Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/7570e1-ae3d-4901-9c85-dcdc5cee276f/1/Fq9qiGZ--CZJvxBOe54VzFlZ4Ts.roa
File:                     Fq9qiGZ--CZJvxBOe54VzFlZ4Ts.roa (raw, json)
Hash identifier:          u3rbyxgrEC94JHN1UWfVZVfHCo0mq/NqeZvhVKl92YI=
Subject key identifier:   16:AF:6A:88:66:7E:F8:26:49:BF:10:4E:7B:9E:15:CC:59:59:E1:3B
Certificate issuer:       /CN=295a92b778eddfa8dcd917cbb87cde31ba2c732f
Certificate serial:       018CC3B736E11A606DA0FE58A520C1AE6CA5
Authority key identifier: 29:5A:92:B7:78:ED:DF:A8:DC:D9:17:CB:B8:7C:DE:31:BA:2C:73:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KVqSt3jt36jc2RfLuHzeMboscy8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/7570e1-ae3d-4901-9c85-dcdc5cee276f/1/Fq9qiGZ--CZJvxBOe54VzFlZ4Ts.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12306
IP address blocks:        194.56.221.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/7570e1-ae3d-4901-9c85-dcdc5cee276f/1/KVqSt3jt36jc2RfLuHzeMboscy8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/7570e1-ae3d-4901-9c85-dcdc5cee276f/1/KVqSt3jt36jc2RfLuHzeMboscy8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KVqSt3jt36jc2RfLuHzeMboscy8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:36:e1:1a:60:6d:a0:fe:58:a5:20:c1:ae:6c:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=295a92b778eddfa8dcd917cbb87cde31ba2c732f
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16af6a88667ef82649bf104e7b9e15cc5959e13b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:01:42:7e:b2:6e:1f:48:49:af:1b:08:8f:f7:
                    c5:8b:d5:a9:c2:d6:72:44:8d:48:92:c4:6e:38:25:
                    e7:92:f4:ad:0f:fa:51:f1:1a:7a:b0:ab:d5:30:d6:
                    97:35:28:27:38:3e:b8:89:ec:5d:68:59:c9:91:ba:
                    7f:ea:52:67:c8:f9:e9:a9:0f:b3:6a:af:15:e8:5b:
                    41:8e:0d:d6:df:de:8b:8f:aa:16:d2:82:96:cb:2e:
                    b5:8f:ee:d3:ca:80:91:ac:ba:b8:83:6f:e8:3a:46:
                    ad:99:6d:18:c0:53:c7:20:64:3a:9f:1c:88:9c:0a:
                    79:7b:7e:aa:aa:2d:e5:ff:c4:7d:bd:ad:31:69:17:
                    26:2c:24:22:2b:3e:8d:8f:ab:fe:dd:14:78:75:de:
                    dc:ee:5d:54:b6:b3:87:b2:07:0e:bc:25:83:86:1f:
                    49:74:d1:a8:92:c1:99:1d:d0:b8:cf:71:ec:93:15:
                    9c:d5:e5:40:1a:af:c7:ad:a8:ee:35:79:ae:e0:45:
                    21:29:fe:4e:84:f5:c3:b6:8b:a4:e5:9a:5b:91:d4:
                    48:ba:75:2e:f0:d8:f8:40:52:26:c0:0c:e8:62:2b:
                    c9:cb:01:a2:98:f2:8f:da:fa:34:ac:b1:4b:b1:72:
                    e2:5f:f4:89:d2:3a:e1:ed:75:63:f5:74:ef:a5:34:
                    43:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:AF:6A:88:66:7E:F8:26:49:BF:10:4E:7B:9E:15:CC:59:59:E1:3B
            X509v3 Authority Key Identifier:
