Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/0fef71-922e-4448-b37d-f740b9e1c480/1/fsqP-fO42J3wloUEpGscB-KU7to.roa
File:                     fsqP-fO42J3wloUEpGscB-KU7to.roa (raw, json)
Hash identifier:          vIsFJPaqGVVTM/xKMeyO9ayvtdmKmtrV9rDgTi4xrkE=
Subject key identifier:   7E:CA:8F:F9:F3:B8:D8:9D:F0:96:85:04:A4:6B:1C:07:E2:94:EE:DA
Certificate issuer:       /CN=19ce488efa3c184f4acb2fc30eb1a71fa116f9b4
Certificate serial:       018CC50015E062FF77E8A863D327E46B3D7C
Authority key identifier: 19:CE:48:8E:FA:3C:18:4F:4A:CB:2F:C3:0E:B1:A7:1F:A1:16:F9:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gc5Ijvo8GE9Kyy_DDrGnH6EW-bQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/0fef71-922e-4448-b37d-f740b9e1c480/1/fsqP-fO42J3wloUEpGscB-KU7to.roa
Signing time:             Mon 01 Jan 2024 12:29:26 +0000
ROA not before:           Mon 01 Jan 2024 12:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210877
IP address blocks:        195.225.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/0fef71-922e-4448-b37d-f740b9e1c480/1/Gc5Ijvo8GE9Kyy_DDrGnH6EW-bQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/0fef71-922e-4448-b37d-f740b9e1c480/1/Gc5Ijvo8GE9Kyy_DDrGnH6EW-bQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gc5Ijvo8GE9Kyy_DDrGnH6EW-bQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:15:e0:62:ff:77:e8:a8:63:d3:27:e4:6b:3d:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19ce488efa3c184f4acb2fc30eb1a71fa116f9b4
        Validity
            Not Before: Jan  1 12:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7eca8ff9f3b8d89df0968504a46b1c07e294eeda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ab:18:1b:2a:40:07:bf:90:a2:5d:2c:c2:3e:
                    60:4f:16:cd:f5:0b:5e:ad:de:06:7e:08:18:97:e4:
                    22:7f:14:50:66:fc:68:78:e7:c6:9f:63:2f:1a:42:
                    79:0e:d6:74:52:a6:82:2b:76:fa:57:87:19:08:d5:
                    13:7b:dc:21:f9:1c:13:50:3e:06:a6:ea:30:ba:cc:
                    bd:d5:51:ce:e8:6a:46:52:45:f9:5b:62:5c:e3:e4:
                    e3:f2:e6:35:f4:bf:5d:b7:ab:36:8a:59:3e:14:d5:
                    3a:6a:dd:d3:6a:1a:5f:9f:9e:69:bc:54:66:36:f8:
                    ac:84:5e:92:52:f1:9f:43:5a:0d:67:4b:24:63:34:
                    13:89:78:98:54:ac:8b:78:bd:aa:0f:56:9b:fe:81:
                    d9:c8:b6:ad:29:ce:95:bc:24:f7:3a:d0:56:8b:4f:
                    9b:50:fe:86:a5:10:3f:b2:91:40:34:4b:7e:42:05:
                    6b:c1:02:b2:e4:2b:31:69:49:6c:6a:ff:6c:81:1e:
                    9c:31:46:a7:79:a9:44:2d:81:fd:72:71:ab:36:27:
                    a0:33:ff:99:57:49:52:05:07:e2:ed:7e:02:32:10:
                    cf:8b:7d:bf:69:10:0e:2b:10:34:e7:db:12:d6:4d:
                    e6:2c:bf:1a:c0:92:22:da:57:c0:d5:46:eb:96:be:
                    0f:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:CA:8F:F9:F3:B8:D8:9D:F0:96:85:04:A4:6B:1C:07:E2:94:EE:DA
            X509v3 Authority Key Identifier:
                keyid:19:CE:48:8E:FA:3C:18:4F:4A:CB:2F:C3:0E:B1:A7:1F:A1:16:F9:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gc5Ijvo8GE9Kyy_DDrGnH6EW-bQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/0fef71-922e-4448-b37d-f740b9e1c480/1/fsqP-fO42J3wloUEpGscB-KU7to.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/0fef71-922e-4448-b37d-f740b9e1c480/1/Gc5Ijvo8GE9Kyy_DDrGnH6EW-bQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:73:c6:56:d5:0c:27:5e:14:da:ee:08:d0:6b:f7:74:d2:26:
         4c:44:89:15:75:11:7f:18:6a:79:b5:e1:4a:da:54:5f:b6:7a:
         d3:4c:b7:8f:a2:56:24:31:e2:c5:f8:7d:70:f3:20:0b:85:9b:
         86:3f:fe:55:9a:79:40:87:f3:4f:56:34:e1:a7:68:7f:38:ac:
         ba:e4:d7:4d:62:b3:38:69:39:9f:77:f8:94:97:a1:79:15:ab:
         ce:12:3b:eb:e7:9c:1a:62:c8:1d:48:da:9f:3e:0c:7d:24:b9:
         e4:f0:7e:ca:5d:f3:34:4b:67:5e:f0:48:bb:18:c0:d4:85:ab:
         f8:e1:84:30:de:64:79:39:dd:ed:0a:8a:2c:39:ab:21:f1:5b:
         21:c8:3c:4e:78:3e:ba:96:7d:8e:f4:a8:e2:12:dd:2c:9f:15:
         ac:05:dd:99:14:0a:aa:46:cc:a5:66:7e:59:71:3f:96:3e:e1:
         66:47:8d:1e:09:aa:55:e2:f9:42:a6:3e:11:04:77:f0:d8:fb:
         10:c4:8b:0a:9a:8b:00:5b:43:d8:e2:72:5a:0d:f4:41:e0:73:
         c9:b1:55:0b:d1:bf:5f:e3:07:48:0b:7f:9f:02:fb:b2:2e:00:
         e3:bd:06:a0:08:62:2f:77:e6:24:96:9a:f5:6b:c5:4d:ba:9d:
         f9:8a:5c:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABXgYv936Khj0yfkaz18MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5Y2U0ODhlZmEzYzE4NGY0YWNiMmZjMzBlYjFhNzFmYTEx
NmY5YjQwHhcNMjQwMTAxMTIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWNhOGZmOWYzYjhkODlkZjA5Njg1MDRhNDZiMWMwN2UyOTRlZWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKsYGypAB7+Qol0swj5gTxbN9Qte
rd4GfggYl+QifxRQZvxoeOfGn2MvGkJ5DtZ0UqaCK3b6V4cZCNUTe9wh+RwTUD4G
puowusy91VHO6GpGUkX5W2Jc4+Tj8uY19L9dt6s2ilk+FNU6at3Tahpfn55pvFRm
NvishF6SUvGfQ1oNZ0skYzQTiXiYVKyLeL2qD1ab/oHZyLatKc6VvCT3OtBWi0+b
UP6GpRA/spFANEt+QgVrwQKy5CsxaUlsav9sgR6cMUanealELYH9cnGrNiegM/+Z
V0lSBQfi7X4CMhDPi32/aRAOKxA059sS1k3mLL8awJIi2lfA1Ubrlr4P3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7Kj/nzuNid8JaFBKRrHAfilO7aMB8GA1UdIwQY
MBaAFBnOSI76PBhPSssvww6xpx+hFvm0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2M1SWp2bzhHRTlLeXlfRERyR25INkVXLWJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi8wZmVmNzEtOTIyZS00NDQ4LWIzN2Qt
Zjc0MGI5ZTFjNDgwLzEvZnNxUC1mTzQySjN3bG9VRXBHc2NCLUtVN3RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi8wZmVmNzEtOTIyZS00NDQ4LWIzN2QtZjc0MGI5ZTFjNDgw
LzEvR2M1SWp2bzhHRTlLeXlfRERyR25INkVXLWJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+HoMA0G
CSqGSIb3DQEBCwUAA4IBAQDLc8ZW1QwnXhTa7gjQa/d00iZMRIkVdRF/GGp5teFK
2lRftnrTTLePolYkMeLF+H1w8yALhZuGP/5VmnlAh/NPVjThp2h/OKy65NdNYrM4
aTmfd/iUl6F5FavOEjvr55waYsgdSNqfPgx9JLnk8H7KXfM0S2de8Ei7GMDUhav4
4YQw3mR5Od3tCoosOash8VshyDxOeD66ln2O9KjiEt0snxWsBd2ZFAqqRsylZn5Z
cT+WPuFmR40eCapV4vlCpj4RBHfw2PsQxIsKmosAW0PY4nJaDfRB4HPJsVUL0b9f
4wdIC3+fAvuyLgDjvQagCGIvd+Yklpr1a8VNup35ilyt
-----END CERTIFICATE-----