Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/01a421-bdbf-43e0-8aeb-2c48cb298646/1/5FivppEAi4kkxR-0FWjgL3bLBPU.roa
File:                     5FivppEAi4kkxR-0FWjgL3bLBPU.roa (raw, json)
Hash identifier:          U7VfQQX0QYEg1AfAbtSFSWJEmYgGS2p1dXEVxObqVuo=
Subject key identifier:   E4:58:AF:A6:91:00:8B:89:24:C5:1F:B4:15:68:E0:2F:76:CB:04:F5
Certificate issuer:       /CN=fcb6b17bd2e5f14bd375a0c0e69dfc77d9702f4a
Certificate serial:       018CC3B73836CFBC518D81A28A6DC9EFF0B5
Authority key identifier: FC:B6:B1:7B:D2:E5:F1:4B:D3:75:A0:C0:E6:9D:FC:77:D9:70:2F:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Laxe9Ll8UvTdaDA5p38d9lwL0o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/01a421-bdbf-43e0-8aeb-2c48cb298646/1/5FivppEAi4kkxR-0FWjgL3bLBPU.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197740
IP address blocks:        185.246.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/01a421-bdbf-43e0-8aeb-2c48cb298646/1/_Laxe9Ll8UvTdaDA5p38d9lwL0o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/01a421-bdbf-43e0-8aeb-2c48cb298646/1/_Laxe9Ll8UvTdaDA5p38d9lwL0o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Laxe9Ll8UvTdaDA5p38d9lwL0o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:38:36:cf:bc:51:8d:81:a2:8a:6d:c9:ef:f0:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fcb6b17bd2e5f14bd375a0c0e69dfc77d9702f4a
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e458afa691008b8924c51fb41568e02f76cb04f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:70:59:ae:53:a6:7b:be:96:74:73:b4:46:9d:
                    d8:f1:45:89:8c:a7:07:0e:42:8a:bb:45:64:28:8f:
                    b5:34:a0:06:2a:0e:3c:e6:1d:9c:7e:9d:30:2c:a2:
                    56:51:47:83:a5:38:77:d2:e0:2d:e5:e7:94:7b:a8:
                    35:39:7f:99:bc:10:3e:93:4f:18:65:87:a0:fb:c0:
                    80:18:44:4c:91:97:18:e4:a9:72:cc:f7:e2:a3:27:
                    f1:30:1f:7d:2a:21:4b:e7:53:e1:78:91:97:11:33:
                    aa:1e:66:90:32:93:b1:8e:b8:33:e4:61:4e:5c:8d:
                    42:df:1c:c6:c5:9f:78:de:71:d5:d9:38:fd:d9:1b:
                    13:54:de:72:07:be:e6:0d:10:04:3c:68:a7:95:55:
                    9e:30:d5:80:5e:e8:8b:b8:ff:04:b3:6e:a5:62:70:
                    d0:94:2d:0a:27:32:81:a9:d6:f3:40:8d:e6:ce:17:
                    e8:f2:67:e0:23:0a:73:af:cb:ea:b9:01:02:2a:4b:
                    d9:9e:a6:b0:35:ed:1a:a0:b7:cb:62:e7:f1:83:2a:
                    9a:86:50:9a:5b:6d:25:52:4f:e8:ba:e4:89:b5:20:
                    69:5c:c4:52:a4:a4:98:19:dc:96:11:da:a9:47:5a:
                    9d:01:fd:f8:72:da:75:7c:87:8d:7b:b1:a7:79:97:
                    b4:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:58:AF:A6:91:00:8B:89:24:C5:1F:B4:15:68:E0:2F:76:CB:04:F5
            X509v3 Authority Key Identifier:
                keyid:FC:B6:B1:7B:D2:E5:F1:4B:D3:75:A0:C0:E6:9D:FC:77:D9:70:2F:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Laxe9Ll8UvTdaDA5p38d9lwL0o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/01a421-bdbf-43e0-8aeb-2c48cb298646/1/5FivppEAi4kkxR-0FWjgL3bLBPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/01a421-bdbf-43e0-8aeb-2c48cb298646/1/_Laxe9Ll8UvTdaDA5p38d9lwL0o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:01:b7:31:13:1c:47:a1:25:b8:57:57:18:67:35:68:0d:72:
         71:e3:aa:39:c9:77:19:76:0a:9b:be:6c:05:8d:93:ec:4d:1f:
         ad:b7:56:b5:6d:24:19:20:29:db:3c:f9:0f:f1:c7:6f:ad:4c:
         3a:ec:08:b3:f4:79:a7:98:91:d1:b9:05:e2:0c:68:11:0b:5c:
         31:ab:1a:74:79:6a:92:ea:7c:5b:14:a1:d2:84:e1:9c:ae:30:
         c5:c0:73:0d:57:ba:bc:ef:13:35:6d:42:35:3a:a7:c1:e2:2b:
         24:8b:b2:be:b4:0b:ec:43:fc:b0:45:ee:ca:6b:9a:55:65:7e:
         41:7e:47:bc:52:47:8e:03:e8:d6:67:ca:07:8c:b5:ef:1f:e4:
         69:5d:74:9f:7f:eb:a1:63:2a:80:93:27:dc:ca:2c:ba:df:87:
         a6:c1:98:52:c7:f6:c1:c6:a4:cd:08:23:d7:bc:79:1b:98:17:
         d2:6d:4b:b3:2c:3b:8c:06:1d:6e:6e:01:b4:83:96:bb:6e:f0:
         ba:f0:23:e8:f0:5a:c0:8b:5d:c0:ee:0d:89:99:38:57:3c:b6:
         c9:a3:f1:dd:32:7e:35:a6:da:c0:cb:0d:fd:92:e5:a2:5e:ee:
         6d:8d:9b:a7:4b:d5:bb:4f:e4:ec:c0:53:79:f6:10:ef:e3:8c:
         b8:2c:2f:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzg2z7xRjYGiim3J7/C1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYjZiMTdiZDJlNWYxNGJkMzc1YTBjMGU2OWRmYzc3ZDk3
MDJmNGEwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDU4YWZhNjkxMDA4Yjg5MjRjNTFmYjQxNTY4ZTAyZjc2Y2IwNGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3BZrlOme76WdHO0Rp3Y8UWJjKcH
DkKKu0VkKI+1NKAGKg485h2cfp0wLKJWUUeDpTh30uAt5eeUe6g1OX+ZvBA+k08Y
ZYeg+8CAGERMkZcY5KlyzPfioyfxMB99KiFL51PheJGXETOqHmaQMpOxjrgz5GFO
XI1C3xzGxZ943nHV2Tj92RsTVN5yB77mDRAEPGinlVWeMNWAXuiLuP8Es26lYnDQ
lC0KJzKBqdbzQI3mzhfo8mfgIwpzr8vquQECKkvZnqawNe0aoLfLYufxgyqahlCa
W20lUk/ouuSJtSBpXMRSpKSYGdyWEdqpR1qdAf34ctp1fIeNe7GneZe0mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFORYr6aRAIuJJMUftBVo4C92ywT1MB8GA1UdIwQY
MBaAFPy2sXvS5fFL03WgwOad/HfZcC9KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0xheGU5TGw4VXZUZGFEQTVwMzhkOWx3TDBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8wMWE0MjEtYmRiZi00M2UwLThhZWIt
MmM0OGNiMjk4NjQ2LzEvNUZpdnBwRUFpNGtreFItMEZXamdMM2JMQlBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8wMWE0MjEtYmRiZi00M2UwLThhZWItMmM0OGNiMjk4NjQ2
LzEvX0xheGU5TGw4VXZUZGFEQTVwMzhkOWx3TDBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufbHMA0G
CSqGSIb3DQEBCwUAA4IBAQAMAbcxExxHoSW4V1cYZzVoDXJx46o5yXcZdgqbvmwF
jZPsTR+tt1a1bSQZICnbPPkP8cdvrUw67Aiz9HmnmJHRuQXiDGgRC1wxqxp0eWqS
6nxbFKHShOGcrjDFwHMNV7q87xM1bUI1OqfB4iski7K+tAvsQ/ywRe7Ka5pVZX5B
fke8UkeOA+jWZ8oHjLXvH+RpXXSff+uhYyqAkyfcyiy634emwZhSx/bBxqTNCCPX
vHkbmBfSbUuzLDuMBh1ubgG0g5a7bvC68CPo8FrAi13A7g2JmThXPLbJo/HdMn41
ptrAyw39kuWiXu5tjZunS9W7T+TswFN59hDv44y4LC+K
-----END CERTIFICATE-----