Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/AaukAvTMr-fEtm3UPs_ob2rgQkY.roa
File:                     AaukAvTMr-fEtm3UPs_ob2rgQkY.roa (raw, json)
Hash identifier:          QU5OeN2cRmSMs/IAni/TzIUSTmbbzt5UWLmPGmWKeo0=
Subject key identifier:   01:AB:A4:02:F4:CC:AF:E7:C4:B6:6D:D4:3E:CF:E8:6F:6A:E0:42:46
Certificate issuer:       /CN=fca98b1d0ecccc4f6ff1a7e7db84b4bb2f55b08d
Certificate serial:       018CC56E35591C01AA0EE9D191ECD14972E8
Authority key identifier: FC:A9:8B:1D:0E:CC:CC:4F:6F:F1:A7:E7:DB:84:B4:BB:2F:55:B0:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_KmLHQ7MzE9v8afn24S0uy9VsI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/AaukAvTMr-fEtm3UPs_ob2rgQkY.roa
Signing time:             Mon 01 Jan 2024 14:29:43 +0000
ROA not before:           Mon 01 Jan 2024 14:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49219
IP address blocks:        185.155.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/_KmLHQ7MzE9v8afn24S0uy9VsI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/_KmLHQ7MzE9v8afn24S0uy9VsI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_KmLHQ7MzE9v8afn24S0uy9VsI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:35:59:1c:01:aa:0e:e9:d1:91:ec:d1:49:72:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fca98b1d0ecccc4f6ff1a7e7db84b4bb2f55b08d
        Validity
            Not Before: Jan  1 14:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01aba402f4ccafe7c4b66dd43ecfe86f6ae04246
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:44:b9:d7:31:24:25:4e:5c:34:ff:16:7a:7e:
                    b9:fe:7d:44:ac:08:d5:0d:1b:5d:6c:f6:3c:d7:cb:
                    35:84:50:34:59:9b:17:6c:f1:f9:89:33:0b:cf:44:
                    fb:09:86:98:61:45:4c:7e:37:39:f6:d0:df:b8:d5:
                    c3:45:20:a7:22:10:a4:f1:69:9d:bd:9f:52:4f:3f:
                    44:4b:a7:2c:50:3a:0e:57:95:fa:41:76:8c:91:24:
                    87:6d:2b:ff:f7:52:cc:26:7e:27:87:b1:2c:4f:85:
                    6a:b2:9f:cc:eb:8b:8e:8f:ca:b3:69:c0:21:c0:8a:
                    5e:8c:b6:99:ad:ca:28:1e:73:2a:c4:d8:88:ee:98:
                    07:09:9c:a2:10:ea:3d:62:12:e4:65:90:83:da:c4:
                    1c:ab:6a:ba:22:37:02:63:1d:5e:f0:7b:70:01:08:
                    07:a6:6a:17:e8:5a:e8:61:4c:00:cb:77:50:48:4c:
                    c3:1a:86:d9:2a:8b:c4:0a:c8:c8:cd:ea:a1:9f:0e:
                    99:01:06:c3:2d:ca:e7:f8:61:d0:0f:52:7f:f2:de:
                    5f:f5:b4:20:6d:ad:27:51:8f:6e:9a:88:71:26:e6:
                    29:43:36:19:06:b3:41:78:6d:48:b7:e0:af:94:6a:
                    cb:dc:a7:d9:12:42:d9:2d:68:dc:7c:e0:a4:f7:e6:
                    52:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:AB:A4:02:F4:CC:AF:E7:C4:B6:6D:D4:3E:CF:E8:6F:6A:E0:42:46
            X509v3 Authority Key Identifier:
