Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/5QqXFX4YfawLZm2P_fekxXCfsJg.roa
File:                     5QqXFX4YfawLZm2P_fekxXCfsJg.roa (raw, json)
Hash identifier:          +XIf6ne78wEnnSnlU+NQjKB7coPXtvm0RpNOERgBEZ0=
Subject key identifier:   E5:0A:97:15:7E:18:7D:AC:0B:66:6D:8F:FD:F7:A4:C5:70:9F:B0:98
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       018CC6B944273591D080638FD64403163153
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/5QqXFX4YfawLZm2P_fekxXCfsJg.roa
Signing time:             Mon 01 Jan 2024 20:31:19 +0000
ROA not before:           Mon 01 Jan 2024 20:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205129
IP address blocks:        85.187.48.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 13:02:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:44:27:35:91:d0:80:63:8f:d6:44:03:16:31:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  1 20:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e50a97157e187dac0b666d8ffdf7a4c5709fb098
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:78:51:2c:21:96:8b:06:51:43:8d:4b:1d:09:
                    cc:67:36:b9:be:f6:6c:79:b2:95:c6:32:7b:86:65:
                    c3:0c:cd:e9:ba:fe:07:81:e1:e3:50:90:42:a8:60:
                    4d:3f:f9:cc:ce:65:ea:e8:d9:e0:0a:a3:af:b5:a5:
                    8e:3b:a2:88:5f:6d:5b:c3:5e:19:42:4b:99:38:c5:
                    0a:35:32:78:2b:17:f6:64:1f:17:44:1c:4d:85:a6:
                    93:0a:8b:f3:83:91:76:45:06:4c:b1:26:63:22:b8:
                    22:b5:b7:1a:a0:f3:1a:3f:50:b8:1f:ce:c5:88:40:
                    35:da:7f:22:76:63:ca:83:49:33:48:86:9c:b9:86:
                    c4:38:17:8a:44:41:e2:39:9a:22:0c:96:1a:02:f6:
                    95:65:77:12:14:25:5e:ab:4e:19:61:7d:43:45:d6:
                    d3:a9:31:43:f2:44:b3:62:ee:c9:05:0d:84:d0:70:
                    14:cd:a6:ec:52:d6:8d:ab:b6:2d:a7:50:ab:55:6a:
                    3d:31:f7:a1:60:c3:27:aa:39:44:05:b2:8e:15:ed:
                    85:04:ef:ae:cc:8a:78:0b:d1:83:44:fd:cd:0d:d2:
                    9d:36:c4:2a:3a:3b:f3:e9:2b:15:07:ac:76:d5:55:
                    4f:11:bb:4c:bd:30:69:2c:99:33:a2:7e:a0:c9:a3:
                    52:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:0A:97:15:7E:18:7D:AC:0B:66:6D:8F:FD:F7:A4:C5:70:9F:B0:98
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/5QqXFX4YfawLZm2P_fekxXCfsJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.187.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:d6:1d:5e:0f:e2:44:94:e4:d8:11:38:11:aa:44:2c:04:0b:
         96:1d:26:94:af:e7:8b:af:1c:fc:46:7a:7c:3c:d5:4b:f5:7e:
         dc:ff:c4:64:78:84:59:4b:38:f2:63:65:83:72:6a:58:63:28:
         4e:6a:f5:34:9f:5f:d7:14:c1:80:1a:df:ac:c0:c3:f8:24:bb:
         1a:04:fa:82:0d:95:4e:56:a1:c1:6f:74:27:63:89:42:6f:62:
         8e:db:2c:d2:a4:f5:6e:03:15:3e:41:64:b3:4c:62:b5:97:60:
         6a:56:50:14:83:86:51:fc:80:f8:c7:27:43:e1:a9:f4:2e:23:
         59:0d:68:37:3a:55:79:33:1d:6b:97:20:75:df:40:d7:1c:25:
         0a:2b:61:ae:2a:d8:f4:b6:4e:56:40:7a:1d:4d:85:52:db:62:
         09:79:39:a9:f1:f7:cc:69:f8:a3:4a:a8:02:35:56:b2:9e:1d:
         92:24:44:22:e6:f6:02:9b:bf:d2:42:05:b6:a0:84:8a:b9:40:
         b1:f6:b9:1d:e2:b8:69:f1:ad:ed:8d:ee:12:51:48:86:c0:e0:
         38:30:9a:b7:c5:ac:06:46:af:cb:e5:78:ca:28:4c:6e:9a:b6:
         a7:c9:e9:29:81:17:11:43:65:f7:dc:f9:dd:70:75:02:57:96:
         88:36:d4:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuUQnNZHQgGOP1kQDFjFTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjQwMTAxMjAzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTBhOTcxNTdlMTg3ZGFjMGI2NjZkOGZmZGY3YTRjNTcwOWZiMDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHhRLCGWiwZRQ41LHQnMZza5vvZs
ebKVxjJ7hmXDDM3puv4HgeHjUJBCqGBNP/nMzmXq6NngCqOvtaWOO6KIX21bw14Z
QkuZOMUKNTJ4Kxf2ZB8XRBxNhaaTCovzg5F2RQZMsSZjIrgitbcaoPMaP1C4H87F
iEA12n8idmPKg0kzSIacuYbEOBeKREHiOZoiDJYaAvaVZXcSFCVeq04ZYX1DRdbT
qTFD8kSzYu7JBQ2E0HAUzabsUtaNq7Ytp1CrVWo9MfehYMMnqjlEBbKOFe2FBO+u
zIp4C9GDRP3NDdKdNsQqOjvz6SsVB6x21VVPEbtMvTBpLJkzon6gyaNS6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOUKlxV+GH2sC2Ztj/33pMVwn7CYMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvNVFxWEZYNFlmYXdMWm0yUF9mZWt4WENmc0pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVbswMA0G
CSqGSIb3DQEBCwUAA4IBAQBF1h1eD+JElOTYETgRqkQsBAuWHSaUr+eLrxz8Rnp8
PNVL9X7c/8RkeIRZSzjyY2WDcmpYYyhOavU0n1/XFMGAGt+swMP4JLsaBPqCDZVO
VqHBb3QnY4lCb2KO2yzSpPVuAxU+QWSzTGK1l2BqVlAUg4ZR/ID4xydD4an0LiNZ
DWg3OlV5Mx1rlyB130DXHCUKK2GuKtj0tk5WQHodTYVS22IJeTmp8ffMafijSqgC
NVaynh2SJEQi5vYCm7/SQgW2oISKuUCx9rkd4rhp8a3tje4SUUiGwOA4MJq3xawG
Rq/L5XjKKExumranyekpgRcRQ2X33PndcHUCV5aINtSs
-----END CERTIFICATE-----