1ysA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:67:c6:92:d3:90:4f:59:22:89:a1:7a:90:bf:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1740132e505f78bad0112f91b55986879535cac0
        Validity
            Not Before: Jan  1 18:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc64469dd7d8fbcab088ccb7dd99075197cc8413
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:98:45:fe:2f:d6:3c:4b:3a:5e:d0:e4:cd:ac:
                    45:d8:c6:75:47:16:57:e5:38:d2:26:14:20:47:98:
                    95:eb:34:22:25:92:32:67:05:d1:b1:03:d0:4c:17:
                    9f:e0:ae:b2:3d:fc:c6:5d:60:a1:c4:07:6f:31:b1:
                    2c:41:0b:ee:c5:8c:16:19:ad:89:a6:ae:ff:39:79:
                    56:50:c8:ae:cf:2a:84:00:e7:ce:cf:bb:0f:63:1f:
                    9f:bd:61:bb:77:47:2a:e6:de:e6:41:74:77:90:4a:
                    a9:f4:fa:e7:a2:05:06:23:ff:74:7a:8f:73:01:a3:
                    b3:c0:67:d5:78:93:e5:65:cf:99:36:6e:a0:22:48:
                    55:58:4e:45:73:63:61:22:ad:6b:29:88:b2:11:fc:
                    9f:89:22:76:bb:0d:54:fa:e4:04:46:b7:21:48:95:
                    57:eb:50:d7:36:5a:94:ba:49:10:c4:78:66:0a:72:
                    e6:8f:bf:df:82:02:b6:00:18:31:13:96:05:ac:15:
                    b0:f0:77:ac:40:f7:8c:e6:8a:8d:36:57:fc:4e:91:
                    60:61:4b:55:9b:4f:2b:49:4b:f7:04:45:a3:d3:41:
                    07:89:36:5a:6e:9b:18:3b:67:03:9b:8d:85:47:56:
                    33:c1:fb:13:a9:18:5b:a4:02:73:5c:48:e4:69:ec:
                    e7:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:64:46:9D:D7:D8:FB:CA:B0:88:CC:B7:DD:99:07:51:97:CC:84:13
            X509v3 Authority Key Identifier:
                keyid:17:40:13:2E:50:5F:78:BA:D0:11:2F:91:B5:59:86:87:95:35:CA:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F0ATLlBfeLrQES-RtVmGh5U1ysA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/fbbdfa-dcfa-4ded-97a1-4e3807a38158/1/_GRGndfY-8qwiMy33ZkHUZfMhBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/fbbdfa-dcfa-4ded-97a1-4e3807a38158/1/F0ATLlBfeLrQES-RtVmGh5U1ysA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.248.0/24
                IPv6:
                  2a13:1080::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:87:6a:a2:ac:04:f2:3a:1b:12:12:0f:6d:cf:e5:5c:95:6e:
         ab:5f:ed:a3:0b:bf:33:bf:16:0d:17:59:18:35:63:3d:ae:b9:
         37:93:04:88:48:74:d9:01:01:ab:20:64:5c:d2:48:3f:cc:a3:
         d4:e7:3f:61:73:91:51:b6:bb:56:b7:c2:fa:0b:4c:2e:2d:2a:
         80:c5:41:af:1a:98:b9:e1:be:31:e3:44:f5:df:a5:ff:b2:34:
         dd:05:4c:37:e2:c7:4a:8b:9a:b4:c1:4f:3e:88:67:fa:8f:d8:
         f3:ac:59:78:90:ce:07:3b:d0:37:a1:f7:cc:43:e5:b2:36:fd:
         fd:a9:2c:dc:1b:16:07:03:09:8a:1d:45:cf:65:7c:1e:65:d3:
         ca:a7:03:21:71:01:bf:47:58:a5:25:b9:76:a5:6b:d2:92:04:
         57:a6:38:54:0a:30:02:86:de:b7:f9:0a:94:d3:b3:6d:49:be:
         6a:18:b3:0b:91:1a:b9:e7:48:4b:96:b5:ef:25:9d:75:c6:89:
         1a:47:61:98:86:0c:57:ab:10:b2:34:e7:b8:9e:f2:e0:07:f2:
         f2:d2:cc:bd:5d:7c:d1:0e:97:87:63:a1:d2:be:24:b5:9b:19:
         94:9e:9b:ee:b3:64:0e:cd:12:8d:bf:77:3f:4b:a8:2c:be:51:
         2f:35:24:d6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSmfGktOQT1kiiaF6kL9hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NDAxMzJlNTA1Zjc4YmFkMDExMmY5MWI1NTk4Njg3OTUz
NWNhYzAwHhcNMjQwMTAxMTgzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzY0NDY5ZGQ3ZDhmYmNhYjA4OGNjYjdkZDk5MDc1MTk3Y2M4NDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZhF/i/WPEs6XtDkzaxF2MZ1RxZX
5TjSJhQgR5iV6zQiJZIyZwXRsQPQTBef4K6yPfzGXWChxAdvMbEsQQvuxYwWGa2J
pq7/OXlWUMiuzyqEAOfOz7sPYx+fvWG7d0cq5t7mQXR3kEqp9PrnogUGI/90eo9z
AaOzwGfVeJPlZc+ZNm6gIkhVWE5Fc2NhIq1rKYiyEfyfiSJ2uw1U+uQERrchSJVX
61DXNlqUukkQxHhmCnLmj7/fggK2ABgxE5YFrBWw8HesQPeM5oqNNlf8TpFgYUtV
m08rSUv3BEWj00EHiTZabpsYO2cDm42FR1YzwfsTqRhbpAJzXEjkaeznVwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPxkRp3X2PvKsIjMt92ZB1GXzIQTMB8GA1UdIwQY
MBaAFBdAEy5QX3i60BEvkbVZhoeVNcrAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjBBVExsQmZlTHJRRVMtUnRWbUdoNVUxeXNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9mYmJkZmEtZGNmYS00ZGVkLTk3YTEt
NGUzODA3YTM4MTU4LzEvX0dSR25kZlktOHF3aU15MzNaa0hVWmZNaEJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9mYmJkZmEtZGNmYS00ZGVkLTk3YTEtNGUzODA3YTM4MTU4
LzEvRjBBVExsQmZlTHJRRVMtUnRWbUdoNVUxeXNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuYz4MA0E
AgACMAcDBQMqExCAMA0GCSqGSIb3DQEBCwUAA4IBAQARh2qirATyOhsSEg9tz+Vc
lW6rX+2jC78zvxYNF1kYNWM9rrk3kwSISHTZAQGrIGRc0kg/zKPU5z9hc5FRtrtW
t8L6C0wuLSqAxUGvGpi54b4x40T136X/sjTdBUw34sdKi5q0wU8+iGf6j9jzrFl4
kM4HO9A3offMQ+WyNv39qSzcGxYHAwmKHUXPZXweZdPKpwMhcQG/R1ilJbl2pWvS
kgRXpjhUCjACht63+QqU07NtSb5qGLMLkRq550hLlrXvJZ11xokaR2GYhgxXqxCy
NOe4nvLgB/Ly0sy9XXzRDpeHY6HSviS1mxmUnpvus2QOzRKNv3c/S6gsvlEvNSTW
-----END CERTIFICATE-----