Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/92bcf4-d0f2-4f9e-874d-c2c6f6a4097f/1/fqYyES-5KmuiAbfymb2_gTkizWE.roa
File:                     fqYyES-5KmuiAbfymb2_gTkizWE.roa (raw, json)
Hash identifier:          NhjtlTDsjY1KWPcTWZatCoA4u2tG7X0q8zUdGdf8zdI=
Subject key identifier:   7E:A6:32:11:2F:B9:2A:6B:A2:01:B7:F2:99:BD:BF:81:39:22:CD:61
Certificate issuer:       /CN=5b494c6e16f49d08be761ca8c0eaa7122872fa82
Certificate serial:       018F04D0DF69A3EE68642F8890570C6FFCFA
Authority key identifier: 5B:49:4C:6E:16:F4:9D:08:BE:76:1C:A8:C0:EA:A7:12:28:72:FA:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W0lMbhb0nQi-dhyowOqnEihy-oI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/92bcf4-d0f2-4f9e-874d-c2c6f6a4097f/1/fqYyES-5KmuiAbfymb2_gTkizWE.roa
Signing time:             Mon 22 Apr 2024 07:59:08 +0000
ROA not before:           Mon 22 Apr 2024 07:59:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206283
IP address blocks:        185.123.20.0/24 maxlen: 24
                          185.123.21.0/24 maxlen: 24
                          185.123.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/92bcf4-d0f2-4f9e-874d-c2c6f6a4097f/1/W0lMbhb0nQi-dhyowOqnEihy-oI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/92bcf4-d0f2-4f9e-874d-c2c6f6a4097f/1/W0lMbhb0nQi-dhyowOqnEihy-oI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W0lMbhb0nQi-dhyowOqnEihy-oI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:04:d0:df:69:a3:ee:68:64:2f:88:90:57:0c:6f:fc:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b494c6e16f49d08be761ca8c0eaa7122872fa82
        Validity
            Not Before: Apr 22 07:59:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ea632112fb92a6ba201b7f299bdbf813922cd61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:33:8b:d9:2f:7e:db:ce:ea:9b:e4:2f:19:de:
                    42:8c:d0:8d:4f:da:69:aa:e9:00:07:20:08:dd:cf:
                    28:22:23:d3:63:a5:11:32:7b:7b:88:19:4c:47:65:
                    c7:1b:31:56:e1:f5:3b:f1:b4:3e:6a:e6:5e:94:6b:
                    cf:c3:cc:8e:e0:d6:35:80:91:6d:a3:55:4f:a4:67:
                    d5:6e:42:d3:49:21:36:4e:1b:4b:f5:03:a2:ab:93:
                    95:7a:6c:f6:b8:9d:63:2c:c5:3c:6d:86:7f:96:6b:
                    f1:16:f9:ee:87:3d:c1:b8:34:0a:ae:34:66:57:c9:
                    b6:31:64:02:fd:69:32:1b:ab:da:b0:b7:37:85:20:
                    56:1d:71:6f:1b:95:99:69:b1:bd:61:c4:08:06:69:
                    f9:69:17:6a:58:69:a1:47:7f:6c:94:95:98:99:23:
                    84:a2:af:3e:3d:00:b0:c4:7c:b2:68:ab:82:31:02:
                    82:af:f1:a4:eb:3c:2b:1e:3f:bc:68:7c:73:16:07:
                    63:34:8d:78:ad:90:c4:2c:d1:79:c2:d7:67:7e:d5:
                    7d:46:05:81:9d:bf:2c:58:70:6f:e0:5e:0a:69:1f:
                    14:ce:2c:ec:8d:b3:6e:44:a0:ef:60:c4:69:1b:c8:
                    b8:cf:c9:57:c3:24:2d:d1:8c:f0:2c:7a:a9:28:76:
                    95:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:A6:32:11:2F:B9:2A:6B:A2:01:B7:F2:99:BD:BF:81:39:22:CD:61
            X509v3 Authority Key Identifier:
                keyid:5B:49:4C:6E:16:F4:9D:08:BE:76:1C:A8:C0:EA:A7:12:28:72:FA:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W0lMbhb0nQi-dhyowOqnEihy-oI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/92bcf4-d0f2-4f9e-874d-c2c6f6a4097f/1/fqYyES-5KmuiAbfymb2_gTkizWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/92bcf4-d0f2-4f9e-874d-c2c6f6a4097f/1/W0lMbhb0nQi-dhyowOqnEihy-oI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.20.0-185.123.22.255

    Signature Algorithm: sha256WithRSAEncryption
         17:68:e2:a2:4b:16:73:97:19:64:5e:3b:61:51:2c:1c:16:00:
         f7:36:5b:25:06:32:4f:cf:49:64:43:ea:04:d8:88:18:7e:2a:
         86:b4:f9:08:ed:e5:24:f5:6e:5a:f0:ff:3c:fd:24:86:77:40:
         5c:d2:1a:34:55:6e:36:92:c0:99:d4:cc:d0:34:f0:5a:97:e0:
         d6:5c:18:a6:a5:56:5a:54:e6:95:56:e4:31:33:ce:24:9b:b7:
         35:91:d0:a4:4a:a7:ba:56:e6:a5:a2:ef:d1:cf:2a:3d:7a:55:
         a6:85:84:d4:38:56:29:40:1a:5f:70:72:ec:f1:fe:5d:98:b3:
         64:d0:f6:b0:dc:bf:26:91:2c:21:43:89:dd:e8:a4:4f:31:51:
         e5:53:78:ff:0a:90:6d:0b:b0:0f:fa:d1:92:67:70:e1:7a:7d:
         7a:9b:35:9e:d2:a4:4a:28:f2:b1:76:cd:80:04:bd:b0:11:cc:
         4c:7e:5a:ed:6f:10:dc:e0:b4:55:f3:a9:e3:05:1c:d3:a3:59:
         01:97:95:15:f6:a8:9b:05:53:32:0d:f6:c1:f2:10:fb:7e:da:
         62:f0:e9:74:6a:45:96:b5:b5:9a:37:9e:28:27:f5:ff:5d:47:
         2b:e6:6c:ee:7f:c4:ff:27:3d:16:8a:95:92:66:74:b7:5d:50:
         b2:c5:7b:98
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY8E0N9po+5oZC+IkFcMb/z6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNDk0YzZlMTZmNDlkMDhiZTc2MWNhOGMwZWFhNzEyMjg3
MmZhODIwHhcNMjQwNDIyMDc1OTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWE2MzIxMTJmYjkyYTZiYTIwMWI3ZjI5OWJkYmY4MTM5MjJjZDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozOL2S9+287qm+QvGd5CjNCNT9pp
qukAByAI3c8oIiPTY6URMnt7iBlMR2XHGzFW4fU78bQ+auZelGvPw8yO4NY1gJFt
o1VPpGfVbkLTSSE2ThtL9QOiq5OVemz2uJ1jLMU8bYZ/lmvxFvnuhz3BuDQKrjRm
V8m2MWQC/WkyG6vasLc3hSBWHXFvG5WZabG9YcQIBmn5aRdqWGmhR39slJWYmSOE
oq8+PQCwxHyyaKuCMQKCr/Gk6zwrHj+8aHxzFgdjNI14rZDELNF5wtdnftV9RgWB
nb8sWHBv4F4KaR8UzizsjbNuRKDvYMRpG8i4z8lXwyQt0YzwLHqpKHaVnQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFH6mMhEvuSprogG38pm9v4E5Is1hMB8GA1UdIwQY
MBaAFFtJTG4W9J0IvnYcqMDqpxIocvqCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzBsTWJoYjBuUWktZGh5b3dPcW5FaWh5LW9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy85MmJjZjQtZDBmMi00ZjllLTg3NGQt
YzJjNmY2YTQwOTdmLzEvZnFZeUVTLTVLbXVpQWJmeW1iMl9nVGtpeldFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy85MmJjZjQtZDBmMi00ZjllLTg3NGQtYzJjNmY2YTQwOTdm
LzEvVzBsTWJoYjBuUWktZGh5b3dPcW5FaWh5LW9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK5exQD
BAC5exYwDQYJKoZIhvcNAQELBQADggEBABdo4qJLFnOXGWReO2FRLBwWAPc2WyUG
Mk/PSWRD6gTYiBh+Koa0+Qjt5ST1blrw/zz9JIZ3QFzSGjRVbjaSwJnUzNA08FqX
4NZcGKalVlpU5pVW5DEzziSbtzWR0KRKp7pW5qWi79HPKj16VaaFhNQ4VilAGl9w
cuzx/l2Ys2TQ9rDcvyaRLCFDid3opE8xUeVTeP8KkG0LsA/60ZJncOF6fXqbNZ7S
pEoo8rF2zYAEvbARzEx+Wu1vENzgtFXzqeMFHNOjWQGXlRX2qJsFUzIN9sHyEPt+
2mLw6XRqRZa1tZo3nign9f9dRyvmbO5/xP8nPRaKlZJmdLddULLFe5g=
-----END CERTIFICATE-----