Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/FbA-igpIe1YdKsnfKykhtp8eLUM.roa
File:                     FbA-igpIe1YdKsnfKykhtp8eLUM.roa (raw, json)
Hash identifier:          q0HzAK3ot7dOQ/z4E1oHcTXijJAGMwIQxX+CsM1CZME=
Subject key identifier:   15:B0:3E:8A:0A:48:7B:56:1D:2A:C9:DF:2B:29:21:B6:9F:1E:2D:43
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018D7DD34B7D93971185819CA6880DFA6CC1
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/FbA-igpIe1YdKsnfKykhtp8eLUM.roa
Signing time:             Tue 06 Feb 2024 09:50:15 +0000
ROA not before:           Tue 06 Feb 2024 09:50:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47376
IP address blocks:        85.9.86.0/23 maxlen: 23
                          85.9.116.0/22 maxlen: 22
                          185.131.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7d:d3:4b:7d:93:97:11:85:81:9c:a6:88:0d:fa:6c:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Feb  6 09:50:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15b03e8a0a487b561d2ac9df2b2921b69f1e2d43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e6:86:58:36:8c:08:57:c7:ff:fa:93:00:e2:
                    6f:4a:26:07:30:c7:75:dd:3d:cc:2c:58:92:51:14:
                    c2:eb:da:77:bd:02:7a:f7:96:b5:3b:2f:5b:33:0e:
                    a9:25:63:af:4b:5c:85:6e:09:f5:a2:99:60:07:58:
                    d0:aa:54:a9:45:fb:0e:c6:59:cb:28:b3:82:7f:cc:
                    d9:93:53:4f:26:2d:b5:0f:3d:99:18:15:5c:e4:26:
                    f2:2c:46:03:b1:31:95:54:77:13:e6:15:9c:19:30:
                    93:97:13:dd:de:b5:54:eb:6f:10:01:bd:e0:12:f3:
                    37:58:81:5e:1c:d8:6d:23:da:20:39:48:d6:69:67:
                    ac:80:1d:e6:a1:13:15:0f:ec:76:0c:f1:d1:df:3a:
                    0d:2d:d0:df:4b:01:b1:57:67:ee:05:9c:5d:20:38:
                    1d:91:05:bd:49:0a:89:87:d9:9a:02:d1:91:fc:93:
                    17:03:04:f7:9b:f4:2f:1f:84:2f:57:07:4d:ef:67:
                    8c:37:5e:ca:e9:f7:c9:49:76:82:a7:c8:0c:d4:74:
                    20:51:26:a9:78:9a:8a:a8:4e:c6:91:17:6c:bd:8b:
                    5c:0b:c5:a2:ff:95:fa:5c:21:15:b4:06:47:4c:de:
                    95:62:34:0b:78:e0:73:7f:8e:46:0f:76:13:4e:76:
                    83:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:B0:3E:8A:0A:48:7B:56:1D:2A:C9:DF:2B:29:21:B6:9F:1E:2D:43
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/FbA-igpIe1YdKsnfKykhtp8eLUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.9.86.0/23
                  85.9.116.0/22
                  185.131.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:63:2d:6a:6f:48:20:00:ed:0d:5f:12:7a:27:a7:21:eb:63:
         b5:41:a5:08:19:fa:e4:c9:2f:b2:a3:b0:17:e3:49:93:f0:84:
         a0:d6:20:cb:e9:cf:0b:13:64:44:f3:6f:bb:10:12:c9:a7:47:
         01:03:e6:fe:de:fd:b1:65:97:e9:19:0a:99:a7:dc:50:bb:e3:
         65:55:b5:6e:fb:a0:ab:a0:93:90:5b:a0:5e:3f:29:b8:bc:1b:
         0f:6d:3a:f1:50:20:5b:3b:c6:c7:72:61:c4:4b:96:a4:58:f3:
         3e:a8:29:e9:af:02:5b:31:9f:80:d4:1e:c7:82:8f:49:b8:8c:
         0d:6a:88:e8:a2:15:08:05:f9:8d:c2:f8:60:4d:0d:03:24:bb:
         79:69:66:b2:03:53:3c:84:c9:37:52:59:49:f5:18:95:26:34:
         67:1e:d9:87:24:ac:31:25:2d:00:ad:88:e7:c1:60:91:9c:56:
         5c:ed:f4:aa:17:30:7e:14:a1:0c:c1:27:dc:3c:60:5a:6a:77:
         5d:8e:d4:69:72:e2:8f:65:61:d5:a5:97:51:d4:a4:ba:bd:5a:
         71:59:d4:af:15:21:43:a9:59:14:1d:07:9a:26:f2:6b:33:f0:
         11:59:36:37:7a:fb:f0:70:84:7c:eb:cb:a3:de:90:d6:d7:62:
         2e:1c:d0:67
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY1900t9k5cRhYGcpogN+mzBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMjA2MDk1MDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWIwM2U4YTBhNDg3YjU2MWQyYWM5ZGYyYjI5MjFiNjlmMWUyZDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzeaGWDaMCFfH//qTAOJvSiYHMMd1
3T3MLFiSURTC69p3vQJ695a1Oy9bMw6pJWOvS1yFbgn1oplgB1jQqlSpRfsOxlnL
KLOCf8zZk1NPJi21Dz2ZGBVc5CbyLEYDsTGVVHcT5hWcGTCTlxPd3rVU628QAb3g
EvM3WIFeHNhtI9ogOUjWaWesgB3moRMVD+x2DPHR3zoNLdDfSwGxV2fuBZxdIDgd
kQW9SQqJh9maAtGR/JMXAwT3m/QvH4QvVwdN72eMN17K6ffJSXaCp8gM1HQgUSap
eJqKqE7GkRdsvYtcC8Wi/5X6XCEVtAZHTN6VYjQLeOBzf45GD3YTTnaDqQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBWwPooKSHtWHSrJ3yspIbafHi1DMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvRmJBLWlncEllMVlkS3NuZkt5a2h0cDhlTFVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBVQlWAwQC
VQl0AwQAuYMdMA0GCSqGSIb3DQEBCwUAA4IBAQBTYy1qb0ggAO0NXxJ6J6ch62O1
QaUIGfrkyS+yo7AX40mT8ISg1iDL6c8LE2RE82+7EBLJp0cBA+b+3v2xZZfpGQqZ
p9xQu+NlVbVu+6CroJOQW6BePym4vBsPbTrxUCBbO8bHcmHES5akWPM+qCnprwJb
MZ+A1B7Hgo9JuIwNaojoohUIBfmNwvhgTQ0DJLt5aWayA1M8hMk3UllJ9RiVJjRn
HtmHJKwxJS0ArYjnwWCRnFZc7fSqFzB+FKEMwSfcPGBaanddjtRpcuKPZWHVpZdR
1KS6vVpxWdSvFSFDqVkUHQeaJvJrM/ARWTY3evvwcIR868uj3pDW12IuHNBn
-----END CERTIFICATE-----