Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/FkQMXykdcJastLUz7q_epspcbMU.roa
File:                     FkQMXykdcJastLUz7q_epspcbMU.roa (raw, json)
Hash identifier:          bvvr2DdNlv4kOFxorcdDvFThOA/JH1kIqE4zWZhKLMQ=
Subject key identifier:   16:44:0C:5F:29:1D:70:96:AC:B4:B5:33:EE:AF:DE:A6:CA:5C:6C:C5
Certificate issuer:       /CN=613d23f2121327d917d708d8fe153382455959a8
Certificate serial:       018CC94D6FC3E78B312A8F4CF722AC6BA632
Authority key identifier: 61:3D:23:F2:12:13:27:D9:17:D7:08:D8:FE:15:33:82:45:59:59:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YT0j8hITJ9kX1wjY_hUzgkVZWag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/FkQMXykdcJastLUz7q_epspcbMU.roa
Signing time:             Tue 02 Jan 2024 08:32:24 +0000
ROA not before:           Tue 02 Jan 2024 08:32:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.209.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/YT0j8hITJ9kX1wjY_hUzgkVZWag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/YT0j8hITJ9kX1wjY_hUzgkVZWag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YT0j8hITJ9kX1wjY_hUzgkVZWag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 17:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:6f:c3:e7:8b:31:2a:8f:4c:f7:22:ac:6b:a6:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=613d23f2121327d917d708d8fe153382455959a8
        Validity
            Not Before: Jan  2 08:32:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16440c5f291d7096acb4b533eeafdea6ca5c6cc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a5:5a:63:b4:fb:07:99:b9:84:00:4c:11:e2:
                    04:ad:aa:87:5f:7d:a8:79:e4:74:6d:ec:a9:35:3a:
                    2d:c6:3f:98:36:41:dd:1d:23:cf:a0:4f:51:c3:d9:
                    3d:a6:5d:1f:d4:99:f9:31:9b:eb:6d:28:e7:f2:68:
                    6f:d4:fd:89:24:68:74:73:35:54:6f:46:14:7c:36:
                    49:4c:ae:34:be:70:c2:fd:30:32:25:b9:9b:3a:57:
                    19:6e:bc:de:1a:b1:2c:08:f4:c5:57:3c:33:b9:67:
                    9c:be:f0:fb:75:99:d7:1c:65:e4:60:4b:38:41:9c:
                    34:50:c6:74:05:d9:3c:f7:46:08:38:0e:f8:2d:0a:
                    c9:98:5b:ee:8f:83:18:6b:5c:7e:c1:02:47:b1:aa:
                    fb:13:96:0e:5f:85:7b:3b:99:db:89:fa:4d:41:92:
                    c6:e2:34:c9:c9:4a:d1:30:d5:0a:40:e8:ca:49:43:
                    c1:08:73:ee:06:9c:4b:12:35:6a:04:9c:8d:ba:d2:
                    98:cf:d3:78:d7:0f:6e:1f:e1:7c:e8:fb:6c:5a:fc:
                    d4:06:3e:9b:22:18:92:57:f2:df:e8:01:19:fe:ba:
                    70:91:75:eb:66:4d:18:62:82:ef:69:73:54:b4:07:
                    b2:d1:a9:e9:92:14:28:8f:2f:a1:ae:77:7a:37:51:
                    0e:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:44:0C:5F:29:1D:70:96:AC:B4:B5:33:EE:AF:DE:A6:CA:5C:6C:C5
            X509v3 Authority Key Identifier:
                keyid:61:3D:23:F2:12:13:27:D9:17:D7:08:D8:FE:15:33:82:45:59:59:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YT0j8hITJ9kX1wjY_hUzgkVZWag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/FkQMXykdcJastLUz7q_epspcbMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/YT0j8hITJ9kX1wjY_hUzgkVZWag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:45:df:b0:81:89:a2:76:13:bf:05:11:54:d3:3e:4a:3f:85:
         ff:f4:f4:94:fd:9d:7d:bf:a2:c6:f2:77:bd:01:bb:05:50:9a:
         80:26:36:00:f3:1d:67:b9:4a:8f:e1:53:9e:1a:a3:6d:56:af:
         bc:66:8b:74:14:ef:dd:e8:b6:16:c1:b4:77:ed:a5:89:34:75:
         dc:da:29:a3:a3:a6:e6:20:67:17:fd:ca:12:32:ce:26:ab:de:
         07:d3:d9:89:cd:0c:5a:3a:a6:ed:d9:c6:e3:7b:bd:a4:39:b0:
         0d:d5:68:b5:2f:c6:56:d6:c9:90:85:36:b2:3b:09:f7:97:48:
         65:7f:b7:2c:34:8f:fd:47:c5:5f:76:35:48:41:cd:27:2b:af:
         e7:c0:d4:3c:b2:ed:bb:65:74:f1:21:27:0c:c8:cf:b9:03:32:
         e1:b9:25:14:5e:02:f3:1d:b4:38:e9:0a:a8:0c:18:fc:41:d8:
         6f:a4:42:cc:3a:6d:54:d4:79:8e:a9:7e:7b:ed:a4:cf:8a:d9:
         85:94:60:c3:21:38:02:8c:fb:a1:ee:ab:5c:e5:a2:0f:11:0b:
         60:fd:f3:d8:86:f5:8e:08:3d:ca:7a:22:0f:36:87:65:6d:f2:
         72:af:1f:c6:f3:a5:48:ac:6a:73:bd:9b:95:e5:41:15:68:f0:
         78:21:bf:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTW/D54sxKo9M9yKsa6YyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxM2QyM2YyMTIxMzI3ZDkxN2Q3MDhkOGZlMTUzMzgyNDU1
OTU5YTgwHhcNMjQwMTAyMDgzMjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjQ0MGM1ZjI5MWQ3MDk2YWNiNGI1MzNlZWFmZGVhNmNhNWM2Y2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6VaY7T7B5m5hABMEeIEraqHX32o
eeR0beypNTotxj+YNkHdHSPPoE9Rw9k9pl0f1Jn5MZvrbSjn8mhv1P2JJGh0czVU
b0YUfDZJTK40vnDC/TAyJbmbOlcZbrzeGrEsCPTFVzwzuWecvvD7dZnXHGXkYEs4
QZw0UMZ0Bdk890YIOA74LQrJmFvuj4MYa1x+wQJHsar7E5YOX4V7O5nbifpNQZLG
4jTJyUrRMNUKQOjKSUPBCHPuBpxLEjVqBJyNutKYz9N41w9uH+F86PtsWvzUBj6b
IhiSV/Lf6AEZ/rpwkXXrZk0YYoLvaXNUtAey0anpkhQojy+hrnd6N1EOewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZEDF8pHXCWrLS1M+6v3qbKXGzFMB8GA1UdIwQY
MBaAFGE9I/ISEyfZF9cI2P4VM4JFWVmoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVQwajhoSVRKOWtYMXdqWV9oVXpna1ZaV2FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mY2U2YmUtMDg5Ni00NDg3LWFhMzQt
N2E2MDViYTQwYzFlLzEvRmtRTVh5a2RjSmFzdExVejdxX2Vwc3BjYk1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mY2U2YmUtMDg5Ni00NDg3LWFhMzQtN2E2MDViYTQwYzFl
LzEvWVQwajhoSVRKOWtYMXdqWV9oVXpna1ZaV2FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudHSMA0G
CSqGSIb3DQEBCwUAA4IBAQBtRd+wgYmidhO/BRFU0z5KP4X/9PSU/Z19v6LG8ne9
AbsFUJqAJjYA8x1nuUqP4VOeGqNtVq+8Zot0FO/d6LYWwbR37aWJNHXc2imjo6bm
IGcX/coSMs4mq94H09mJzQxaOqbt2cbje72kObAN1Wi1L8ZW1smQhTayOwn3l0hl
f7csNI/9R8VfdjVIQc0nK6/nwNQ8su27ZXTxIScMyM+5AzLhuSUUXgLzHbQ46Qqo
DBj8QdhvpELMOm1U1HmOqX577aTPitmFlGDDITgCjPuh7qtc5aIPEQtg/fPYhvWO
CD3KeiIPNodlbfJyrx/G86VIrGpzvZuV5UEVaPB4Ib8c
-----END CERTIFICATE-----