Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/08b9c4-0afd-4876-9ef7-2e84b8d18e4e/1/FqHVmkJz2LeePqI9esBKzqII4S0.roa
File:                     FqHVmkJz2LeePqI9esBKzqII4S0.roa (raw, json)
Hash identifier:          C7YaYNuyaxr7GXeZUaDERL3zxQ53iEs2uwQHirGLWzo=
Subject key identifier:   16:A1:D5:9A:42:73:D8:B7:9E:3E:A2:3D:7A:C0:4A:CE:A2:08:E1:2D
Certificate issuer:       /CN=4c403bc60b4a13c3daa3411ac923c6372d423eb8
Certificate serial:       018CC64A7002EC3E74A7BAAC24123F9C8EBC
Authority key identifier: 4C:40:3B:C6:0B:4A:13:C3:DA:A3:41:1A:C9:23:C6:37:2D:42:3E:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TEA7xgtKE8Pao0EaySPGNy1CPrg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/08b9c4-0afd-4876-9ef7-2e84b8d18e4e/1/FqHVmkJz2LeePqI9esBKzqII4S0.roa
Signing time:             Mon 01 Jan 2024 18:30:16 +0000
ROA not before:           Mon 01 Jan 2024 18:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6848
IP address blocks:        194.62.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/08b9c4-0afd-4876-9ef7-2e84b8d18e4e/1/TEA7xgtKE8Pao0EaySPGNy1CPrg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/08b9c4-0afd-4876-9ef7-2e84b8d18e4e/1/TEA7xgtKE8Pao0EaySPGNy1CPrg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TEA7xgtKE8Pao0EaySPGNy1CPrg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:70:02:ec:3e:74:a7:ba:ac:24:12:3f:9c:8e:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c403bc60b4a13c3daa3411ac923c6372d423eb8
        Validity
            Not Before: Jan  1 18:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16a1d59a4273d8b79e3ea23d7ac04acea208e12d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:fe:ee:09:f7:5f:75:eb:7d:ae:8f:94:20:ae:
                    95:bb:1f:9a:00:ed:f1:7b:13:91:19:fa:ce:89:d7:
                    e6:5c:54:fd:fd:5e:c9:36:ae:95:8e:23:9f:4a:bf:
                    7b:57:74:50:f6:09:72:9a:f5:f4:ab:8b:11:be:c1:
                    cc:bb:9a:4e:94:a7:c4:c8:76:7d:9e:b9:49:e6:d3:
                    fd:4a:00:17:4f:a9:8b:e8:e5:4a:94:c7:b9:32:0f:
                    45:2f:dc:3e:32:de:c8:67:c2:7a:bb:75:c5:1a:e1:
                    2a:bb:ea:09:0a:c2:ab:47:fc:f1:bd:57:14:21:8a:
                    4f:92:53:88:91:fa:56:2e:65:ac:a8:56:93:81:73:
                    0c:3a:64:58:f4:34:ed:15:21:fb:ad:4c:e5:8f:2e:
                    0c:f4:6a:df:76:c0:d6:fc:2b:ac:e4:a2:23:3f:03:
                    82:8b:37:0a:3b:54:f3:38:0e:11:60:7d:0d:cb:92:
                    11:fb:2a:2a:59:10:92:c4:c8:ef:73:51:36:73:63:
                    c9:e8:78:a7:68:2b:91:39:c2:d4:4c:8d:e1:d2:84:
                    9f:f5:33:88:5b:62:60:3b:de:73:ac:57:2a:be:d0:
                    33:01:5f:13:fd:20:c5:cf:56:8a:18:8d:8a:86:48:
                    55:f8:28:e1:79:af:3c:ab:e6:c0:79:f8:ae:28:6b:
                    e9:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:A1:D5:9A:42:73:D8:B7:9E:3E:A2:3D:7A:C0:4A:CE:A2:08:E1:2D
            X509v3 Authority Key Identifier:
