Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/FJDfo9uNeuzaeFtBxgp66S0WRAA.roa
File:                     FJDfo9uNeuzaeFtBxgp66S0WRAA.roa (raw, json)
Hash identifier:          WUWOgm3FxEU6+dEiJYSBQOaqBaoWQhLPeeteXCSqwxI=
Subject key identifier:   14:90:DF:A3:DB:8D:7A:EC:DA:78:5B:41:C6:0A:7A:E9:2D:16:44:00
Certificate issuer:       /CN=53f47a725c768d4de78fb31bb40fe16eba19f20d
Certificate serial:       018CC9BBF5B36CEF439A76FDAFD0AE92B4B7
Authority key identifier: 53:F4:7A:72:5C:76:8D:4D:E7:8F:B3:1B:B4:0F:E1:6E:BA:19:F2:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U_R6clx2jU3nj7MbtA_hbroZ8g0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/FJDfo9uNeuzaeFtBxgp66S0WRAA.roa
Signing time:             Tue 02 Jan 2024 10:33:07 +0000
ROA not before:           Tue 02 Jan 2024 10:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        185.221.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/U_R6clx2jU3nj7MbtA_hbroZ8g0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/U_R6clx2jU3nj7MbtA_hbroZ8g0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U_R6clx2jU3nj7MbtA_hbroZ8g0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:f5:b3:6c:ef:43:9a:76:fd:af:d0:ae:92:b4:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53f47a725c768d4de78fb31bb40fe16eba19f20d
        Validity
            Not Before: Jan  2 10:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1490dfa3db8d7aecda785b41c60a7ae92d164400
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:62:22:31:25:43:80:b5:d1:d5:ad:69:4c:49:
                    10:cd:cc:04:e1:13:63:14:98:27:84:ce:58:8c:fe:
                    a1:b4:68:c3:15:37:4e:03:ac:83:14:86:be:93:90:
                    61:92:65:ff:fb:49:8e:98:09:9f:0a:48:0e:68:56:
                    34:47:28:8e:8d:ec:a8:56:b1:c2:f3:0f:7a:57:90:
                    06:33:b9:62:2c:9b:21:59:df:e4:10:cb:1c:6e:3a:
                    7d:a9:dc:c9:ee:b9:e4:f7:54:66:57:2b:32:10:4a:
                    e9:2a:16:fb:56:79:c6:f6:2a:15:ca:6e:07:c9:a7:
                    bf:6c:c8:b6:fa:36:c9:ae:b4:4e:f5:a2:6e:2a:2e:
                    d7:7b:52:37:7b:02:3f:91:bf:e3:d5:42:e3:57:ed:
                    38:02:9c:6f:48:82:94:1a:55:26:a1:e8:fd:79:90:
                    54:eb:93:21:de:ad:fb:b2:49:9a:bd:8b:22:29:5f:
                    6c:5b:4f:37:c3:d1:d0:58:0a:82:e8:67:b0:1d:21:
                    f8:71:59:76:38:9f:00:67:8e:89:ca:f8:f4:e3:27:
                    83:23:59:32:b3:26:40:18:69:55:69:2d:77:0c:0d:
                    4f:88:f6:27:c6:20:e9:8a:0e:d7:e3:f7:51:19:e0:
                    01:4c:65:7f:bf:27:b6:89:8c:0b:cc:95:af:ad:60:
                    fc:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:90:DF:A3:DB:8D:7A:EC:DA:78:5B:41:C6:0A:7A:E9:2D:16:44:00
            X509v3 Authority Key Identifier:
