Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/FHTZeXcAAfvq-SP5K0K7TPE4ntg.roa
File:                     FHTZeXcAAfvq-SP5K0K7TPE4ntg.roa (raw, json)
Hash identifier:          3vE4yUwY/NRTQ49voI5a8cvK+onobYd/1frSV2ArpJY=
Subject key identifier:   14:74:D9:79:77:00:01:FB:EA:F9:23:F9:2B:42:BB:4C:F1:38:9E:D8
Certificate issuer:       /CN=e56076f27e13d1800e77d16e4b60b23b6f58c820
Certificate serial:       018CCA2BC575B36F8AF72303F65FFABE9F68
Authority key identifier: E5:60:76:F2:7E:13:D1:80:0E:77:D1:6E:4B:60:B2:3B:6F:58:C8:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/FHTZeXcAAfvq-SP5K0K7TPE4ntg.roa
Signing time:             Tue 02 Jan 2024 12:35:15 +0000
ROA not before:           Tue 02 Jan 2024 12:35:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209854
IP address blocks:        194.26.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 09:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:c5:75:b3:6f:8a:f7:23:03:f6:5f:fa:be:9f:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e56076f27e13d1800e77d16e4b60b23b6f58c820
        Validity
            Not Before: Jan  2 12:35:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1474d979770001fbeaf923f92b42bb4cf1389ed8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:5c:d0:3c:f6:6e:fb:4d:e0:bb:77:5c:a2:2d:
                    0c:e4:6b:61:58:02:6b:3f:6f:8a:04:51:a5:f3:bc:
                    09:ba:b6:d6:c3:71:a6:76:6f:7e:ca:78:60:d0:19:
                    43:d1:12:fd:3f:b4:0b:e5:b9:08:58:d2:af:46:d6:
                    6a:0e:b8:15:30:74:e1:74:3f:2e:2f:9a:d5:44:be:
                    c4:37:d3:ad:c2:0c:31:7c:98:55:e4:11:27:49:27:
                    46:d7:1c:c6:5d:99:a9:4f:23:86:38:70:cf:a9:55:
                    a0:99:67:75:77:1f:06:d1:e4:5a:e4:d2:68:33:c6:
                    c7:50:e9:17:b5:24:66:31:9c:41:56:aa:78:26:18:
                    b7:64:3d:24:07:46:38:3b:52:cb:83:0a:6d:bc:07:
                    97:37:3b:25:37:0d:e1:63:c0:9d:f1:fd:a8:63:f1:
                    fb:50:47:b3:3a:03:9e:ba:d4:33:63:30:e0:44:ad:
                    e7:37:34:28:af:ee:6f:79:0d:3b:68:07:07:44:60:
                    7f:7f:80:1e:5c:f9:a8:48:4e:b2:61:f1:99:00:2e:
                    10:53:da:e7:01:e1:16:6a:b3:03:57:c7:1b:26:41:
                    7f:2d:b8:ed:68:67:ed:5c:40:57:04:ff:90:67:f2:
                    dd:93:47:f6:a4:f6:3b:17:70:8e:e8:41:c3:4c:7d:
                    82:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:74:D9:79:77:00:01:FB:EA:F9:23:F9:2B:42:BB:4C:F1:38:9E:D8
            X509v3 Authority Key Identifier:
                keyid:E5:60:76:F2:7E:13:D1:80:0E:77:D1:6E:4B:60:B2:3B:6F:58:C8:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/FHTZeXcAAfvq-SP5K0K7TPE4ntg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:75:f2:c5:1c:48:d7:af:d7:9e:08:7f:f4:0e:d7:62:70:b6:
         7f:62:ef:7c:d4:1c:7e:cd:71:72:f0:c0:6a:6d:f7:f2:83:b2:
         11:15:70:5c:0c:d4:2b:29:9e:5f:e3:dc:3a:36:84:f0:da:b2:
         df:11:1f:41:b4:6d:7f:dd:f9:ad:1a:d2:06:f5:c0:bd:a7:65:
         ef:f3:d8:7a:5c:9b:2d:26:7f:49:63:d2:98:aa:55:85:d4:a8:
         73:6d:59:7e:f5:7e:ee:e9:15:26:26:2c:b8:6a:78:e2:6d:d1:
         e9:30:5a:28:e8:97:5a:5f:94:56:a4:07:c8:22:56:9e:dd:df:
         f3:d4:9f:6c:15:63:ee:eb:84:ce:ca:9b:0f:3f:b8:cc:44:cf:
         8e:c4:bf:40:79:9d:04:9c:f1:a6:c9:0f:01:6d:49:8a:c9:05:
         fb:9b:01:cd:5b:bd:b2:eb:7f:b5:fa:cd:81:98:eb:e5:c5:c2:
         7e:9c:28:40:cc:cc:34:1c:98:4b:80:b8:ff:90:01:d1:cf:17:
         cd:9b:12:41:3a:c7:fa:74:13:0c:62:26:52:4e:ae:7a:91:f3:
         ef:d7:ea:97:9e:bf:fc:76:05:3c:8c:a6:dc:f8:1b:c0:76:f7:
         06:10:29:76:3a:c2:07:db:ae:a5:95:05:1c:65:b6:25:73:a0:
         f0:28:11:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK8V1s2+K9yMD9l/6vp9oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NjA3NmYyN2UxM2QxODAwZTc3ZDE2ZTRiNjBiMjNiNmY1
OGM4MjAwHhcNMjQwMTAyMTIzNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDc0ZDk3OTc3MDAwMWZiZWFmOTIzZjkyYjQyYmI0Y2YxMzg5ZWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlzQPPZu+03gu3dcoi0M5GthWAJr
P2+KBFGl87wJurbWw3Gmdm9+ynhg0BlD0RL9P7QL5bkIWNKvRtZqDrgVMHThdD8u
L5rVRL7EN9OtwgwxfJhV5BEnSSdG1xzGXZmpTyOGOHDPqVWgmWd1dx8G0eRa5NJo
M8bHUOkXtSRmMZxBVqp4Jhi3ZD0kB0Y4O1LLgwptvAeXNzslNw3hY8Cd8f2oY/H7
UEezOgOeutQzYzDgRK3nNzQor+5veQ07aAcHRGB/f4AeXPmoSE6yYfGZAC4QU9rn
AeEWarMDV8cbJkF/LbjtaGftXEBXBP+QZ/Ldk0f2pPY7F3CO6EHDTH2CnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBR02Xl3AAH76vkj+StCu0zxOJ7YMB8GA1UdIwQY
MBaAFOVgdvJ+E9GADnfRbktgsjtvWMggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVdCMjhuNFQwWUFPZDlGdVMyQ3lPMjlZeUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8wYWM0NGQtYjNiZS00Mjc3LTgwZjgt
NThjZjg5ODg4ZTJhLzEvRkhUWmVYY0FBZnZxLVNQNUswSzdUUEU0bnRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8wYWM0NGQtYjNiZS00Mjc3LTgwZjgtNThjZjg5ODg4ZTJh
LzEvNVdCMjhuNFQwWUFPZDlGdVMyQ3lPMjlZeUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhqDMA0G
CSqGSIb3DQEBCwUAA4IBAQBtdfLFHEjXr9eeCH/0DtdicLZ/Yu981Bx+zXFy8MBq
bffyg7IRFXBcDNQrKZ5f49w6NoTw2rLfER9BtG1/3fmtGtIG9cC9p2Xv89h6XJst
Jn9JY9KYqlWF1KhzbVl+9X7u6RUmJiy4anjibdHpMFoo6JdaX5RWpAfIIlae3d/z
1J9sFWPu64TOypsPP7jMRM+OxL9AeZ0EnPGmyQ8BbUmKyQX7mwHNW72y63+1+s2B
mOvlxcJ+nChAzMw0HJhLgLj/kAHRzxfNmxJBOsf6dBMMYiZSTq56kfPv1+qXnr/8
dgU8jKbc+BvAdvcGECl2OsIH266llQUcZbYlc6DwKBGY
-----END CERTIFICATE-----