Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/50013a-fb19-45cf-ad8a-326c1e370bcf/1/fNdiIrG0z371KR0ESeNfXjbz58w.roa
File:                     fNdiIrG0z371KR0ESeNfXjbz58w.roa (raw, json)
Hash identifier:          0xSiFmBuQxwrZ4GGb42Rr2ioGBghj4NwbjEoLZ2/LP4=
Subject key identifier:   7C:D7:62:22:B1:B4:CF:7E:F5:29:1D:04:49:E3:5F:5E:36:F3:E7:CC
Certificate issuer:       /CN=820625b669e89a75ae78df0081d6f01b67c7b3cf
Certificate serial:       018CC26D0F84D1CBF47E3F940C10283A7CF7
Authority key identifier: 82:06:25:B6:69:E8:9A:75:AE:78:DF:00:81:D6:F0:1B:67:C7:B3:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ggYltmnomnWueN8AgdbwG2fHs88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/50013a-fb19-45cf-ad8a-326c1e370bcf/1/fNdiIrG0z371KR0ESeNfXjbz58w.roa
Signing time:             Mon 01 Jan 2024 00:29:36 +0000
ROA not before:           Mon 01 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56655
IP address blocks:        194.110.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/50013a-fb19-45cf-ad8a-326c1e370bcf/1/ggYltmnomnWueN8AgdbwG2fHs88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/50013a-fb19-45cf-ad8a-326c1e370bcf/1/ggYltmnomnWueN8AgdbwG2fHs88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ggYltmnomnWueN8AgdbwG2fHs88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0f:84:d1:cb:f4:7e:3f:94:0c:10:28:3a:7c:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=820625b669e89a75ae78df0081d6f01b67c7b3cf
        Validity
            Not Before: Jan  1 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cd76222b1b4cf7ef5291d0449e35f5e36f3e7cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:9e:bc:fa:95:f3:33:80:3e:fe:fb:26:30:ae:
                    19:f9:10:1d:b0:39:12:ec:7f:80:af:b2:70:4b:a2:
                    fa:00:c7:5a:84:4d:77:9b:7b:3f:ba:fa:00:70:85:
                    7a:b1:9d:bf:24:5a:a0:db:72:63:07:e0:cc:ed:52:
                    19:3e:0c:02:bf:ad:e3:9c:01:ca:d7:84:60:b4:63:
                    c9:d6:9a:88:a3:eb:69:6d:7e:6a:c8:c0:3b:1a:de:
                    62:a4:a0:8d:c2:d2:7e:bd:6d:07:22:85:b2:02:d7:
                    24:c0:3a:41:a7:ed:c7:41:c1:ca:f6:47:0b:a5:70:
                    75:f3:9a:3d:71:96:b7:d6:b0:dc:8c:a5:87:e7:a6:
                    90:00:30:50:9c:98:09:2d:b9:29:c1:50:b7:3f:bc:
                    76:28:75:c1:f8:96:82:ca:94:06:39:c9:3e:b7:1a:
                    f4:fc:7c:e2:10:a7:d6:93:a5:bf:65:7b:93:88:0a:
                    10:b9:0c:c4:4b:13:3c:a7:58:6e:b4:bd:59:0c:89:
                    70:d5:e9:d9:01:02:9d:96:7d:04:c5:39:73:de:c2:
                    9a:08:d6:72:94:d2:6c:01:14:cf:5d:3f:e2:77:2b:
                    65:67:e0:33:b5:f7:dd:ae:38:aa:8e:b8:12:90:38:
                    1c:ed:21:91:e4:92:85:cd:32:7a:cc:09:39:f5:65:
                    8c:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:D7:62:22:B1:B4:CF:7E:F5:29:1D:04:49:E3:5F:5E:36:F3:E7:CC
            X509v3 Authority Key Identifier:
                keyid:82:06:25:B6:69:E8:9A:75:AE:78:DF:00:81:D6:F0:1B:67:C7:B3:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ggYltmnomnWueN8AgdbwG2fHs88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/50013a-fb19-45cf-ad8a-326c1e370bcf/1/fNdiIrG0z371KR0ESeNfXjbz58w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/50013a-fb19-45cf-ad8a-326c1e370bcf/1/ggYltmnomnWueN8AgdbwG2fHs88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:20:04:eb:a5:4b:c3:f5:60:37:77:15:a5:ce:fb:18:ce:f1:
         83:df:ff:57:56:07:27:ed:8c:bb:f6:9b:14:78:15:a5:fb:f8:
         90:66:52:b6:97:4a:11:04:7c:24:72:8e:23:9f:49:ef:33:57:
         12:75:39:9e:f0:34:bf:04:54:4c:cb:22:f7:d6:5f:24:42:95:
         ec:54:cd:04:6a:f0:96:e7:5f:b9:a0:4b:4d:54:ac:1f:35:c6:
         be:6f:fe:48:70:5e:d1:14:dc:bd:76:bf:01:4c:00:9d:35:18:
         e4:2c:dd:20:0f:96:85:b0:c7:62:a4:51:1d:a6:63:ca:d4:5f:
         4e:1f:ed:c2:2a:79:58:42:61:6c:87:89:8c:5b:95:31:d3:94:
         6c:22:6b:72:e2:33:2e:09:92:78:23:0d:e2:78:d6:ab:78:d1:
         a3:7a:fa:24:48:a2:c8:67:c4:df:c5:47:a8:e5:9e:a5:27:af:
         a5:c0:80:f3:d4:73:ae:70:b8:d3:80:68:58:26:ce:1c:02:dd:
         0c:bd:73:e0:40:c9:10:3c:93:1e:cc:04:51:b4:8a:14:3c:4a:
         76:88:3f:11:33:20:e2:00:e5:b7:80:6f:55:9b:fb:87:73:f8:
         b4:15:6e:20:fc:5f:ca:75:de:4e:8e:2f:eb:52:a6:63:2d:90:
         73:a4:e3:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQ+E0cv0fj+UDBAoOnz3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMDYyNWI2NjllODlhNzVhZTc4ZGYwMDgxZDZmMDFiNjdj
N2IzY2YwHhcNMjQwMTAxMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2Q3NjIyMmIxYjRjZjdlZjUyOTFkMDQ0OWUzNWY1ZTM2ZjNlN2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJ68+pXzM4A+/vsmMK4Z+RAdsDkS
7H+Ar7JwS6L6AMdahE13m3s/uvoAcIV6sZ2/JFqg23JjB+DM7VIZPgwCv63jnAHK
14RgtGPJ1pqIo+tpbX5qyMA7Gt5ipKCNwtJ+vW0HIoWyAtckwDpBp+3HQcHK9kcL
pXB185o9cZa31rDcjKWH56aQADBQnJgJLbkpwVC3P7x2KHXB+JaCypQGOck+txr0
/HziEKfWk6W/ZXuTiAoQuQzESxM8p1hutL1ZDIlw1enZAQKdln0ExTlz3sKaCNZy
lNJsARTPXT/idytlZ+AztffdrjiqjrgSkDgc7SGR5JKFzTJ6zAk59WWMeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHzXYiKxtM9+9SkdBEnjX1428+fMMB8GA1UdIwQY
MBaAFIIGJbZp6Jp1rnjfAIHW8Btnx7PPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2dZbHRtbm9tbld1ZU44QWdkYndHMmZIczg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC81MDAxM2EtZmIxOS00NWNmLWFkOGEt
MzI2YzFlMzcwYmNmLzEvZk5kaUlyRzB6MzcxS1IwRVNlTmZYamJ6NTh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC81MDAxM2EtZmIxOS00NWNmLWFkOGEtMzI2YzFlMzcwYmNm
LzEvZ2dZbHRtbm9tbld1ZU44QWdkYndHMmZIczg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm7PMA0G
CSqGSIb3DQEBCwUAA4IBAQB2IATrpUvD9WA3dxWlzvsYzvGD3/9XVgcn7Yy79psU
eBWl+/iQZlK2l0oRBHwkco4jn0nvM1cSdTme8DS/BFRMyyL31l8kQpXsVM0EavCW
51+5oEtNVKwfNca+b/5IcF7RFNy9dr8BTACdNRjkLN0gD5aFsMdipFEdpmPK1F9O
H+3CKnlYQmFsh4mMW5Ux05RsImty4jMuCZJ4Iw3ieNareNGjevokSKLIZ8TfxUeo
5Z6lJ6+lwIDz1HOucLjTgGhYJs4cAt0MvXPgQMkQPJMezARRtIoUPEp2iD8RMyDi
AOW3gG9Vm/uHc/i0FW4g/F/Kdd5Oji/rUqZjLZBzpOOZ
-----END CERTIFICATE-----