Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/d8e5aa-b119-459e-93f6-a146d6047337/1/rVjgfWpjyg70wPu9fcdhUdrSqHk.roa
File:                     rVjgfWpjyg70wPu9fcdhUdrSqHk.roa (raw, json)
Hash identifier:          4xpQD7DTfvLOkebcDLgZCOywBHI/04vngp1mBphzENQ=
Subject key identifier:   AD:58:E0:7D:6A:63:CA:0E:F4:C0:FB:BD:7D:C7:61:51:DA:D2:A8:79
Certificate issuer:       /CN=fdbc9e910316be2f0433aa95392cd6739dc26b86
Certificate serial:       018CC493815B7FBE91037E252D8026429904
Authority key identifier: FD:BC:9E:91:03:16:BE:2F:04:33:AA:95:39:2C:D6:73:9D:C2:6B:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_byekQMWvi8EM6qVOSzWc53Ca4Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/d8e5aa-b119-459e-93f6-a146d6047337/1/rVjgfWpjyg70wPu9fcdhUdrSqHk.roa
Signing time:             Mon 01 Jan 2024 10:30:50 +0000
ROA not before:           Mon 01 Jan 2024 10:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        185.212.124.0/23 maxlen: 23
                          185.212.124.0/22 maxlen: 22
                          185.212.126.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/d8e5aa-b119-459e-93f6-a146d6047337/1/_byekQMWvi8EM6qVOSzWc53Ca4Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/d8e5aa-b119-459e-93f6-a146d6047337/1/_byekQMWvi8EM6qVOSzWc53Ca4Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_byekQMWvi8EM6qVOSzWc53Ca4Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:81:5b:7f:be:91:03:7e:25:2d:80:26:42:99:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdbc9e910316be2f0433aa95392cd6739dc26b86
        Validity
            Not Before: Jan  1 10:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad58e07d6a63ca0ef4c0fbbd7dc76151dad2a879
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b5:d4:2a:74:db:0f:97:8f:2e:04:ae:32:09:
                    2f:83:1c:20:5f:a3:e8:7a:60:a3:b7:47:d2:8b:f8:
                    c2:62:97:cf:7e:ad:9d:6c:b9:cd:db:f3:46:6e:9e:
                    64:68:f4:a9:1d:3d:39:58:75:42:37:94:19:f8:17:
                    04:16:7c:07:e2:57:bd:f6:54:38:85:eb:14:be:4a:
                    d0:ce:c9:47:e3:21:61:06:2f:3e:ba:b8:8f:ed:05:
                    95:c4:dc:04:ef:55:49:e1:86:8c:ce:51:a7:52:ea:
                    3b:48:15:7c:69:97:f2:87:a4:24:3e:ea:43:58:91:
                    c5:10:77:f3:94:df:50:b7:d3:c9:a3:09:e4:43:65:
                    3e:82:7f:7c:a4:5c:36:bf:16:4a:70:6b:6f:81:1e:
                    f1:d7:32:a0:a5:23:57:8b:e0:fc:f1:97:72:f2:9a:
                    95:7f:9c:6b:54:0a:c5:14:63:5e:fa:db:0e:c2:75:
                    aa:1d:84:4f:66:4f:1b:5e:5f:ba:4f:33:88:9f:0b:
                    5b:84:df:00:d9:d7:5c:01:6e:18:97:43:7f:b1:cf:
                    e4:7a:98:45:e2:b1:2c:32:29:ba:0c:7e:aa:8c:ed:
                    f5:d8:a3:dd:58:0c:7f:eb:1b:0c:38:9e:b3:1e:36:
                    28:ce:dc:cc:0a:a6:69:ad:cb:d2:c0:01:6c:6f:38:
                    b2:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:58:E0:7D:6A:63:CA:0E:F4:C0:FB:BD:7D:C7:61:51:DA:D2:A8:79
            X509v3 Authority Key Identifier:
                keyid:FD:BC:9E:91:03:16:BE:2F:04:33:AA:95:39:2C:D6:73:9D:C2:6B:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_byekQMWvi8EM6qVOSzWc53Ca4Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/d8e5aa-b119-459e-93f6-a146d6047337/1/rVjgfWpjyg70wPu9fcdhUdrSqHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/d8e5aa-b119-459e-93f6-a146d6047337/1/_byekQMWvi8EM6qVOSzWc53Ca4Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:01:09:0d:90:37:30:dc:64:a7:42:fb:98:2e:03:3f:0d:80:
         d5:27:19:ca:48:6d:2e:d1:3a:4d:a1:6a:4a:a7:16:ea:ab:4c:
         19:de:31:ea:21:aa:50:ac:41:de:35:79:ae:65:a4:74:8c:37:
         a4:78:a9:11:6e:3f:1b:39:df:12:63:fe:be:a2:3e:95:8f:cc:
         b2:17:47:c7:f0:de:54:96:2e:fd:8a:f2:3e:02:c4:7a:ce:e2:
         9e:9f:79:aa:e9:37:3b:78:3b:e2:83:e9:f6:6a:3c:c1:e1:6c:
         b8:c3:9d:a8:07:8c:b0:02:d9:80:eb:c2:da:96:6a:ef:f0:24:
         0f:2f:fb:12:9a:d6:5f:b7:9e:19:51:de:55:d0:ff:d0:10:f3:
         7d:52:bc:c7:d0:e8:1c:d6:42:7d:39:54:a7:4b:8b:d0:d7:8e:
         82:1b:00:81:79:5a:d8:f2:15:dd:81:9e:4e:fc:b6:60:06:44:
         28:3e:00:2d:7e:ef:f7:2f:7e:cc:2b:bd:22:79:0d:75:a0:31:
         67:bc:ea:c8:89:21:df:3b:06:4d:b4:9f:2b:b4:74:48:05:c9:
         5f:50:8a:b8:99:e3:72:91:d4:63:b7:6b:6c:3b:57:c9:c4:85:
         3a:0a:16:5c:c9:7b:93:04:64:c4:db:1b:78:17:15:a0:bf:b5:
         49:a4:56:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk4Fbf76RA34lLYAmQpkEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkYmM5ZTkxMDMxNmJlMmYwNDMzYWE5NTM5MmNkNjczOWRj
MjZiODYwHhcNMjQwMTAxMTAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDU4ZTA3ZDZhNjNjYTBlZjRjMGZiYmQ3ZGM3NjE1MWRhZDJhODc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLXUKnTbD5ePLgSuMgkvgxwgX6Po
emCjt0fSi/jCYpfPfq2dbLnN2/NGbp5kaPSpHT05WHVCN5QZ+BcEFnwH4le99lQ4
hesUvkrQzslH4yFhBi8+uriP7QWVxNwE71VJ4YaMzlGnUuo7SBV8aZfyh6QkPupD
WJHFEHfzlN9Qt9PJownkQ2U+gn98pFw2vxZKcGtvgR7x1zKgpSNXi+D88Zdy8pqV
f5xrVArFFGNe+tsOwnWqHYRPZk8bXl+6TzOInwtbhN8A2ddcAW4Yl0N/sc/kephF
4rEsMim6DH6qjO312KPdWAx/6xsMOJ6zHjYoztzMCqZprcvSwAFsbziyiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK1Y4H1qY8oO9MD7vX3HYVHa0qh5MB8GA1UdIwQY
MBaAFP28npEDFr4vBDOqlTks1nOdwmuGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2J5ZWtRTVd2aThFTTZxVk9TeldjNTNDYTRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9kOGU1YWEtYjExOS00NTllLTkzZjYt
YTE0NmQ2MDQ3MzM3LzEvclZqZ2ZXcGp5Zzcwd1B1OWZjZGhVZHJTcUhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9kOGU1YWEtYjExOS00NTllLTkzZjYtYTE0NmQ2MDQ3MzM3
LzEvX2J5ZWtRTVd2aThFTTZxVk9TeldjNTNDYTRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudR8MA0G
CSqGSIb3DQEBCwUAA4IBAQAQAQkNkDcw3GSnQvuYLgM/DYDVJxnKSG0u0TpNoWpK
pxbqq0wZ3jHqIapQrEHeNXmuZaR0jDekeKkRbj8bOd8SY/6+oj6Vj8yyF0fH8N5U
li79ivI+AsR6zuKen3mq6Tc7eDvig+n2ajzB4Wy4w52oB4ywAtmA68Lalmrv8CQP
L/sSmtZft54ZUd5V0P/QEPN9UrzH0Ogc1kJ9OVSnS4vQ146CGwCBeVrY8hXdgZ5O
/LZgBkQoPgAtfu/3L37MK70ieQ11oDFnvOrIiSHfOwZNtJ8rtHRIBclfUIq4meNy
kdRjt2tsO1fJxIU6ChZcyXuTBGTE2xt4FxWgv7VJpFaZ
-----END CERTIFICATE-----