Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/e7f307-2a48-41e3-9407-d4cf809f7ffd/1/FhhRpDatuNGnSb_n00wtAV-7RfM.roa
File:                     FhhRpDatuNGnSb_n00wtAV-7RfM.roa (raw, json)
Hash identifier:          jojgAk6EIhPJEQxlKUEaNvxURuHnJ69hcdfEG/8Akl8=
Subject key identifier:   16:18:51:A4:36:AD:B8:D1:A7:49:BF:E7:D3:4C:2D:01:5F:BB:45:F3
Certificate issuer:       /CN=73ebf12b57c7cc6b9bbbd161ed31be1649c4ac1c
Certificate serial:       018CC8DE9F14272FC9FA064AD95A61937AE8
Authority key identifier: 73:EB:F1:2B:57:C7:CC:6B:9B:BB:D1:61:ED:31:BE:16:49:C4:AC:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c-vxK1fHzGubu9Fh7TG-FknErBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/e7f307-2a48-41e3-9407-d4cf809f7ffd/1/FhhRpDatuNGnSb_n00wtAV-7RfM.roa
Signing time:             Tue 02 Jan 2024 06:31:21 +0000
ROA not before:           Tue 02 Jan 2024 06:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24904
IP address blocks:        194.147.0.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/e7f307-2a48-41e3-9407-d4cf809f7ffd/1/c-vxK1fHzGubu9Fh7TG-FknErBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/e7f307-2a48-41e3-9407-d4cf809f7ffd/1/c-vxK1fHzGubu9Fh7TG-FknErBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c-vxK1fHzGubu9Fh7TG-FknErBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:9f:14:27:2f:c9:fa:06:4a:d9:5a:61:93:7a:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73ebf12b57c7cc6b9bbbd161ed31be1649c4ac1c
        Validity
            Not Before: Jan  2 06:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=161851a436adb8d1a749bfe7d34c2d015fbb45f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f1:e7:52:97:c0:e3:ff:bf:dd:03:9e:fa:31:
                    36:8d:2a:b7:35:a4:0b:c7:6a:75:f5:78:83:57:0d:
                    b2:28:35:e2:14:94:68:5c:d3:d3:da:7f:63:99:4f:
                    60:91:ce:bf:49:f4:4b:6c:5d:61:83:25:fe:b8:34:
                    2b:65:67:b8:96:d3:ec:7c:6c:57:9e:d7:68:7d:7d:
                    35:a1:71:05:76:b2:14:1b:29:37:94:4b:e7:45:94:
                    65:49:0b:1f:ee:df:86:c1:16:8b:14:30:f2:6a:75:
                    63:a9:78:5f:9d:7f:4a:57:da:99:d3:c6:60:b6:c6:
                    5a:65:7f:7b:7c:22:7f:68:e9:98:b3:cd:39:e1:45:
                    07:fd:25:cd:84:85:b6:72:1d:1f:1b:2d:71:84:8b:
                    9b:53:ae:95:8a:21:3d:82:66:4a:d6:cf:31:56:48:
                    e0:c9:77:b2:31:6a:a5:b9:f7:f5:4f:4b:37:2b:d3:
                    bf:e1:94:4f:86:ca:5e:6b:16:45:21:d0:c1:c9:ca:
                    73:7c:28:6c:9c:72:72:98:9c:69:c8:1f:ea:46:d6:
                    64:9f:76:fb:89:be:5d:46:49:17:c3:18:4f:bb:bf:
                    63:b9:4b:12:2d:7c:c2:91:4a:31:62:da:9a:55:12:
                    1b:5c:df:a5:8a:60:ff:ad:fc:33:70:6e:ef:29:25:
                    1d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:18:51:A4:36:AD:B8:D1:A7:49:BF:E7:D3:4C:2D:01:5F:BB:45:F3
            X509v3 Authority Key Identifier:
                keyid:73:EB:F1:2B:57:C7:CC:6B:9B:BB:D1:61:ED:31:BE:16:49:C4:AC:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c-vxK1fHzGubu9Fh7TG-FknErBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/e7f307-2a48-41e3-9407-d4cf809f7ffd/1/FhhRpDatuNGnSb_n00wtAV-7RfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/e7f307-2a48-41e3-9407-d4cf809f7ffd/1/c-vxK1fHzGubu9Fh7TG-FknErBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:be:d5:0c:53:27:09:c9:2f:f3:43:e9:52:83:f3:1b:c4:0a:
         ed:56:eb:52:4d:a3:0e:97:a0:3c:93:0f:9c:e3:7b:dc:d2:17:
         7d:be:05:42:76:63:4c:3c:99:aa:16:32:e6:22:e4:a7:44:71:
         f7:b6:0a:1a:49:8b:94:47:aa:c6:29:88:01:13:53:90:2c:76:
         33:ec:bd:88:1d:dd:df:0e:4c:c9:89:bc:ec:c6:df:d8:cf:26:
         ae:3e:75:3d:be:ab:4f:3d:d4:de:62:25:78:3d:91:10:9b:17:
         b4:c5:a5:7d:d1:eb:8f:9e:07:4b:7d:a1:60:f4:bb:0a:87:0a:
         b6:18:28:2d:e2:95:f8:20:79:cf:e6:fc:b4:49:64:b2:2c:95:
         5c:f5:ae:fc:4d:7d:d6:8c:4e:74:54:7b:a4:09:3d:4e:c4:a0:
         c9:ea:fd:9e:c0:c0:9c:3a:8f:70:11:b4:9e:08:8c:4d:2e:90:
         9c:59:cf:04:f7:78:ac:d8:eb:ee:81:a3:79:eb:3f:1f:0e:18:
         8d:a2:f6:04:f1:1b:4b:65:8f:e7:32:c8:d3:37:a7:18:7b:27:
         c5:33:c8:e1:c8:d2:89:03:0c:ba:df:f7:c0:db:0d:53:9f:7b:
         d6:dc:a7:33:ec:1d:8e:38:a5:15:fc:27:35:33:9b:4a:8b:83:
         90:61:96:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3p8UJy/J+gZK2Vphk3roMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZWJmMTJiNTdjN2NjNmI5YmJiZDE2MWVkMzFiZTE2NDlj
NGFjMWMwHhcNMjQwMTAyMDYzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjE4NTFhNDM2YWRiOGQxYTc0OWJmZTdkMzRjMmQwMTVmYmI0NWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfHnUpfA4/+/3QOe+jE2jSq3NaQL
x2p19XiDVw2yKDXiFJRoXNPT2n9jmU9gkc6/SfRLbF1hgyX+uDQrZWe4ltPsfGxX
ntdofX01oXEFdrIUGyk3lEvnRZRlSQsf7t+GwRaLFDDyanVjqXhfnX9KV9qZ08Zg
tsZaZX97fCJ/aOmYs8054UUH/SXNhIW2ch0fGy1xhIubU66ViiE9gmZK1s8xVkjg
yXeyMWqluff1T0s3K9O/4ZRPhspeaxZFIdDBycpzfChsnHJymJxpyB/qRtZkn3b7
ib5dRkkXwxhPu79juUsSLXzCkUoxYtqaVRIbXN+limD/rfwzcG7vKSUdywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYYUaQ2rbjRp0m/59NMLQFfu0XzMB8GA1UdIwQY
MBaAFHPr8StXx8xrm7vRYe0xvhZJxKwcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYy12eEsxZkh6R3VidTlGaDdURy1Ga25FckJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9lN2YzMDctMmE0OC00MWUzLTk0MDct
ZDRjZjgwOWY3ZmZkLzEvRmhoUnBEYXR1TkduU2JfbjAwd3RBVi03UmZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9lN2YzMDctMmE0OC00MWUzLTk0MDctZDRjZjgwOWY3ZmZk
LzEvYy12eEsxZkh6R3VidTlGaDdURy1Ga25FckJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwpMAMA0G
CSqGSIb3DQEBCwUAA4IBAQCdvtUMUycJyS/zQ+lSg/MbxArtVutSTaMOl6A8kw+c
43vc0hd9vgVCdmNMPJmqFjLmIuSnRHH3tgoaSYuUR6rGKYgBE1OQLHYz7L2IHd3f
DkzJibzsxt/YzyauPnU9vqtPPdTeYiV4PZEQmxe0xaV90euPngdLfaFg9LsKhwq2
GCgt4pX4IHnP5vy0SWSyLJVc9a78TX3WjE50VHukCT1OxKDJ6v2ewMCcOo9wEbSe
CIxNLpCcWc8E93is2OvugaN56z8fDhiNovYE8RtLZY/nMsjTN6cYeyfFM8jhyNKJ
Awy63/fA2w1Tn3vW3Kcz7B2OOKUV/Cc1M5tKi4OQYZaS
-----END CERTIFICATE-----