Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/1afe53-f1b8-4315-ab1c-f474f7bd3531/1/FsM6nUHF-s-eiNT8Qd-iu_KsbK4.roa
File:                     FsM6nUHF-s-eiNT8Qd-iu_KsbK4.roa (raw, json)
Hash identifier:          7EaGSvHioI3N6pEXFMkK+kL0oGJhmgnLoOuQLjCWSd4=
Subject key identifier:   16:C3:3A:9D:41:C5:FA:CF:9E:88:D4:FC:41:DF:A2:BB:F2:AC:6C:AE
Certificate issuer:       /CN=037862b4608c79f450295ec5c80c7c7ad6dfe2a2
Certificate serial:       018CC79330E538159CED92410129681BE5DD
Authority key identifier: 03:78:62:B4:60:8C:79:F4:50:29:5E:C5:C8:0C:7C:7A:D6:DF:E2:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A3hitGCMefRQKV7FyAx8etbf4qI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/1afe53-f1b8-4315-ab1c-f474f7bd3531/1/FsM6nUHF-s-eiNT8Qd-iu_KsbK4.roa
Signing time:             Tue 02 Jan 2024 00:29:21 +0000
ROA not before:           Tue 02 Jan 2024 00:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35699
IP address blocks:        185.158.170.0/24 maxlen: 24
                          185.77.158.0/24 maxlen: 24
                          185.86.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/1afe53-f1b8-4315-ab1c-f474f7bd3531/1/A3hitGCMefRQKV7FyAx8etbf4qI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/1afe53-f1b8-4315-ab1c-f474f7bd3531/1/A3hitGCMefRQKV7FyAx8etbf4qI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A3hitGCMefRQKV7FyAx8etbf4qI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 09:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:30:e5:38:15:9c:ed:92:41:01:29:68:1b:e5:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=037862b4608c79f450295ec5c80c7c7ad6dfe2a2
        Validity
            Not Before: Jan  2 00:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16c33a9d41c5facf9e88d4fc41dfa2bbf2ac6cae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:cf:9e:14:38:46:c5:cc:22:e3:4e:4b:c4:2e:
                    29:ba:e7:d3:16:5b:cb:77:8d:7c:d6:2b:dc:76:49:
                    b1:1c:40:db:1a:2b:a6:c6:b4:89:c0:38:1d:38:13:
                    b9:0c:10:90:6a:ab:e8:bc:a8:1a:1a:3a:12:26:49:
                    09:30:40:96:b7:9b:99:4b:25:53:3a:3b:f9:04:7d:
                    2a:27:0e:7c:0e:b2:31:a5:61:49:67:32:62:b9:0b:
                    70:33:6c:3c:a5:71:c8:32:7c:75:a5:7f:b4:69:97:
                    f6:48:0e:53:9b:9a:bb:ce:17:43:3f:15:63:55:2e:
                    cd:e7:d4:8e:f5:3e:99:36:cc:41:6f:61:90:a8:6f:
                    c7:66:64:cb:4f:f7:3b:87:c2:94:dc:b4:6f:8b:62:
                    41:4d:12:42:83:de:61:61:ac:2b:0a:46:f0:11:c8:
                    d6:32:d8:1f:29:b0:55:c8:d9:1e:ff:ff:12:11:d3:
                    d9:49:e1:04:3b:ee:90:80:1c:6f:b8:ec:e6:24:7e:
                    9b:f1:b0:bf:d1:00:93:db:62:62:5c:12:1c:71:45:
                    ca:2b:28:9c:1a:13:fe:03:8c:e7:f4:a5:d5:8e:7e:
                    35:02:7c:57:e3:ae:60:a2:0c:83:6f:86:fe:0d:2b:
                    7b:07:d2:ff:32:db:2d:be:c6:bd:41:d1:ee:25:27:
                    6e:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:C3:3A:9D:41:C5:FA:CF:9E:88:D4:FC:41:DF:A2:BB:F2:AC:6C:AE
            X509v3 Authority Key Identifier:
                keyid:03:78:62:B4:60:8C:79:F4:50:29:5E:C5:C8:0C:7C:7A:D6:DF:E2:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A3hitGCMefRQKV7FyAx8etbf4qI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/1afe53-f1b8-4315-ab1c-f474f7bd3531/1/FsM6nUHF-s-eiNT8Qd-iu_KsbK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/1afe53-f1b8-4315-ab1c-f474f7bd3531/1/A3hitGCMefRQKV7FyAx8etbf4qI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.158.0/24
                  185.86.9.0/24
                  185.158.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:36:bb:7b:27:35:8c:c0:07:6a:c7:dc:40:ec:9c:63:d3:75:
         ea:b3:20:d5:66:9e:da:05:59:a6:a7:12:0b:e2:6e:08:28:82:
         94:75:6a:5a:30:c5:46:07:1f:4a:41:a9:73:17:d8:2e:36:bd:
         24:45:57:f2:2a:d5:1a:20:2f:d0:5e:8d:55:2e:97:42:7f:50:
         60:cf:6c:4e:58:2e:b9:15:5f:d0:58:a8:38:f6:dd:a3:02:73:
         44:88:e6:c9:1e:6f:4b:c3:d5:13:ff:d4:6f:93:63:07:97:bb:
         7d:47:c8:b0:63:16:4a:bd:78:04:0f:a1:b4:6c:49:d3:d8:8b:
         f9:3a:2c:18:23:77:a5:33:20:b0:fd:19:03:01:6d:0d:c9:3f:
         3e:40:f8:25:d6:c4:a0:c9:0a:7f:5a:b4:76:2d:5c:95:ac:71:
         2a:4b:ec:f5:48:b4:25:ce:7c:08:27:39:10:45:d3:fa:df:59:
         2d:d0:63:86:de:57:65:fd:3a:00:a9:15:67:69:f7:9e:fd:75:
         d7:3c:51:e3:50:65:08:1c:30:dc:ea:d7:50:0d:7a:d6:01:2b:
         63:43:31:8b:13:6a:15:b7:47:ad:f5:7c:36:9c:48:86:9c:4e:
         b4:f1:07:fc:72:cb:dc:75:dd:ab:4d:02:ce:e5:6a:ca:d0:2a:
         c6:63:5f:5b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHkzDlOBWc7ZJBASloG+XdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzNzg2MmI0NjA4Yzc5ZjQ1MDI5NWVjNWM4MGM3YzdhZDZk
ZmUyYTIwHhcNMjQwMTAyMDAyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmMzM2E5ZDQxYzVmYWNmOWU4OGQ0ZmM0MWRmYTJiYmYyYWM2Y2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08+eFDhGxcwi405LxC4puufTFlvL
d4181ivcdkmxHEDbGiumxrSJwDgdOBO5DBCQaqvovKgaGjoSJkkJMECWt5uZSyVT
Ojv5BH0qJw58DrIxpWFJZzJiuQtwM2w8pXHIMnx1pX+0aZf2SA5Tm5q7zhdDPxVj
VS7N59SO9T6ZNsxBb2GQqG/HZmTLT/c7h8KU3LRvi2JBTRJCg95hYawrCkbwEcjW
MtgfKbBVyNke//8SEdPZSeEEO+6QgBxvuOzmJH6b8bC/0QCT22JiXBIccUXKKyic
GhP+A4zn9KXVjn41AnxX465gogyDb4b+DSt7B9L/Mtstvsa9QdHuJSdueQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBbDOp1BxfrPnojU/EHforvyrGyuMB8GA1UdIwQY
MBaAFAN4YrRgjHn0UClexcgMfHrW3+KiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTNoaXRHQ01lZlJRS1Y3RnlBeDhldGJmNHFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8xYWZlNTMtZjFiOC00MzE1LWFiMWMt
ZjQ3NGY3YmQzNTMxLzEvRnNNNm5VSEYtcy1laU5UOFFkLWl1X0tzYks0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8xYWZlNTMtZjFiOC00MzE1LWFiMWMtZjQ3NGY3YmQzNTMx
LzEvQTNoaXRHQ01lZlJRS1Y3RnlBeDhldGJmNHFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuU2eAwQA
uVYJAwQAuZ6qMA0GCSqGSIb3DQEBCwUAA4IBAQBlNrt7JzWMwAdqx9xA7Jxj03Xq
syDVZp7aBVmmpxIL4m4IKIKUdWpaMMVGBx9KQalzF9guNr0kRVfyKtUaIC/QXo1V
LpdCf1Bgz2xOWC65FV/QWKg49t2jAnNEiObJHm9Lw9UT/9Rvk2MHl7t9R8iwYxZK
vXgED6G0bEnT2Iv5OiwYI3elMyCw/RkDAW0NyT8+QPgl1sSgyQp/WrR2LVyVrHEq
S+z1SLQlznwIJzkQRdP631kt0GOG3ldl/ToAqRVnafee/XXXPFHjUGUIHDDc6tdQ
DXrWAStjQzGLE2oVt0et9Xw2nEiGnE608Qf8csvcdd2rTQLO5WrK0CrGY19b
-----END CERTIFICATE-----