Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/fe6363-6ed5-467d-b96e-8e0bdff237f8/1/F8dvBkkAGDSlCm5Nz2v68pJ3XCk.roa
File:                     F8dvBkkAGDSlCm5Nz2v68pJ3XCk.roa (raw, json)
Hash identifier:          Z3pL94V/n2Rp8flxRyHUU1EN+96jBiQ/sI3QQkgy3qA=
Subject key identifier:   17:C7:6F:06:49:00:18:34:A5:0A:6E:4D:CF:6B:FA:F2:92:77:5C:29
Certificate issuer:       /CN=4d62781ca1436d96d6775ba20c5cf2c75dfd13e9
Certificate serial:       018CC6499E6ED52F6C3B8D9C2EF8E524C6FB
Authority key identifier: 4D:62:78:1C:A1:43:6D:96:D6:77:5B:A2:0C:5C:F2:C7:5D:FD:13:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TWJ4HKFDbZbWd1uiDFzyx139E-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/fe6363-6ed5-467d-b96e-8e0bdff237f8/1/F8dvBkkAGDSlCm5Nz2v68pJ3XCk.roa
Signing time:             Mon 01 Jan 2024 18:29:22 +0000
ROA not before:           Mon 01 Jan 2024 18:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43122
IP address blocks:        194.110.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/fe6363-6ed5-467d-b96e-8e0bdff237f8/1/TWJ4HKFDbZbWd1uiDFzyx139E-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/fe6363-6ed5-467d-b96e-8e0bdff237f8/1/TWJ4HKFDbZbWd1uiDFzyx139E-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TWJ4HKFDbZbWd1uiDFzyx139E-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:9e:6e:d5:2f:6c:3b:8d:9c:2e:f8:e5:24:c6:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d62781ca1436d96d6775ba20c5cf2c75dfd13e9
        Validity
            Not Before: Jan  1 18:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17c76f0649001834a50a6e4dcf6bfaf292775c29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c7:bd:54:38:76:ce:35:b9:07:14:81:c2:d7:
                    ca:48:55:e1:17:54:05:c6:08:7e:85:37:82:73:8b:
                    ab:ea:fd:47:b2:7d:c5:5d:ba:e7:8c:89:29:8d:97:
                    02:cf:65:b6:a8:09:07:52:11:36:23:86:b2:b6:bf:
                    b0:35:9f:e5:34:e5:9b:bc:8b:73:7b:b9:90:20:ad:
                    75:fc:d4:74:1b:5b:15:49:1b:a0:25:ce:8d:1f:c1:
                    04:b4:30:a5:03:2d:a3:b2:45:51:d3:58:f6:d2:1c:
                    cd:30:93:c6:aa:ac:b3:79:50:5c:a5:2b:51:5f:13:
                    15:3b:24:a3:17:04:fb:99:29:dd:9a:20:80:9c:3f:
                    a3:72:6c:19:3b:4b:de:29:a8:9e:69:b3:13:f9:52:
                    87:f8:7c:e2:e9:e0:fe:bc:65:e3:85:e5:a1:7b:bc:
                    95:97:06:b3:fb:de:77:64:70:89:9a:ae:59:67:3c:
                    85:ed:ee:1b:68:a9:fb:ce:e0:35:6b:38:17:0a:c9:
                    5a:77:74:3e:32:84:a0:5c:fb:81:d6:8c:b9:2c:b7:
                    3c:02:40:30:4d:75:21:a3:6d:40:eb:ea:c0:47:53:
                    e0:ca:cf:b7:66:73:2f:57:f9:40:3c:db:e6:b2:5e:
                    f4:7a:0f:e8:70:05:a8:dd:e3:66:8a:42:aa:47:1f:
                    94:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:C7:6F:06:49:00:18:34:A5:0A:6E:4D:CF:6B:FA:F2:92:77:5C:29
            X509v3 Authority Key Identifier:
                keyid:4D:62:78:1C:A1:43:6D:96:D6:77:5B:A2:0C:5C:F2:C7:5D:FD:13:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TWJ4HKFDbZbWd1uiDFzyx139E-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/fe6363-6ed5-467d-b96e-8e0bdff237f8/1/F8dvBkkAGDSlCm5Nz2v68pJ3XCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/fe6363-6ed5-467d-b96e-8e0bdff237f8/1/TWJ4HKFDbZbWd1uiDFzyx139E-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:5b:f2:e2:17:e6:6f:bd:5d:c8:95:08:f4:3c:b1:af:17:3f:
         8c:87:98:6f:27:91:bd:1f:c2:25:69:67:ba:c4:4b:3e:34:b7:
         9d:99:b4:f9:a3:42:de:1e:4d:1f:3f:1c:46:27:c6:f8:09:e1:
         8f:16:b0:d6:38:57:a0:73:fe:08:5d:46:d4:f6:15:a8:ef:a2:
         4d:53:33:75:53:b3:6f:43:71:54:44:5f:a0:1b:74:c7:4b:c5:
         27:ef:b9:63:d6:41:97:c1:ba:4c:57:a7:d3:35:d3:6a:ae:66:
         f1:f2:e1:a0:b1:75:43:5c:67:17:9f:83:1a:39:68:5f:e5:0e:
         20:74:f7:01:39:e1:52:e7:c2:fa:f6:2f:dc:0f:b3:da:72:5d:
         8e:d9:5e:84:0e:11:84:09:9f:89:26:e4:c3:7a:2a:74:ed:07:
         a4:0b:9f:66:92:5c:e2:5a:3d:de:44:9d:7f:d9:47:c2:7d:9b:
         29:3c:6e:26:8e:a1:7f:fe:71:bf:ab:57:26:4f:53:8d:15:ad:
         9f:18:bb:cf:cf:3b:a1:c6:a6:1b:36:c8:d9:34:86:cb:8e:dd:
         a8:e6:4e:4a:4a:40:98:e3:d7:91:04:d2:f3:24:6c:19:d5:5d:
         a7:da:58:f3:64:2b:33:7b:41:01:2f:31:2b:47:d4:c2:59:f1:
         16:0f:c3:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSZ5u1S9sO42cLvjlJMb7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNjI3ODFjYTE0MzZkOTZkNjc3NWJhMjBjNWNmMmM3NWRm
ZDEzZTkwHhcNMjQwMTAxMTgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2M3NmYwNjQ5MDAxODM0YTUwYTZlNGRjZjZiZmFmMjkyNzc1YzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjse9VDh2zjW5BxSBwtfKSFXhF1QF
xgh+hTeCc4ur6v1Hsn3FXbrnjIkpjZcCz2W2qAkHUhE2I4aytr+wNZ/lNOWbvItz
e7mQIK11/NR0G1sVSRugJc6NH8EEtDClAy2jskVR01j20hzNMJPGqqyzeVBcpStR
XxMVOySjFwT7mSndmiCAnD+jcmwZO0veKaieabMT+VKH+Hzi6eD+vGXjheWhe7yV
lwaz+953ZHCJmq5ZZzyF7e4baKn7zuA1azgXCslad3Q+MoSgXPuB1oy5LLc8AkAw
TXUho21A6+rAR1Pgys+3ZnMvV/lAPNvmsl70eg/ocAWo3eNmikKqRx+UWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBfHbwZJABg0pQpuTc9r+vKSd1wpMB8GA1UdIwQY
MBaAFE1ieByhQ22W1ndbogxc8sdd/RPpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFdKNEhLRkRiWmJXZDF1aURGenl4MTM5RS1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9mZTYzNjMtNmVkNS00NjdkLWI5NmUt
OGUwYmRmZjIzN2Y4LzEvRjhkdkJra0FHRFNsQ201TnoydjY4cEozWENrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9mZTYzNjMtNmVkNS00NjdkLWI5NmUtOGUwYmRmZjIzN2Y4
LzEvVFdKNEhLRkRiWmJXZDF1aURGenl4MTM5RS1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm6AMA0G
CSqGSIb3DQEBCwUAA4IBAQC3W/LiF+ZvvV3IlQj0PLGvFz+Mh5hvJ5G9H8IlaWe6
xEs+NLedmbT5o0LeHk0fPxxGJ8b4CeGPFrDWOFegc/4IXUbU9hWo76JNUzN1U7Nv
Q3FURF+gG3THS8Un77lj1kGXwbpMV6fTNdNqrmbx8uGgsXVDXGcXn4MaOWhf5Q4g
dPcBOeFS58L69i/cD7Pacl2O2V6EDhGECZ+JJuTDeip07QekC59mklziWj3eRJ1/
2UfCfZspPG4mjqF//nG/q1cmT1ONFa2fGLvPzzuhxqYbNsjZNIbLjt2o5k5KSkCY
49eRBNLzJGwZ1V2n2ljzZCsze0EBLzErR9TCWfEWD8Ne
-----END CERTIFICATE-----