Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/fPkUlM10HdenIbz-4UarZNI0zVw.roa
File:                     fPkUlM10HdenIbz-4UarZNI0zVw.roa (raw, json)
Hash identifier:          YSGgPzsusSZwFwzPhGTMehx0nsGiu8yxsdihONVOyuU=
Subject key identifier:   7C:F9:14:94:CD:74:1D:D7:A7:21:BC:FE:E1:46:AB:64:D2:34:CD:5C
Certificate issuer:       /CN=fa2e72abf7b1728fda6aa0b0413d8854812ea361
Certificate serial:       019445A4DA4B352ED7416B693349F7C111A9
Authority key identifier: FA:2E:72:AB:F7:B1:72:8F:DA:6A:A0:B0:41:3D:88:54:81:2E:A3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-i5yq_exco_aaqCwQT2IVIEuo2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/fPkUlM10HdenIbz-4UarZNI0zVw.roa
Signing time:             Wed 08 Jan 2025 11:20:19 +0000
ROA not before:           Wed 08 Jan 2025 11:20:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43541
IP address blocks:        185.231.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/1-i5yq_exco_aaqCwQT2IVIEuo2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/1-i5yq_exco_aaqCwQT2IVIEuo2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-i5yq_exco_aaqCwQT2IVIEuo2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:45:a4:da:4b:35:2e:d7:41:6b:69:33:49:f7:c1:11:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa2e72abf7b1728fda6aa0b0413d8854812ea361
        Validity
            Not Before: Jan  8 11:20:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7cf91494cd741dd7a721bcfee146ab64d234cd5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:cd:e2:cb:8c:db:cf:84:83:be:5a:bd:e8:78:
                    f7:53:f8:b7:2b:31:dc:1d:af:da:66:e4:4b:86:11:
                    13:f7:26:c3:50:eb:a6:a7:c7:79:1d:c4:8a:14:63:
                    62:61:fe:2b:f9:0b:7e:b8:55:00:c1:c6:48:f9:88:
                    b9:b7:11:cc:d7:05:b1:80:5e:f0:44:7d:3d:5c:df:
                    73:93:17:be:13:ec:22:04:73:e2:3a:63:9f:2b:55:
                    69:49:57:2d:1a:ee:5c:dc:a9:3b:7a:23:ca:04:8a:
                    ab:f7:c8:3c:c2:74:85:cd:29:6f:0e:6d:d1:ce:ce:
                    55:79:89:7a:9e:16:4a:e1:64:d8:37:b3:a1:59:91:
                    7f:a2:8b:e7:81:fc:69:5e:2e:d7:85:5e:54:90:f5:
                    10:e8:ee:d3:7c:5e:36:1f:08:b0:7b:f1:f8:ac:82:
                    7f:9e:f4:8c:b1:23:b0:7b:91:ca:d9:4a:ee:e5:15:
                    bc:f3:d1:d5:57:42:ce:2a:03:25:ab:d7:1f:4c:aa:
                    89:09:c9:61:ec:55:3a:3d:2b:27:8b:4d:0e:30:43:
                    7d:c5:b6:82:c2:1c:dd:86:a1:cf:97:64:d7:b2:d0:
                    45:8e:7b:04:26:0d:5d:dd:fe:0b:ff:bc:08:68:81:
                    ba:00:43:33:18:13:b6:60:63:8c:df:3f:c2:fe:63:
                    86:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:F9:14:94:CD:74:1D:D7:A7:21:BC:FE:E1:46:AB:64:D2:34:CD:5C
            X509v3 Authority Key Identifier:
                keyid:FA:2E:72:AB:F7:B1:72:8F:DA:6A:A0:B0:41:3D:88:54:81:2E:A3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-i5yq_exco_aaqCwQT2IVIEuo2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/fPkUlM10HdenIbz-4UarZNI0zVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/1-i5yq_exco_aaqCwQT2IVIEuo2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:e1:4c:af:e4:5d:94:ba:cb:70:9d:da:39:45:42:b2:28:88:
         4b:ad:40:9e:4c:95:b3:21:1f:8f:c3:43:61:95:60:f2:8b:4e:
         30:43:7d:c8:72:bf:8b:23:48:41:8e:d9:42:b5:38:14:0e:39:
         55:3d:9e:bf:1c:5b:db:84:3c:0d:b7:e7:a5:7f:11:79:c6:06:
         e9:c2:d7:8b:73:de:51:00:39:59:47:88:57:7c:01:d3:c6:e2:
         47:a9:9b:3b:79:e7:b8:36:f8:46:ad:cf:0b:b6:c0:cd:45:0f:
         6e:e8:6b:2e:99:9e:a6:8c:6b:9c:e2:9d:dd:e9:ea:ee:28:f0:
         37:a9:97:4e:bb:65:28:cf:0d:2e:0d:94:45:a2:3d:ea:ed:2c:
         1d:e2:58:68:f2:05:bc:87:ee:df:27:0f:94:88:48:c9:aa:b7:
         72:76:68:36:04:c8:e3:7d:3d:ef:15:d9:a3:93:2c:d4:db:d5:
         11:e3:7c:8f:e9:15:bd:0f:1f:85:15:17:0d:23:b7:d5:7f:c5:
         dd:b2:ab:0c:fa:0f:ab:1a:f2:06:84:4a:b0:7e:1a:cc:4c:30:
         58:6c:9c:55:48:bd:76:c1:78:d3:62:b0:22:11:92:96:12:4c:
         5c:bc:f8:96:a7:2f:65:19:3d:f7:33:a4:4e:94:38:f8:a3:79:
         5d:62:03:47
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZRFpNpLNS7XQWtpM0n3wRGpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMmU3MmFiZjdiMTcyOGZkYTZhYTBiMDQxM2Q4ODU0ODEy
ZWEzNjEwHhcNMjUwMTA4MTEyMDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2Y5MTQ5NGNkNzQxZGQ3YTcyMWJjZmVlMTQ2YWI2NGQyMzRjZDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxM3iy4zbz4SDvlq96Hj3U/i3KzHc
Ha/aZuRLhhET9ybDUOump8d5HcSKFGNiYf4r+Qt+uFUAwcZI+Yi5txHM1wWxgF7w
RH09XN9zkxe+E+wiBHPiOmOfK1VpSVctGu5c3Kk7eiPKBIqr98g8wnSFzSlvDm3R
zs5VeYl6nhZK4WTYN7OhWZF/oovngfxpXi7XhV5UkPUQ6O7TfF42Hwiwe/H4rIJ/
nvSMsSOwe5HK2Uru5RW889HVV0LOKgMlq9cfTKqJCclh7FU6PSsni00OMEN9xbaC
whzdhqHPl2TXstBFjnsEJg1d3f4L/7wIaIG6AEMzGBO2YGOM3z/C/mOGvwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHz5FJTNdB3XpyG8/uFGq2TSNM1cMB8GA1UdIwQY
MBaAFPoucqv3sXKP2mqgsEE9iFSBLqNhMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1pNXlxX2V4Y29fYWFxQ3dRVDJJVklFdW8yRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWMvZjYxNTkxLTdjYTgtNGE5YS04OTlm
LWEzNjZkYTI1MWE4My8xL2ZQa1VsTTEwSGRlbkliei00VWFyWk5JMHpWdy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWMvZjYxNTkxLTdjYTgtNGE5YS04OTlmLWEzNjZkYTI1MWE4
My8xLzEtaTV5cV9leGNvX2FhcUN3UVQySVZJRXVvMkUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5598w
DQYJKoZIhvcNAQELBQADggEBADLhTK/kXZS6y3Cd2jlFQrIoiEutQJ5MlbMhH4/D
Q2GVYPKLTjBDfchyv4sjSEGO2UK1OBQOOVU9nr8cW9uEPA2356V/EXnGBunC14tz
3lEAOVlHiFd8AdPG4kepmzt557g2+Eatzwu2wM1FD27oay6ZnqaMa5zind3p6u4o
8Depl067ZSjPDS4NlEWiPertLB3iWGjyBbyH7t8nD5SISMmqt3J2aDYEyON9Pe8V
2aOTLNTb1RHjfI/pFb0PH4UVFw0jt9V/xd2yqwz6D6sa8gaESrB+GsxMMFhsnFVI
vXbBeNNisCIRkpYSTFy8+JanL2UZPfczpE6UOPijeV1iA0c=
-----END CERTIFICATE-----