Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/fe5ac1-28fe-43ec-8700-bf25ce0f8393/1/g7pFgNn9P392Qi9TseTU5vbLA6c.roa
File:                     g7pFgNn9P392Qi9TseTU5vbLA6c.roa (raw, json)
Hash identifier:          2QLkkN16UAuwCY5qQVrWBPaEDLxBaQBXosyTwnErWlM=
Subject key identifier:   83:BA:45:80:D9:FD:3F:7F:76:42:2F:53:B1:E4:D4:E6:F6:CB:03:A7
Certificate issuer:       /CN=3802c7987004ae78190e691e370de509ff59127b
Certificate serial:       018CC6B92975BF44DCE1AAF8BFF063164842
Authority key identifier: 38:02:C7:98:70:04:AE:78:19:0E:69:1E:37:0D:E5:09:FF:59:12:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OALHmHAErngZDmkeNw3lCf9ZEns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/fe5ac1-28fe-43ec-8700-bf25ce0f8393/1/g7pFgNn9P392Qi9TseTU5vbLA6c.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31477
IP address blocks:        194.13.8.0/22 maxlen: 24
                          194.13.12.0/23 maxlen: 24
                          194.13.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/fe5ac1-28fe-43ec-8700-bf25ce0f8393/1/OALHmHAErngZDmkeNw3lCf9ZEns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/fe5ac1-28fe-43ec-8700-bf25ce0f8393/1/OALHmHAErngZDmkeNw3lCf9ZEns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OALHmHAErngZDmkeNw3lCf9ZEns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:29:75:bf:44:dc:e1:aa:f8:bf:f0:63:16:48:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3802c7987004ae78190e691e370de509ff59127b
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83ba4580d9fd3f7f76422f53b1e4d4e6f6cb03a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:a4:4a:97:85:ff:51:c3:b9:c9:6d:f6:54:a1:
                    cc:7a:86:5b:c2:06:df:5f:9a:45:c6:c3:d1:f6:8b:
                    12:29:7c:70:21:c6:54:a8:13:c9:e1:09:8c:fb:55:
                    7f:82:68:9b:60:90:56:c4:00:f4:14:eb:f3:23:49:
                    ff:bf:4d:f4:c1:f2:9d:4a:1b:a8:6a:7c:98:65:cc:
                    5e:fb:6c:4f:ed:a9:bf:8b:66:72:bd:99:f9:59:e8:
                    d6:c9:dc:ee:74:c1:f3:82:ae:8c:ec:90:6b:a6:ce:
                    53:da:ca:6a:92:65:d3:37:72:db:97:d3:05:4d:15:
                    cf:94:1e:08:63:df:ee:2b:07:e0:f6:66:62:3e:21:
                    dd:bb:65:54:dc:68:df:bb:e3:71:67:e7:df:1f:ac:
                    42:00:ea:83:76:0a:b1:b7:bf:f1:4b:4d:c4:1c:10:
                    bc:43:f5:0e:6c:1b:04:f1:01:ef:b7:09:da:ed:c3:
                    01:a0:eb:48:9e:45:d3:32:19:fc:d1:65:69:bc:68:
                    df:f9:05:01:94:3e:a3:6d:ff:60:e4:28:d5:ac:14:
                    20:86:5d:62:2c:b5:68:45:95:75:9c:df:18:44:0d:
                    1a:1a:45:dc:74:e6:50:3b:e0:7f:9d:92:28:61:78:
                    31:04:c3:97:13:23:3b:f8:1d:3f:b8:77:42:42:f4:
                    ff:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:BA:45:80:D9:FD:3F:7F:76:42:2F:53:B1:E4:D4:E6:F6:CB:03:A7
            X509v3 Authority Key Identifier:
                keyid:38:02:C7:98:70:04:AE:78:19:0E:69:1E:37:0D:E5:09:FF:59:12:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OALHmHAErngZDmkeNw3lCf9ZEns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/fe5ac1-28fe-43ec-8700-bf25ce0f8393/1/g7pFgNn9P392Qi9TseTU5vbLA6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/fe5ac1-28fe-43ec-8700-bf25ce0f8393/1/OALHmHAErngZDmkeNw3lCf9ZEns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.13.8.0-194.13.14.255

    Signature Algorithm: sha256WithRSAEncryption
         35:4a:b7:e3:86:37:64:e3:83:96:f0:82:19:0a:f0:52:21:06:
         c6:01:34:1f:6d:a5:eb:94:a7:4c:9c:9d:45:f3:27:e0:7f:6f:
         65:3f:31:94:67:62:14:89:bb:ce:b2:38:21:38:c5:a7:15:af:
         16:4b:cc:d0:9c:60:0c:af:98:18:12:cb:ef:80:94:e6:15:f7:
         08:57:fe:45:09:10:01:5c:56:64:1c:c2:07:04:6b:43:3f:38:
         9e:59:a0:76:aa:50:74:4b:40:33:07:41:b3:44:1f:50:0f:7a:
         fd:1b:0a:41:c5:18:e6:54:e1:7d:61:76:69:fd:90:05:d3:94:
         25:01:df:41:98:47:e2:6c:4b:03:37:ca:a7:93:d5:f6:22:d1:
         ab:ce:22:04:18:9a:34:90:55:21:f1:0e:a1:77:06:bf:57:2b:
         9d:79:20:bc:a1:4d:4d:34:09:c8:62:91:19:d9:eb:76:29:ff:
         d3:61:1f:ff:96:95:42:01:c9:8a:9e:37:63:ea:f7:74:0c:19:
         a6:25:cb:b1:2e:6a:fe:98:41:ba:42:d8:d1:9a:72:04:8a:82:
         7c:50:a9:1a:6e:49:d8:be:ab:7c:b9:53:12:34:3b:ab:83:52:
         bc:20:c7:ef:fb:31:0d:d8:29:f6:b1:66:cd:82:8a:0c:a5:04:
         89:07:7e:91
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGuSl1v0Tc4ar4v/BjFkhCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MDJjNzk4NzAwNGFlNzgxOTBlNjkxZTM3MGRlNTA5ZmY1
OTEyN2IwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2JhNDU4MGQ5ZmQzZjdmNzY0MjJmNTNiMWU0ZDRlNmY2Y2IwM2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3KRKl4X/UcO5yW32VKHMeoZbwgbf
X5pFxsPR9osSKXxwIcZUqBPJ4QmM+1V/gmibYJBWxAD0FOvzI0n/v030wfKdShuo
anyYZcxe+2xP7am/i2ZyvZn5WejWydzudMHzgq6M7JBrps5T2spqkmXTN3Lbl9MF
TRXPlB4IY9/uKwfg9mZiPiHdu2VU3Gjfu+NxZ+ffH6xCAOqDdgqxt7/xS03EHBC8
Q/UObBsE8QHvtwna7cMBoOtInkXTMhn80WVpvGjf+QUBlD6jbf9g5CjVrBQghl1i
LLVoRZV1nN8YRA0aGkXcdOZQO+B/nZIoYXgxBMOXEyM7+B0/uHdCQvT/6wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIO6RYDZ/T9/dkIvU7Hk1Ob2ywOnMB8GA1UdIwQY
MBaAFDgCx5hwBK54GQ5pHjcN5Qn/WRJ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0FMSG1IQUVybmdaRG1rZU53M2xDZjlaRW5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9mZTVhYzEtMjhmZS00M2VjLTg3MDAt
YmYyNWNlMGY4MzkzLzEvZzdwRmdObjlQMzkyUWk5VHNlVFU1dmJMQTZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9mZTVhYzEtMjhmZS00M2VjLTg3MDAtYmYyNWNlMGY4Mzkz
LzEvT0FMSG1IQUVybmdaRG1rZU53M2xDZjlaRW5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAPCDQgD
BADCDQ4wDQYJKoZIhvcNAQELBQADggEBADVKt+OGN2Tjg5bwghkK8FIhBsYBNB9t
peuUp0ycnUXzJ+B/b2U/MZRnYhSJu86yOCE4xacVrxZLzNCcYAyvmBgSy++AlOYV
9whX/kUJEAFcVmQcwgcEa0M/OJ5ZoHaqUHRLQDMHQbNEH1APev0bCkHFGOZU4X1h
dmn9kAXTlCUB30GYR+JsSwM3yqeT1fYi0avOIgQYmjSQVSHxDqF3Br9XK515ILyh
TU00CchikRnZ63Yp/9NhH/+WlUIByYqeN2Pq93QMGaYly7Euav6YQbpC2NGacgSK
gnxQqRpuSdi+q3y5UxI0O6uDUrwgx+/7MQ3YKfaxZs2CigylBIkHfpE=
-----END CERTIFICATE-----