Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/fjY8q1JWrkNhQuuIkmuZqyMac5c.roa
File:                     fjY8q1JWrkNhQuuIkmuZqyMac5c.roa (raw, json)
Hash identifier:          3bnw1IhtKWQ2qEAlV2lSXtJH8GzuTVekJZtnDPc1txI=
Subject key identifier:   7E:36:3C:AB:52:56:AE:43:61:42:EB:88:92:6B:99:AB:23:1A:73:97
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B49C34D7050E0E65713D810059092
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/fjY8q1JWrkNhQuuIkmuZqyMac5c.roa
Signing time:             Tue 02 Jan 2024 12:34:43 +0000
ROA not before:           Tue 02 Jan 2024 12:34:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3170
IP address blocks:        185.133.73.0/24 maxlen: 32
                          194.156.159.0/24 maxlen: 32
                          2a06:7a03::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:49:c3:4d:70:50:e0:e6:57:13:d8:10:05:90:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e363cab5256ae436142eb88926b99ab231a7397
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a2:ae:7a:9d:5b:f1:74:32:01:04:49:28:a7:
                    87:fa:34:6d:f3:1f:1d:6b:d3:6c:27:2f:5b:8b:78:
                    ba:e0:38:e0:54:e0:65:fa:86:1e:46:19:5b:9d:e4:
                    10:a4:7f:fd:f7:68:ad:43:25:f8:12:3f:31:aa:25:
                    74:06:95:a8:47:7f:d6:8a:bf:03:37:55:4f:e6:74:
                    c6:c0:93:b3:2b:18:ca:e3:6e:11:20:62:89:e6:f5:
                    e9:2f:7b:f8:13:e4:89:e1:eb:ff:ec:05:83:7a:aa:
                    07:37:44:b6:d3:a6:16:21:2c:46:aa:fe:9a:34:b6:
                    0b:d9:3f:bc:da:70:db:0f:80:17:6e:75:3c:f6:5a:
                    39:29:f7:ec:73:64:3b:3c:ba:09:5d:cb:4a:e1:42:
                    6c:01:00:88:3d:a5:c5:f1:15:b6:21:80:b6:df:b6:
                    70:aa:f1:fc:79:e0:19:bb:e1:53:fc:92:98:f8:29:
                    99:6a:f3:a5:e8:bb:d5:a9:e1:e0:2f:98:58:80:39:
                    c4:3f:0b:a5:57:53:80:bb:f4:f3:03:cc:d3:dc:1d:
                    2e:08:17:a3:b1:49:29:7e:84:53:11:ff:c6:ea:7c:
                    d1:d9:22:df:ee:e4:5d:55:78:6a:09:6f:16:de:c4:
                    13:31:46:84:79:9c:79:e6:89:19:73:33:db:60:57:
                    f4:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:36:3C:AB:52:56:AE:43:61:42:EB:88:92:6B:99:AB:23:1A:73:97
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/fjY8q1JWrkNhQuuIkmuZqyMac5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.73.0/24
                  194.156.159.0/24
                IPv6:
                  2a06:7a03::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:5d:d3:0c:b3:07:1f:67:8b:a1:f2:2f:e2:81:60:c3:b1:34:
         79:36:38:28:6c:5a:8b:dc:81:80:1c:d0:0b:33:ce:51:4c:3a:
         c6:7c:77:ba:ba:09:42:3d:5f:52:21:98:37:20:e4:84:91:eb:
         cf:9f:17:83:51:9c:7b:78:7c:20:a0:d3:11:f6:47:57:f5:dc:
         5b:e5:5f:62:65:df:76:55:1f:fe:17:25:fc:bc:96:64:29:ea:
         9b:b1:8b:4b:25:6c:62:f6:65:79:a5:c5:43:23:63:93:55:ce:
         6d:71:46:7b:ec:31:3a:47:9f:f7:3a:96:9f:58:47:0f:d7:cb:
         b1:8c:48:a1:df:9b:f0:1d:ea:f7:7a:74:0a:6c:b6:53:5d:1c:
         4e:43:d2:51:4b:ae:ab:0a:c8:31:ab:ab:14:ec:7d:14:c9:0d:
         35:3e:62:27:5b:dd:4c:24:21:3b:16:91:27:f1:2b:a9:04:9c:
         b4:64:f1:12:14:bb:7d:15:8d:2d:0c:cc:c2:e6:96:35:43:59:
         ab:94:d5:5a:ba:76:01:df:23:8d:3a:aa:c7:89:aa:ed:81:1e:
         52:4d:fc:45:79:76:33:2f:3c:ef:09:52:47:79:52:fe:7e:d5:
         1e:cf:26:3a:28:6b:cf:20:5d:6a:bd:56:37:66:a0:05:d6:fc:
         8b:11:5e:43
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzKK0nDTXBQ4OZXE9gQBZCSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTM2M2NhYjUyNTZhZTQzNjE0MmViODg5MjZiOTlhYjIzMWE3Mzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqKuep1b8XQyAQRJKKeH+jRt8x8d
a9NsJy9bi3i64DjgVOBl+oYeRhlbneQQpH/992itQyX4Ej8xqiV0BpWoR3/Wir8D
N1VP5nTGwJOzKxjK424RIGKJ5vXpL3v4E+SJ4ev/7AWDeqoHN0S206YWISxGqv6a
NLYL2T+82nDbD4AXbnU89lo5Kffsc2Q7PLoJXctK4UJsAQCIPaXF8RW2IYC237Zw
qvH8eeAZu+FT/JKY+CmZavOl6LvVqeHgL5hYgDnEPwulV1OAu/TzA8zT3B0uCBej
sUkpfoRTEf/G6nzR2SLf7uRdVXhqCW8W3sQTMUaEeZx55okZczPbYFf01wIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFH42PKtSVq5DYULriJJrmasjGnOXMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvZmpZOHExSldya05oUXV1SWttdVpxeU1hYzVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAuYVJAwQA
wpyfMA8EAgACMAkDBwAqBnoDAAAwDQYJKoZIhvcNAQELBQADggEBAJhd0wyzBx9n
i6HyL+KBYMOxNHk2OChsWovcgYAc0AszzlFMOsZ8d7q6CUI9X1IhmDcg5ISR68+f
F4NRnHt4fCCg0xH2R1f13FvlX2Jl33ZVH/4XJfy8lmQp6puxi0slbGL2ZXmlxUMj
Y5NVzm1xRnvsMTpHn/c6lp9YRw/Xy7GMSKHfm/Ad6vd6dApstlNdHE5D0lFLrqsK
yDGrqxTsfRTJDTU+Yidb3UwkITsWkSfxK6kEnLRk8RIUu30VjS0MzMLmljVDWauU
1Vq6dgHfI406qseJqu2BHlJN/EV5djMvPO8JUkd5Uv5+1R7PJjooa88gXWq9Vjdm
oAXW/IsRXkM=
-----END CERTIFICATE-----