Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/a12e1c-1b10-4938-96d3-7bed26743bcc/1/iGFigVreO2ICYjtUJtEHHqPrkgA.roa
File:                     iGFigVreO2ICYjtUJtEHHqPrkgA.roa (raw, json)
Hash identifier:          8Gq6CK2LoCC8Gk/BJ6JhZNomLj1QWgj351PaHtxRE+0=
Subject key identifier:   88:61:62:81:5A:DE:3B:62:02:62:3B:54:26:D1:07:1E:A3:EB:92:00
Certificate issuer:       /CN=fdc680ee1b27c3a6f07013c8fc25ebff0c67fb9d
Certificate serial:       018CC42552E19B6A6A29152484A1796F0090
Authority key identifier: FD:C6:80:EE:1B:27:C3:A6:F0:70:13:C8:FC:25:EB:FF:0C:67:FB:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_caA7hsnw6bwcBPI_CXr_wxn-50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/a12e1c-1b10-4938-96d3-7bed26743bcc/1/iGFigVreO2ICYjtUJtEHHqPrkgA.roa
Signing time:             Mon 01 Jan 2024 08:30:29 +0000
ROA not before:           Mon 01 Jan 2024 08:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        194.147.229.0/24 maxlen: 24
                          2001:67c:c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/a12e1c-1b10-4938-96d3-7bed26743bcc/1/_caA7hsnw6bwcBPI_CXr_wxn-50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/a12e1c-1b10-4938-96d3-7bed26743bcc/1/_caA7hsnw6bwcBPI_CXr_wxn-50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_caA7hsnw6bwcBPI_CXr_wxn-50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:03:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:52:e1:9b:6a:6a:29:15:24:84:a1:79:6f:00:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdc680ee1b27c3a6f07013c8fc25ebff0c67fb9d
        Validity
            Not Before: Jan  1 08:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=886162815ade3b6202623b5426d1071ea3eb9200
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:de:9f:0b:fb:02:5e:67:cf:4e:f1:cb:aa:92:
                    75:0a:97:c1:1c:a8:82:de:19:8a:25:5f:4b:2e:94:
                    b8:d9:de:c2:a2:b6:ac:60:7f:d7:9d:ac:2e:19:4a:
                    13:6d:91:a8:93:0c:67:69:9c:cf:1e:30:fa:dc:55:
                    0c:e5:0b:17:14:54:a5:5b:c0:3f:5d:b8:d7:b6:dd:
                    69:2e:f3:a5:0d:76:3a:4e:46:4c:2d:02:d6:3c:19:
                    b2:c6:af:08:8f:84:79:1e:06:f9:f0:6a:17:7d:97:
                    b9:ea:81:00:89:76:a0:70:ca:58:fd:47:b0:08:95:
                    a4:7d:aa:0d:70:b1:f7:e9:c4:f0:f4:5c:94:8b:14:
                    b3:66:55:45:af:55:4d:b4:d6:7b:3c:95:6f:1a:7d:
                    22:65:29:77:d2:e4:7d:f6:d1:de:68:20:d6:e8:f2:
                    6c:50:0c:b6:89:c5:7d:83:7c:5e:5c:18:b3:14:1e:
                    60:6e:44:58:72:f3:61:94:3d:9d:c4:97:a6:59:5d:
                    19:9d:60:ab:10:56:b2:22:bf:bc:bc:06:28:8c:29:
                    6d:d6:fb:51:ed:6b:a1:09:46:96:0c:97:2a:bb:27:
                    ca:cd:ba:f7:21:38:e8:f3:01:9c:de:a3:36:75:5a:
                    05:65:13:26:43:4c:87:b0:ab:2b:b5:c8:83:9e:86:
                    3a:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:61:62:81:5A:DE:3B:62:02:62:3B:54:26:D1:07:1E:A3:EB:92:00
            X509v3 Authority Key Identifier:
