Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/2c1937-9d9b-4315-a3c5-c0ae80b742b0/1/FTqmlFMxWKN_VKjCbBPQT1I1zEE.roa
File:                     FTqmlFMxWKN_VKjCbBPQT1I1zEE.roa (raw, json)
Hash identifier:          8tEjwq4dZuPYvckFOIS70Hxj9s+8qSEEsK0rGSytwBA=
Subject key identifier:   15:3A:A6:94:53:31:58:A3:7F:54:A8:C2:6C:13:D0:4F:52:35:CC:41
Certificate issuer:       /CN=0f554afe672744742b4e35027b402e8613c20377
Certificate serial:       018CC2DAECEC20B451A32F7BDA1486CB121C
Authority key identifier: 0F:55:4A:FE:67:27:44:74:2B:4E:35:02:7B:40:2E:86:13:C2:03:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D1VK_mcnRHQrTjUCe0AuhhPCA3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/2c1937-9d9b-4315-a3c5-c0ae80b742b0/1/FTqmlFMxWKN_VKjCbBPQT1I1zEE.roa
Signing time:             Mon 01 Jan 2024 02:29:36 +0000
ROA not before:           Mon 01 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60686
IP address blocks:        185.19.160.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/2c1937-9d9b-4315-a3c5-c0ae80b742b0/1/D1VK_mcnRHQrTjUCe0AuhhPCA3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/2c1937-9d9b-4315-a3c5-c0ae80b742b0/1/D1VK_mcnRHQrTjUCe0AuhhPCA3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D1VK_mcnRHQrTjUCe0AuhhPCA3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ec:ec:20:b4:51:a3:2f:7b:da:14:86:cb:12:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f554afe672744742b4e35027b402e8613c20377
        Validity
            Not Before: Jan  1 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=153aa694533158a37f54a8c26c13d04f5235cc41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:15:a2:f6:92:67:ae:e3:7c:e0:69:2e:d0:84:
                    2b:b6:26:e3:8b:65:9f:72:06:ea:e6:6d:78:2c:6a:
                    3b:ea:c7:9d:57:fb:c1:ca:64:eb:19:35:65:9d:05:
                    cf:86:25:74:d6:69:97:3f:af:07:38:59:58:48:a1:
                    c2:99:d5:1b:b5:09:e6:60:24:b5:ae:a9:43:30:d7:
                    ae:0b:e7:c0:e0:a5:50:f8:8c:ba:c2:1e:b0:e0:89:
                    e4:b9:d2:8f:ac:d7:b7:42:21:78:69:fa:aa:ea:00:
                    4b:43:91:85:ca:8e:39:ba:0e:ba:2b:67:8b:37:18:
                    0c:62:44:07:a2:dd:a2:47:4d:a7:a6:a1:27:e8:be:
                    ab:43:0b:84:34:f8:11:bf:51:59:e7:91:fe:43:30:
                    5c:2d:6a:84:ac:73:02:a1:5a:0a:e1:04:69:f7:df:
                    8e:02:ef:af:eb:07:da:a9:e7:98:9d:71:36:0b:7a:
                    6c:9a:e8:37:68:5c:47:60:bc:78:00:fb:37:53:13:
                    4f:6d:61:45:7c:af:62:84:bc:9d:e4:ed:f4:c6:65:
                    0d:b3:a8:59:45:13:3d:3c:12:81:08:58:90:f1:80:
                    27:38:84:a3:fd:5d:4e:3f:83:6f:d3:fa:99:86:09:
                    0e:98:57:39:b3:70:a2:90:0a:3f:54:f4:5f:02:43:
                    9b:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:3A:A6:94:53:31:58:A3:7F:54:A8:C2:6C:13:D0:4F:52:35:CC:41
            X509v3 Authority Key Identifier:
