Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/FxJXaKKcMio88WGHnbYr03Kv0yw.roa
File:                     FxJXaKKcMio88WGHnbYr03Kv0yw.roa (raw, json)
Hash identifier:          ulILGD/oqmLDjiNKLaTasxVQh4GX50IH3WbqYSQIYPA=
Subject key identifier:   17:12:57:68:A2:9C:32:2A:3C:F1:61:87:9D:B6:2B:D3:72:AF:D3:2C
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       018CC6B932E9B65E594355F3C0B80B1154A9
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/FxJXaKKcMio88WGHnbYr03Kv0yw.roa
Signing time:             Mon 01 Jan 2024 20:31:15 +0000
ROA not before:           Mon 01 Jan 2024 20:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34314
IP address blocks:        151.237.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:32:e9:b6:5e:59:43:55:f3:c0:b8:0b:11:54:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  1 20:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17125768a29c322a3cf161879db62bd372afd32c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:26:a8:40:9e:fe:97:74:b6:ab:32:48:e7:c1:
                    98:32:26:1d:41:5b:0c:ae:d1:6b:44:a6:9d:6a:15:
                    07:ff:5e:fc:47:d1:55:e1:56:ae:fd:f8:d0:bc:f7:
                    e7:bc:51:62:38:c4:77:84:c7:37:e9:37:a3:98:5b:
                    64:d0:e3:54:7e:dd:6c:25:6a:bf:dd:c2:0c:fd:09:
                    25:a2:50:34:f9:11:06:77:7f:c4:2d:85:36:09:7e:
                    d6:bf:81:10:3b:cf:3d:6a:31:02:ff:43:d0:d9:c1:
                    c6:2c:ef:88:81:41:61:7a:aa:78:4f:33:49:ac:29:
                    44:37:28:e4:88:f9:29:e6:c7:a0:e9:34:31:71:38:
                    43:eb:55:83:1a:e3:58:be:39:49:7f:8a:8f:3b:7f:
                    b4:cb:bf:08:19:13:32:89:43:da:a8:3a:9e:4d:74:
                    6c:ea:63:4f:46:7b:e3:b9:1e:5a:5f:6c:d0:44:43:
                    76:e9:f8:f7:b2:6e:5b:59:58:86:b0:8b:13:aa:45:
                    0f:96:44:3f:a4:4c:0f:ec:f4:9f:7f:0d:5d:99:87:
                    d7:b6:ed:24:4e:f6:98:1a:56:3b:a6:38:8c:56:14:
                    77:c5:a9:96:3f:81:e5:05:c3:ae:5e:a4:f6:d8:37:
                    c0:3f:50:c2:b4:74:e4:bd:28:bf:4f:0a:e3:5c:db:
                    6d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:12:57:68:A2:9C:32:2A:3C:F1:61:87:9D:B6:2B:D3:72:AF:D3:2C
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/FxJXaKKcMio88WGHnbYr03Kv0yw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.237.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:49:d1:0c:aa:6b:b2:d3:f5:7c:a1:62:b1:bd:3c:74:53:03:
         ae:e2:47:02:43:8a:80:45:fc:e3:bc:dc:71:57:b4:f7:8f:ce:
         6a:94:68:6f:da:9d:be:d0:75:5c:20:b2:82:8a:d1:d8:80:d1:
         62:fe:34:b4:3b:2e:10:af:a4:58:76:9b:7d:18:36:3d:c5:9e:
         20:03:91:72:4d:ec:7f:3f:c4:e3:75:a5:c0:9e:df:2b:b8:72:
         21:e4:77:77:90:31:9a:e6:08:f1:af:5b:c5:5d:15:9d:29:e8:
         ef:14:a7:c2:3f:e3:10:5c:fe:d3:ac:84:6c:db:36:1b:c1:8b:
         1a:57:f4:79:96:d9:8d:20:2a:e5:c1:c9:b9:ca:ee:c8:75:b4:
         01:e1:15:02:9e:46:37:ba:17:c6:a0:18:8a:1b:ca:36:9d:76:
         a3:4c:e5:49:ef:e5:3a:6b:2d:bb:6e:19:e0:96:b1:e1:20:fb:
         9c:ec:ca:64:de:dc:e8:cf:18:8e:81:20:e8:f4:cb:bc:7d:a5:
         53:70:62:e5:15:f0:b1:b6:d3:a1:53:ff:e1:29:04:b5:b2:57:
         19:ea:7a:a5:41:91:0e:3c:d2:5e:8b:48:2c:52:3b:9a:02:5d:
         11:17:c1:7f:e4:13:c7:49:a0:37:e8:43:07:cd:fd:c5:e9:09:
         4a:ca:55:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuTLptl5ZQ1XzwLgLEVSpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjQwMTAxMjAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzEyNTc2OGEyOWMzMjJhM2NmMTYxODc5ZGI2MmJkMzcyYWZkMzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuiaoQJ7+l3S2qzJI58GYMiYdQVsM
rtFrRKadahUH/178R9FV4Vau/fjQvPfnvFFiOMR3hMc36TejmFtk0ONUft1sJWq/
3cIM/QklolA0+REGd3/ELYU2CX7Wv4EQO889ajEC/0PQ2cHGLO+IgUFheqp4TzNJ
rClENyjkiPkp5seg6TQxcThD61WDGuNYvjlJf4qPO3+0y78IGRMyiUPaqDqeTXRs
6mNPRnvjuR5aX2zQREN26fj3sm5bWViGsIsTqkUPlkQ/pEwP7PSffw1dmYfXtu0k
TvaYGlY7pjiMVhR3xamWP4HlBcOuXqT22DfAP1DCtHTkvSi/TwrjXNttmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcSV2iinDIqPPFhh522K9Nyr9MsMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvRnhKWGFLS2NNaW84OFdHSG5iWXIwM0t2MHl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl+2PMA0G
CSqGSIb3DQEBCwUAA4IBAQABSdEMqmuy0/V8oWKxvTx0UwOu4kcCQ4qARfzjvNxx
V7T3j85qlGhv2p2+0HVcILKCitHYgNFi/jS0Oy4Qr6RYdpt9GDY9xZ4gA5FyTex/
P8TjdaXAnt8ruHIh5Hd3kDGa5gjxr1vFXRWdKejvFKfCP+MQXP7TrIRs2zYbwYsa
V/R5ltmNICrlwcm5yu7IdbQB4RUCnkY3uhfGoBiKG8o2nXajTOVJ7+U6ay27bhng
lrHhIPuc7Mpk3tzozxiOgSDo9Mu8faVTcGLlFfCxttOhU//hKQS1slcZ6nqlQZEO
PNJei0gsUjuaAl0RF8F/5BPHSaA36EMHzf3F6QlKylUO
-----END CERTIFICATE-----