Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/fHgqkvwnGW62xi-NhIh58vZFG1s.roa
File:                     fHgqkvwnGW62xi-NhIh58vZFG1s.roa (raw, json)
Hash identifier:          YDrkf+Po1hvs0G3SOFumLMTYn0KPY8UEC/6PRv0ULtk=
Subject key identifier:   7C:78:2A:92:FC:27:19:6E:B6:C6:2F:8D:84:88:79:F2:F6:45:1B:5B
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       018CC802CE86949F4F720F008C43F8F224BC
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/fHgqkvwnGW62xi-NhIh58vZFG1s.roa
Signing time:             Tue 02 Jan 2024 02:31:16 +0000
ROA not before:           Tue 02 Jan 2024 02:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202637
IP address blocks:        188.213.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:ce:86:94:9f:4f:72:0f:00:8c:43:f8:f2:24:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Jan  2 02:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c782a92fc27196eb6c62f8d848879f2f6451b5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:63:c6:12:4d:d2:7a:c2:68:1d:b4:20:c2:ee:
                    83:6c:1a:4f:ed:02:6a:85:19:6b:b9:56:38:a3:f7:
                    17:c9:0b:11:03:5e:62:2e:6f:97:2f:4e:63:ae:0d:
                    5d:5a:7c:cd:07:da:67:7f:03:3b:1b:f3:00:27:f3:
                    a0:d9:f4:a1:f0:7a:02:cf:48:84:d0:6e:99:ca:cb:
                    7d:bc:03:ec:75:b4:56:e4:ff:a6:6a:49:a4:81:21:
                    68:0d:94:e0:85:9a:6a:6d:09:0d:0b:23:51:80:ab:
                    3f:c3:e7:ff:29:09:d6:60:34:f0:f8:a9:4a:44:2a:
                    ae:54:6d:a8:1e:59:2e:7d:a3:ba:79:26:1b:b8:e3:
                    b1:66:0d:e3:f3:73:4d:69:af:30:e7:b0:85:de:43:
                    59:c4:a9:61:c3:a0:32:3b:af:e5:4b:59:94:4f:93:
                    b0:28:28:12:7d:ff:82:9f:27:8c:8d:a9:f8:ed:8a:
                    c7:95:a2:d7:56:51:57:c8:5f:00:ca:33:b4:fc:e7:
                    d9:1a:8a:fe:92:c1:12:7f:34:3c:24:34:79:27:aa:
                    db:ea:af:c5:d2:5e:50:99:b4:e7:b2:b4:40:23:a2:
                    db:85:3e:97:d9:63:b1:32:10:e6:2f:2b:a9:63:53:
                    b2:e9:bc:50:76:6d:20:03:49:5c:68:1d:7a:9f:5e:
                    6a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:78:2A:92:FC:27:19:6E:B6:C6:2F:8D:84:88:79:F2:F6:45:1B:5B
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/fHgqkvwnGW62xi-NhIh58vZFG1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.213.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:ae:46:27:89:3e:1c:18:9d:6d:2e:24:fd:14:f9:1a:49:9e:
         19:33:71:f8:f6:18:66:7d:5c:b3:65:0f:35:7c:51:69:73:7d:
         ad:df:b3:72:7a:54:f1:80:96:09:b5:98:2c:39:0a:d9:83:05:
         3e:9e:7d:44:e4:10:82:26:98:c0:66:c2:07:f6:07:5a:b2:6b:
         d7:4d:a0:e4:a6:95:18:b3:4f:d9:ed:9e:9e:b0:e2:88:ba:c7:
         5f:67:d8:99:ab:3a:5c:d4:d0:d4:42:13:1c:27:a6:17:99:e8:
         6e:df:2e:dd:71:f1:3c:29:e7:3c:11:14:20:58:0c:ee:f4:3f:
         c4:1e:78:8e:50:35:70:62:95:86:7a:84:b1:f7:b5:b6:da:1d:
         25:19:06:77:c4:0a:ad:63:4c:d7:25:ee:cd:82:2f:b4:8a:be:
         70:ff:8e:8e:bb:fc:6f:1e:ae:14:bc:48:e5:fc:c2:1f:3d:8a:
         1e:bb:b8:cc:ba:58:5e:b7:4f:b3:47:c2:2e:7c:cf:2f:ff:9a:
         cb:4e:98:32:ae:aa:84:30:78:bd:4f:4e:6f:d8:0a:16:27:f7:
         28:0e:e9:b2:29:82:e6:2e:44:fd:00:60:7a:34:ab:46:45:37:
         ca:2d:eb:b2:03:d6:c7:ee:dc:fb:e8:32:fc:65:fc:cd:7e:69:
         5a:33:c2:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAs6GlJ9Pcg8AjEP48iS8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjQwMTAyMDIzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yzc4MmE5MmZjMjcxOTZlYjZjNjJmOGQ4NDg4NzlmMmY2NDUxYjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmPGEk3SesJoHbQgwu6DbBpP7QJq
hRlruVY4o/cXyQsRA15iLm+XL05jrg1dWnzNB9pnfwM7G/MAJ/Og2fSh8HoCz0iE
0G6Zyst9vAPsdbRW5P+makmkgSFoDZTghZpqbQkNCyNRgKs/w+f/KQnWYDTw+KlK
RCquVG2oHlkufaO6eSYbuOOxZg3j83NNaa8w57CF3kNZxKlhw6AyO6/lS1mUT5Ow
KCgSff+CnyeMjan47YrHlaLXVlFXyF8AyjO0/OfZGor+ksESfzQ8JDR5J6rb6q/F
0l5QmbTnsrRAI6LbhT6X2WOxMhDmLyupY1Oy6bxQdm0gA0lcaB16n15qZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHx4KpL8JxlutsYvjYSIefL2RRtbMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvZkhncWt2d25HVzYyeGktTmhJaDU4dlpGRzFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNUwMA0G
CSqGSIb3DQEBCwUAA4IBAQCkrkYniT4cGJ1tLiT9FPkaSZ4ZM3H49hhmfVyzZQ81
fFFpc32t37NyelTxgJYJtZgsOQrZgwU+nn1E5BCCJpjAZsIH9gdasmvXTaDkppUY
s0/Z7Z6esOKIusdfZ9iZqzpc1NDUQhMcJ6YXmehu3y7dcfE8Kec8ERQgWAzu9D/E
HniOUDVwYpWGeoSx97W22h0lGQZ3xAqtY0zXJe7Ngi+0ir5w/46Ou/xvHq4UvEjl
/MIfPYoeu7jMulhet0+zR8IufM8v/5rLTpgyrqqEMHi9T05v2AoWJ/coDumyKYLm
LkT9AGB6NKtGRTfKLeuyA9bH7tz76DL8ZfzNfmlaM8LU
-----END CERTIFICATE-----