Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/9e16c1-310f-410c-b341-41d82329f26d/1/fcKofD_dPImYQBXvq9AiaLMukiE.roa
File:                     fcKofD_dPImYQBXvq9AiaLMukiE.roa (raw, json)
Hash identifier:          VrSglY9IQvsfIElO15u+JhV8JyVy1e/N+3bqpkAinWE=
Subject key identifier:   7D:C2:A8:7C:3F:DD:3C:89:98:40:15:EF:AB:D0:22:68:B3:2E:92:21
Certificate issuer:       /CN=c24d5bd3ceeaab0786ce151a3178dadc107bf280
Certificate serial:       018CC2DAF3CC6E2473B6CCABB87C0901285E
Authority key identifier: C2:4D:5B:D3:CE:EA:AB:07:86:CE:15:1A:31:78:DA:DC:10:7B:F2:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wk1b087qqweGzhUaMXja3BB78oA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/9e16c1-310f-410c-b341-41d82329f26d/1/fcKofD_dPImYQBXvq9AiaLMukiE.roa
Signing time:             Mon 01 Jan 2024 02:29:38 +0000
ROA not before:           Mon 01 Jan 2024 02:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205714
IP address blocks:        86.32.0.0/15 maxlen: 15
                          2a10:5700::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/9e16c1-310f-410c-b341-41d82329f26d/1/wk1b087qqweGzhUaMXja3BB78oA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/9e16c1-310f-410c-b341-41d82329f26d/1/wk1b087qqweGzhUaMXja3BB78oA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wk1b087qqweGzhUaMXja3BB78oA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f3:cc:6e:24:73:b6:cc:ab:b8:7c:09:01:28:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c24d5bd3ceeaab0786ce151a3178dadc107bf280
        Validity
            Not Before: Jan  1 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7dc2a87c3fdd3c89984015efabd02268b32e9221
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:97:80:81:34:61:f1:a1:a3:6d:94:fd:89:84:
                    29:1d:85:b3:37:3b:7a:ba:2a:30:e2:bf:4c:79:66:
                    5e:e8:66:0e:b6:6a:1d:0f:d7:5d:16:94:24:9a:a7:
                    aa:32:ea:a3:e3:7a:ba:0f:c1:51:3e:02:bf:12:c5:
                    93:3e:1d:83:72:b1:66:e7:22:fe:d6:05:6f:32:29:
                    33:4a:e2:9c:2c:5e:35:cf:dd:82:3c:0d:69:08:c3:
                    ad:82:f7:63:49:a0:d2:1c:cc:5c:06:4e:0f:2a:0e:
                    ea:cb:1d:cc:b0:eb:f0:81:40:5b:5c:ce:9d:92:c7:
                    e8:37:b6:64:7a:fc:c0:03:f6:1f:05:e1:5f:7a:ef:
                    99:2f:24:26:72:27:fc:cd:50:02:10:69:29:6b:c8:
                    44:ae:13:e2:ae:e1:8e:fa:44:e7:90:88:5c:6a:dc:
                    50:16:9f:53:20:15:34:52:76:b7:e4:8e:9f:eb:b5:
                    1e:c6:2a:f1:f4:9f:74:a5:73:92:01:5c:7d:de:00:
                    e9:36:0d:0f:f4:4b:d6:03:4d:9d:8c:91:0b:8f:ba:
                    c2:97:c6:39:17:c3:b5:ee:05:8f:37:91:fd:93:54:
                    ec:6d:d6:a1:dc:4b:59:a4:52:e7:e0:34:05:83:aa:
                    28:41:0b:b8:ce:90:ad:d5:a9:2f:fe:cf:1d:53:3b:
                    bf:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:C2:A8:7C:3F:DD:3C:89:98:40:15:EF:AB:D0:22:68:B3:2E:92:21
            X509v3 Authority Key Identifier:
                keyid:C2:4D:5B:D3:CE:EA:AB:07:86:CE:15:1A:31:78:DA:DC:10:7B:F2:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wk1b087qqweGzhUaMXja3BB78oA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/9e16c1-310f-410c-b341-41d82329f26d/1/fcKofD_dPImYQBXvq9AiaLMukiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/9e16c1-310f-410c-b341-41d82329f26d/1/wk1b087qqweGzhUaMXja3BB78oA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.32.0.0/15
                IPv6:
                  2a10:5700::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:60:bb:5b:7f:a1:30:c6:ba:0c:20:b9:c3:b4:34:85:62:04:
         f8:86:65:b8:59:b4:a0:6e:bc:21:1d:53:af:76:5a:fe:14:cf:
         23:72:2b:9e:c4:5d:45:75:c4:05:8b:ca:9f:da:ce:b4:0a:0f:
         e3:6f:98:c0:ec:b6:cf:5b:cc:bd:a1:7d:56:4a:18:28:2e:f8:
         d8:b6:e8:46:43:ff:a0:c9:f6:5d:41:f1:6c:43:83:29:f5:a0:
         e6:8d:5e:de:fb:5d:ef:93:e9:36:2f:72:c7:be:d6:77:44:2f:
         51:d5:29:f1:cb:6e:b5:48:b9:08:80:67:54:a4:f1:7e:c6:86:
         b0:72:86:7b:d7:2b:70:a3:16:61:0b:b7:fb:b4:ab:0c:a6:b9:
         09:93:d5:45:dd:a7:57:84:d2:0a:4b:2a:76:9e:31:4b:64:7d:
         9e:20:ee:1b:51:d3:36:55:46:9a:00:f0:76:24:df:e7:9b:af:
         77:d1:ca:44:f4:d9:b8:bc:74:00:47:dd:b6:aa:01:5b:eb:eb:
         57:1d:c8:ff:c2:42:90:8e:05:22:33:2f:b4:36:d7:0b:fb:6f:
         d8:73:cc:a4:fe:16:e5:f0:88:a2:d4:ff:6d:6e:ec:8f:76:ff:
         fd:46:94:5c:00:6f:2d:cb:9a:82:59:b7:91:1c:8c:29:64:33:
         85:74:34:4a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzC2vPMbiRztsyruHwJASheMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNGQ1YmQzY2VlYWFiMDc4NmNlMTUxYTMxNzhkYWRjMTA3
YmYyODAwHhcNMjQwMTAxMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGMyYTg3YzNmZGQzYzg5OTg0MDE1ZWZhYmQwMjI2OGIzMmU5MjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA15eAgTRh8aGjbZT9iYQpHYWzNzt6
uiow4r9MeWZe6GYOtmodD9ddFpQkmqeqMuqj43q6D8FRPgK/EsWTPh2DcrFm5yL+
1gVvMikzSuKcLF41z92CPA1pCMOtgvdjSaDSHMxcBk4PKg7qyx3MsOvwgUBbXM6d
ksfoN7ZkevzAA/YfBeFfeu+ZLyQmcif8zVACEGkpa8hErhPiruGO+kTnkIhcatxQ
Fp9TIBU0Una35I6f67Uexirx9J90pXOSAVx93gDpNg0P9EvWA02djJELj7rCl8Y5
F8O17gWPN5H9k1Tsbdah3EtZpFLn4DQFg6ooQQu4zpCt1akv/s8dUzu/LQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFH3CqHw/3TyJmEAV76vQImizLpIhMB8GA1UdIwQY
MBaAFMJNW9PO6qsHhs4VGjF42twQe/KAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2sxYjA4N3Fxd2VHemhVYU1YamEzQkI3OG9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS85ZTE2YzEtMzEwZi00MTBjLWIzNDEt
NDFkODIzMjlmMjZkLzEvZmNLb2ZEX2RQSW1ZUUJYdnE5QWlhTE11a2lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS85ZTE2YzEtMzEwZi00MTBjLWIzNDEtNDFkODIzMjlmMjZk
LzEvd2sxYjA4N3Fxd2VHemhVYU1YamEzQkI3OG9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDALBAIAATAFAwMBViAwDQQC
AAIwBwMFAyoQVwAwDQYJKoZIhvcNAQELBQADggEBAHhgu1t/oTDGugwgucO0NIVi
BPiGZbhZtKBuvCEdU692Wv4UzyNyK57EXUV1xAWLyp/azrQKD+NvmMDsts9bzL2h
fVZKGCgu+Ni26EZD/6DJ9l1B8WxDgyn1oOaNXt77Xe+T6TYvcse+1ndEL1HVKfHL
brVIuQiAZ1Sk8X7GhrByhnvXK3CjFmELt/u0qwymuQmT1UXdp1eE0gpLKnaeMUtk
fZ4g7htR0zZVRpoA8HYk3+ebr3fRykT02bi8dABH3baqAVvr61cdyP/CQpCOBSIz
L7Q21wv7b9hzzKT+FuXwiKLU/21u7I92//1GlFwAby3LmoJZt5EcjClkM4V0NEo=
-----END CERTIFICATE-----