                keyid:53:F4:7A:72:5C:76:8D:4D:E7:8F:B3:1B:B4:0F:E1:6E:BA:19:F2:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U_R6clx2jU3nj7MbtA_hbroZ8g0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/FJDfo9uNeuzaeFtBxgp66S0WRAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/U_R6clx2jU3nj7MbtA_hbroZ8g0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:e3:ca:08:c9:3c:84:79:43:ee:8a:a3:7f:5b:fb:2d:14:6e:
         4e:5f:18:d3:b3:69:b3:22:0e:56:e7:68:98:4b:52:39:aa:82:
         ff:eb:c7:4a:14:d6:26:b0:83:0e:d9:61:36:d0:47:35:e9:8f:
         87:84:59:ca:2f:07:81:25:2c:3d:7b:a4:1c:b6:b4:74:a3:65:
         e9:dd:19:38:ef:b0:11:fd:3c:0e:93:ff:a9:35:48:3d:cc:ee:
         e3:aa:fd:22:52:10:74:cd:b6:67:e5:31:b4:d4:e1:71:43:4c:
         f8:5c:0b:68:a4:b6:5e:aa:6c:52:87:b2:2d:0a:04:c8:e9:d5:
         04:4c:65:a5:ce:33:3e:f2:3c:f5:9a:65:d0:c7:eb:8c:15:92:
         87:a8:5f:46:8b:d9:84:80:ce:3a:16:1f:42:17:65:49:14:17:
         5e:42:cf:f5:47:5a:f9:74:b7:10:38:ba:20:75:95:8b:f6:e6:
         e7:ce:b3:6a:1b:58:e7:38:23:ea:c5:6d:89:c7:44:df:ce:3d:
         3a:03:73:7a:39:17:ca:62:7e:2a:80:ab:81:98:7a:fd:91:72:
         58:b3:60:fb:6d:25:49:12:af:56:b9:c8:36:4c:33:c0:35:6a:
         2e:9b:05:57:68:a5:2a:4d:cc:e9:8c:a8:6e:1d:a4:35:e4:7b:
         3b:d3:64:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu/WzbO9Dmnb9r9CukrS3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZjQ3YTcyNWM3NjhkNGRlNzhmYjMxYmI0MGZlMTZlYmEx
OWYyMGQwHhcNMjQwMTAyMTAzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDkwZGZhM2RiOGQ3YWVjZGE3ODViNDFjNjBhN2FlOTJkMTY0NDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWIiMSVDgLXR1a1pTEkQzcwE4RNj
FJgnhM5YjP6htGjDFTdOA6yDFIa+k5BhkmX/+0mOmAmfCkgOaFY0RyiOjeyoVrHC
8w96V5AGM7liLJshWd/kEMscbjp9qdzJ7rnk91RmVysyEErpKhb7VnnG9ioVym4H
yae/bMi2+jbJrrRO9aJuKi7Xe1I3ewI/kb/j1ULjV+04ApxvSIKUGlUmoej9eZBU
65Mh3q37skmavYsiKV9sW083w9HQWAqC6GewHSH4cVl2OJ8AZ46Jyvj04yeDI1ky
syZAGGlVaS13DA1PiPYnxiDpig7X4/dRGeABTGV/vye2iYwLzJWvrWD8gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSQ36PbjXrs2nhbQcYKeuktFkQAMB8GA1UdIwQY
MBaAFFP0enJcdo1N54+zG7QP4W66GfINMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVV9SNmNseDJqVTNuajdNYnRBX2hicm9aOGcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82NDAxZjMtNmRmMC00MDM4LWIwYmMt
NTc0NzEzODQ1ZGJjLzEvRkpEZm85dU5ldXphZUZ0QnhncDY2UzBXUkFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82NDAxZjMtNmRmMC00MDM4LWIwYmMtNTc0NzEzODQ1ZGJj
LzEvVV9SNmNseDJqVTNuajdNYnRBX2hicm9aOGcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud0/MA0G
CSqGSIb3DQEBCwUAA4IBAQAb48oIyTyEeUPuiqN/W/stFG5OXxjTs2mzIg5W52iY
S1I5qoL/68dKFNYmsIMO2WE20Ec16Y+HhFnKLweBJSw9e6QctrR0o2Xp3Rk477AR
/TwOk/+pNUg9zO7jqv0iUhB0zbZn5TG01OFxQ0z4XAtopLZeqmxSh7ItCgTI6dUE
TGWlzjM+8jz1mmXQx+uMFZKHqF9Gi9mEgM46Fh9CF2VJFBdeQs/1R1r5dLcQOLog
dZWL9ubnzrNqG1jnOCPqxW2Jx0Tfzj06A3N6ORfKYn4qgKuBmHr9kXJYs2D7bSVJ
Eq9Wucg2TDPANWoumwVXaKUqTczpjKhuHaQ15Hs702SL
-----END CERTIFICATE-----