Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/0287cf-853b-4516-9f06-452ec3a9588b/1/OU0bIxmPcab-LVFGkiK2144yE3g.roa
File:                     OU0bIxmPcab-LVFGkiK2144yE3g.roa (raw, json)
Hash identifier:          P+iD+Hs0Rur1TH60Pv45Zt7y1bEPHZRVdFslh6XhBR0=
Subject key identifier:   39:4D:1B:23:19:8F:71:A6:FE:2D:51:46:92:22:B6:D7:8E:32:13:78
Certificate issuer:       /CN=fc7d4ab7761aba24f33d5b6dfbc27cab738bb5ee
Certificate serial:       018CC8DF35C2A011B48026F8C5594DB92710
Authority key identifier: FC:7D:4A:B7:76:1A:BA:24:F3:3D:5B:6D:FB:C2:7C:AB:73:8B:B5:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_H1Kt3YauiTzPVtt-8J8q3OLte4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/0287cf-853b-4516-9f06-452ec3a9588b/1/OU0bIxmPcab-LVFGkiK2144yE3g.roa
Signing time:             Tue 02 Jan 2024 06:32:00 +0000
ROA not before:           Tue 02 Jan 2024 06:32:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.109.0/24 maxlen: 24
                          2001:7f8:c3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/0287cf-853b-4516-9f06-452ec3a9588b/1/_H1Kt3YauiTzPVtt-8J8q3OLte4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/0287cf-853b-4516-9f06-452ec3a9588b/1/_H1Kt3YauiTzPVtt-8J8q3OLte4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_H1Kt3YauiTzPVtt-8J8q3OLte4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:35:c2:a0:11:b4:80:26:f8:c5:59:4d:b9:27:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc7d4ab7761aba24f33d5b6dfbc27cab738bb5ee
        Validity
            Not Before: Jan  2 06:32:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=394d1b23198f71a6fe2d51469222b6d78e321378
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f4:a4:67:8a:00:95:a5:97:ed:df:72:56:ff:
                    bc:fa:5b:27:a6:8b:86:af:68:03:b6:6e:ec:3f:46:
                    7d:88:17:ff:2a:3c:00:34:f4:01:fa:48:d7:1a:97:
                    cb:32:b0:9e:3b:f9:22:77:f3:2f:37:82:13:63:dd:
                    c4:27:65:22:65:61:d0:3a:cc:a4:89:29:e3:dc:f4:
                    bc:f2:2e:9b:72:91:7f:54:12:7f:f5:48:c5:02:fd:
                    13:66:63:d1:b7:47:5c:b4:36:55:92:77:a4:ea:70:
                    5b:ba:08:c8:12:34:19:5b:e6:5a:43:f5:b0:df:42:
                    db:17:92:48:ee:85:92:ba:d7:0f:4d:23:d7:39:89:
                    26:cf:28:27:ef:b9:43:23:ac:72:4d:53:56:92:a3:
                    9f:46:f9:6d:0e:6d:82:7a:77:d1:4c:96:4e:15:af:
                    a0:ff:54:f0:a3:25:f2:a9:5a:7e:f6:3e:a2:24:2a:
                    b1:65:80:59:01:d2:5e:ab:e8:fb:d5:a8:59:c7:63:
                    60:6e:60:56:36:79:60:c5:04:34:93:d1:2d:1e:70:
                    25:e8:bb:41:63:e3:31:c4:12:47:2f:5a:25:63:6a:
                    5a:5c:20:1c:30:d1:38:7a:22:41:b9:20:0b:62:00:
                    99:8c:51:7c:73:c3:b3:6f:6d:e6:ef:c5:a3:4a:d4:
                    1a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:4D:1B:23:19:8F:71:A6:FE:2D:51:46:92:22:B6:D7:8E:32:13:78
            X509v3 Authority Key Identifier:
                keyid:FC:7D:4A:B7:76:1A:BA:24:F3:3D:5B:6D:FB:C2:7C:AB:73:8B:B5:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_H1Kt3YauiTzPVtt-8J8q3OLte4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0287cf-853b-4516-9f06-452ec3a9588b/1/OU0bIxmPcab-LVFGkiK2144yE3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0287cf-853b-4516-9f06-452ec3a9588b/1/_H1Kt3YauiTzPVtt-8J8q3OLte4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.109.0/24
                IPv6:
                  2001:7f8:c3::/48

    Signature Algorithm: sha256WithRSAEncryption
         c2:bd:2c:56:aa:5c:f6:6d:6a:d5:71:fd:3c:38:ab:df:3c:37:
         14:30:f9:d7:15:79:8f:66:7e:b4:f5:09:f7:c3:c7:0d:27:8e:
         f6:2c:66:58:17:f3:57:43:e5:db:8a:66:6e:00:0f:dd:d7:cc:
         ec:df:ad:23:b3:d7:fe:57:6b:9a:1d:93:40:05:9e:61:53:3b:
         ba:12:a5:32:d2:ea:15:6d:8e:7b:1b:a5:5d:d8:82:24:cf:da:
         6f:f2:24:ac:a1:02:c9:0c:46:68:6b:7d:b5:9c:1f:9b:14:a7:
         f2:84:9d:f8:95:df:3a:fe:63:73:52:26:29:d2:de:8f:67:ef:
         f9:f8:24:19:c3:cf:cb:76:aa:ff:e5:ee:8b:da:4a:b6:3e:07:
         51:48:c4:33:b9:54:32:c0:05:71:f3:13:f7:05:c0:44:57:de:
         29:5f:37:4d:f6:91:d1:52:12:91:ac:ae:f5:f6:10:62:46:b6:
         30:14:b2:6c:6d:fc:19:b0:e2:b7:e0:a5:d7:79:6e:4a:73:6e:
         ed:0d:cd:bc:bd:6c:7c:94:83:98:75:80:3a:52:22:07:90:58:
         95:90:a0:c8:f6:0b:4a:59:57:b6:ca:89:0b:b3:74:c8:29:dd:
         c6:f9:aa:47:eb:a5:49:5b:16:8e:1c:54:87:61:ac:37:da:60:
         0e:75:48:01
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI3zXCoBG0gCb4xVlNuScQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjN2Q0YWI3NzYxYWJhMjRmMzNkNWI2ZGZiYzI3Y2FiNzM4
YmI1ZWUwHhcNMjQwMTAyMDYzMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTRkMWIyMzE5OGY3MWE2ZmUyZDUxNDY5MjIyYjZkNzhlMzIxMzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PSkZ4oAlaWX7d9yVv+8+lsnpouG
r2gDtm7sP0Z9iBf/KjwANPQB+kjXGpfLMrCeO/kid/MvN4ITY93EJ2UiZWHQOsyk
iSnj3PS88i6bcpF/VBJ/9UjFAv0TZmPRt0dctDZVknek6nBbugjIEjQZW+ZaQ/Ww
30LbF5JI7oWSutcPTSPXOYkmzygn77lDI6xyTVNWkqOfRvltDm2CenfRTJZOFa+g
/1TwoyXyqVp+9j6iJCqxZYBZAdJeq+j71ahZx2NgbmBWNnlgxQQ0k9EtHnAl6LtB
Y+MxxBJHL1olY2paXCAcMNE4eiJBuSALYgCZjFF8c8Ozb23m78WjStQaZQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDlNGyMZj3Gm/i1RRpIitteOMhN4MB8GA1UdIwQY
MBaAFPx9Srd2Grok8z1bbfvCfKtzi7XuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0gxS3QzWWF1aVR6UFZ0dC04SjhxM09MdGU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8wMjg3Y2YtODUzYi00NTE2LTlmMDYt
NDUyZWMzYTk1ODhiLzEvT1UwYkl4bVBjYWItTFZGR2tpSzIxNDR5RTNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8wMjg3Y2YtODUzYi00NTE2LTlmMDYtNDUyZWMzYTk1ODhi
LzEvX0gxS3QzWWF1aVR6UFZ0dC04SjhxM09MdGU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQFtMA8E
AgACMAkDBwAgAQf4AMMwDQYJKoZIhvcNAQELBQADggEBAMK9LFaqXPZtatVx/Tw4
q988NxQw+dcVeY9mfrT1CffDxw0njvYsZlgX81dD5duKZm4AD93XzOzfrSOz1/5X
a5odk0AFnmFTO7oSpTLS6hVtjnsbpV3YgiTP2m/yJKyhAskMRmhrfbWcH5sUp/KE
nfiV3zr+Y3NSJinS3o9n7/n4JBnDz8t2qv/l7ovaSrY+B1FIxDO5VDLABXHzE/cF
wERX3ilfN032kdFSEpGsrvX2EGJGtjAUsmxt/Bmw4rfgpdd5bkpzbu0Nzby9bHyU
g5h1gDpSIgeQWJWQoMj2C0pZV7bKiQuzdMgp3cb5qkfrpUlbFo4cVIdhrDfaYA51
SAE=
-----END CERTIFICATE-----