Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/56f412-0b4b-4b75-88d0-96c4dc137b27/1/fin-FPx7gtJ_AHUcUDyY7FSZJ3M.roa
File:                     fin-FPx7gtJ_AHUcUDyY7FSZJ3M.roa (raw, json)
Hash identifier:          qMdwXCBDRjXBRfxCjcZSuBmRmeczR+hQZBT5reiqAIE=
Subject key identifier:   7E:29:FE:14:FC:7B:82:D2:7F:00:75:1C:50:3C:98:EC:54:99:27:73
Certificate issuer:       /CN=4a755a6de5c167809f819c85f8c8e5a6e4ce127d
Certificate serial:       018CC86FB607C11A834330D943ACB511080D
Authority key identifier: 4A:75:5A:6D:E5:C1:67:80:9F:81:9C:85:F8:C8:E5:A6:E4:CE:12:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SnVabeXBZ4CfgZyF-MjlpuTOEn0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/56f412-0b4b-4b75-88d0-96c4dc137b27/1/fin-FPx7gtJ_AHUcUDyY7FSZJ3M.roa
Signing time:             Tue 02 Jan 2024 04:30:13 +0000
ROA not before:           Tue 02 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199452
IP address blocks:        185.2.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/56f412-0b4b-4b75-88d0-96c4dc137b27/1/SnVabeXBZ4CfgZyF-MjlpuTOEn0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/56f412-0b4b-4b75-88d0-96c4dc137b27/1/SnVabeXBZ4CfgZyF-MjlpuTOEn0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SnVabeXBZ4CfgZyF-MjlpuTOEn0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b6:07:c1:1a:83:43:30:d9:43:ac:b5:11:08:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a755a6de5c167809f819c85f8c8e5a6e4ce127d
        Validity
            Not Before: Jan  2 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e29fe14fc7b82d27f00751c503c98ec54992773
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:35:10:65:b2:38:a1:35:24:0f:1c:49:41:bf:
                    f8:82:6e:76:1e:15:88:c4:5e:11:4a:98:02:0d:88:
                    d5:97:05:1b:f0:95:f7:32:90:0e:70:47:81:97:4b:
                    3a:61:d7:d6:48:73:88:e8:6a:eb:c1:c1:32:d4:fe:
                    ff:54:c6:d2:cc:b3:3f:84:09:ec:e6:2e:1f:ea:67:
                    6a:37:e7:39:02:66:1f:23:91:c6:5e:70:12:37:39:
                    ce:e2:7a:81:1d:5a:cb:1c:f8:49:75:a5:37:ca:31:
                    e4:ad:16:a9:a2:ab:92:2c:f1:38:35:93:4c:dc:cc:
                    0f:ab:69:bc:42:63:8a:e3:e8:f2:4d:c6:9c:7a:d2:
                    cb:a4:eb:6f:a0:31:d2:f5:75:97:1f:4e:9a:2c:86:
                    47:43:21:18:c1:7e:fe:ee:da:4f:a1:31:04:80:ee:
                    a6:a9:63:89:0d:7e:55:7f:82:d3:c2:10:06:d7:a4:
                    a0:c8:13:b3:55:16:27:43:ed:b0:29:3a:76:c4:1e:
                    41:10:21:e6:f3:cf:59:89:18:36:12:18:48:51:5b:
                    33:c9:1d:18:7b:25:66:98:b7:b0:40:71:dc:a7:d4:
                    65:b4:e8:4b:a8:dc:6a:b3:e5:13:ac:19:60:6b:0b:
                    49:7f:a9:88:f8:1c:d0:69:48:41:75:34:4e:86:49:
                    49:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:29:FE:14:FC:7B:82:D2:7F:00:75:1C:50:3C:98:EC:54:99:27:73
            X509v3 Authority Key Identifier:
                keyid:4A:75:5A:6D:E5:C1:67:80:9F:81:9C:85:F8:C8:E5:A6:E4:CE:12:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SnVabeXBZ4CfgZyF-MjlpuTOEn0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/56f412-0b4b-4b75-88d0-96c4dc137b27/1/fin-FPx7gtJ_AHUcUDyY7FSZJ3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/56f412-0b4b-4b75-88d0-96c4dc137b27/1/SnVabeXBZ4CfgZyF-MjlpuTOEn0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:4c:ac:24:f8:54:32:aa:b6:f1:d9:92:33:df:71:22:10:c2:
         9c:f2:42:88:71:01:68:08:6f:dd:65:ff:de:e3:ac:47:1d:76:
         98:55:b6:6a:72:5b:e0:a4:5e:02:c0:8a:7d:93:6f:b9:5b:d5:
         4b:0a:09:c2:52:04:e7:cf:c9:a8:d9:a4:c8:b9:00:2c:ff:3b:
         63:25:7b:40:98:74:11:14:f8:04:3e:11:ec:e2:72:2f:5b:fb:
         55:9f:ba:41:c0:4b:81:55:fc:ae:69:7c:3a:12:bb:7b:2f:a1:
         d9:00:e4:de:d1:9b:30:9b:36:6f:52:da:b8:bb:01:96:87:db:
         7d:c4:ae:52:f8:6f:3d:40:de:ed:85:d5:75:be:d3:19:a1:ca:
         bf:9d:81:eb:13:35:b4:ea:2c:8b:db:62:f7:0c:ec:20:44:f0:
         e9:d3:5a:1e:0c:bd:f2:cf:3f:01:ff:eb:8c:e8:16:42:d1:c9:
         c5:7f:9c:76:40:fa:a5:98:13:fd:24:85:f0:cf:16:28:b7:53:
         f4:c9:54:86:64:6c:12:e3:2b:96:4f:c0:8b:eb:ae:7d:06:0a:
         9c:26:43:bb:42:91:65:cb:84:43:16:b0:5e:08:30:2a:90:7e:
         10:93:1e:22:26:4b:ba:ac:9f:44:ee:80:d7:c2:5a:82:6c:24:
         f4:39:f1:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb7YHwRqDQzDZQ6y1EQgNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNzU1YTZkZTVjMTY3ODA5ZjgxOWM4NWY4YzhlNWE2ZTRj
ZTEyN2QwHhcNMjQwMTAyMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTI5ZmUxNGZjN2I4MmQyN2YwMDc1MWM1MDNjOThlYzU0OTkyNzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2TUQZbI4oTUkDxxJQb/4gm52HhWI
xF4RSpgCDYjVlwUb8JX3MpAOcEeBl0s6YdfWSHOI6GrrwcEy1P7/VMbSzLM/hAns
5i4f6mdqN+c5AmYfI5HGXnASNznO4nqBHVrLHPhJdaU3yjHkrRapoquSLPE4NZNM
3MwPq2m8QmOK4+jyTcacetLLpOtvoDHS9XWXH06aLIZHQyEYwX7+7tpPoTEEgO6m
qWOJDX5Vf4LTwhAG16SgyBOzVRYnQ+2wKTp2xB5BECHm889ZiRg2EhhIUVszyR0Y
eyVmmLewQHHcp9RltOhLqNxqs+UTrBlgawtJf6mI+BzQaUhBdTROhklJuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH4p/hT8e4LSfwB1HFA8mOxUmSdzMB8GA1UdIwQY
MBaAFEp1Wm3lwWeAn4GchfjI5abkzhJ9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU25WYWJlWEJaNENmZ1p5Ri1NamxwdVRPRW4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS81NmY0MTItMGI0Yi00Yjc1LTg4ZDAt
OTZjNGRjMTM3YjI3LzEvZmluLUZQeDdndEpfQUhVY1VEeVk3RlNaSjNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS81NmY0MTItMGI0Yi00Yjc1LTg4ZDAtOTZjNGRjMTM3YjI3
LzEvU25WYWJlWEJaNENmZ1p5Ri1NamxwdVRPRW4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQLAMA0G
CSqGSIb3DQEBCwUAA4IBAQBgTKwk+FQyqrbx2ZIz33EiEMKc8kKIcQFoCG/dZf/e
46xHHXaYVbZqclvgpF4CwIp9k2+5W9VLCgnCUgTnz8mo2aTIuQAs/ztjJXtAmHQR
FPgEPhHs4nIvW/tVn7pBwEuBVfyuaXw6Ert7L6HZAOTe0ZswmzZvUtq4uwGWh9t9
xK5S+G89QN7thdV1vtMZocq/nYHrEzW06iyL22L3DOwgRPDp01oeDL3yzz8B/+uM
6BZC0cnFf5x2QPqlmBP9JIXwzxYot1P0yVSGZGwS4yuWT8CL6659BgqcJkO7QpFl
y4RDFrBeCDAqkH4Qkx4iJku6rJ9E7oDXwlqCbCT0OfHu
-----END CERTIFICATE-----