Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/dcb613-93eb-4e86-895b-b1e698708f59/1/F86xC6xwpLDuhs7A8wZygejUMX8.roa
File:                     F86xC6xwpLDuhs7A8wZygejUMX8.roa (raw, json)
Hash identifier:          hqY5dyyDkeBwJW2ZEKNHXzfFF8UT2R+EbGGyWHizujw=
Subject key identifier:   17:CE:B1:0B:AC:70:A4:B0:EE:86:CE:C0:F3:06:72:81:E8:D4:31:7F
Certificate issuer:       /CN=9c907aa046a881fb8050519520163060260d7f31
Certificate serial:       0194B6BE6FC1DF9D9FD77F062E69D122796E
Authority key identifier: 9C:90:7A:A0:46:A8:81:FB:80:50:51:95:20:16:30:60:26:0D:7F:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nJB6oEaogfuAUFGVIBYwYCYNfzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/dcb613-93eb-4e86-895b-b1e698708f59/1/F86xC6xwpLDuhs7A8wZygejUMX8.roa
Signing time:             Thu 30 Jan 2025 10:25:21 +0000
ROA not before:           Thu 30 Jan 2025 10:25:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6739
IP address blocks:        185.128.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/dcb613-93eb-4e86-895b-b1e698708f59/1/nJB6oEaogfuAUFGVIBYwYCYNfzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/dcb613-93eb-4e86-895b-b1e698708f59/1/nJB6oEaogfuAUFGVIBYwYCYNfzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nJB6oEaogfuAUFGVIBYwYCYNfzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b6:be:6f:c1:df:9d:9f:d7:7f:06:2e:69:d1:22:79:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c907aa046a881fb8050519520163060260d7f31
        Validity
            Not Before: Jan 30 10:25:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17ceb10bac70a4b0ee86cec0f3067281e8d4317f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:54:38:20:a7:fe:3b:57:23:19:72:d8:98:ab:
                    69:ba:f5:1f:49:51:e1:8e:05:8e:a4:36:32:a3:03:
                    a5:38:e6:39:2c:9d:86:f5:ee:8d:57:d8:88:d3:66:
                    a0:41:0e:d5:e6:39:0d:ca:c7:db:33:79:3c:a0:b4:
                    75:bb:13:69:39:c4:27:94:1f:f7:9a:a1:40:f0:e9:
                    a5:e1:7a:0e:ac:f2:7d:eb:92:47:32:6c:33:71:26:
                    0e:d9:e0:95:68:64:8e:87:bc:96:fb:79:67:20:a1:
                    b6:d5:7a:de:4e:2f:c9:13:2f:63:8b:8f:f8:0c:3d:
                    58:0f:1c:07:03:ec:58:8d:44:25:c4:06:ce:d0:59:
                    f2:dc:fb:c0:53:a7:ae:eb:54:b2:7b:cd:9a:8e:f2:
                    03:7e:45:a0:c0:15:b6:7a:5d:5f:28:d3:02:7b:81:
                    cf:8f:d7:c8:e3:b5:df:02:a4:25:d4:82:ee:72:d9:
                    9f:e2:22:ce:6f:98:e6:c8:be:1f:b2:e8:ed:02:d6:
                    f1:24:40:8a:29:5d:2a:87:eb:66:e6:36:b4:b9:3a:
                    47:c6:24:99:0d:2b:c6:ec:f7:c7:60:5c:57:06:7d:
                    9b:32:a2:0f:cd:ff:61:bf:bb:e7:d0:7c:48:4e:12:
                    9c:76:dd:ac:b0:b2:28:9c:f9:1b:2d:88:f8:6e:85:
                    38:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:CE:B1:0B:AC:70:A4:B0:EE:86:CE:C0:F3:06:72:81:E8:D4:31:7F
            X509v3 Authority Key Identifier:
                keyid:9C:90:7A:A0:46:A8:81:FB:80:50:51:95:20:16:30:60:26:0D:7F:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nJB6oEaogfuAUFGVIBYwYCYNfzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/dcb613-93eb-4e86-895b-b1e698708f59/1/F86xC6xwpLDuhs7A8wZygejUMX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/dcb613-93eb-4e86-895b-b1e698708f59/1/nJB6oEaogfuAUFGVIBYwYCYNfzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:e5:01:fb:9a:98:47:07:3f:b2:bd:ba:c9:a0:2a:e5:84:a6:
         a1:e0:c2:4b:5d:19:60:01:db:2b:1d:68:11:a6:2e:47:3f:ae:
         8a:b3:70:1f:b6:a5:86:c8:07:08:ad:66:8e:3f:ea:01:35:70:
         c6:2b:00:94:ae:c9:3b:80:54:b8:25:0d:e8:3a:69:78:d3:38:
         1c:d5:49:e9:75:cb:c6:ce:8e:0f:a8:f5:2e:64:da:01:44:8b:
         56:f3:20:cc:b1:fa:36:36:f2:c1:4a:89:86:a4:d2:32:a3:9f:
         63:3d:79:d5:c5:f1:0a:62:7e:ab:ca:83:d4:da:bd:55:fe:2c:
         bc:1f:94:90:91:11:bd:d5:1f:fb:f3:2a:f0:c5:c6:05:ea:63:
         f1:17:21:1c:46:4a:07:31:0b:4f:8a:43:d0:1a:fa:8f:11:2d:
         b4:29:31:04:50:e3:67:52:99:96:d9:b3:eb:95:df:02:74:7e:
         7e:53:10:71:be:d8:64:40:63:ab:9f:20:bf:eb:d0:66:3a:88:
         75:4b:07:d7:3c:8c:8b:d5:db:ec:09:77:19:25:ed:8f:36:1e:
         55:45:83:0d:c6:2a:06:8a:ff:ef:2f:ed:8e:f9:01:8b:c6:d1:
         93:e2:bc:e8:43:68:82:a4:e2:5f:e3:70:db:a9:8c:bc:ce:cc:
         7d:1e:f6:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS2vm/B352f138GLmnRInluMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljOTA3YWEwNDZhODgxZmI4MDUwNTE5NTIwMTYzMDYwMjYw
ZDdmMzEwHhcNMjUwMTMwMTAyNTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2NlYjEwYmFjNzBhNGIwZWU4NmNlYzBmMzA2NzI4MWU4ZDQzMTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFQ4IKf+O1cjGXLYmKtpuvUfSVHh
jgWOpDYyowOlOOY5LJ2G9e6NV9iI02agQQ7V5jkNysfbM3k8oLR1uxNpOcQnlB/3
mqFA8Oml4XoOrPJ965JHMmwzcSYO2eCVaGSOh7yW+3lnIKG21XreTi/JEy9ji4/4
DD1YDxwHA+xYjUQlxAbO0Fny3PvAU6eu61Sye82ajvIDfkWgwBW2el1fKNMCe4HP
j9fI47XfAqQl1ILuctmf4iLOb5jmyL4fsujtAtbxJECKKV0qh+tm5ja0uTpHxiSZ
DSvG7PfHYFxXBn2bMqIPzf9hv7vn0HxIThKcdt2ssLIonPkbLYj4boU4twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBfOsQuscKSw7obOwPMGcoHo1DF/MB8GA1UdIwQY
MBaAFJyQeqBGqIH7gFBRlSAWMGAmDX8xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkpCNm9FYW9nZnVBVUZHVklCWXdZQ1lOZnpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9kY2I2MTMtOTNlYi00ZTg2LTg5NWIt
YjFlNjk4NzA4ZjU5LzEvRjg2eEM2eHdwTER1aHM3QTh3WnlnZWpVTVg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9kY2I2MTMtOTNlYi00ZTg2LTg5NWItYjFlNjk4NzA4ZjU5
LzEvbkpCNm9FYW9nZnVBVUZHVklCWXdZQ1lOZnpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYCoMA0G
CSqGSIb3DQEBCwUAA4IBAQAd5QH7mphHBz+yvbrJoCrlhKah4MJLXRlgAdsrHWgR
pi5HP66Ks3AftqWGyAcIrWaOP+oBNXDGKwCUrsk7gFS4JQ3oOml40zgc1UnpdcvG
zo4PqPUuZNoBRItW8yDMsfo2NvLBSomGpNIyo59jPXnVxfEKYn6ryoPU2r1V/iy8
H5SQkRG91R/78yrwxcYF6mPxFyEcRkoHMQtPikPQGvqPES20KTEEUONnUpmW2bPr
ld8CdH5+UxBxvthkQGOrnyC/69BmOoh1SwfXPIyL1dvsCXcZJe2PNh5VRYMNxioG
iv/vL+2O+QGLxtGT4rzoQ2iCpOJf43DbqYy8zsx9HvZl
-----END CERTIFICATE-----