                keyid:0F:55:4A:FE:67:27:44:74:2B:4E:35:02:7B:40:2E:86:13:C2:03:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D1VK_mcnRHQrTjUCe0AuhhPCA3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/2c1937-9d9b-4315-a3c5-c0ae80b742b0/1/FTqmlFMxWKN_VKjCbBPQT1I1zEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/2c1937-9d9b-4315-a3c5-c0ae80b742b0/1/D1VK_mcnRHQrTjUCe0AuhhPCA3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:9b:c2:15:f1:d6:51:2f:74:67:b0:32:d0:dd:fb:98:f5:3b:
         30:cb:32:7b:23:51:d9:d5:18:c0:48:81:27:51:55:48:04:0e:
         25:00:e0:0b:c5:cc:ed:34:ae:dd:b1:7d:a9:a0:c8:dc:e8:7f:
         49:15:a4:a8:5d:d7:0f:bf:0d:9c:84:0b:40:02:80:30:78:08:
         90:63:48:30:39:62:3d:fd:ec:1e:51:3b:27:f6:af:f4:57:50:
         9d:af:ff:29:89:4f:a1:11:ba:c7:d8:2d:e4:10:26:c0:1c:39:
         da:79:71:c1:b1:9b:e1:cd:0d:94:80:6e:1f:65:c5:cb:6f:5f:
         d8:e9:25:fb:63:69:95:e3:ce:d7:99:e3:4b:41:6f:46:f0:37:
         8d:22:3d:f1:5f:ef:d2:a6:5b:99:ff:ec:25:17:14:1a:22:47:
         8b:6c:13:b6:0e:4e:bb:6e:e4:b5:ef:08:af:20:75:29:7a:f5:
         05:0d:30:c2:7d:3d:c8:e1:67:00:99:64:65:de:86:61:e3:14:
         69:c3:29:41:8c:98:17:33:06:ed:50:a2:a8:8a:17:21:10:22:
         e2:4a:5d:63:31:87:4a:a7:e0:72:11:69:e7:32:41:79:12:33:
         a0:d5:2b:0c:e5:c0:53:73:29:ed:a6:b0:3f:f7:a8:3d:a0:04:
         f6:f6:7a:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uzsILRRoy972hSGyxIcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNTU0YWZlNjcyNzQ0NzQyYjRlMzUwMjdiNDAyZTg2MTNj
MjAzNzcwHhcNMjQwMTAxMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTNhYTY5NDUzMzE1OGEzN2Y1NGE4YzI2YzEzZDA0ZjUyMzVjYzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7hWi9pJnruN84Gku0IQrtibji2Wf
cgbq5m14LGo76sedV/vBymTrGTVlnQXPhiV01mmXP68HOFlYSKHCmdUbtQnmYCS1
rqlDMNeuC+fA4KVQ+Iy6wh6w4InkudKPrNe3QiF4afqq6gBLQ5GFyo45ug66K2eL
NxgMYkQHot2iR02npqEn6L6rQwuENPgRv1FZ55H+QzBcLWqErHMCoVoK4QRp99+O
Au+v6wfaqeeYnXE2C3psmug3aFxHYLx4APs3UxNPbWFFfK9ihLyd5O30xmUNs6hZ
RRM9PBKBCFiQ8YAnOISj/V1OP4Nv0/qZhgkOmFc5s3CikAo/VPRfAkObgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBU6ppRTMVijf1SowmwT0E9SNcxBMB8GA1UdIwQY
MBaAFA9VSv5nJ0R0K041AntALoYTwgN3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDFWS19tY25SSFFyVGpVQ2UwQXVoaFBDQTNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yYzE5MzctOWQ5Yi00MzE1LWEzYzUt
YzBhZTgwYjc0MmIwLzEvRlRxbWxGTXhXS05fVktqQ2JCUFFUMUkxekVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yYzE5MzctOWQ5Yi00MzE1LWEzYzUtYzBhZTgwYjc0MmIw
LzEvRDFWS19tY25SSFFyVGpVQ2UwQXVoaFBDQTNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuROgMA0G
CSqGSIb3DQEBCwUAA4IBAQAum8IV8dZRL3RnsDLQ3fuY9TswyzJ7I1HZ1RjASIEn
UVVIBA4lAOALxcztNK7dsX2poMjc6H9JFaSoXdcPvw2chAtAAoAweAiQY0gwOWI9
/eweUTsn9q/0V1Cdr/8piU+hEbrH2C3kECbAHDnaeXHBsZvhzQ2UgG4fZcXLb1/Y
6SX7Y2mV487XmeNLQW9G8DeNIj3xX+/SpluZ/+wlFxQaIkeLbBO2Dk67buS17wiv
IHUpevUFDTDCfT3I4WcAmWRl3oZh4xRpwylBjJgXMwbtUKKoihchECLiSl1jMYdK
p+ByEWnnMkF5EjOg1SsM5cBTcyntprA/96g9oAT29nqc
-----END CERTIFICATE-----