Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/f12e6b-7f06-4040-86b9-7bf96832e1ea/1/FCC35yXRRgE3xDnpb_v1kqD2MHE.roa
File:                     FCC35yXRRgE3xDnpb_v1kqD2MHE.roa (raw, json)
Hash identifier:          nHKGAClSQBtHjVUIoGe70aBPEb2Br1YqKbWm/j8XOhQ=
Subject key identifier:   14:20:B7:E7:25:D1:46:01:37:C4:39:E9:6F:FB:F5:92:A0:F6:30:71
Certificate issuer:       /CN=710ab286dae8d8cb5f6fc4eec3f323814c87f5be
Certificate serial:       018CC3B702C1DF25F5218C22963F802D35C0
Authority key identifier: 71:0A:B2:86:DA:E8:D8:CB:5F:6F:C4:EE:C3:F3:23:81:4C:87:F5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cQqyhtro2Mtfb8Tuw_MjgUyH9b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/f12e6b-7f06-4040-86b9-7bf96832e1ea/1/FCC35yXRRgE3xDnpb_v1kqD2MHE.roa
Signing time:             Mon 01 Jan 2024 06:30:00 +0000
ROA not before:           Mon 01 Jan 2024 06:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42783
IP address blocks:        194.0.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/f12e6b-7f06-4040-86b9-7bf96832e1ea/1/cQqyhtro2Mtfb8Tuw_MjgUyH9b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/f12e6b-7f06-4040-86b9-7bf96832e1ea/1/cQqyhtro2Mtfb8Tuw_MjgUyH9b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cQqyhtro2Mtfb8Tuw_MjgUyH9b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 06:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:02:c1:df:25:f5:21:8c:22:96:3f:80:2d:35:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=710ab286dae8d8cb5f6fc4eec3f323814c87f5be
        Validity
            Not Before: Jan  1 06:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1420b7e725d1460137c439e96ffbf592a0f63071
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:64:8c:9e:da:5d:2e:b7:51:87:5b:81:14:38:
                    6b:f4:56:28:a2:9b:4c:e8:c0:4d:6d:a6:52:bd:4c:
                    1c:e5:91:17:11:2a:b4:c6:38:9c:16:fe:90:f6:75:
                    aa:51:da:bb:8e:57:3c:34:96:bf:01:a7:ae:b4:3a:
                    f7:99:fd:b2:22:35:9d:71:ef:f6:3b:4c:52:cb:ad:
                    a6:ca:41:38:25:a6:b4:68:74:3f:6c:ee:0e:76:f9:
                    c7:d1:77:0f:2e:97:ca:52:2e:02:cf:e2:37:ff:bc:
                    48:a1:26:a1:bc:cc:8d:c0:41:b1:b0:1d:9b:73:fd:
                    a7:12:e4:1d:61:79:5b:a3:3a:b5:d3:6b:71:3a:01:
                    12:32:8b:fc:50:16:cd:2b:d7:4b:71:19:7e:9a:bf:
                    76:8c:e0:fd:a7:70:b6:48:84:a0:99:85:7a:6e:c6:
                    f4:fa:a0:f4:02:c1:78:55:4d:20:26:f9:40:9c:bf:
                    ca:ea:bf:22:75:80:1f:b3:40:f0:f1:a4:81:2f:0c:
                    2d:f7:93:37:35:2f:24:68:63:07:8c:80:13:0f:aa:
                    2a:15:8a:97:63:aa:11:f0:af:9f:db:19:fc:7d:e4:
                    10:a6:cf:92:86:8a:58:56:05:75:c1:86:af:da:12:
                    c1:3f:5c:56:8e:2c:e0:b7:29:00:ed:63:69:26:6c:
                    07:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:20:B7:E7:25:D1:46:01:37:C4:39:E9:6F:FB:F5:92:A0:F6:30:71
            X509v3 Authority Key Identifier:
                keyid:71:0A:B2:86:DA:E8:D8:CB:5F:6F:C4:EE:C3:F3:23:81:4C:87:F5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cQqyhtro2Mtfb8Tuw_MjgUyH9b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f12e6b-7f06-4040-86b9-7bf96832e1ea/1/FCC35yXRRgE3xDnpb_v1kqD2MHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f12e6b-7f06-4040-86b9-7bf96832e1ea/1/cQqyhtro2Mtfb8Tuw_MjgUyH9b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:39:ab:72:2d:b4:ce:be:e7:07:7c:1f:bd:20:38:bf:8d:9e:
         5b:f4:f3:9b:bd:34:81:49:a7:fe:84:9a:a7:8c:a3:22:ff:a7:
         31:30:55:a9:15:be:f1:88:34:69:cc:cf:ca:81:98:21:26:97:
         9b:cc:c9:0a:2e:ba:8e:be:18:43:ff:38:9b:53:36:8c:84:ba:
         75:f5:c5:37:e1:c2:9a:34:85:85:3b:a9:dc:30:32:4f:32:70:
         85:74:6c:a8:f4:86:c7:0a:45:d9:78:eb:11:50:f4:63:09:bb:
         7a:9f:a3:7b:8c:99:cf:79:67:be:6c:33:d5:73:39:cf:ea:d3:
         8a:ad:33:6e:65:47:89:ab:d2:ad:5c:d7:ef:74:a0:08:e7:02:
         e9:67:78:15:d8:e8:df:b0:76:c5:5d:17:b7:cc:c4:d7:4e:d0:
         4e:6d:12:b3:80:d9:4d:59:a7:62:fd:07:96:6b:68:95:63:64:
         d5:14:25:2f:ce:1a:a3:0c:6d:1a:70:60:a4:32:77:15:64:34:
         8f:4c:0f:f3:06:cb:92:76:02:89:eb:45:0a:7a:c3:76:b9:d7:
         fe:f7:fe:e0:e3:ad:1c:17:4f:35:4b:41:84:bd:20:c5:ff:a7:
         37:0c:be:16:40:59:40:ff:49:e3:69:f7:6d:6e:fd:f8:91:64:
         cb:8a:a3:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtwLB3yX1IYwilj+ALTXAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxMGFiMjg2ZGFlOGQ4Y2I1ZjZmYzRlZWMzZjMyMzgxNGM4
N2Y1YmUwHhcNMjQwMTAxMDYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDIwYjdlNzI1ZDE0NjAxMzdjNDM5ZTk2ZmZiZjU5MmEwZjYzMDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWSMntpdLrdRh1uBFDhr9FYooptM
6MBNbaZSvUwc5ZEXESq0xjicFv6Q9nWqUdq7jlc8NJa/AaeutDr3mf2yIjWdce/2
O0xSy62mykE4Jaa0aHQ/bO4OdvnH0XcPLpfKUi4Cz+I3/7xIoSahvMyNwEGxsB2b
c/2nEuQdYXlbozq102txOgESMov8UBbNK9dLcRl+mr92jOD9p3C2SISgmYV6bsb0
+qD0AsF4VU0gJvlAnL/K6r8idYAfs0Dw8aSBLwwt95M3NS8kaGMHjIATD6oqFYqX
Y6oR8K+f2xn8feQQps+ShopYVgV1wYav2hLBP1xWjizgtykA7WNpJmwHgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBQgt+cl0UYBN8Q56W/79ZKg9jBxMB8GA1UdIwQY
MBaAFHEKsoba6NjLX2/E7sPzI4FMh/W+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1FxeWh0cm8yTXRmYjhUdXdfTWpnVXlIOWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9mMTJlNmItN2YwNi00MDQwLTg2Yjkt
N2JmOTY4MzJlMWVhLzEvRkNDMzV5WFJSZ0UzeERucGJfdjFrcUQyTUhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9mMTJlNmItN2YwNi00MDQwLTg2YjktN2JmOTY4MzJlMWVh
LzEvY1FxeWh0cm8yTXRmYjhUdXdfTWpnVXlIOWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgDmMA0G
CSqGSIb3DQEBCwUAA4IBAQAbOatyLbTOvucHfB+9IDi/jZ5b9PObvTSBSaf+hJqn
jKMi/6cxMFWpFb7xiDRpzM/KgZghJpebzMkKLrqOvhhD/zibUzaMhLp19cU34cKa
NIWFO6ncMDJPMnCFdGyo9IbHCkXZeOsRUPRjCbt6n6N7jJnPeWe+bDPVcznP6tOK
rTNuZUeJq9KtXNfvdKAI5wLpZ3gV2OjfsHbFXRe3zMTXTtBObRKzgNlNWadi/QeW
a2iVY2TVFCUvzhqjDG0acGCkMncVZDSPTA/zBsuSdgKJ60UKesN2udf+9/7g460c
F081S0GEvSDF/6c3DL4WQFlA/0njafdtbv34kWTLiqPv
-----END CERTIFICATE-----