Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/0800fe-9bd2-488b-8c42-f011293953f5/1/fmmtb63r5hDVHv8SBhj4ErFL5Cw.roa
File:                     fmmtb63r5hDVHv8SBhj4ErFL5Cw.roa (raw, json)
Hash identifier:          iiyax0Nm1VxzGRdZbSpSY+WRXoUEhmVOA/Ips1fD7Uc=
Subject key identifier:   7E:69:AD:6F:AD:EB:E6:10:D5:1E:FF:12:06:18:F8:12:B1:4B:E4:2C
Certificate issuer:       /CN=de4794d9fcab23ec05dddd5048a3fc7204002a2a
Certificate serial:       018CC501532F64A51C81A3CAA92101ED2CA0
Authority key identifier: DE:47:94:D9:FC:AB:23:EC:05:DD:DD:50:48:A3:FC:72:04:00:2A:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3keU2fyrI-wF3d1QSKP8cgQAKio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/0800fe-9bd2-488b-8c42-f011293953f5/1/fmmtb63r5hDVHv8SBhj4ErFL5Cw.roa
Signing time:             Mon 01 Jan 2024 12:30:47 +0000
ROA not before:           Mon 01 Jan 2024 12:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210744
IP address blocks:        185.22.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/0800fe-9bd2-488b-8c42-f011293953f5/1/3keU2fyrI-wF3d1QSKP8cgQAKio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/0800fe-9bd2-488b-8c42-f011293953f5/1/3keU2fyrI-wF3d1QSKP8cgQAKio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3keU2fyrI-wF3d1QSKP8cgQAKio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:53:2f:64:a5:1c:81:a3:ca:a9:21:01:ed:2c:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de4794d9fcab23ec05dddd5048a3fc7204002a2a
        Validity
            Not Before: Jan  1 12:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e69ad6fadebe610d51eff120618f812b14be42c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:da:5d:7c:bc:76:68:2d:61:e2:f7:d8:16:b9:
                    9b:3c:3b:37:93:ff:89:28:13:da:47:0b:4e:f8:4e:
                    33:99:da:b4:ef:f8:15:6e:67:f1:9e:7e:01:e9:86:
                    46:1c:4f:80:ea:f3:1c:d8:b8:6a:25:22:fc:76:40:
                    ad:3f:8f:81:37:71:d3:f0:d6:58:7f:68:13:78:ac:
                    f6:8e:bd:99:8b:83:07:c6:07:25:db:53:21:0a:99:
                    fa:17:41:f7:fc:8d:3b:f4:29:78:e6:ff:63:66:26:
                    8d:bf:70:1b:61:94:43:c9:1a:b5:11:40:bf:03:d2:
                    c7:6f:82:db:1d:0e:18:af:af:7d:d3:8b:fb:1a:53:
                    02:d6:2d:eb:da:c5:7b:45:2f:a5:16:99:b7:ef:8f:
                    66:f3:26:12:bb:84:c1:71:4d:2f:7a:af:95:39:29:
                    76:b4:c1:ef:89:c8:51:ba:af:91:af:d8:da:29:56:
                    a2:76:24:32:ae:9d:d7:4c:9d:02:a6:bf:2d:33:f7:
                    4e:9f:ca:91:af:e8:f7:2d:13:dc:3d:85:82:e3:e7:
                    25:86:45:5d:0b:15:90:74:20:34:43:ea:25:7f:de:
                    9b:ca:6f:c4:81:ad:de:a4:45:78:ca:b1:48:bf:0d:
                    ff:02:55:8b:cc:9e:2e:50:05:44:20:83:63:da:ba:
                    61:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:69:AD:6F:AD:EB:E6:10:D5:1E:FF:12:06:18:F8:12:B1:4B:E4:2C
            X509v3 Authority Key Identifier:
                keyid:DE:47:94:D9:FC:AB:23:EC:05:DD:DD:50:48:A3:FC:72:04:00:2A:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3keU2fyrI-wF3d1QSKP8cgQAKio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/0800fe-9bd2-488b-8c42-f011293953f5/1/fmmtb63r5hDVHv8SBhj4ErFL5Cw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/0800fe-9bd2-488b-8c42-f011293953f5/1/3keU2fyrI-wF3d1QSKP8cgQAKio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:6c:02:c4:06:ec:01:db:41:fc:9b:9d:49:e9:73:33:22:13:
         75:a3:c2:d3:bc:76:32:47:21:7d:69:5f:d6:e4:24:1e:e7:fc:
         32:cd:77:22:a0:70:24:e7:69:89:bd:a6:01:df:8a:30:40:28:
         65:da:07:a1:b1:2a:02:cf:00:88:f5:38:b6:f9:38:88:43:98:
         59:ce:aa:07:ed:b7:f4:cf:df:7b:10:48:db:d0:92:31:53:36:
         a5:77:57:07:e6:f0:86:ee:21:9c:2a:03:36:28:b0:59:1a:78:
         d4:45:70:dd:ac:79:d2:17:9e:dc:08:c0:b2:08:91:74:b6:12:
         b6:46:12:90:62:45:41:9f:cd:51:39:85:42:3e:40:0b:8f:2d:
         75:82:da:96:b0:ee:4a:5a:b0:7e:74:e6:b3:6f:82:af:cf:29:
         77:8f:c9:1b:0d:f5:c3:9e:04:18:78:a8:2e:34:4b:b8:a8:b6:
         11:bd:5b:08:82:98:51:0e:1f:0c:2c:ca:75:c3:00:da:5a:81:
         c3:ed:a0:1e:05:9a:ae:67:45:c1:e8:db:7a:f2:a1:33:33:d1:
         4b:64:3c:0a:59:11:cd:3c:a5:97:7d:aa:58:ff:7f:c5:f1:6e:
         b2:38:bc:87:7a:9b:c9:83:78:fa:e6:51:3b:2e:7a:8b:a3:2c:
         59:9d:8c:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAVMvZKUcgaPKqSEB7SygMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlNDc5NGQ5ZmNhYjIzZWMwNWRkZGQ1MDQ4YTNmYzcyMDQw
MDJhMmEwHhcNMjQwMTAxMTIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTY5YWQ2ZmFkZWJlNjEwZDUxZWZmMTIwNjE4ZjgxMmIxNGJlNDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9pdfLx2aC1h4vfYFrmbPDs3k/+J
KBPaRwtO+E4zmdq07/gVbmfxnn4B6YZGHE+A6vMc2LhqJSL8dkCtP4+BN3HT8NZY
f2gTeKz2jr2Zi4MHxgcl21MhCpn6F0H3/I079Cl45v9jZiaNv3AbYZRDyRq1EUC/
A9LHb4LbHQ4Yr69904v7GlMC1i3r2sV7RS+lFpm3749m8yYSu4TBcU0veq+VOSl2
tMHvichRuq+Rr9jaKVaidiQyrp3XTJ0Cpr8tM/dOn8qRr+j3LRPcPYWC4+clhkVd
CxWQdCA0Q+olf96bym/Ega3epEV4yrFIvw3/AlWLzJ4uUAVEIINj2rphRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH5prW+t6+YQ1R7/EgYY+BKxS+QsMB8GA1UdIwQY
MBaAFN5HlNn8qyPsBd3dUEij/HIEACoqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2tlVTJmeXJJLXdGM2QxUVNLUDhjZ1FBS2lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wODAwZmUtOWJkMi00ODhiLThjNDIt
ZjAxMTI5Mzk1M2Y1LzEvZm1tdGI2M3I1aERWSHY4U0JoajRFckZMNUN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wODAwZmUtOWJkMi00ODhiLThjNDItZjAxMTI5Mzk1M2Y1
LzEvM2tlVTJmeXJJLXdGM2QxUVNLUDhjZ1FBS2lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRbkMA0G
CSqGSIb3DQEBCwUAA4IBAQAdbALEBuwB20H8m51J6XMzIhN1o8LTvHYyRyF9aV/W
5CQe5/wyzXcioHAk52mJvaYB34owQChl2gehsSoCzwCI9Ti2+TiIQ5hZzqoH7bf0
z997EEjb0JIxUzald1cH5vCG7iGcKgM2KLBZGnjURXDdrHnSF57cCMCyCJF0thK2
RhKQYkVBn81ROYVCPkALjy11gtqWsO5KWrB+dOazb4Kvzyl3j8kbDfXDngQYeKgu
NEu4qLYRvVsIgphRDh8MLMp1wwDaWoHD7aAeBZquZ0XB6Nt68qEzM9FLZDwKWRHN
PKWXfapY/3/F8W6yOLyHepvJg3j65lE7LnqLoyxZnYyf
-----END CERTIFICATE-----