Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/8d6f1a-d334-418f-b726-6f5d8a74a0e4/1/fLG_VRBzMQLTf34BRY3yyNPt-sk.roa
File:                     fLG_VRBzMQLTf34BRY3yyNPt-sk.roa (raw, json)
Hash identifier:          ebFwX4IRV2dyazXg6KxQfH5MIHZ4PDpgNvM1ornAoc4=
Subject key identifier:   7C:B1:BF:55:10:73:31:02:D3:7F:7E:01:45:8D:F2:C8:D3:ED:FA:C9
Certificate issuer:       /CN=64a7a6cd583814d393bee2635b545574cc75620c
Certificate serial:       018CC9BC05C0FB30EFA376DCA81AEE7E5132
Authority key identifier: 64:A7:A6:CD:58:38:14:D3:93:BE:E2:63:5B:54:55:74:CC:75:62:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZKemzVg4FNOTvuJjW1RVdMx1Ygw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/8d6f1a-d334-418f-b726-6f5d8a74a0e4/1/fLG_VRBzMQLTf34BRY3yyNPt-sk.roa
Signing time:             Tue 02 Jan 2024 10:33:11 +0000
ROA not before:           Tue 02 Jan 2024 10:33:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51554
IP address blocks:        185.157.8.0/23 maxlen: 23
                          185.157.8.0/22 maxlen: 22
                          185.157.10.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/8d6f1a-d334-418f-b726-6f5d8a74a0e4/1/ZKemzVg4FNOTvuJjW1RVdMx1Ygw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/8d6f1a-d334-418f-b726-6f5d8a74a0e4/1/ZKemzVg4FNOTvuJjW1RVdMx1Ygw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZKemzVg4FNOTvuJjW1RVdMx1Ygw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 04:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:05:c0:fb:30:ef:a3:76:dc:a8:1a:ee:7e:51:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64a7a6cd583814d393bee2635b545574cc75620c
        Validity
            Not Before: Jan  2 10:33:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cb1bf5510733102d37f7e01458df2c8d3edfac9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:6d:ea:62:35:f3:18:2b:6b:ad:76:e1:fc:0a:
                    69:bc:4e:1e:2e:71:e4:84:6f:ae:f7:4b:39:fd:f0:
                    e4:df:f0:0b:46:01:be:59:03:c1:a1:8a:4e:e3:1f:
                    95:d9:da:33:51:94:87:62:23:c6:89:1f:3b:39:2f:
                    b9:0f:f8:48:02:97:cf:f4:48:f5:a6:e5:88:da:f7:
                    81:d2:0a:e0:c4:18:27:04:14:0f:20:db:05:63:bd:
                    7c:1e:c9:07:10:b6:b9:ca:dd:83:1d:8e:8b:d7:b6:
                    3d:77:f5:4a:67:13:5f:13:f6:2b:82:fc:65:b5:fd:
                    a9:d4:2e:3c:c7:41:c7:3e:57:12:c0:f8:44:dc:6e:
                    52:e3:c3:c5:fd:1c:b1:45:2d:fa:af:cd:8f:28:d4:
                    22:31:d1:85:f1:e0:1f:5f:18:9f:46:9f:2a:22:09:
                    4a:2c:53:a8:4a:8e:e2:3c:a3:f2:9b:11:48:4b:78:
                    f7:d7:b7:b1:ae:87:5d:a8:a5:d8:42:61:0e:eb:1e:
                    c4:c0:63:1f:8e:f2:c6:d8:59:60:2b:59:f6:5b:46:
                    84:07:f7:0b:6c:65:79:d9:83:93:02:6e:62:dc:fc:
                    e6:1f:0b:3a:ca:ef:66:83:01:47:91:57:20:f4:2e:
                    a1:78:f2:f7:86:04:f7:64:8b:0e:1d:c1:05:bd:2d:
                    a5:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:B1:BF:55:10:73:31:02:D3:7F:7E:01:45:8D:F2:C8:D3:ED:FA:C9