                keyid:FC:A9:8B:1D:0E:CC:CC:4F:6F:F1:A7:E7:DB:84:B4:BB:2F:55:B0:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_KmLHQ7MzE9v8afn24S0uy9VsI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/AaukAvTMr-fEtm3UPs_ob2rgQkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/_KmLHQ7MzE9v8afn24S0uy9VsI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:5d:53:e5:4b:66:15:ea:2c:d0:d1:31:76:db:90:99:8d:9e:
         9c:8d:4f:ec:92:a0:0e:8c:dd:6b:4e:68:5b:1b:00:8b:0a:a0:
         f8:5e:09:61:d8:d2:c2:ae:8c:62:73:4c:dc:31:f8:be:fe:7a:
         95:ee:28:e5:a4:c1:89:c7:8e:e4:03:da:b1:9a:84:ce:39:83:
         26:36:f8:23:1e:3c:5b:f3:10:78:6d:b1:a5:c4:eb:d2:e2:74:
         0c:0e:e5:03:70:01:f8:6f:17:d6:89:3d:af:12:00:9e:3e:2c:
         00:2b:ed:43:89:64:1c:4d:bc:cb:3b:a9:32:cd:e3:16:11:b8:
         e6:3f:b2:ec:c6:64:25:04:08:d3:c0:b8:e3:4d:48:4e:4a:a4:
         2d:4e:c4:34:b1:64:46:d3:78:32:a7:b8:68:70:bd:82:0e:16:
         55:b5:35:0f:6e:fa:d0:62:d5:f4:4e:0d:9e:1f:98:24:52:f5:
         01:bf:7e:44:85:3d:c1:67:9a:06:72:1e:86:05:fe:21:4f:ed:
         3c:42:1c:8d:8b:d1:08:8d:68:53:9c:9b:8b:b5:29:69:b5:41:
         a6:1d:40:f8:61:f8:92:cf:af:31:c2:10:21:2a:cc:65:2b:fc:
         17:a3:1a:1d:38:4a:0c:ef:30:46:ce:e6:da:22:2f:8e:16:0c:
         f4:dc:9f:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbjVZHAGqDunRkezRSXLoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYTk4YjFkMGVjY2NjNGY2ZmYxYTdlN2RiODRiNGJiMmY1
NWIwOGQwHhcNMjQwMTAxMTQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWFiYTQwMmY0Y2NhZmU3YzRiNjZkZDQzZWNmZTg2ZjZhZTA0MjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0S51zEkJU5cNP8Wen65/n1ErAjV
DRtdbPY818s1hFA0WZsXbPH5iTMLz0T7CYaYYUVMfjc59tDfuNXDRSCnIhCk8Wmd
vZ9STz9ES6csUDoOV5X6QXaMkSSHbSv/91LMJn4nh7EsT4Vqsp/M64uOj8qzacAh
wIpejLaZrcooHnMqxNiI7pgHCZyiEOo9YhLkZZCD2sQcq2q6IjcCYx1e8HtwAQgH
pmoX6FroYUwAy3dQSEzDGobZKovECsjIzeqhnw6ZAQbDLcrn+GHQD1J/8t5f9bQg
ba0nUY9umohxJuYpQzYZBrNBeG1It+CvlGrL3KfZEkLZLWjcfOCk9+ZSxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAGrpAL0zK/nxLZt1D7P6G9q4EJGMB8GA1UdIwQY
MBaAFPypix0OzMxPb/Gn59uEtLsvVbCNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0ttTEhRN016RTl2OGFmbjI0UzB1eTlWc0kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85NzFlNzMtZmE4My00NTc5LTg1MzIt
NThmMGYzMjVjMmI4LzEvQWF1a0F2VE1yLWZFdG0zVVBzX29iMnJnUWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85NzFlNzMtZmE4My00NTc5LTg1MzItNThmMGYzMjVjMmI4
LzEvX0ttTEhRN016RTl2OGFmbjI0UzB1eTlWc0kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZuOMA0G
CSqGSIb3DQEBCwUAA4IBAQAdXVPlS2YV6izQ0TF225CZjZ6cjU/skqAOjN1rTmhb
GwCLCqD4Xglh2NLCroxic0zcMfi+/nqV7ijlpMGJx47kA9qxmoTOOYMmNvgjHjxb
8xB4bbGlxOvS4nQMDuUDcAH4bxfWiT2vEgCePiwAK+1DiWQcTbzLO6kyzeMWEbjm
P7LsxmQlBAjTwLjjTUhOSqQtTsQ0sWRG03gyp7hocL2CDhZVtTUPbvrQYtX0Tg2e
H5gkUvUBv35EhT3BZ5oGch6GBf4hT+08QhyNi9EIjWhTnJuLtSlptUGmHUD4YfiS
z68xwhAhKsxlK/wXoxodOEoM7zBGzubaIi+OFgz03J8E
-----END CERTIFICATE-----