Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/b5b4e7-8a68-466d-9fc5-075dc4604aef/1/1-7CcvK1ocoGcdSqfSpC_BE21tu4.roa
File:                     1-7CcvK1ocoGcdSqfSpC_BE21tu4.roa (raw, json)
Hash identifier:          K1J7zLZvB8NinLq73Mqa7zbRnBEymcV9YCqoPhxeHUA=
Subject key identifier:   FB:B0:9C:BC:AD:68:72:81:9C:75:2A:9F:4A:90:BF:04:4D:B5:B6:EE
Certificate issuer:       /CN=da834df1dafa7fe6ead360b3ee75a2931af1ffe9
Certificate serial:       018CC49302F4BC772E11D9B2ABF592E3FB13
Authority key identifier: DA:83:4D:F1:DA:FA:7F:E6:EA:D3:60:B3:EE:75:A2:93:1A:F1:FF:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2oNN8dr6f-bq02Cz7nWikxrx_-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/b5b4e7-8a68-466d-9fc5-075dc4604aef/1/1-7CcvK1ocoGcdSqfSpC_BE21tu4.roa
Signing time:             Mon 01 Jan 2024 10:30:18 +0000
ROA not before:           Mon 01 Jan 2024 10:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50941
IP address blocks:        185.195.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/b5b4e7-8a68-466d-9fc5-075dc4604aef/1/2oNN8dr6f-bq02Cz7nWikxrx_-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/b5b4e7-8a68-466d-9fc5-075dc4604aef/1/2oNN8dr6f-bq02Cz7nWikxrx_-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2oNN8dr6f-bq02Cz7nWikxrx_-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:02:f4:bc:77:2e:11:d9:b2:ab:f5:92:e3:fb:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da834df1dafa7fe6ead360b3ee75a2931af1ffe9
        Validity
            Not Before: Jan  1 10:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbb09cbcad6872819c752a9f4a90bf044db5b6ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:4b:04:b2:e8:34:a2:24:2c:a0:c3:0f:c1:d4:
                    2f:22:d8:83:b2:f2:8f:9d:d3:ea:ce:a6:b4:e8:84:
                    91:66:a0:62:1e:b4:a9:a1:60:94:eb:b2:a9:c9:7a:
                    70:02:b6:05:e3:a6:18:27:a8:7b:15:4a:d3:e8:d9:
                    2c:6b:14:c2:53:a4:69:f7:9b:2f:90:1e:76:d3:df:
                    ae:69:08:b1:84:66:a3:72:6a:54:28:57:14:92:2f:
                    61:23:74:69:3a:b2:d1:68:43:94:9a:0d:57:d0:65:
                    b3:fc:0d:c9:f2:10:f7:d7:ba:23:b0:7b:9f:c5:af:
                    e3:fb:4b:1c:54:0b:03:bc:79:7f:f1:a4:01:ed:3f:
                    92:93:2e:f1:8f:0f:89:44:56:f7:9b:a2:73:67:97:
                    d9:6c:d8:5c:1e:7d:56:be:7c:76:2b:fd:5b:fa:3b:
                    02:7e:df:45:b4:47:3e:c7:fe:c9:b5:d9:3e:fe:63:
                    b9:a7:0d:b1:76:84:82:bf:85:16:21:f3:a7:7f:8a:
                    8a:33:7a:71:72:2d:7f:57:2a:c1:da:15:cd:39:fd:
                    1b:e1:a1:07:f6:0b:b2:08:7d:61:4e:b0:df:de:b1:
                    a2:f1:b0:fa:99:60:f6:97:2b:1c:d5:92:d2:de:2b:
                    24:f0:fb:8a:59:4a:ae:5a:77:7f:57:df:f4:0f:68:
                    ad:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:B0:9C:BC:AD:68:72:81:9C:75:2A:9F:4A:90:BF:04:4D:B5:B6:EE
            X509v3 Authority Key Identifier:
                keyid:DA:83:4D:F1:DA:FA:7F:E6:EA:D3:60:B3:EE:75:A2:93:1A:F1:FF:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2oNN8dr6f-bq02Cz7nWikxrx_-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/b5b4e7-8a68-466d-9fc5-075dc4604aef/1/1-7CcvK1ocoGcdSqfSpC_BE21tu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/b5b4e7-8a68-466d-9fc5-075dc4604aef/1/2oNN8dr6f-bq02Cz7nWikxrx_-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:09:ea:a7:dc:83:c5:65:4f:c7:a5:7f:2c:d4:9b:ad:f9:1c:
         65:fb:7c:17:9d:a4:27:57:92:6e:89:0a:d1:1f:18:62:dd:6c:
         c8:92:ed:a0:f1:85:90:65:12:35:37:32:bb:b6:f5:ed:c9:ea:
         65:04:11:09:af:f6:3e:ec:a3:d9:bf:2f:e8:c2:b0:57:aa:18:
         49:f0:f7:07:19:83:20:2c:e8:0c:9f:25:18:fd:ec:f4:a8:61:
         d5:4d:17:c5:23:6f:8c:05:8a:c2:87:c7:4c:c9:c1:42:dd:ba:
         8c:73:d4:f4:84:ea:be:0c:c6:fd:b4:b9:b7:63:7d:d7:6b:c2:
         73:8e:17:7b:f7:54:df:36:b4:14:b4:ad:cf:e5:4a:08:d5:76:
         f4:37:ec:34:4b:0e:db:9e:5f:0c:d9:17:c5:b9:ca:8b:ec:11:
         2f:72:0e:be:a2:67:d9:89:6f:55:10:79:d3:8a:58:df:63:df:
         ef:72:7e:2a:2e:90:48:2e:f3:93:a7:0e:4b:5e:3a:4a:14:eb:
         cc:88:9a:f3:8f:45:05:78:9c:39:37:40:91:cf:43:03:8f:85:
         79:e5:48:57:5d:c8:ea:30:72:f7:04:ec:90:7d:c4:3b:d9:f9:
         ae:ae:a8:e6:e9:8d:81:e0:10:8e:ed:79:ea:4b:69:8d:a0:ef:
         5d:e0:ef:ef
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEkwL0vHcuEdmyq/WS4/sTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhODM0ZGYxZGFmYTdmZTZlYWQzNjBiM2VlNzVhMjkzMWFm
MWZmZTkwHhcNMjQwMTAxMTAzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmIwOWNiY2FkNjg3MjgxOWM3NTJhOWY0YTkwYmYwNDRkYjViNmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA90sEsug0oiQsoMMPwdQvItiDsvKP
ndPqzqa06ISRZqBiHrSpoWCU67KpyXpwArYF46YYJ6h7FUrT6NksaxTCU6Rp95sv
kB5209+uaQixhGajcmpUKFcUki9hI3RpOrLRaEOUmg1X0GWz/A3J8hD317ojsHuf
xa/j+0scVAsDvHl/8aQB7T+Sky7xjw+JRFb3m6JzZ5fZbNhcHn1Wvnx2K/1b+jsC
ft9FtEc+x/7Jtdk+/mO5pw2xdoSCv4UWIfOnf4qKM3pxci1/VyrB2hXNOf0b4aEH
9guyCH1hTrDf3rGi8bD6mWD2lysc1ZLS3isk8PuKWUquWnd/V9/0D2itLwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPuwnLytaHKBnHUqn0qQvwRNtbbuMB8GA1UdIwQY
MBaAFNqDTfHa+n/m6tNgs+51opMa8f/pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm9OTjhkcjZmLWJxMDJDejduV2lreHJ4Xy1rLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9iNWI0ZTctOGE2OC00NjZkLTlmYzUt
MDc1ZGM0NjA0YWVmLzEvMS03Q2N2SzFvY29HY2RTcWZTcENfQkUyMXR1NC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmMvYjViNGU3LThhNjgtNDY2ZC05ZmM1LTA3NWRjNDYwNGFl
Zi8xLzJvTk44ZHI2Zi1icTAyQ3o3bldpa3hyeF8tay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnD5zAN
BgkqhkiG9w0BAQsFAAOCAQEAPgnqp9yDxWVPx6V/LNSbrfkcZft8F52kJ1eSbokK
0R8YYt1syJLtoPGFkGUSNTcyu7b17cnqZQQRCa/2Puyj2b8v6MKwV6oYSfD3BxmD
ICzoDJ8lGP3s9Khh1U0XxSNvjAWKwofHTMnBQt26jHPU9ITqvgzG/bS5t2N912vC
c44Xe/dU3za0FLStz+VKCNV29DfsNEsO255fDNkXxbnKi+wRL3IOvqJn2YlvVRB5
04pY32Pf73J+Ki6QSC7zk6cOS146ShTrzIia849FBXicOTdAkc9DA4+FeeVIV13I
6jBy9wTskH3EO9n5rq6o5umNgeAQju156ktpjaDvXeDv7w==
-----END CERTIFICATE-----