Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/fIMRuVF3TzymzyV7mwnlRT_i88U.roa
File:                     fIMRuVF3TzymzyV7mwnlRT_i88U.roa (raw, json)
Hash identifier:          2vVzw0GJndsImXGwGGfTwWz/DZWgXEUSMJ5NwnbogFY=
Subject key identifier:   7C:83:11:B9:51:77:4F:3C:A6:CF:25:7B:9B:09:E5:45:3F:E2:F3:C5
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFA739762FF90018C127C2DCAE97C6
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/fIMRuVF3TzymzyV7mwnlRT_i88U.roa
Signing time:             Tue 02 Jan 2024 06:32:29 +0000
ROA not before:           Tue 02 Jan 2024 06:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203106
IP address blocks:        185.128.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a7:39:76:2f:f9:00:18:c1:27:c2:dc:ae:97:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c8311b951774f3ca6cf257b9b09e5453fe2f3c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8e:cb:89:f2:9f:03:c9:73:9f:99:16:bf:8b:
                    ca:0f:e2:0b:2d:b6:48:ee:68:fe:86:af:81:4b:ba:
                    57:c7:ad:b0:df:1e:da:9c:e7:34:eb:57:76:df:9e:
                    56:90:28:2a:15:a2:e3:53:41:93:0d:d1:35:f0:f6:
                    18:dd:09:5e:d7:00:60:62:c8:7e:9a:3b:0f:fc:32:
                    c2:b5:72:10:0c:bd:06:12:b3:dd:5b:85:6b:e9:b6:
                    98:41:cc:8c:cf:9f:f6:c8:54:ec:e7:6a:3f:ea:ef:
                    57:e2:45:d7:c9:e8:49:b8:bb:48:c9:a8:b3:98:27:
                    f8:bf:60:94:f3:60:16:3e:65:c8:91:f5:1f:0f:09:
                    44:6f:8c:0d:f7:97:ce:e7:73:98:7b:48:22:d3:b5:
                    e8:2b:20:24:a9:dc:a8:03:69:2f:9c:25:28:b5:a2:
                    49:96:9a:ec:c7:67:39:a8:b1:02:bc:fb:77:6e:a9:
                    fe:b5:20:85:6d:cc:1f:a5:54:21:a8:84:80:99:75:
                    bf:b9:07:14:b3:f5:ec:c0:2f:e7:c0:b8:2b:59:f4:
                    5b:11:19:9d:d3:9f:46:b8:df:de:49:9a:51:23:fd:
                    26:0c:bb:0b:d2:7f:85:77:d4:19:0c:b9:c6:ca:25:
                    bc:57:10:7d:03:4f:96:6c:e3:cf:c7:99:d0:6d:3c:
                    a4:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:83:11:B9:51:77:4F:3C:A6:CF:25:7B:9B:09:E5:45:3F:E2:F3:C5
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/fIMRuVF3TzymzyV7mwnlRT_i88U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:9e:4c:49:e8:71:d1:9f:94:1b:74:b3:b1:d9:2c:66:cf:19:
         ef:bd:bd:1d:88:b2:d6:ca:17:61:96:6b:04:e8:d6:24:4d:c3:
         50:f1:b0:7e:35:c9:eb:76:f4:76:80:b8:29:50:c0:fe:7f:2c:
         ab:92:33:42:76:ef:a1:4f:8a:ae:17:1b:41:27:01:99:1d:51:
         13:d4:d2:e2:cd:8b:76:39:7f:33:b2:5c:49:a8:84:f3:d6:d9:
         fd:97:42:93:cc:99:5e:60:93:40:2d:71:5d:80:19:2b:f5:41:
         5d:cf:b7:4e:85:86:e6:2b:3a:e6:be:f7:1d:81:e6:94:b1:e3:
         d0:eb:96:a1:ab:8f:76:89:3b:f4:75:7c:d2:8d:2d:b1:9d:54:
         98:a8:a3:45:f3:3c:37:6d:87:03:8f:32:59:d1:d2:8a:c5:14:
         77:f3:4a:19:fc:1b:f1:aa:94:5c:df:60:94:7b:bf:4a:ad:25:
         34:31:fd:75:1b:87:74:ed:e9:33:55:08:d3:74:49:83:07:b3:
         9c:6d:25:51:99:40:ec:0a:89:6d:9f:9c:26:41:f6:a9:14:2d:
         79:58:21:3d:b5:29:7c:bc:c2:41:ef:12:2c:a4:22:ad:7e:ac:
         9d:a4:69:88:84:93:e2:06:de:3e:60:99:bc:ce:b4:e7:32:b2:
         e0:83:d8:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36c5di/5ABjBJ8LcrpfGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzgzMTFiOTUxNzc0ZjNjYTZjZjI1N2I5YjA5ZTU0NTNmZTJmM2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvY7LifKfA8lzn5kWv4vKD+ILLbZI
7mj+hq+BS7pXx62w3x7anOc061d2355WkCgqFaLjU0GTDdE18PYY3Qle1wBgYsh+
mjsP/DLCtXIQDL0GErPdW4Vr6baYQcyMz5/2yFTs52o/6u9X4kXXyehJuLtIyaiz
mCf4v2CU82AWPmXIkfUfDwlEb4wN95fO53OYe0gi07XoKyAkqdyoA2kvnCUotaJJ
lprsx2c5qLECvPt3bqn+tSCFbcwfpVQhqISAmXW/uQcUs/XswC/nwLgrWfRbERmd
059GuN/eSZpRI/0mDLsL0n+Fd9QZDLnGyiW8VxB9A0+WbOPPx5nQbTyktQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHyDEblRd088ps8le5sJ5UU/4vPFMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvZklNUnVWRjNUenltenlWN213bmxSVF9pODhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYBoMA0G
CSqGSIb3DQEBCwUAA4IBAQBonkxJ6HHRn5QbdLOx2Sxmzxnvvb0diLLWyhdhlmsE
6NYkTcNQ8bB+NcnrdvR2gLgpUMD+fyyrkjNCdu+hT4quFxtBJwGZHVET1NLizYt2
OX8zslxJqITz1tn9l0KTzJleYJNALXFdgBkr9UFdz7dOhYbmKzrmvvcdgeaUsePQ
65ahq492iTv0dXzSjS2xnVSYqKNF8zw3bYcDjzJZ0dKKxRR380oZ/BvxqpRc32CU
e79KrSU0Mf11G4d07ekzVQjTdEmDB7OcbSVRmUDsColtn5wmQfapFC15WCE9tSl8
vMJB7xIspCKtfqydpGmIhJPiBt4+YJm8zrTnMrLgg9jz
-----END CERTIFICATE-----