            X509v3 Authority Key Identifier:
                keyid:64:A7:A6:CD:58:38:14:D3:93:BE:E2:63:5B:54:55:74:CC:75:62:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZKemzVg4FNOTvuJjW1RVdMx1Ygw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/8d6f1a-d334-418f-b726-6f5d8a74a0e4/1/fLG_VRBzMQLTf34BRY3yyNPt-sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/8d6f1a-d334-418f-b726-6f5d8a74a0e4/1/ZKemzVg4FNOTvuJjW1RVdMx1Ygw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:ec:74:74:30:fd:1e:1b:1e:41:7f:15:1e:15:48:01:fe:c0:
         9a:1f:fd:05:ba:04:cb:ae:12:4d:9c:26:15:69:7b:e7:32:1f:
         d3:c6:bd:e1:7b:22:df:73:bc:d3:44:76:53:ee:65:44:07:26:
         b5:7a:45:28:60:9f:bd:ac:f5:f7:e2:b7:68:5e:a4:78:cf:23:
         41:f6:53:20:91:1e:43:bc:60:4d:04:52:58:d4:d4:a7:2d:81:
         9c:da:56:80:3f:4c:ec:37:66:91:11:da:66:47:42:93:9e:ab:
         84:95:69:17:a3:a6:cb:36:e9:b2:09:c7:9a:f9:39:ca:66:28:
         eb:e3:1e:9d:8e:df:a1:73:61:56:9d:56:ed:28:78:2a:d5:fe:
         9f:76:9a:ac:ac:49:84:e8:5b:6d:c4:44:17:41:0d:d4:5e:4a:
         7c:9c:ee:99:6a:be:99:ba:23:6e:3b:3a:6f:f2:b5:e2:f2:d5:
         8a:c6:53:a9:65:a5:80:1a:00:0a:46:03:2f:96:61:c9:1d:bc:
         7e:58:7b:67:3a:1d:e7:89:32:92:57:86:72:2d:ba:46:3d:b3:
         d7:92:e2:01:f5:4f:39:eb:5a:93:8b:f7:43:99:28:c6:65:24:
         2d:20:48:f1:11:c2:fe:a5:2d:5d:10:b3:01:47:d3:99:78:17:
         47:45:8e:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvAXA+zDvo3bcqBruflEyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0YTdhNmNkNTgzODE0ZDM5M2JlZTI2MzViNTQ1NTc0Y2M3
NTYyMGMwHhcNMjQwMTAyMTAzMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2IxYmY1NTEwNzMzMTAyZDM3ZjdlMDE0NThkZjJjOGQzZWRmYWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi23qYjXzGCtrrXbh/AppvE4eLnHk
hG+u90s5/fDk3/ALRgG+WQPBoYpO4x+V2dozUZSHYiPGiR87OS+5D/hIApfP9Ej1
puWI2veB0grgxBgnBBQPINsFY718HskHELa5yt2DHY6L17Y9d/VKZxNfE/Yrgvxl
tf2p1C48x0HHPlcSwPhE3G5S48PF/RyxRS36r82PKNQiMdGF8eAfXxifRp8qIglK
LFOoSo7iPKPymxFIS3j317exroddqKXYQmEO6x7EwGMfjvLG2FlgK1n2W0aEB/cL
bGV52YOTAm5i3PzmHws6yu9mgwFHkVcg9C6hePL3hgT3ZIsOHcEFvS2lgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHyxv1UQczEC039+AUWN8sjT7frJMB8GA1UdIwQY
MBaAFGSnps1YOBTTk77iY1tUVXTMdWIMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWktlbXpWZzRGTk9UdnVKalcxUlZkTXgxWWd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84ZDZmMWEtZDMzNC00MThmLWI3MjYt
NmY1ZDhhNzRhMGU0LzEvZkxHX1ZSQnpNUUxUZjM0QlJZM3l5TlB0LXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84ZDZmMWEtZDMzNC00MThmLWI3MjYtNmY1ZDhhNzRhMGU0
LzEvWktlbXpWZzRGTk9UdnVKalcxUlZkTXgxWWd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ0IMA0G
CSqGSIb3DQEBCwUAA4IBAQCC7HR0MP0eGx5BfxUeFUgB/sCaH/0FugTLrhJNnCYV
aXvnMh/Txr3heyLfc7zTRHZT7mVEBya1ekUoYJ+9rPX34rdoXqR4zyNB9lMgkR5D
vGBNBFJY1NSnLYGc2laAP0zsN2aREdpmR0KTnquElWkXo6bLNumyCcea+TnKZijr
4x6djt+hc2FWnVbtKHgq1f6fdpqsrEmE6FttxEQXQQ3UXkp8nO6Zar6ZuiNuOzpv
8rXi8tWKxlOpZaWAGgAKRgMvlmHJHbx+WHtnOh3niTKSV4ZyLbpGPbPXkuIB9U85
61qTi/dDmSjGZSQtIEjxEcL+pS1dELMBR9OZeBdHRY4N
-----END CERTIFICATE-----