Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/92bcf4-d0f2-4f9e-874d-c2c6f6a4097f/1/FKORH3tV0pitMzUqXDeXo-sHP0g.roa
File:                     FKORH3tV0pitMzUqXDeXo-sHP0g.roa (raw, json)
Hash identifier:          abMALQPNv84j0p9xgaJlQ8mP/LixlKx1rHMj6dpLO2M=
Subject key identifier:   14:A3:91:1F:7B:55:D2:98:AD:33:35:2A:5C:37:97:A3:EB:07:3F:48
Certificate issuer:       /CN=5b494c6e16f49d08be761ca8c0eaa7122872fa82
Certificate serial:       018CC6B90E07F86991F64C17059BC517B424
Authority key identifier: 5B:49:4C:6E:16:F4:9D:08:BE:76:1C:A8:C0:EA:A7:12:28:72:FA:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W0lMbhb0nQi-dhyowOqnEihy-oI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/92bcf4-d0f2-4f9e-874d-c2c6f6a4097f/1/FKORH3tV0pitMzUqXDeXo-sHP0g.roa
Signing time:             Mon 01 Jan 2024 20:31:05 +0000
ROA not before:           Mon 01 Jan 2024 20:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206283
IP address blocks:        185.123.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/92bcf4-d0f2-4f9e-874d-c2c6f6a4097f/1/W0lMbhb0nQi-dhyowOqnEihy-oI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/92bcf4-d0f2-4f9e-874d-c2c6f6a4097f/1/W0lMbhb0nQi-dhyowOqnEihy-oI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W0lMbhb0nQi-dhyowOqnEihy-oI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:0e:07:f8:69:91:f6:4c:17:05:9b:c5:17:b4:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b494c6e16f49d08be761ca8c0eaa7122872fa82
        Validity
            Not Before: Jan  1 20:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14a3911f7b55d298ad33352a5c3797a3eb073f48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:4d:cc:dd:d4:af:ad:fa:94:24:fc:26:52:3a:
                    6b:79:5d:e5:2b:40:12:60:2b:ff:e5:25:46:36:ca:
                    e8:1d:08:14:35:f3:e3:c8:10:90:27:e5:63:e1:74:
                    5e:6d:f7:42:69:7d:bd:ce:89:d6:61:84:72:3e:b7:
                    9b:69:c8:82:17:ed:41:9a:45:e5:0f:56:17:3d:d8:
                    f1:b6:14:9c:6c:7e:ba:84:d4:e7:93:0b:50:a9:7e:
                    0f:18:b9:d1:45:11:08:61:ca:cb:ee:a0:46:ec:06:
                    ab:0e:c6:bd:b7:c8:bb:1a:59:63:96:fa:8b:bb:45:
                    ec:61:3d:12:8c:d4:fa:67:f2:5a:c8:7c:31:2d:8e:
                    13:11:7a:5d:ec:05:24:e2:28:71:d1:50:3d:0b:95:
                    ec:78:3f:ce:48:e3:ea:71:1e:22:50:1a:9a:7e:53:
                    98:4b:e4:c9:63:dd:98:9d:96:85:3f:f1:ec:7c:d9:
                    2f:42:fb:30:dc:23:19:2d:04:96:e6:19:b9:62:d6:
                    24:d3:29:13:c0:50:4a:77:2a:1f:af:e2:b0:81:49:
                    73:72:54:1d:97:0c:c4:57:48:bd:ae:0c:43:b0:2d:
                    52:c0:8a:f3:26:da:81:74:be:80:2e:76:c3:cd:c5:
                    a0:4d:d3:8d:11:f6:e7:d7:8d:c8:bb:9f:c6:f8:6d:
                    71:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:A3:91:1F:7B:55:D2:98:AD:33:35:2A:5C:37:97:A3:EB:07:3F:48
            X509v3 Authority Key Identifier:
                keyid:5B:49:4C:6E:16:F4:9D:08:BE:76:1C:A8:C0:EA:A7:12:28:72:FA:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W0lMbhb0nQi-dhyowOqnEihy-oI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/92bcf4-d0f2-4f9e-874d-c2c6f6a4097f/1/FKORH3tV0pitMzUqXDeXo-sHP0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/92bcf4-d0f2-4f9e-874d-c2c6f6a4097f/1/W0lMbhb0nQi-dhyowOqnEihy-oI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:e0:1a:8c:a1:6a:03:a1:14:27:03:30:85:82:f4:f2:8a:71:
         fd:fe:54:77:d7:a7:ee:a8:8f:00:75:eb:e3:ef:1c:b4:c4:8f:
         8e:02:94:94:2b:7c:7f:8d:02:ab:6f:14:fa:89:cd:8c:9e:b5:
         d2:37:c4:28:53:a2:00:13:a2:77:96:ad:b6:77:cd:3c:3f:f6:
         95:45:e7:bd:f4:11:a6:fb:b0:ea:82:b3:16:82:8d:88:a3:57:
         0c:22:1a:25:36:7d:6a:63:5e:41:bd:e4:96:ed:2a:09:82:c1:
         c4:f9:fc:cf:7a:5a:7b:5a:75:c4:07:44:bd:95:1d:9d:9e:2a:
         3b:98:07:33:32:73:d7:13:77:fa:61:7f:cd:e1:af:f4:b5:02:
         4e:ac:09:eb:c6:18:b8:68:af:23:a0:ed:2d:30:02:65:77:33:
         92:e6:41:ed:9c:ef:58:4d:83:43:d2:68:ab:b6:f1:47:9d:9d:
         f0:03:07:81:8d:f5:ab:8e:0f:77:d2:dd:dd:f2:92:8d:03:49:
         8b:a1:78:6d:90:1c:d2:7f:9d:b9:4f:a5:9d:c7:be:26:57:89:
         d4:7a:a1:48:34:cf:ff:91:b1:e7:bc:4e:c4:30:43:76:5a:56:
         91:2d:c9:d8:c6:8f:2f:88:4e:83:e7:bb:c2:4c:5e:8f:6f:32:
         b9:47:93:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuQ4H+GmR9kwXBZvFF7QkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNDk0YzZlMTZmNDlkMDhiZTc2MWNhOGMwZWFhNzEyMjg3
MmZhODIwHhcNMjQwMTAxMjAzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGEzOTExZjdiNTVkMjk4YWQzMzM1MmE1YzM3OTdhM2ViMDczZjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjU3M3dSvrfqUJPwmUjpreV3lK0AS
YCv/5SVGNsroHQgUNfPjyBCQJ+Vj4XRebfdCaX29zonWYYRyPrebaciCF+1BmkXl
D1YXPdjxthScbH66hNTnkwtQqX4PGLnRRREIYcrL7qBG7AarDsa9t8i7GlljlvqL
u0XsYT0SjNT6Z/JayHwxLY4TEXpd7AUk4ihx0VA9C5XseD/OSOPqcR4iUBqaflOY
S+TJY92YnZaFP/HsfNkvQvsw3CMZLQSW5hm5YtYk0ykTwFBKdyofr+KwgUlzclQd
lwzEV0i9rgxDsC1SwIrzJtqBdL6ALnbDzcWgTdONEfbn143Iu5/G+G1xOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSjkR97VdKYrTM1Klw3l6PrBz9IMB8GA1UdIwQY
MBaAFFtJTG4W9J0IvnYcqMDqpxIocvqCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzBsTWJoYjBuUWktZGh5b3dPcW5FaWh5LW9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy85MmJjZjQtZDBmMi00ZjllLTg3NGQt
YzJjNmY2YTQwOTdmLzEvRktPUkgzdFYwcGl0TXpVcVhEZVhvLXNIUDBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy85MmJjZjQtZDBmMi00ZjllLTg3NGQtYzJjNmY2YTQwOTdm
LzEvVzBsTWJoYjBuUWktZGh5b3dPcW5FaWh5LW9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXsUMA0G
CSqGSIb3DQEBCwUAA4IBAQB64BqMoWoDoRQnAzCFgvTyinH9/lR316fuqI8Adevj
7xy0xI+OApSUK3x/jQKrbxT6ic2MnrXSN8QoU6IAE6J3lq22d808P/aVRee99BGm
+7DqgrMWgo2Io1cMIholNn1qY15BveSW7SoJgsHE+fzPelp7WnXEB0S9lR2dnio7
mAczMnPXE3f6YX/N4a/0tQJOrAnrxhi4aK8joO0tMAJldzOS5kHtnO9YTYND0mir
tvFHnZ3wAweBjfWrjg930t3d8pKNA0mLoXhtkBzSf525T6Wdx74mV4nUeqFINM//
kbHnvE7EMEN2WlaRLcnYxo8viE6D57vCTF6PbzK5R5OI
-----END CERTIFICATE-----