Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/321f74-092d-4dff-b335-2054f6e61922/1/h7KFWNjT07gwReGJ-UIT6KdGM9w.roa
File:                     h7KFWNjT07gwReGJ-UIT6KdGM9w.roa (raw, json)
Hash identifier:          6tUDWPirv44VxYu4sCPsUuiGs7RWSYiYx24T58ZksSo=
Subject key identifier:   87:B2:85:58:D8:D3:D3:B8:30:45:E1:89:F9:42:13:E8:A7:46:33:DC
Certificate issuer:       /CN=1651d3ddc6add483b761ac0476269533fe7ea717
Certificate serial:       018CC4248EF1DD686F6C399FF0FFB3661213
Authority key identifier: 16:51:D3:DD:C6:AD:D4:83:B7:61:AC:04:76:26:95:33:FE:7E:A7:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FlHT3cat1IO3YawEdiaVM_5-pxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/321f74-092d-4dff-b335-2054f6e61922/1/h7KFWNjT07gwReGJ-UIT6KdGM9w.roa
Signing time:             Mon 01 Jan 2024 08:29:39 +0000
ROA not before:           Mon 01 Jan 2024 08:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206104
IP address blocks:        194.126.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/321f74-092d-4dff-b335-2054f6e61922/1/FlHT3cat1IO3YawEdiaVM_5-pxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/321f74-092d-4dff-b335-2054f6e61922/1/FlHT3cat1IO3YawEdiaVM_5-pxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FlHT3cat1IO3YawEdiaVM_5-pxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:03:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:8e:f1:dd:68:6f:6c:39:9f:f0:ff:b3:66:12:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1651d3ddc6add483b761ac0476269533fe7ea717
        Validity
            Not Before: Jan  1 08:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87b28558d8d3d3b83045e189f94213e8a74633dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:b1:05:c8:61:15:64:eb:36:9d:1f:7b:a8:cf:
                    4a:2e:c3:60:7a:af:1c:35:c0:e9:25:93:eb:e2:1b:
                    28:5b:ad:4f:17:e2:1d:69:a8:d3:58:1b:35:c8:3c:
                    51:bc:53:0d:6a:bf:f0:77:4c:ef:ff:4c:28:95:3d:
                    6c:95:37:9c:cb:9b:a6:44:ba:bf:c5:e2:17:2c:ee:
                    5e:7f:2d:63:13:f6:2c:ba:df:14:f8:f4:17:90:e0:
                    96:bb:2d:3d:8b:0a:14:96:d0:d7:09:50:7f:ff:25:
                    89:a0:0a:06:fe:2b:3d:8e:c6:24:70:51:e0:df:92:
                    2f:a1:ff:b8:4b:82:50:54:97:d8:88:8c:43:60:51:
                    b2:f9:20:0e:ba:25:87:f6:8b:6c:bb:cf:42:86:60:
                    f1:f9:41:e4:bd:f1:5f:3c:db:a5:e7:25:6c:3b:30:
                    97:2e:67:27:fb:e8:87:9a:31:e6:86:d8:7f:1e:c9:
                    59:fd:df:50:80:68:1d:09:66:3d:08:8b:9d:d7:fa:
                    f9:11:7d:0e:86:e6:88:50:49:d4:d1:a9:a4:86:16:
                    9e:0d:36:d5:ec:91:83:cd:b8:67:ef:8b:0e:17:64:
                    6e:c7:65:af:26:eb:09:b8:34:d4:1c:02:ca:70:c7:
                    67:7f:70:7e:ae:6b:e9:8d:72:95:f7:94:20:64:d5:
                    98:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:B2:85:58:D8:D3:D3:B8:30:45:E1:89:F9:42:13:E8:A7:46:33:DC
            X509v3 Authority Key Identifier:
                keyid:16:51:D3:DD:C6:AD:D4:83:B7:61:AC:04:76:26:95:33:FE:7E:A7:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FlHT3cat1IO3YawEdiaVM_5-pxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/321f74-092d-4dff-b335-2054f6e61922/1/h7KFWNjT07gwReGJ-UIT6KdGM9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/321f74-092d-4dff-b335-2054f6e61922/1/FlHT3cat1IO3YawEdiaVM_5-pxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:6a:1f:54:af:58:35:42:3f:4e:c6:d3:13:f3:b0:cd:08:b1:
         35:a5:4a:a4:30:14:05:2c:84:5e:34:d1:e2:c0:50:04:94:90:
         47:b0:66:cc:ca:a9:59:15:ae:89:09:0a:e2:cf:54:77:b8:0d:
         0b:3b:31:23:9d:e2:c5:8f:ee:79:f9:cb:89:f7:b9:76:45:66:
         cf:fe:87:de:30:55:1f:2e:81:18:4d:96:23:8a:4e:52:65:8b:
         28:28:ef:3f:52:7b:d9:04:84:e8:a4:fe:b8:69:b0:02:09:6b:
         47:61:79:f6:b8:37:ec:75:4a:6a:9d:eb:0e:cf:c1:a6:58:ff:
         0d:98:ef:85:a4:70:c0:6a:f2:97:8c:c7:10:9d:59:79:e6:00:
         f3:1d:3c:7e:98:cd:0b:56:2c:9a:97:70:84:52:96:87:6b:27:
         f9:89:db:55:76:f8:e8:f4:a0:22:50:28:0d:5e:4e:d1:d8:46:
         31:58:15:cb:1b:c5:45:12:7f:b4:2a:7c:c7:67:4f:40:75:0e:
         99:9e:8c:f5:76:e3:ac:24:3d:9e:73:52:93:6a:7f:de:f3:ef:
         ff:24:7d:76:6b:91:25:f6:f1:76:b5:a1:d4:d9:2a:51:0f:3d:
         a2:34:11:16:05:59:1c:4f:cc:93:3c:5c:35:43:f2:89:73:29:
         81:46:55:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJI7x3WhvbDmf8P+zZhITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NTFkM2RkYzZhZGQ0ODNiNzYxYWMwNDc2MjY5NTMzZmU3
ZWE3MTcwHhcNMjQwMTAxMDgyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2IyODU1OGQ4ZDNkM2I4MzA0NWUxODlmOTQyMTNlOGE3NDYzM2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7EFyGEVZOs2nR97qM9KLsNgeq8c
NcDpJZPr4hsoW61PF+IdaajTWBs1yDxRvFMNar/wd0zv/0wolT1slTecy5umRLq/
xeIXLO5efy1jE/Ysut8U+PQXkOCWuy09iwoUltDXCVB//yWJoAoG/is9jsYkcFHg
35Ivof+4S4JQVJfYiIxDYFGy+SAOuiWH9otsu89ChmDx+UHkvfFfPNul5yVsOzCX
Lmcn++iHmjHmhth/HslZ/d9QgGgdCWY9CIud1/r5EX0OhuaIUEnU0amkhhaeDTbV
7JGDzbhn74sOF2Rux2WvJusJuDTUHALKcMdnf3B+rmvpjXKV95QgZNWYbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIeyhVjY09O4MEXhiflCE+inRjPcMB8GA1UdIwQY
MBaAFBZR093GrdSDt2GsBHYmlTP+fqcXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmxIVDNjYXQxSU8zWWF3RWRpYVZNXzUtcHhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8zMjFmNzQtMDkyZC00ZGZmLWIzMzUt
MjA1NGY2ZTYxOTIyLzEvaDdLRldOalQwN2d3UmVHSi1VSVQ2S2RHTTl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8zMjFmNzQtMDkyZC00ZGZmLWIzMzUtMjA1NGY2ZTYxOTIy
LzEvRmxIVDNjYXQxSU8zWWF3RWRpYVZNXzUtcHhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn75MA0G
CSqGSIb3DQEBCwUAA4IBAQAuah9Ur1g1Qj9OxtMT87DNCLE1pUqkMBQFLIReNNHi
wFAElJBHsGbMyqlZFa6JCQriz1R3uA0LOzEjneLFj+55+cuJ97l2RWbP/ofeMFUf
LoEYTZYjik5SZYsoKO8/UnvZBITopP64abACCWtHYXn2uDfsdUpqnesOz8GmWP8N
mO+FpHDAavKXjMcQnVl55gDzHTx+mM0LViyal3CEUpaHayf5idtVdvjo9KAiUCgN
Xk7R2EYxWBXLG8VFEn+0KnzHZ09AdQ6Znoz1duOsJD2ec1KTan/e8+//JH12a5El
9vF2taHU2SpRDz2iNBEWBVkcT8yTPFw1Q/KJcymBRlUl
-----END CERTIFICATE-----