Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/fgx0zPKdnSYj78EKEsgE_owShCE.roa
File:                     fgx0zPKdnSYj78EKEsgE_owShCE.roa (raw, json)
Hash identifier:          A+WHZ/ZJwaBQO6Uq5KzD2xxjqD/bX/xxdp2sx2xACkE=
Subject key identifier:   7E:0C:74:CC:F2:9D:9D:26:23:EF:C1:0A:12:C8:04:FE:8C:12:84:21
Certificate issuer:       /CN=5f99fde0d63b11b5c2dd816c0f93c2ea58350336
Certificate serial:       018CC3491B4129F86AB5B824910E9EA2FB3A
Authority key identifier: 5F:99:FD:E0:D6:3B:11:B5:C2:DD:81:6C:0F:93:C2:EA:58:35:03:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X5n94NY7EbXC3YFsD5PC6lg1AzY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/fgx0zPKdnSYj78EKEsgE_owShCE.roa
Signing time:             Mon 01 Jan 2024 04:29:57 +0000
ROA not before:           Mon 01 Jan 2024 04:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25400
IP address blocks:        185.81.14.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/X5n94NY7EbXC3YFsD5PC6lg1AzY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/X5n94NY7EbXC3YFsD5PC6lg1AzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X5n94NY7EbXC3YFsD5PC6lg1AzY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:1b:41:29:f8:6a:b5:b8:24:91:0e:9e:a2:fb:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f99fde0d63b11b5c2dd816c0f93c2ea58350336
        Validity
            Not Before: Jan  1 04:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e0c74ccf29d9d2623efc10a12c804fe8c128421
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:55:c7:a6:84:53:15:5f:18:57:d2:19:e0:be:
                    20:78:96:d4:31:c2:dd:8c:33:47:2d:d7:53:f3:93:
                    82:31:f7:df:6a:77:e5:e1:e7:0e:6a:4a:da:a5:ca:
                    e6:94:31:b7:4a:38:e1:e9:af:61:a1:28:db:f9:31:
                    51:27:d4:69:bb:fb:df:95:c6:f9:c3:ef:01:5b:4a:
                    19:20:c4:d1:2d:8b:cf:18:8e:cf:c5:ad:02:28:e4:
                    60:d4:ee:a6:08:6a:7b:06:2b:05:d3:94:7c:ea:20:
                    7e:21:fb:8a:65:cf:0d:5f:c4:e0:cd:f1:7b:91:c9:
                    31:c6:86:1b:84:67:a4:80:30:8e:43:76:53:32:d4:
                    26:21:ba:49:11:6b:f2:22:f5:ca:f0:31:23:64:cd:
                    7d:6c:c2:69:d1:8f:f5:62:91:79:03:ce:4e:2a:8f:
                    9e:39:73:3f:3d:10:bb:84:4e:a3:d3:93:65:b5:56:
                    8b:85:6c:d6:94:fa:fb:fe:65:da:2b:c0:6c:b4:37:
                    3b:d4:d7:ca:f4:94:74:0b:2a:b3:0c:cc:4e:fa:81:
                    6e:f7:02:34:b2:8c:5e:2f:f9:23:31:3f:ba:61:2f:
                    e7:41:b8:ed:10:8b:96:50:c7:e0:12:0c:df:38:a1:
                    18:44:ed:ed:78:b2:e0:46:a3:b3:39:0c:b4:a8:49:
                    1b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:0C:74:CC:F2:9D:9D:26:23:EF:C1:0A:12:C8:04:FE:8C:12:84:21
            X509v3 Authority Key Identifier:
                keyid:5F:99:FD:E0:D6:3B:11:B5:C2:DD:81:6C:0F:93:C2:EA:58:35:03:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X5n94NY7EbXC3YFsD5PC6lg1AzY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/fgx0zPKdnSYj78EKEsgE_owShCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/X5n94NY7EbXC3YFsD5PC6lg1AzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:f9:05:a1:61:1b:40:bd:45:0c:3c:92:80:eb:d0:84:93:fd:
         c9:77:b1:c5:70:11:32:13:9c:b1:3c:91:5d:e5:bf:42:9d:44:
         a4:0f:68:f9:9c:4c:4a:7a:2b:8a:2a:41:1d:53:8f:b2:99:ea:
         5f:e7:1e:39:db:66:b4:04:b0:74:01:a3:d1:0f:43:bf:03:10:
         5c:41:03:2e:15:09:73:1b:2e:66:ce:22:61:45:f1:53:3f:49:
         bd:b4:db:18:42:d6:7b:5b:3d:23:a8:64:97:60:2e:1a:b5:6b:
         9f:10:f4:22:70:3f:7a:dc:b0:09:22:c6:4e:0f:e4:12:c2:43:
         9e:76:41:55:dc:e2:58:05:81:be:d5:12:f4:b5:0d:85:ea:34:
         39:6d:82:e0:e0:55:30:c6:5d:00:8a:b4:b7:59:ff:30:ee:08:
         67:53:3a:b3:14:55:1e:da:15:8b:f5:2d:2b:af:1d:36:65:70:
         35:33:c5:04:2b:f9:b5:2e:37:47:94:e8:03:3c:6e:30:43:8c:
         7e:aa:78:94:84:a6:12:b8:09:a4:99:f8:99:21:cb:4f:52:1f:
         c3:43:ee:07:bd:e7:df:62:be:f1:42:77:d2:e3:b7:a4:88:c1:
         aa:29:b4:cc:46:05:6f:cb:f2:39:3b:ed:26:4f:cf:57:10:da:
         9d:77:cc:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSRtBKfhqtbgkkQ6eovs6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmOTlmZGUwZDYzYjExYjVjMmRkODE2YzBmOTNjMmVhNTgz
NTAzMzYwHhcNMjQwMTAxMDQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTBjNzRjY2YyOWQ5ZDI2MjNlZmMxMGExMmM4MDRmZThjMTI4NDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1XHpoRTFV8YV9IZ4L4geJbUMcLd
jDNHLddT85OCMfffanfl4ecOakrapcrmlDG3Sjjh6a9hoSjb+TFRJ9Rpu/vflcb5
w+8BW0oZIMTRLYvPGI7Pxa0CKORg1O6mCGp7BisF05R86iB+IfuKZc8NX8TgzfF7
kckxxoYbhGekgDCOQ3ZTMtQmIbpJEWvyIvXK8DEjZM19bMJp0Y/1YpF5A85OKo+e
OXM/PRC7hE6j05NltVaLhWzWlPr7/mXaK8BstDc71NfK9JR0CyqzDMxO+oFu9wI0
soxeL/kjMT+6YS/nQbjtEIuWUMfgEgzfOKEYRO3teLLgRqOzOQy0qEkbiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH4MdMzynZ0mI+/BChLIBP6MEoQhMB8GA1UdIwQY
MBaAFF+Z/eDWOxG1wt2BbA+TwupYNQM2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDVuOTROWTdFYlhDM1lGc0Q1UEM2bGcxQXpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9mMTE2ZDctODUxOS00OTI0LThkMWQt
NGM3N2Q2MDVhZmVjLzEvZmd4MHpQS2RuU1lqNzhFS0VzZ0Vfb3dTaENFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9mMTE2ZDctODUxOS00OTI0LThkMWQtNGM3N2Q2MDVhZmVj
LzEvWDVuOTROWTdFYlhDM1lGc0Q1UEM2bGcxQXpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVEOMA0G
CSqGSIb3DQEBCwUAA4IBAQB5+QWhYRtAvUUMPJKA69CEk/3Jd7HFcBEyE5yxPJFd
5b9CnUSkD2j5nExKeiuKKkEdU4+ymepf5x4522a0BLB0AaPRD0O/AxBcQQMuFQlz
Gy5mziJhRfFTP0m9tNsYQtZ7Wz0jqGSXYC4atWufEPQicD963LAJIsZOD+QSwkOe
dkFV3OJYBYG+1RL0tQ2F6jQ5bYLg4FUwxl0AirS3Wf8w7ghnUzqzFFUe2hWL9S0r
rx02ZXA1M8UEK/m1LjdHlOgDPG4wQ4x+qniUhKYSuAmkmfiZIctPUh/DQ+4Hveff
Yr7xQnfS47ekiMGqKbTMRgVvy/I5O+0mT89XENqdd8yU
-----END CERTIFICATE-----