Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/969463-7f6a-4503-abc4-d6b56aba3eb7/1/1-4jJ6wkoQI4Se9W69Bhq8NcfDJo.roa
File:                     1-4jJ6wkoQI4Se9W69Bhq8NcfDJo.roa (raw, json)
Hash identifier:          7ySu7ep3xlGPRUd/VlIZoikCyy8RrMSNlLvo4Sx5yi4=
Subject key identifier:   FB:88:C9:EB:09:28:40:8E:12:7B:D5:BA:F4:18:6A:F0:D7:1F:0C:9A
Certificate issuer:       /CN=5c92b9a92c7eb913c3da558002c673e8238db1c7
Certificate serial:       018CC649E52D6E219C2F4C090172DF6A44EA
Authority key identifier: 5C:92:B9:A9:2C:7E:B9:13:C3:DA:55:80:02:C6:73:E8:23:8D:B1:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XJK5qSx-uRPD2lWAAsZz6CONscc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/969463-7f6a-4503-abc4-d6b56aba3eb7/1/1-4jJ6wkoQI4Se9W69Bhq8NcfDJo.roa
Signing time:             Mon 01 Jan 2024 18:29:40 +0000
ROA not before:           Mon 01 Jan 2024 18:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        194.35.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/969463-7f6a-4503-abc4-d6b56aba3eb7/1/XJK5qSx-uRPD2lWAAsZz6CONscc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/969463-7f6a-4503-abc4-d6b56aba3eb7/1/XJK5qSx-uRPD2lWAAsZz6CONscc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XJK5qSx-uRPD2lWAAsZz6CONscc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:e5:2d:6e:21:9c:2f:4c:09:01:72:df:6a:44:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c92b9a92c7eb913c3da558002c673e8238db1c7
        Validity
            Not Before: Jan  1 18:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb88c9eb0928408e127bd5baf4186af0d71f0c9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:c8:fe:e8:b5:07:cc:6c:99:12:fc:44:95:36:
                    d3:1f:b6:47:ac:87:8d:85:d3:b9:b6:b1:be:14:aa:
                    24:e4:ea:69:18:19:4a:91:63:cf:d7:b6:91:31:38:
                    d6:8a:2c:32:6f:e8:3b:ff:92:5e:c0:4c:dd:0a:cf:
                    ec:21:a8:09:31:40:84:4f:37:36:e5:0c:65:cf:b1:
                    7a:f2:5a:57:1c:ac:1f:0b:09:53:77:81:db:d1:56:
                    18:67:ba:52:4f:c1:ea:a7:fe:b5:91:88:85:b0:0d:
                    5c:3e:59:d2:39:9c:89:28:c4:1b:4e:3b:52:54:f9:
                    ff:9a:3a:7e:47:94:b2:8e:52:3e:4c:35:98:45:30:
                    6f:05:f8:87:4d:da:f0:61:67:81:4a:c2:85:37:25:
                    63:12:13:c8:70:1d:f0:8d:f0:b8:d3:ea:f4:e2:19:
                    1a:5e:c5:43:5b:6b:94:d4:a4:b1:5c:15:6c:f0:e0:
                    35:19:52:3b:e7:4f:07:0e:f0:61:29:cc:3f:49:89:
                    97:59:da:e0:f3:90:57:ea:70:51:1f:bb:ee:39:6c:
                    41:3a:ee:74:42:2b:32:fd:1a:e6:d5:36:5e:0c:dc:
                    3b:89:b2:36:ab:56:14:34:4b:f2:bb:83:52:a1:2a:
                    84:95:9d:ab:9c:cd:ab:e4:f1:10:ce:ab:22:aa:4c:
                    a8:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:88:C9:EB:09:28:40:8E:12:7B:D5:BA:F4:18:6A:F0:D7:1F:0C:9A
            X509v3 Authority Key Identifier:
                keyid:5C:92:B9:A9:2C:7E:B9:13:C3:DA:55:80:02:C6:73:E8:23:8D:B1:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XJK5qSx-uRPD2lWAAsZz6CONscc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/969463-7f6a-4503-abc4-d6b56aba3eb7/1/1-4jJ6wkoQI4Se9W69Bhq8NcfDJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/969463-7f6a-4503-abc4-d6b56aba3eb7/1/XJK5qSx-uRPD2lWAAsZz6CONscc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.35.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e2:4d:11:cc:6c:ac:b9:43:14:2a:4a:cf:9b:ee:25:78:01:be:
         11:4e:f1:b9:ab:f9:35:61:1e:10:89:40:11:9f:c7:14:11:c5:
         00:bb:6f:33:1b:fa:ae:85:4a:8b:2a:27:76:cf:2e:0d:74:10:
         17:44:b5:7b:c3:70:32:f8:53:5a:4d:ea:05:c8:50:e5:bd:bc:
         e5:96:bb:44:2a:97:7d:26:de:da:41:2f:90:d2:a4:d1:80:c1:
         78:66:9e:ef:6d:b5:6a:e1:93:fe:8f:58:d8:49:d3:25:a0:af:
         e3:7a:83:f4:5c:dc:9f:c4:81:ed:e4:09:e9:c1:6c:16:fb:4d:
         50:3b:46:35:50:4b:0f:27:2b:c2:e9:f6:8b:1c:7a:28:e0:5d:
         d1:cc:5c:5c:13:cd:59:c8:35:2f:bf:92:75:29:47:ed:75:1b:
         61:37:55:2a:2c:2e:c8:ad:d6:1c:da:8f:48:3e:34:04:42:3e:
         21:54:4f:65:3b:df:02:df:94:35:09:3c:a8:2b:b0:26:c6:75:
         6f:fc:c2:1b:7b:f5:a2:f1:1f:dd:6e:64:0f:c1:14:41:c8:7d:
         91:f8:71:2f:90:cd:60:07:c6:51:c5:95:0e:2c:0f:6f:95:97:
         04:04:9c:d7:3f:fc:cb:a3:36:68:95:81:99:33:5f:4f:5b:30:
         6e:44:b0:54
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGSeUtbiGcL0wJAXLfakTqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjOTJiOWE5MmM3ZWI5MTNjM2RhNTU4MDAyYzY3M2U4MjM4
ZGIxYzcwHhcNMjQwMTAxMTgyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjg4YzllYjA5Mjg0MDhlMTI3YmQ1YmFmNDE4NmFmMGQ3MWYwYzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgcj+6LUHzGyZEvxElTbTH7ZHrIeN
hdO5trG+FKok5OppGBlKkWPP17aRMTjWiiwyb+g7/5JewEzdCs/sIagJMUCETzc2
5Qxlz7F68lpXHKwfCwlTd4Hb0VYYZ7pST8Hqp/61kYiFsA1cPlnSOZyJKMQbTjtS
VPn/mjp+R5SyjlI+TDWYRTBvBfiHTdrwYWeBSsKFNyVjEhPIcB3wjfC40+r04hka
XsVDW2uU1KSxXBVs8OA1GVI7508HDvBhKcw/SYmXWdrg85BX6nBRH7vuOWxBOu50
Qisy/Rrm1TZeDNw7ibI2q1YUNEvyu4NSoSqElZ2rnM2r5PEQzqsiqkyobQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPuIyesJKECOEnvVuvQYavDXHwyaMB8GA1UdIwQY
MBaAFFySuaksfrkTw9pVgALGc+gjjbHHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEpLNXFTeC11UlBEMmxXQUFzWno2Q09Oc2NjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy85Njk0NjMtN2Y2YS00NTAzLWFiYzQt
ZDZiNTZhYmEzZWI3LzEvMS00ako2d2tvUUk0U2U5VzY5QmhxOE5jZkRKby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTMvOTY5NDYzLTdmNmEtNDUwMy1hYmM0LWQ2YjU2YWJhM2Vi
Ny8xL1hKSzVxU3gtdVJQRDJsV0FBc1p6NkNPTnNjYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIj8DAN
BgkqhkiG9w0BAQsFAAOCAQEA4k0RzGysuUMUKkrPm+4leAG+EU7xuav5NWEeEIlA
EZ/HFBHFALtvMxv6roVKiyonds8uDXQQF0S1e8NwMvhTWk3qBchQ5b285Za7RCqX
fSbe2kEvkNKk0YDBeGae7221auGT/o9Y2EnTJaCv43qD9Fzcn8SB7eQJ6cFsFvtN
UDtGNVBLDycrwun2ixx6KOBd0cxcXBPNWcg1L7+SdSlH7XUbYTdVKiwuyK3WHNqP
SD40BEI+IVRPZTvfAt+UNQk8qCuwJsZ1b/zCG3v1ovEf3W5kD8EUQch9kfhxL5DN
YAfGUcWVDiwPb5WXBASc1z/8y6M2aJWBmTNfT1swbkSwVA==
-----END CERTIFICATE-----