Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/w5VINmF1xuwM0aprkA2emGNUpbs.roa
File:                     w5VINmF1xuwM0aprkA2emGNUpbs.roa (raw, json)
Hash identifier:          eK5xQPXFrRGzN6pvBtcV/ulIVMXaPkhWRKtMrBZb1lk=
Subject key identifier:   C3:95:48:36:61:75:C6:EC:0C:D1:AA:6B:90:0D:9E:98:63:54:A5:BB
Certificate issuer:       /CN=fca396f1c344b079c5d2f27bfb313377febb2ec7
Certificate serial:       01930203C403F106026FB9A2ADFB8E692BC7
Authority key identifier: FC:A3:96:F1:C3:44:B0:79:C5:D2:F2:7B:FB:31:33:77:FE:BB:2E:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/w5VINmF1xuwM0aprkA2emGNUpbs.roa
Signing time:             Wed 06 Nov 2024 15:07:01 +0000
ROA not before:           Wed 06 Nov 2024 15:07:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202
IP address blocks:        185.168.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:02:03:c4:03:f1:06:02:6f:b9:a2:ad:fb:8e:69:2b:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fca396f1c344b079c5d2f27bfb313377febb2ec7
        Validity
            Not Before: Nov  6 15:07:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c39548366175c6ec0cd1aa6b900d9e986354a5bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:aa:5c:db:a9:c3:31:94:f8:fd:f0:d2:d9:d4:
                    22:56:67:17:67:bc:0d:fa:38:2b:0b:bb:68:13:c9:
                    e1:bb:42:df:be:71:64:fc:a4:f3:1c:26:f1:42:ec:
                    3d:b9:96:0c:7b:76:de:f4:a6:96:07:47:4b:6b:7f:
                    0c:63:8d:d1:1a:92:7a:4d:1e:ca:44:2e:3d:cf:f2:
                    a8:2a:68:98:fc:38:c5:ad:94:a8:ac:19:05:07:b3:
                    6b:48:1b:02:3c:25:c9:4f:59:1c:33:5b:b3:a6:fb:
                    68:ab:7a:bf:73:37:c5:53:10:dc:3a:20:4a:15:b3:
                    bf:07:2b:ae:d0:f3:f9:4e:70:83:f5:b7:b4:7c:e0:
                    9d:de:21:a7:e1:bc:c1:ca:50:13:17:fa:47:d3:42:
                    4b:ab:09:82:38:8d:7d:60:cc:a1:36:9b:af:54:9d:
                    54:fd:f7:16:93:66:20:da:0f:59:60:96:ad:20:3e:
                    65:e7:c8:1f:7f:66:53:d3:b9:c3:e9:1d:10:f6:52:
                    8e:69:f0:de:58:84:2d:78:99:ef:e3:a6:8b:96:8f:
                    b9:37:50:90:e7:00:e2:3a:7e:a8:d5:fd:80:bc:21:
                    01:c6:b6:ad:9b:04:eb:57:47:88:dd:8e:c1:31:3a:
                    36:fa:dc:2b:73:f9:1c:af:3b:db:25:dc:a8:c5:0a:
                    70:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:95:48:36:61:75:C6:EC:0C:D1:AA:6B:90:0D:9E:98:63:54:A5:BB
            X509v3 Authority Key Identifier:
                keyid:FC:A3:96:F1:C3:44:B0:79:C5:D2:F2:7B:FB:31:33:77:FE:BB:2E:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/w5VINmF1xuwM0aprkA2emGNUpbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:13:5b:4f:44:14:df:6c:0f:78:64:c2:f1:0d:dc:a8:ca:b4:
         ba:b7:a9:be:b1:9c:ae:99:38:fa:11:09:46:12:80:79:eb:b9:
         77:5a:86:73:55:c0:f4:b0:3e:f0:d6:6a:05:95:2a:4d:e3:d5:
         b3:f3:f3:04:70:a6:ba:e2:59:97:88:2a:1d:d9:4d:60:67:bf:
         61:de:9a:d1:6c:66:ba:9f:dd:31:98:20:a2:0e:5e:e4:38:17:
         53:89:8c:2b:a2:c1:ab:ca:8b:3e:e3:3b:9a:b3:87:1a:fb:ec:
         52:91:61:e0:0c:37:73:78:3f:7f:9c:d7:9d:85:4c:bf:a4:90:
         11:67:6b:d9:7c:a7:62:9c:32:77:b0:ec:ed:89:c7:8a:49:29:
         0d:f8:c6:08:9b:0a:f9:12:88:0e:8c:6e:f0:07:88:2a:cd:e8:
         3a:5f:87:58:13:1e:8b:d4:31:5f:61:d9:ad:ea:49:af:f2:f7:
         da:2f:26:b2:f8:2a:71:3f:e6:55:69:e3:bf:94:da:79:07:8a:
         6e:19:68:e0:11:57:29:8b:d9:ea:6c:ee:9b:4e:df:99:e1:2a:
         a4:88:53:ea:00:fb:9b:30:2d:fa:e6:0a:d7:93:8e:0a:d5:2b:
         6b:4c:f0:e0:e2:6e:5c:20:2a:73:87:58:5b:97:aa:dd:ab:50:
         01:dd:11:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMCA8QD8QYCb7mirfuOaSvHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYTM5NmYxYzM0NGIwNzljNWQyZjI3YmZiMzEzMzc3ZmVi
YjJlYzcwHhcNMjQxMTA2MTUwNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzk1NDgzNjYxNzVjNmVjMGNkMWFhNmI5MDBkOWU5ODYzNTRhNWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6pc26nDMZT4/fDS2dQiVmcXZ7wN
+jgrC7toE8nhu0LfvnFk/KTzHCbxQuw9uZYMe3be9KaWB0dLa38MY43RGpJ6TR7K
RC49z/KoKmiY/DjFrZSorBkFB7NrSBsCPCXJT1kcM1uzpvtoq3q/czfFUxDcOiBK
FbO/Byuu0PP5TnCD9be0fOCd3iGn4bzBylATF/pH00JLqwmCOI19YMyhNpuvVJ1U
/fcWk2Yg2g9ZYJatID5l58gff2ZT07nD6R0Q9lKOafDeWIQteJnv46aLlo+5N1CQ
5wDiOn6o1f2AvCEBxratmwTrV0eI3Y7BMTo2+twrc/kcrzvbJdyoxQpwXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMOVSDZhdcbsDNGqa5ANnphjVKW7MB8GA1UdIwQY
MBaAFPyjlvHDRLB5xdLye/sxM3f+uy7HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0tPVzhjTkVzSG5GMHZKNy16RXpkXzY3THNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xNGUxNDEtY2FhNS00MWZiLTk0NWIt
ZmZiMTZlYmQxMTFmLzEvdzVWSU5tRjF4dXdNMGFwcmtBMmVtR05VcGJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xNGUxNDEtY2FhNS00MWZiLTk0NWItZmZiMTZlYmQxMTFm
LzEvX0tPVzhjTkVzSG5GMHZKNy16RXpkXzY3THNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuagKMA0G
CSqGSIb3DQEBCwUAA4IBAQAfE1tPRBTfbA94ZMLxDdyoyrS6t6m+sZyumTj6EQlG
EoB567l3WoZzVcD0sD7w1moFlSpN49Wz8/MEcKa64lmXiCod2U1gZ79h3prRbGa6
n90xmCCiDl7kOBdTiYwrosGryos+4zuas4ca++xSkWHgDDdzeD9/nNedhUy/pJAR
Z2vZfKdinDJ3sOzticeKSSkN+MYImwr5EogOjG7wB4gqzeg6X4dYEx6L1DFfYdmt
6kmv8vfaLyay+CpxP+ZVaeO/lNp5B4puGWjgEVcpi9nqbO6bTt+Z4SqkiFPqAPub
MC365grXk44K1StrTPDg4m5cICpzh1hbl6rdq1AB3RGb
-----END CERTIFICATE-----