Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/17a3c0-e97a-4306-bce4-7ff32b6ffd1e/1/FcNXBEMirqZjnc1xMk7dSa1eHtI.roa
File:                     FcNXBEMirqZjnc1xMk7dSa1eHtI.roa (raw, json)
Hash identifier:          /s02bVBMHeLnPlqxVMfu75aUr/9ONK/a8IWFh3/ohck=
Subject key identifier:   15:C3:57:04:43:22:AE:A6:63:9D:CD:71:32:4E:DD:49:AD:5E:1E:D2
Certificate issuer:       /CN=11e512976b91a2967ebce10ed4052ece12b14155
Certificate serial:       018CC50142B5DBC92FB386CD5F499476E150
Authority key identifier: 11:E5:12:97:6B:91:A2:96:7E:BC:E1:0E:D4:05:2E:CE:12:B1:41:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EeUSl2uRopZ-vOEO1AUuzhKxQVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/17a3c0-e97a-4306-bce4-7ff32b6ffd1e/1/FcNXBEMirqZjnc1xMk7dSa1eHtI.roa
Signing time:             Mon 01 Jan 2024 12:30:43 +0000
ROA not before:           Mon 01 Jan 2024 12:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6830
IP address blocks:        185.76.180.0/24 maxlen: 24
                          2a03:5120::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/17a3c0-e97a-4306-bce4-7ff32b6ffd1e/1/EeUSl2uRopZ-vOEO1AUuzhKxQVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/17a3c0-e97a-4306-bce4-7ff32b6ffd1e/1/EeUSl2uRopZ-vOEO1AUuzhKxQVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EeUSl2uRopZ-vOEO1AUuzhKxQVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:42:b5:db:c9:2f:b3:86:cd:5f:49:94:76:e1:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11e512976b91a2967ebce10ed4052ece12b14155
        Validity
            Not Before: Jan  1 12:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15c357044322aea6639dcd71324edd49ad5e1ed2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:12:da:74:96:67:19:9a:9a:7b:22:29:71:63:
                    80:63:91:a0:a4:19:fe:83:2c:4e:03:f1:c7:d2:b2:
                    d0:49:a3:b2:bb:8c:bf:94:a2:4a:96:86:e7:f3:60:
                    81:f4:b0:cf:fe:4f:10:24:d5:26:72:46:1d:6c:58:
                    7e:2c:4b:90:f6:5b:3e:dc:69:b6:ca:d0:50:57:7d:
                    fb:f6:19:09:4f:d8:91:fb:68:9e:5b:f0:d4:25:51:
                    92:f0:08:e5:c0:a7:46:7d:76:e4:73:ab:2b:a9:b4:
                    35:61:19:32:01:08:39:14:b3:e9:bf:b7:dc:94:b8:
                    87:c0:2a:89:02:04:2a:84:f5:90:af:0a:8b:e7:bf:
                    b3:a0:0b:64:cd:be:e6:b2:53:11:61:ca:41:95:0f:
                    e9:7d:d3:e8:e4:fa:73:dc:1b:fc:a3:f5:55:06:28:
                    95:b0:71:a4:63:0d:69:81:ba:21:10:5d:9e:78:aa:
                    ad:53:aa:46:27:f8:f0:8e:8d:25:55:6e:cf:2c:7a:
                    6c:65:2c:d7:64:c4:4b:86:62:52:49:f0:9b:a9:2d:
                    de:52:71:08:ae:05:dd:14:3d:fc:b3:42:62:ec:43:
                    1d:90:be:77:fb:8d:f8:79:6d:0d:5b:3f:c6:e2:64:
                    08:83:6b:18:bc:0e:0c:1e:91:3a:dd:a7:47:c2:78:
                    76:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:C3:57:04:43:22:AE:A6:63:9D:CD:71:32:4E:DD:49:AD:5E:1E:D2
            X509v3 Authority Key Identifier:
                keyid:11:E5:12:97:6B:91:A2:96:7E:BC:E1:0E:D4:05:2E:CE:12:B1:41:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EeUSl2uRopZ-vOEO1AUuzhKxQVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/17a3c0-e97a-4306-bce4-7ff32b6ffd1e/1/FcNXBEMirqZjnc1xMk7dSa1eHtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/17a3c0-e97a-4306-bce4-7ff32b6ffd1e/1/EeUSl2uRopZ-vOEO1AUuzhKxQVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.76.180.0/24
                IPv6:
                  2a03:5120::/40

    Signature Algorithm: sha256WithRSAEncryption
         c3:22:f2:bf:07:41:31:45:d3:4b:1f:dc:0b:49:a4:9e:d5:9a:
         81:85:d8:2e:fa:f3:21:ae:c3:41:6a:fb:2f:e0:6a:2a:d4:6f:
         bc:55:da:93:ad:fe:a9:91:b9:10:bd:72:e3:a1:f7:22:fc:78:
         b9:7b:37:65:c5:60:1d:01:02:07:2f:29:f3:e3:58:dc:ff:a8:
         5b:34:c4:30:f6:d0:27:69:44:5b:b3:31:df:da:1d:b3:e0:d9:
         5b:07:c8:f7:8f:0a:b8:62:7c:48:d5:6d:97:3a:42:e2:1e:16:
         d4:14:47:ca:c6:a0:17:fc:57:bc:b9:12:9a:8d:e4:a7:b6:a9:
         0d:99:6e:7f:89:00:ba:e6:74:fc:f1:7e:6b:e9:cb:9d:a8:a3:
         e8:e4:12:96:c4:21:f3:ca:b4:8a:55:8f:54:18:72:f9:e6:71:
         6f:1d:8e:45:7c:22:b4:d4:6f:67:a0:a1:2c:ce:21:59:7a:19:
         51:a4:42:42:81:08:70:24:69:66:34:e2:41:bd:bf:b4:d3:8a:
         0a:81:6a:c7:0d:29:0e:2d:f3:13:eb:7d:43:e1:a7:33:a5:7b:
         b8:5d:b8:42:fa:8c:3c:c4:60:75:03:e8:b2:5f:4f:f7:e2:3a:
         28:44:d4:8c:58:df:41:4b:80:76:b3:c8:4b:25:f5:30:c4:de:
         2a:46:b8:59
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzFAUK128kvs4bNX0mUduFQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZTUxMjk3NmI5MWEyOTY3ZWJjZTEwZWQ0MDUyZWNlMTJi
MTQxNTUwHhcNMjQwMTAxMTIzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWMzNTcwNDQzMjJhZWE2NjM5ZGNkNzEzMjRlZGQ0OWFkNWUxZWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7xLadJZnGZqaeyIpcWOAY5GgpBn+
gyxOA/HH0rLQSaOyu4y/lKJKlobn82CB9LDP/k8QJNUmckYdbFh+LEuQ9ls+3Gm2
ytBQV3379hkJT9iR+2ieW/DUJVGS8AjlwKdGfXbkc6srqbQ1YRkyAQg5FLPpv7fc
lLiHwCqJAgQqhPWQrwqL57+zoAtkzb7mslMRYcpBlQ/pfdPo5Ppz3Bv8o/VVBiiV
sHGkYw1pgbohEF2eeKqtU6pGJ/jwjo0lVW7PLHpsZSzXZMRLhmJSSfCbqS3eUnEI
rgXdFD38s0Ji7EMdkL53+434eW0NWz/G4mQIg2sYvA4MHpE63adHwnh2ewIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFBXDVwRDIq6mY53NcTJO3UmtXh7SMB8GA1UdIwQY
MBaAFBHlEpdrkaKWfrzhDtQFLs4SsUFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWVVU2wydVJvcFotdk9FTzFBVXV6aEt4UVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xN2EzYzAtZTk3YS00MzA2LWJjZTQt
N2ZmMzJiNmZmZDFlLzEvRmNOWEJFTWlycVpqbmMxeE1rN2RTYTFlSHRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xN2EzYzAtZTk3YS00MzA2LWJjZTQtN2ZmMzJiNmZmZDFl
LzEvRWVVU2wydVJvcFotdk9FTzFBVXV6aEt4UVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuUy0MA4E
AgACMAgDBgAqA1EgADANBgkqhkiG9w0BAQsFAAOCAQEAwyLyvwdBMUXTSx/cC0mk
ntWagYXYLvrzIa7DQWr7L+BqKtRvvFXak63+qZG5EL1y46H3Ivx4uXs3ZcVgHQEC
By8p8+NY3P+oWzTEMPbQJ2lEW7Mx39ods+DZWwfI948KuGJ8SNVtlzpC4h4W1BRH
ysagF/xXvLkSmo3kp7apDZluf4kAuuZ0/PF+a+nLnaij6OQSlsQh88q0ilWPVBhy
+eZxbx2ORXwitNRvZ6ChLM4hWXoZUaRCQoEIcCRpZjTiQb2/tNOKCoFqxw0pDi3z
E+t9Q+GnM6V7uF24QvqMPMRgdQPosl9P9+I6KETUjFjfQUuAdrPISyX1MMTeKka4
WQ==
-----END CERTIFICATE-----