Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/6fwjlUSskgnEtqawu8yFMBSttsE.roa
File:                     6fwjlUSskgnEtqawu8yFMBSttsE.roa (raw, json)
Hash identifier:          SOCVC52pezqbshUog5H08yiEYod+jPAaGc7vPzR+EBA=
Subject key identifier:   E9:FC:23:95:44:AC:92:09:C4:B6:A6:B0:BB:CC:85:30:14:AD:B6:C1
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       018CC56F008D47A9A156CDF523DE18D8C1C2
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/6fwjlUSskgnEtqawu8yFMBSttsE.roa
Signing time:             Mon 01 Jan 2024 14:30:35 +0000
ROA not before:           Mon 01 Jan 2024 14:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41803
IP address blocks:        194.12.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:00:8d:47:a9:a1:56:cd:f5:23:de:18:d8:c1:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  1 14:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9fc239544ac9209c4b6a6b0bbcc853014adb6c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:dd:81:ba:ae:df:5b:01:d1:ab:8d:3a:26:7e:
                    f2:4f:44:b3:2b:64:ea:be:da:15:8b:2c:66:bf:e5:
                    37:9d:d2:e5:cd:4a:30:92:29:f3:f6:dc:a9:ed:14:
                    65:0b:af:5c:85:27:0b:a1:4c:48:4a:ec:17:f9:5c:
                    6d:fd:4c:97:ee:38:f0:f6:57:ce:d2:64:78:97:93:
                    12:50:e7:35:c6:f8:35:1c:9d:27:a1:77:ab:df:9d:
                    ac:3a:e1:35:33:e7:16:8c:ab:8a:c7:ef:fb:1b:8b:
                    3a:bc:c2:3d:65:4f:e7:34:90:d7:61:04:d7:60:9d:
                    97:7b:ea:64:16:29:e8:44:d4:53:45:c8:88:3b:8d:
                    ee:7e:0e:80:da:77:c8:07:f0:46:50:64:61:58:a6:
                    01:6f:9c:ef:7e:3e:f9:ce:2f:87:4b:4a:da:69:40:
                    09:7e:e0:58:0c:13:c7:dc:3a:91:1a:1c:d1:76:23:
                    58:5f:e5:b3:46:6e:0e:4a:f6:5c:d3:b9:be:d5:61:
                    47:0c:95:e5:dc:fb:bb:a5:e6:21:04:43:3a:44:eb:
                    77:16:95:b7:2e:2c:da:f3:64:6f:3f:8a:21:de:56:
                    07:54:87:06:a6:9d:3a:22:c1:c0:82:54:51:06:9f:
                    6a:13:2c:af:00:44:24:fa:cc:98:ab:1e:6c:24:a9:
                    d3:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:FC:23:95:44:AC:92:09:C4:B6:A6:B0:BB:CC:85:30:14:AD:B6:C1
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/6fwjlUSskgnEtqawu8yFMBSttsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.12.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:f7:fe:4f:f7:ba:0e:c1:0b:85:c8:1e:5f:70:8f:81:c9:f4:
         6e:45:71:16:83:93:4d:c6:4a:66:1f:29:6c:88:b7:98:74:9b:
         f0:ff:85:dd:b1:da:b1:1a:0b:ce:e0:80:3f:16:48:7c:ef:8a:
         2c:96:e5:97:79:6a:7c:1b:35:a0:0b:7f:09:93:57:67:58:5c:
         da:f5:80:45:c1:25:a0:58:81:cc:d8:98:b8:6e:46:9d:8e:8e:
         e6:bb:e2:86:69:51:b6:9b:32:e4:50:73:ae:de:ef:52:ff:bb:
         d7:1d:89:93:e7:67:65:0a:04:19:cf:6b:aa:68:85:2c:63:70:
         26:95:5e:a1:f0:9a:38:3a:38:c2:aa:b2:56:31:3d:e5:6f:b8:
         d1:3b:1c:fd:c6:ba:77:b0:4f:1b:09:21:36:16:3a:81:34:65:
         6f:16:33:da:80:3c:6a:4d:11:53:8a:45:bc:c5:3e:59:9c:eb:
         a0:96:1c:00:44:fd:5a:d3:b5:6a:f0:ad:6f:f8:62:68:3b:65:
         09:5b:b0:25:79:a0:05:8a:f4:d8:91:9a:1f:ab:9e:a9:81:3f:
         4e:6e:f4:0c:bf:6e:86:be:57:89:0d:83:4e:e3:44:94:e5:19:
         b6:66:6a:d6:91:b9:af:ca:12:48:ba:8f:14:e4:c0:77:d3:f1:
         5d:0d:fe:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbwCNR6mhVs31I94Y2MHCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjQwMTAxMTQzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWZjMjM5NTQ0YWM5MjA5YzRiNmE2YjBiYmNjODUzMDE0YWRiNmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAid2Buq7fWwHRq406Jn7yT0SzK2Tq
vtoViyxmv+U3ndLlzUowkinz9typ7RRlC69chScLoUxISuwX+Vxt/UyX7jjw9lfO
0mR4l5MSUOc1xvg1HJ0noXer352sOuE1M+cWjKuKx+/7G4s6vMI9ZU/nNJDXYQTX
YJ2Xe+pkFinoRNRTRciIO43ufg6A2nfIB/BGUGRhWKYBb5zvfj75zi+HS0raaUAJ
fuBYDBPH3DqRGhzRdiNYX+WzRm4OSvZc07m+1WFHDJXl3Pu7peYhBEM6ROt3FpW3
Liza82RvP4oh3lYHVIcGpp06IsHAglRRBp9qEyyvAEQk+syYqx5sJKnT4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOn8I5VErJIJxLamsLvMhTAUrbbBMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvNmZ3amxVU3NrZ25FdHFhd3U4eUZNQlN0dHNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgz3MA0G
CSqGSIb3DQEBCwUAA4IBAQDR9/5P97oOwQuFyB5fcI+ByfRuRXEWg5NNxkpmHyls
iLeYdJvw/4XdsdqxGgvO4IA/Fkh874osluWXeWp8GzWgC38Jk1dnWFza9YBFwSWg
WIHM2Ji4bkadjo7mu+KGaVG2mzLkUHOu3u9S/7vXHYmT52dlCgQZz2uqaIUsY3Am
lV6h8Jo4OjjCqrJWMT3lb7jROxz9xrp3sE8bCSE2FjqBNGVvFjPagDxqTRFTikW8
xT5ZnOuglhwARP1a07Vq8K1v+GJoO2UJW7AleaAFivTYkZofq56pgT9ObvQMv26G
vleJDYNO40SU5Rm2ZmrWkbmvyhJIuo8U5MB30/FdDf6y
-----END CERTIFICATE-----