Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/mqIFHy4ZEzPCvBr0SyHTiwMzB84.roa
File:                     mqIFHy4ZEzPCvBr0SyHTiwMzB84.roa (raw, json)
Hash identifier:          GxKK9FgqIWgefTbpo/PMsNI7fe/ECtS2hgqdsZcixQY=
Subject key identifier:   9A:A2:05:1F:2E:19:13:33:C2:BC:1A:F4:4B:21:D3:8B:03:33:07:CE
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       018CC6B937A0A879E3AE8747DA3C6995D851
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/mqIFHy4ZEzPCvBr0SyHTiwMzB84.roa
Signing time:             Mon 01 Jan 2024 20:31:16 +0000
ROA not before:           Mon 01 Jan 2024 20:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49147
IP address blocks:        85.187.0.0/24 maxlen: 24
                          85.187.5.0/24 maxlen: 24
                          85.187.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:37:a0:a8:79:e3:ae:87:47:da:3c:69:95:d8:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  1 20:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9aa2051f2e191333c2bc1af44b21d38b033307ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:30:b6:20:38:ab:ec:a6:82:bc:14:0a:20:28:
                    83:2b:23:55:06:ee:c7:b7:2f:74:f5:e9:fc:77:39:
                    50:c4:91:25:01:3a:df:52:c0:4f:69:5e:bf:e2:3e:
                    41:01:d7:44:93:98:22:07:f5:c2:8c:e6:9d:47:97:
                    28:32:9c:37:c3:8f:0c:68:0a:b7:5f:53:64:8b:17:
                    11:0d:b1:39:46:f0:3e:91:42:a6:1a:73:d7:7b:3b:
                    dc:eb:cd:5c:f3:b4:26:65:64:22:94:38:5d:28:8b:
                    c5:a6:e2:e7:ed:85:1a:e9:e6:89:5f:4f:55:45:ff:
                    b9:3f:5c:09:0c:ef:17:12:df:f5:09:10:39:a0:2b:
                    ff:5d:af:c8:ac:d9:f7:52:29:c3:f8:33:b9:69:a3:
                    32:8d:55:80:ac:e4:2e:e0:e0:b2:f1:61:38:8a:1c:
                    c0:40:92:df:c0:4a:d2:5e:8b:59:6a:1c:99:a5:e1:
                    20:1a:a5:c0:5a:57:f2:45:c8:db:20:41:3a:15:d0:
                    92:0d:71:75:5f:cb:3f:65:bd:c8:63:53:df:95:0b:
                    96:34:36:4a:ff:e2:e9:62:d5:6d:3c:68:7b:5c:e2:
                    22:05:47:b4:07:f0:af:3e:94:f5:50:43:e9:29:60:
                    55:97:cf:f1:79:63:76:b4:e9:7b:ed:95:65:44:13:
                    73:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:A2:05:1F:2E:19:13:33:C2:BC:1A:F4:4B:21:D3:8B:03:33:07:CE
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/mqIFHy4ZEzPCvBr0SyHTiwMzB84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.187.0.0/24
                  85.187.5.0/24
                  85.187.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d8:50:7e:51:16:99:78:26:db:55:60:f3:94:ac:8a:5b:ee:aa:
         cf:87:55:28:eb:47:ad:11:02:da:4e:e6:a2:2c:27:ed:37:b2:
         d4:74:58:02:45:d5:8e:ad:f5:80:36:98:54:bd:31:8b:95:b1:
         fd:80:b9:61:59:e4:bb:d0:88:0f:c1:18:72:b7:42:0e:e6:01:
         37:97:c2:36:7d:d3:e4:23:ca:81:38:00:e1:98:aa:a0:95:7c:
         f2:da:b4:b2:af:46:89:c9:eb:56:15:89:ae:61:42:aa:0c:99:
         4a:45:ef:0f:d6:b5:26:85:c6:a9:43:12:f9:dd:df:0c:8e:8d:
         2d:8c:38:a0:55:c7:3c:1b:a1:de:5b:d2:96:7e:b3:58:fb:28:
         5b:e3:4e:d7:12:b8:09:49:a8:3e:df:53:26:a7:9b:16:c2:5c:
         be:15:a0:cc:8f:4b:72:59:66:0d:15:f3:dc:eb:99:3e:83:a8:
         21:4d:4b:df:0e:1f:91:27:15:48:0d:ab:5e:8a:2c:41:fb:04:
         7e:08:73:ab:82:87:8d:2b:bc:9d:d4:17:9d:68:e1:4a:40:d9:
         b8:7d:31:81:cc:8f:73:e7:d9:28:3b:a3:23:ed:83:d5:0a:bb:
         0a:ff:34:c3:ec:50:84:11:cd:87:25:97:c5:8e:d0:11:f1:b8:
         5c:43:a9:19
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGuTegqHnjrodH2jxpldhRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjQwMTAxMjAzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWEyMDUxZjJlMTkxMzMzYzJiYzFhZjQ0YjIxZDM4YjAzMzMwN2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjC2IDir7KaCvBQKICiDKyNVBu7H
ty909en8dzlQxJElATrfUsBPaV6/4j5BAddEk5giB/XCjOadR5coMpw3w48MaAq3
X1NkixcRDbE5RvA+kUKmGnPXezvc681c87QmZWQilDhdKIvFpuLn7YUa6eaJX09V
Rf+5P1wJDO8XEt/1CRA5oCv/Xa/IrNn3UinD+DO5aaMyjVWArOQu4OCy8WE4ihzA
QJLfwErSXotZahyZpeEgGqXAWlfyRcjbIEE6FdCSDXF1X8s/Zb3IY1PflQuWNDZK
/+LpYtVtPGh7XOIiBUe0B/CvPpT1UEPpKWBVl8/xeWN2tOl77ZVlRBNzQQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJqiBR8uGRMzwrwa9Esh04sDMwfOMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvbXFJRkh5NFpFelBDdkJyMFN5SFRpd016Qjg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVbsAAwQA
VbsFAwQAVbsMMA0GCSqGSIb3DQEBCwUAA4IBAQDYUH5RFpl4JttVYPOUrIpb7qrP
h1Uo60etEQLaTuaiLCftN7LUdFgCRdWOrfWANphUvTGLlbH9gLlhWeS70IgPwRhy
t0IO5gE3l8I2fdPkI8qBOADhmKqglXzy2rSyr0aJyetWFYmuYUKqDJlKRe8P1rUm
hcapQxL53d8Mjo0tjDigVcc8G6HeW9KWfrNY+yhb407XErgJSag+31Mmp5sWwly+
FaDMj0tyWWYNFfPc65k+g6ghTUvfDh+RJxVIDateiixB+wR+CHOrgoeNK7yd1Bed
aOFKQNm4fTGBzI9z59koO6Mj7YPVCrsK/zTD7FCEEc2HJZfFjtAR8bhcQ6kZ
-----END CERTIFICATE-----