                keyid:4C:40:3B:C6:0B:4A:13:C3:DA:A3:41:1A:C9:23:C6:37:2D:42:3E:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TEA7xgtKE8Pao0EaySPGNy1CPrg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/08b9c4-0afd-4876-9ef7-2e84b8d18e4e/1/FqHVmkJz2LeePqI9esBKzqII4S0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/08b9c4-0afd-4876-9ef7-2e84b8d18e4e/1/TEA7xgtKE8Pao0EaySPGNy1CPrg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:2a:58:95:4b:0b:d6:2f:26:bc:be:ba:93:da:23:fb:d3:ca:
         11:00:23:a6:f2:e7:0d:47:f3:8f:19:a1:53:44:e6:b4:a9:9d:
         03:ba:60:e5:fa:e8:9b:96:fc:90:58:08:7c:4b:21:73:fd:de:
         4d:be:78:24:62:50:22:b3:bc:c0:89:d1:22:79:3f:23:3b:e0:
         9b:9f:01:56:83:25:f1:6c:4f:45:8a:bf:9b:ea:9b:ea:55:e3:
         0e:68:ef:91:27:92:bc:98:b5:36:0b:ae:2d:10:0d:95:bd:a2:
         3c:04:ff:7a:73:ea:ab:45:5e:40:d9:ae:d2:d7:e2:3c:c4:34:
         fa:18:13:15:ec:8d:5a:ed:58:1f:9e:b5:4a:56:a4:f9:3d:cc:
         aa:17:82:91:b4:84:0e:0e:49:04:2e:62:d4:96:f1:ea:dc:32:
         bb:1d:6d:d5:b8:7b:9e:30:21:e1:aa:62:5b:c8:a9:4a:2f:14:
         46:bb:2e:33:43:01:1f:7b:bd:2a:fb:65:30:61:20:a8:40:d0:
         67:a3:2e:62:43:f3:f9:8b:72:e9:e0:1a:98:01:d5:26:36:2f:
         9e:f0:6f:86:7a:fc:f6:3c:14:b1:fb:2e:b5:25:63:8c:27:10:
         16:f6:af:67:9e:5e:2b:90:bd:c8:b3:b6:2e:3f:dc:1c:94:61:
         72:0a:ad:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSnAC7D50p7qsJBI/nI68MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNDAzYmM2MGI0YTEzYzNkYWEzNDExYWM5MjNjNjM3MmQ0
MjNlYjgwHhcNMjQwMTAxMTgzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmExZDU5YTQyNzNkOGI3OWUzZWEyM2Q3YWMwNGFjZWEyMDhlMTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlv7uCfdfdet9ro+UIK6Vux+aAO3x
exORGfrOidfmXFT9/V7JNq6VjiOfSr97V3RQ9glymvX0q4sRvsHMu5pOlKfEyHZ9
nrlJ5tP9SgAXT6mL6OVKlMe5Mg9FL9w+Mt7IZ8J6u3XFGuEqu+oJCsKrR/zxvVcU
IYpPklOIkfpWLmWsqFaTgXMMOmRY9DTtFSH7rUzljy4M9GrfdsDW/Cus5KIjPwOC
izcKO1TzOA4RYH0Ny5IR+yoqWRCSxMjvc1E2c2PJ6HinaCuROcLUTI3h0oSf9TOI
W2JgO95zrFcqvtAzAV8T/SDFz1aKGI2KhkhV+Cjhea88q+bAefiuKGvpfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBah1ZpCc9i3nj6iPXrASs6iCOEtMB8GA1UdIwQY
MBaAFExAO8YLShPD2qNBGskjxjctQj64MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEVBN3hndEtFOFBhbzBFYXlTUEdOeTFDUHJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi8wOGI5YzQtMGFmZC00ODc2LTllZjct
MmU4NGI4ZDE4ZTRlLzEvRnFIVm1rSnoyTGVlUHFJOWVzQkt6cUlJNFMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi8wOGI5YzQtMGFmZC00ODc2LTllZjctMmU4NGI4ZDE4ZTRl
LzEvVEVBN3hndEtFOFBhbzBFYXlTUEdOeTFDUHJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj5JMA0G
CSqGSIb3DQEBCwUAA4IBAQAmKliVSwvWLya8vrqT2iP708oRACOm8ucNR/OPGaFT
ROa0qZ0DumDl+uiblvyQWAh8SyFz/d5NvngkYlAis7zAidEieT8jO+CbnwFWgyXx
bE9Fir+b6pvqVeMOaO+RJ5K8mLU2C64tEA2VvaI8BP96c+qrRV5A2a7S1+I8xDT6
GBMV7I1a7VgfnrVKVqT5PcyqF4KRtIQODkkELmLUlvHq3DK7HW3VuHueMCHhqmJb
yKlKLxRGuy4zQwEfe70q+2UwYSCoQNBnoy5iQ/P5i3Lp4BqYAdUmNi+e8G+Gevz2
PBSx+y61JWOMJxAW9q9nnl4rkL3Is7YuP9wclGFyCq29
-----END CERTIFICATE-----