Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/FwUFHAugjxAWxSpevQUdmbhT-cQ.roa
File:                     FwUFHAugjxAWxSpevQUdmbhT-cQ.roa (raw, json)
Hash identifier:          G+okX5A9D6E35bs5/tKfZ0C4f4SY+9MODI60pJCrHSk=
Subject key identifier:   17:05:05:1C:0B:A0:8F:10:16:C5:2A:5E:BD:05:1D:99:B8:53:F9:C4
Certificate issuer:       /CN=3517c9de927fa75beaef7885f0d88f6f4d2a0ed6
Certificate serial:       018CC64A9CABA8FE16CC38513909E5285C75
Authority key identifier: 35:17:C9:DE:92:7F:A7:5B:EA:EF:78:85:F0:D8:8F:6F:4D:2A:0E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/FwUFHAugjxAWxSpevQUdmbhT-cQ.roa
Signing time:             Mon 01 Jan 2024 18:30:27 +0000
ROA not before:           Mon 01 Jan 2024 18:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61112
IP address blocks:        185.155.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:9c:ab:a8:fe:16:cc:38:51:39:09:e5:28:5c:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3517c9de927fa75beaef7885f0d88f6f4d2a0ed6
        Validity
            Not Before: Jan  1 18:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1705051c0ba08f1016c52a5ebd051d99b853f9c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:07:bc:19:0b:cc:da:86:67:7f:b7:47:cf:ca:
                    be:27:ce:91:ff:c1:21:e5:e0:08:49:09:56:fe:86:
                    1f:cc:05:2d:94:58:ea:e6:f6:82:43:eb:4a:1f:d2:
                    7b:18:19:34:42:cd:6e:07:2d:08:a6:75:cf:32:ed:
                    b0:fc:2c:fc:d0:07:78:07:2b:d1:a7:7d:77:46:68:
                    10:94:e1:e2:d8:85:f5:a7:69:b9:f0:1e:8c:4d:69:
                    a8:82:17:2d:ea:13:c8:78:da:96:aa:c7:88:74:ca:
                    bd:e0:41:90:34:36:d3:7f:78:be:1f:96:95:49:5b:
                    8f:df:f9:87:c1:45:f6:83:3b:41:f0:12:73:23:eb:
                    a8:73:8b:31:5f:11:42:36:6b:24:97:43:9c:98:d5:
                    87:2a:ce:9f:a5:29:f4:7c:90:9b:7a:a6:3f:45:36:
                    13:06:59:59:89:4d:c5:73:7e:06:52:0b:eb:11:cc:
                    a9:3e:60:8c:c0:9f:4c:44:18:af:fd:94:4f:59:15:
                    60:38:5f:3d:f9:67:df:53:fc:80:3d:26:e1:bf:a1:
                    96:47:65:cd:ba:b9:33:8c:87:b8:b0:3e:bd:68:d7:
                    83:8e:83:f5:13:09:36:ea:06:1c:32:23:de:5e:b8:
                    92:6a:42:dd:29:d9:8b:37:62:f3:9b:32:a6:ad:ff:
                    8c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:05:05:1C:0B:A0:8F:10:16:C5:2A:5E:BD:05:1D:99:B8:53:F9:C4
            X509v3 Authority Key Identifier:
                keyid:35:17:C9:DE:92:7F:A7:5B:EA:EF:78:85:F0:D8:8F:6F:4D:2A:0E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/FwUFHAugjxAWxSpevQUdmbhT-cQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:84:02:46:cf:17:fc:e3:77:5f:0d:02:1c:3e:c4:2f:11:70:
         a7:23:d5:f2:54:f7:87:e4:ab:8e:42:f9:ff:6a:d5:69:67:2f:
         f7:9c:ee:55:db:1f:b6:8e:26:30:c5:83:d6:a8:87:03:65:e1:
         06:2a:e7:0b:73:e3:d3:d1:55:48:89:96:5d:32:4b:de:be:35:
         ab:5d:35:fb:2c:d8:66:6b:e6:17:bd:e1:9b:5c:a9:88:c6:0a:
         c5:76:d5:b1:24:a0:cf:89:d5:5c:85:c8:4a:ab:12:e1:6e:c2:
         36:37:81:e4:3a:56:52:7b:ff:42:32:55:30:fe:0e:6e:0c:23:
         7f:c7:2f:ff:8f:20:ab:84:b5:a9:ab:99:87:25:d1:fe:9c:46:
         c4:fe:a7:ec:5c:e1:48:92:bb:31:12:b5:10:a4:32:6f:31:ad:
         25:d7:d1:17:e3:ea:42:1c:04:73:b7:e4:86:2f:03:15:2e:41:
         37:1c:5e:31:2c:0a:d2:7c:f3:6d:1b:fa:cd:90:7d:1b:70:27:
         ba:55:12:aa:41:e4:a3:1d:3e:8f:78:86:0b:b1:0e:07:19:54:
         0f:f7:16:17:62:5a:8c:e5:77:7d:09:ed:7f:4f:4e:43:4b:66:
         ec:a3:bf:79:2c:5b:2e:95:55:40:de:1a:35:0a:e8:ea:3e:fd:
         fa:f0:f7:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSpyrqP4WzDhROQnlKFx1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MTdjOWRlOTI3ZmE3NWJlYWVmNzg4NWYwZDg4ZjZmNGQy
YTBlZDYwHhcNMjQwMTAxMTgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzA1MDUxYzBiYTA4ZjEwMTZjNTJhNWViZDA1MWQ5OWI4NTNmOWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhge8GQvM2oZnf7dHz8q+J86R/8Eh
5eAISQlW/oYfzAUtlFjq5vaCQ+tKH9J7GBk0Qs1uBy0IpnXPMu2w/Cz80Ad4ByvR
p313RmgQlOHi2IX1p2m58B6MTWmoghct6hPIeNqWqseIdMq94EGQNDbTf3i+H5aV
SVuP3/mHwUX2gztB8BJzI+uoc4sxXxFCNmskl0OcmNWHKs6fpSn0fJCbeqY/RTYT
BllZiU3Fc34GUgvrEcypPmCMwJ9MRBiv/ZRPWRVgOF89+WffU/yAPSbhv6GWR2XN
urkzjIe4sD69aNeDjoP1Ewk26gYcMiPeXriSakLdKdmLN2LzmzKmrf+MOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcFBRwLoI8QFsUqXr0FHZm4U/nEMB8GA1UdIwQY
MBaAFDUXyd6Sf6db6u94hfDYj29NKg7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJmSjNwSl9wMXZxNzNpRjhOaVBiMDBxRHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy85NTRhZGUtODRiNy00NDZkLWE2ZTIt
ZmQzYjMwMDJjMGJiLzEvRndVRkhBdWdqeEFXeFNwZXZRVWRtYmhULWNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy85NTRhZGUtODRiNy00NDZkLWE2ZTItZmQzYjMwMDJjMGJi
LzEvTlJmSjNwSl9wMXZxNzNpRjhOaVBiMDBxRHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZvrMA0G
CSqGSIb3DQEBCwUAA4IBAQBEhAJGzxf843dfDQIcPsQvEXCnI9XyVPeH5KuOQvn/
atVpZy/3nO5V2x+2jiYwxYPWqIcDZeEGKucLc+PT0VVIiZZdMkvevjWrXTX7LNhm
a+YXveGbXKmIxgrFdtWxJKDPidVchchKqxLhbsI2N4HkOlZSe/9CMlUw/g5uDCN/
xy//jyCrhLWpq5mHJdH+nEbE/qfsXOFIkrsxErUQpDJvMa0l19EX4+pCHARzt+SG
LwMVLkE3HF4xLArSfPNtG/rNkH0bcCe6VRKqQeSjHT6PeIYLsQ4HGVQP9xYXYlqM
5Xd9Ce1/T05DS2bso795LFsulVVA3ho1CujqPv368Pe7
-----END CERTIFICATE-----