                keyid:FD:C6:80:EE:1B:27:C3:A6:F0:70:13:C8:FC:25:EB:FF:0C:67:FB:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_caA7hsnw6bwcBPI_CXr_wxn-50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/a12e1c-1b10-4938-96d3-7bed26743bcc/1/iGFigVreO2ICYjtUJtEHHqPrkgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/a12e1c-1b10-4938-96d3-7bed26743bcc/1/_caA7hsnw6bwcBPI_CXr_wxn-50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.229.0/24
                IPv6:
                  2001:67c:c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:c3:2e:02:4c:a8:88:b2:8f:90:1a:7f:44:c7:7c:b0:ad:40:
         99:b9:d8:5d:be:0c:ea:d3:4c:49:6b:8e:e7:dc:01:98:08:f9:
         b3:cd:10:a4:c8:f7:c9:dd:c7:9e:0d:e3:a0:16:49:c9:f6:4e:
         cc:a5:68:7a:f0:48:6d:8c:f7:b2:c0:10:fe:82:a5:c9:70:e1:
         39:65:a6:2c:de:f4:e1:b5:ab:b9:fa:4a:2b:bd:62:bd:90:22:
         e5:ae:df:08:6d:6f:8f:39:e5:0f:45:6d:8e:6a:30:a2:3c:f9:
         6c:2b:72:4d:94:84:9e:84:85:e3:6e:85:f6:b5:70:bd:e2:88:
         a1:54:44:cc:ae:a1:34:65:a6:dd:b2:2e:47:16:2a:b7:5b:57:
         f5:6a:85:9e:08:6f:4b:8f:5b:29:4b:1a:29:f0:60:3b:40:8e:
         ad:a5:d2:ea:c0:90:e0:f8:b1:ac:11:b0:f5:5e:47:ff:9a:64:
         b4:05:76:e1:b3:95:6b:00:81:77:16:64:1b:14:60:90:9e:5e:
         cc:ee:02:ee:0f:cd:4d:9f:fe:41:05:07:7f:9e:39:e6:30:ab:
         f4:f2:ed:b8:1a:ce:b5:87:4a:43:43:5d:7b:4c:2c:71:c4:38:
         21:58:40:35:00:f0:ce:85:34:af:6b:2e:2f:12:de:fe:9c:97:
         ad:c0:92:b5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJVLhm2pqKRUkhKF5bwCQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkYzY4MGVlMWIyN2MzYTZmMDcwMTNjOGZjMjVlYmZmMGM2
N2ZiOWQwHhcNMjQwMTAxMDgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODYxNjI4MTVhZGUzYjYyMDI2MjNiNTQyNmQxMDcxZWEzZWI5MjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh96fC/sCXmfPTvHLqpJ1CpfBHKiC
3hmKJV9LLpS42d7CorasYH/XnawuGUoTbZGokwxnaZzPHjD63FUM5QsXFFSlW8A/
XbjXtt1pLvOlDXY6TkZMLQLWPBmyxq8Ij4R5Hgb58GoXfZe56oEAiXagcMpY/Uew
CJWkfaoNcLH36cTw9FyUixSzZlVFr1VNtNZ7PJVvGn0iZSl30uR99tHeaCDW6PJs
UAy2icV9g3xeXBizFB5gbkRYcvNhlD2dxJemWV0ZnWCrEFayIr+8vAYojClt1vtR
7WuhCUaWDJcquyfKzbr3ITjo8wGc3qM2dVoFZRMmQ0yHsKsrtciDnoY6zQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIhhYoFa3jtiAmI7VCbRBx6j65IAMB8GA1UdIwQY
MBaAFP3GgO4bJ8Om8HATyPwl6/8MZ/udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2NhQTdoc253NmJ3Y0JQSV9DWHJfd3huLTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9hMTJlMWMtMWIxMC00OTM4LTk2ZDMt
N2JlZDI2NzQzYmNjLzEvaUdGaWdWcmVPMklDWWp0VUp0RUhIcVBya2dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9hMTJlMWMtMWIxMC00OTM4LTk2ZDMtN2JlZDI2NzQzYmNj
LzEvX2NhQTdoc253NmJ3Y0JQSV9DWHJfd3huLTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwpPlMA8E
AgACMAkDBwAgAQZ8AMAwDQYJKoZIhvcNAQELBQADggEBAAHDLgJMqIiyj5Aaf0TH
fLCtQJm52F2+DOrTTElrjufcAZgI+bPNEKTI98ndx54N46AWScn2TsylaHrwSG2M
97LAEP6Cpclw4Tllpize9OG1q7n6Siu9Yr2QIuWu3whtb4855Q9FbY5qMKI8+Wwr
ck2UhJ6EheNuhfa1cL3iiKFURMyuoTRlpt2yLkcWKrdbV/VqhZ4Ib0uPWylLGinw
YDtAjq2l0urAkOD4sawRsPVeR/+aZLQFduGzlWsAgXcWZBsUYJCeXszuAu4PzU2f
/kEFB3+eOeYwq/Ty7bgazrWHSkNDXXtMLHHEOCFYQDUA8M6FNK9rLi8S3v6cl63A
krU=
-----END CERTIFICATE-----