Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/bc6892-1779-457c-9214-0aa9d97c8c98/1/1-jTWVKxBcP6qjaCAIgMBCMozFc8.roa
File:                     1-jTWVKxBcP6qjaCAIgMBCMozFc8.roa (raw, json)
Hash identifier:          Hx/TwuJTISSuPiIvrbhm8okpSwo2m2EjNcFhW3s6mJA=
Subject key identifier:   FA:34:D6:54:AC:41:70:FE:AA:8D:A0:80:22:03:01:08:CA:33:15:CF
Certificate issuer:       /CN=429196310a7f7dd9999ec43e938fd906985a3f87
Certificate serial:       018CCA2A7CA8B8C63DD65C2CD87CCA58EB87
Authority key identifier: 42:91:96:31:0A:7F:7D:D9:99:9E:C4:3E:93:8F:D9:06:98:5A:3F:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpGWMQp_fdmZnsQ-k4_ZBphaP4c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/bc6892-1779-457c-9214-0aa9d97c8c98/1/1-jTWVKxBcP6qjaCAIgMBCMozFc8.roa
Signing time:             Tue 02 Jan 2024 12:33:51 +0000
ROA not before:           Tue 02 Jan 2024 12:33:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203109
IP address blocks:        185.144.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/bc6892-1779-457c-9214-0aa9d97c8c98/1/QpGWMQp_fdmZnsQ-k4_ZBphaP4c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/bc6892-1779-457c-9214-0aa9d97c8c98/1/QpGWMQp_fdmZnsQ-k4_ZBphaP4c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QpGWMQp_fdmZnsQ-k4_ZBphaP4c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:7c:a8:b8:c6:3d:d6:5c:2c:d8:7c:ca:58:eb:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=429196310a7f7dd9999ec43e938fd906985a3f87
        Validity
            Not Before: Jan  2 12:33:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa34d654ac4170feaa8da08022030108ca3315cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:2e:75:70:72:26:82:9b:fe:bf:3e:3f:06:e1:
                    70:0d:84:22:5f:80:ba:56:d5:16:1f:11:80:dd:94:
                    4d:c2:6a:da:ae:bd:20:79:a0:b6:6e:de:68:4e:ff:
                    21:23:73:5d:b1:d3:b5:68:1d:ec:a4:1b:09:f7:67:
                    27:c5:0f:48:aa:86:68:ae:82:7f:7c:34:ba:49:15:
                    fa:1d:d5:88:50:e3:3c:3d:4f:6c:18:ee:6c:c0:ad:
                    3a:5d:a6:c7:66:a5:1a:46:81:b6:25:eb:cf:d6:20:
                    5a:2c:f4:81:2d:be:4a:0a:62:da:37:7c:a9:b5:8f:
                    42:ad:59:d1:01:43:b4:19:cd:45:ae:68:96:46:99:
                    75:56:86:c2:4a:a3:1f:c0:50:0e:16:85:4f:a9:9b:
                    1b:0f:32:f5:72:26:8f:08:0d:f0:9b:53:5c:aa:5e:
                    04:de:07:88:e2:bc:ff:d9:9a:8e:ff:b3:da:aa:01:
                    4a:13:61:97:17:64:56:6d:68:8e:0f:45:4d:aa:32:
                    df:10:17:fa:97:38:1a:c5:d4:4e:1f:54:4f:17:da:
                    15:d2:14:4e:dd:be:06:fb:1b:91:61:16:d7:38:48:
                    55:a3:ed:b3:08:ed:91:28:e9:3c:22:a9:39:4f:ce:
                    0d:d2:49:0a:5a:77:76:d7:7c:84:cd:06:f6:82:1c:
                    ef:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:34:D6:54:AC:41:70:FE:AA:8D:A0:80:22:03:01:08:CA:33:15:CF
            X509v3 Authority Key Identifier:
                keyid:42:91:96:31:0A:7F:7D:D9:99:9E:C4:3E:93:8F:D9:06:98:5A:3F:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpGWMQp_fdmZnsQ-k4_ZBphaP4c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/bc6892-1779-457c-9214-0aa9d97c8c98/1/1-jTWVKxBcP6qjaCAIgMBCMozFc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/bc6892-1779-457c-9214-0aa9d97c8c98/1/QpGWMQp_fdmZnsQ-k4_ZBphaP4c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:d2:2e:53:77:b4:23:26:ec:d8:f6:44:a6:93:99:ea:9c:9b:
         50:13:47:54:7f:60:14:f9:d8:67:1b:cf:a9:6a:48:27:53:8a:
         b9:07:d3:1a:eb:22:31:04:fe:f5:8f:73:4d:68:19:c6:de:6d:
         a4:64:73:79:51:43:9a:b8:d1:1c:82:86:ea:61:c1:f2:01:2a:
         41:a8:64:22:c5:23:d3:87:e7:a9:66:49:43:56:92:41:9e:d2:
         3d:6d:65:50:fa:d5:2c:5c:48:60:cf:a6:c0:67:ad:15:dd:7a:
         c8:de:64:10:9e:c5:ed:f9:0e:fc:f0:47:25:32:d1:c7:7f:b3:
         93:53:c1:17:67:4c:09:d4:33:32:17:d7:e9:55:1b:a2:0b:9f:
         70:5d:80:92:71:c2:aa:4a:30:d2:86:60:71:d2:55:fb:a0:d2:
         fb:e2:25:98:50:a2:71:cf:9b:05:bd:27:62:73:53:bd:c8:cb:
         84:ac:47:84:7b:16:5d:bb:34:97:13:f2:9f:c5:78:0b:3c:77:
         ce:d2:7d:dc:e5:33:b5:20:d9:53:d1:00:e2:22:7b:ec:55:ed:
         bd:99:17:21:09:21:48:e0:c8:90:d0:cb:dc:23:b3:b8:17:66:
         a5:0c:df:18:c3:74:cd:6e:ac:8f:03:5b:e9:93:82:cc:04:53:
         9a:b4:57:d9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKKnyouMY91lws2HzKWOuHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTE5NjMxMGE3ZjdkZDk5OTllYzQzZTkzOGZkOTA2OTg1
YTNmODcwHhcNMjQwMTAyMTIzMzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTM0ZDY1NGFjNDE3MGZlYWE4ZGEwODAyMjAzMDEwOGNhMzMxNWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnS51cHImgpv+vz4/BuFwDYQiX4C6
VtUWHxGA3ZRNwmrarr0geaC2bt5oTv8hI3NdsdO1aB3spBsJ92cnxQ9IqoZoroJ/
fDS6SRX6HdWIUOM8PU9sGO5swK06XabHZqUaRoG2JevP1iBaLPSBLb5KCmLaN3yp
tY9CrVnRAUO0Gc1FrmiWRpl1VobCSqMfwFAOFoVPqZsbDzL1ciaPCA3wm1Ncql4E
3geI4rz/2ZqO/7PaqgFKE2GXF2RWbWiOD0VNqjLfEBf6lzgaxdROH1RPF9oV0hRO
3b4G+xuRYRbXOEhVo+2zCO2RKOk8Iqk5T84N0kkKWnd213yEzQb2ghzv4wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPo01lSsQXD+qo2ggCIDAQjKMxXPMB8GA1UdIwQY
MBaAFEKRljEKf33ZmZ7EPpOP2QaYWj+HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBHV01RcF9mZG1abnNRLWs0X1pCcGhhUDRjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9iYzY4OTItMTc3OS00NTdjLTkyMTQt
MGFhOWQ5N2M4Yzk4LzEvMS1qVFdWS3hCY1A2cWphQ0FJZ01CQ01vekZjOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjUvYmM2ODkyLTE3NzktNDU3Yy05MjE0LTBhYTlkOTdjOGM5
OC8xL1FwR1dNUXBfZmRtWm5zUS1rNF9aQnBoYVA0Yy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArmQfDAN
BgkqhkiG9w0BAQsFAAOCAQEAFNIuU3e0Iybs2PZEppOZ6pybUBNHVH9gFPnYZxvP
qWpIJ1OKuQfTGusiMQT+9Y9zTWgZxt5tpGRzeVFDmrjRHIKG6mHB8gEqQahkIsUj
04fnqWZJQ1aSQZ7SPW1lUPrVLFxIYM+mwGetFd16yN5kEJ7F7fkO/PBHJTLRx3+z
k1PBF2dMCdQzMhfX6VUbogufcF2AknHCqkow0oZgcdJV+6DS++IlmFCicc+bBb0n
YnNTvcjLhKxHhHsWXbs0lxPyn8V4Czx3ztJ93OUztSDZU9EA4iJ77FXtvZkXIQkh
SODIkNDL3COzuBdmpQzfGMN0zW6sjwNb6ZOCzARTmrRX2Q==
-----END CERTIFICATE-----