                keyid:29:5A:92:B7:78:ED:DF:A8:DC:D9:17:CB:B8:7C:DE:31:BA:2C:73:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KVqSt3jt36jc2RfLuHzeMboscy8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/7570e1-ae3d-4901-9c85-dcdc5cee276f/1/Fq9qiGZ--CZJvxBOe54VzFlZ4Ts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/7570e1-ae3d-4901-9c85-dcdc5cee276f/1/KVqSt3jt36jc2RfLuHzeMboscy8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:a0:5b:4b:d6:42:ff:12:71:95:6e:e0:59:c0:25:2a:b4:7e:
         99:83:20:9c:9f:2c:19:55:13:44:64:fb:b2:b1:5c:e1:e7:53:
         fb:6a:80:4a:54:b5:ea:a6:8d:05:68:7f:fc:4f:e2:79:42:0f:
         d8:a9:30:da:80:73:9b:cc:af:f3:75:27:14:d1:b2:58:d0:4e:
         ae:7c:43:22:33:ef:05:17:f3:1b:aa:af:64:d4:a1:2a:cb:0f:
         1c:39:92:36:cb:46:b4:f2:15:ea:c6:a5:33:17:57:40:80:cb:
         b5:15:51:0f:47:96:53:e4:fd:b3:92:84:d9:28:8f:5b:4a:00:
         ed:ad:5e:03:38:e9:2d:67:ce:ec:16:83:ea:d6:c5:13:be:d8:
         b7:89:65:bf:82:20:ea:92:9c:b7:0a:61:b9:84:e2:5e:77:ed:
         f8:d7:3a:88:36:a2:57:db:0b:e7:fd:1b:12:4a:7b:e6:bb:ec:
         cf:90:30:34:98:fa:b9:79:c0:51:d7:ff:5d:3e:9e:73:a5:e8:
         09:ea:b1:32:8f:f8:83:96:c0:72:66:f5:5a:a9:f8:47:21:39:
         d0:65:c9:33:a0:0d:72:55:f2:31:14:95:cd:39:62:35:f1:01:
         ee:6d:d5:8b:ec:c0:1c:da:72:3b:8b:77:8d:88:47:23:18:be:
         35:b0:78:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzbhGmBtoP5YpSDBrmylMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NWE5MmI3NzhlZGRmYThkY2Q5MTdjYmI4N2NkZTMxYmEy
YzczMmYwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmFmNmE4ODY2N2VmODI2NDliZjEwNGU3YjllMTVjYzU5NTllMTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQFCfrJuH0hJrxsIj/fFi9WpwtZy
RI1IksRuOCXnkvStD/pR8Rp6sKvVMNaXNSgnOD64iexdaFnJkbp/6lJnyPnpqQ+z
aq8V6FtBjg3W396Lj6oW0oKWyy61j+7TyoCRrLq4g2/oOkatmW0YwFPHIGQ6nxyI
nAp5e36qqi3l/8R9va0xaRcmLCQiKz6Nj6v+3RR4dd7c7l1UtrOHsgcOvCWDhh9J
dNGoksGZHdC4z3HskxWc1eVAGq/HrajuNXmu4EUhKf5OhPXDtouk5ZpbkdRIunUu
8Nj4QFImwAzoYivJywGimPKP2vo0rLFLsXLiX/SJ0jrh7XVj9XTvpTRDXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBavaohmfvgmSb8QTnueFcxZWeE7MB8GA1UdIwQY
MBaAFClakrd47d+o3NkXy7h83jG6LHMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1ZxU3QzanQzNmpjMlJmTHVIemVNYm9zY3k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy83NTcwZTEtYWUzZC00OTAxLTljODUt
ZGNkYzVjZWUyNzZmLzEvRnE5cWlHWi0tQ1pKdnhCT2U1NFZ6RmxaNFRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy83NTcwZTEtYWUzZC00OTAxLTljODUtZGNkYzVjZWUyNzZm
LzEvS1ZxU3QzanQzNmpjMlJmTHVIemVNYm9zY3k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjjdMA0G
CSqGSIb3DQEBCwUAA4IBAQA8oFtL1kL/EnGVbuBZwCUqtH6ZgyCcnywZVRNEZPuy
sVzh51P7aoBKVLXqpo0FaH/8T+J5Qg/YqTDagHObzK/zdScU0bJY0E6ufEMiM+8F
F/Mbqq9k1KEqyw8cOZI2y0a08hXqxqUzF1dAgMu1FVEPR5ZT5P2zkoTZKI9bSgDt
rV4DOOktZ87sFoPq1sUTvti3iWW/giDqkpy3CmG5hOJed+341zqINqJX2wvn/RsS
Snvmu+zPkDA0mPq5ecBR1/9dPp5zpegJ6rEyj/iDlsByZvVaqfhHITnQZckzoA1y
VfIxFJXNOWI18QHubdWL7MAc2nI7i3eNiEcjGL41sHhf
-----END CERTIFICATE-----