Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/9dc933-5c0d-4461-a45d-8f7d5691c1be/1/Fmx-J-g7wmUTxiowx3_SlKT9cfQ.roa
File:                     Fmx-J-g7wmUTxiowx3_SlKT9cfQ.roa (raw, json)
Hash identifier:          lUkOPMbvT6+UgLx+XCEW7mzvcb9c8GDzY+Z5WCvvSO0=
Subject key identifier:   16:6C:7E:27:E8:3B:C2:65:13:C6:2A:30:C7:7F:D2:94:A4:FD:71:F4
Certificate issuer:       /CN=fb782b78f20a6e4b70643052bd1a40af15a56338
Certificate serial:       018CC348B794874B67ED42E3F78B52278149
Authority key identifier: FB:78:2B:78:F2:0A:6E:4B:70:64:30:52:BD:1A:40:AF:15:A5:63:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-3grePIKbktwZDBSvRpArxWlYzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/9dc933-5c0d-4461-a45d-8f7d5691c1be/1/Fmx-J-g7wmUTxiowx3_SlKT9cfQ.roa
Signing time:             Mon 01 Jan 2024 04:29:31 +0000
ROA not before:           Mon 01 Jan 2024 04:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12337
IP address blocks:        185.174.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/9dc933-5c0d-4461-a45d-8f7d5691c1be/1/1-3grePIKbktwZDBSvRpArxWlYzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/9dc933-5c0d-4461-a45d-8f7d5691c1be/1/1-3grePIKbktwZDBSvRpArxWlYzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-3grePIKbktwZDBSvRpArxWlYzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b7:94:87:4b:67:ed:42:e3:f7:8b:52:27:81:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb782b78f20a6e4b70643052bd1a40af15a56338
        Validity
            Not Before: Jan  1 04:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=166c7e27e83bc26513c62a30c77fd294a4fd71f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:39:26:dd:64:79:cc:3a:51:ce:2b:bb:23:c4:
                    26:32:81:d2:bb:8e:c4:d6:7f:f2:e6:50:57:d4:8d:
                    57:68:4c:15:b8:fb:7b:d7:e8:a4:50:d6:2c:26:83:
                    8f:4c:40:4a:41:48:c7:bc:61:bc:06:98:b2:59:fa:
                    85:04:da:e4:cd:37:6f:47:07:84:cf:29:54:80:d1:
                    ec:7a:be:c7:88:5f:33:fb:01:67:f2:20:8c:5c:ab:
                    56:1c:34:ef:16:54:d4:6f:c5:9b:85:f4:d8:bb:00:
                    4c:6f:4e:27:ed:32:51:44:d5:b4:dd:8c:a0:b1:96:
                    09:1d:42:99:ff:b3:a4:34:bf:56:f0:9f:1f:78:71:
                    2b:bd:76:59:42:f8:38:ff:e4:7b:f2:f0:c0:2f:65:
                    43:84:1e:48:ed:31:5b:73:27:40:64:c4:6e:d1:36:
                    6e:b4:8d:ca:5e:fc:28:91:6a:34:4d:5c:48:49:35:
                    08:6e:ab:6a:1c:47:6f:a7:fa:09:31:27:1e:af:72:
                    33:dc:f5:e4:f3:67:1b:49:0e:2f:55:57:7b:18:4d:
                    0f:80:4d:2e:5c:fb:2b:5f:f2:99:5b:87:0f:09:33:
                    1b:4c:61:35:fc:68:52:03:64:b6:f4:26:15:5c:f9:
                    59:99:ea:56:9d:e5:12:9e:9a:b3:91:22:ab:63:7d:
                    d0:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:6C:7E:27:E8:3B:C2:65:13:C6:2A:30:C7:7F:D2:94:A4:FD:71:F4
            X509v3 Authority Key Identifier:
                keyid:FB:78:2B:78:F2:0A:6E:4B:70:64:30:52:BD:1A:40:AF:15:A5:63:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-3grePIKbktwZDBSvRpArxWlYzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9dc933-5c0d-4461-a45d-8f7d5691c1be/1/Fmx-J-g7wmUTxiowx3_SlKT9cfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9dc933-5c0d-4461-a45d-8f7d5691c1be/1/1-3grePIKbktwZDBSvRpArxWlYzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.174.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:33:a2:c4:f2:29:cb:35:0a:d8:f8:b8:6a:dc:7b:a7:cf:ad:
         ac:51:bd:33:df:a1:77:ab:09:00:f8:56:0a:90:e0:40:fd:2c:
         b6:62:78:68:98:9e:0f:6f:94:4c:35:6c:4d:53:73:55:58:88:
         4d:f9:3f:6c:17:4b:b0:f8:e2:77:91:0a:58:63:bb:15:a4:3f:
         43:76:59:5d:86:22:d0:82:2c:aa:a4:89:09:42:7b:7a:f2:cf:
         47:03:9d:45:27:cc:7f:33:91:41:37:6b:b9:d9:2f:ee:38:7d:
         e4:fa:1f:f9:18:2f:dc:e3:fc:4b:1f:71:36:80:04:b1:37:b4:
         a0:fd:c4:75:41:03:b4:7f:96:3d:0d:5d:e5:fe:bc:44:08:8c:
         e4:01:95:53:e2:68:da:ee:61:77:62:98:02:ce:f6:b5:d6:58:
         37:77:ff:bd:53:f9:84:e7:ae:f9:8d:e8:c6:ef:e4:12:b2:d0:
         d5:b8:c1:ad:fd:dc:6f:a5:ea:d0:5b:eb:12:6a:2c:80:6d:75:
         ba:03:01:b2:05:a3:57:9c:19:a4:37:0b:73:73:76:a3:0f:71:
         f5:e8:ab:dd:7f:fb:1c:49:b5:14:11:8a:31:da:29:6c:3f:6a:
         20:0c:2a:81:94:b5:c9:41:ee:34:62:70:e3:9c:d2:e7:ba:ba:
         17:b8:7a:42
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDSLeUh0tn7ULj94tSJ4FJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiNzgyYjc4ZjIwYTZlNGI3MDY0MzA1MmJkMWE0MGFmMTVh
NTYzMzgwHhcNMjQwMTAxMDQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjZjN2UyN2U4M2JjMjY1MTNjNjJhMzBjNzdmZDI5NGE0ZmQ3MWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTkm3WR5zDpRziu7I8QmMoHSu47E
1n/y5lBX1I1XaEwVuPt71+ikUNYsJoOPTEBKQUjHvGG8BpiyWfqFBNrkzTdvRweE
zylUgNHser7HiF8z+wFn8iCMXKtWHDTvFlTUb8WbhfTYuwBMb04n7TJRRNW03Yyg
sZYJHUKZ/7OkNL9W8J8feHErvXZZQvg4/+R78vDAL2VDhB5I7TFbcydAZMRu0TZu
tI3KXvwokWo0TVxISTUIbqtqHEdvp/oJMScer3Iz3PXk82cbSQ4vVVd7GE0PgE0u
XPsrX/KZW4cPCTMbTGE1/GhSA2S29CYVXPlZmepWneUSnpqzkSKrY33QiQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBZsfifoO8JlE8YqMMd/0pSk/XH0MB8GA1UdIwQY
MBaAFPt4K3jyCm5LcGQwUr0aQK8VpWM4MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0zZ3JlUElLYmt0d1pEQlN2UnBBcnhXbFl6Zy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTMvOWRjOTMzLTVjMGQtNDQ2MS1hNDVk
LThmN2Q1NjkxYzFiZS8xL0ZteC1KLWc3d21VVHhpb3d4M19TbEtUOWNmUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTMvOWRjOTMzLTVjMGQtNDQ2MS1hNDVkLThmN2Q1NjkxYzFi
ZS8xLzEtM2dyZVBJS2JrdHdaREJTdlJwQXJ4V2xZemcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5rpcw
DQYJKoZIhvcNAQELBQADggEBACwzosTyKcs1Ctj4uGrce6fPraxRvTPfoXerCQD4
VgqQ4ED9LLZieGiYng9vlEw1bE1Tc1VYiE35P2wXS7D44neRClhjuxWkP0N2WV2G
ItCCLKqkiQlCe3ryz0cDnUUnzH8zkUE3a7nZL+44feT6H/kYL9zj/EsfcTaABLE3
tKD9xHVBA7R/lj0NXeX+vEQIjOQBlVPiaNruYXdimALO9rXWWDd3/71T+YTnrvmN
6Mbv5BKy0NW4wa393G+l6tBb6xJqLIBtdboDAbIFo1ecGaQ3C3NzdqMPcfXoq91/
+xxJtRQRijHaKWw/aiAMKoGUtclB7jRicOOc0ue6uhe4ekI=
-----END CERTIFICATE-----