Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/065dba-eef9-480d-a880-9175c8408e5e/1/FsqLfTKSTR7jg5YzxRHxojUoUrs.roa
File:                     FsqLfTKSTR7jg5YzxRHxojUoUrs.roa (raw, json)
Hash identifier:          RsCfCUxGPx1OqIeQl6wKqHpeCD2ias1aMZCXs4M9Wx4=
Subject key identifier:   16:CA:8B:7D:32:92:4D:1E:E3:83:96:33:C5:11:F1:A2:35:28:52:BB
Certificate issuer:       /CN=7059e03a08e17416f66546307988349991b84a2e
Certificate serial:       018CC56EC14336E338E60D1717C72E2FC3BC
Authority key identifier: 70:59:E0:3A:08:E1:74:16:F6:65:46:30:79:88:34:99:91:B8:4A:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFngOgjhdBb2ZUYweYg0mZG4Si4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/065dba-eef9-480d-a880-9175c8408e5e/1/FsqLfTKSTR7jg5YzxRHxojUoUrs.roa
Signing time:             Mon 01 Jan 2024 14:30:19 +0000
ROA not before:           Mon 01 Jan 2024 14:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8578
IP address blocks:        83.136.76.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/065dba-eef9-480d-a880-9175c8408e5e/1/cFngOgjhdBb2ZUYweYg0mZG4Si4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/065dba-eef9-480d-a880-9175c8408e5e/1/cFngOgjhdBb2ZUYweYg0mZG4Si4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFngOgjhdBb2ZUYweYg0mZG4Si4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 05:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c1:43:36:e3:38:e6:0d:17:17:c7:2e:2f:c3:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7059e03a08e17416f66546307988349991b84a2e
        Validity
            Not Before: Jan  1 14:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16ca8b7d32924d1ee3839633c511f1a2352852bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b3:0c:df:cf:92:ff:96:ff:41:cd:9d:a9:6e:
                    40:8e:f8:5a:2d:83:bc:5f:ed:a2:f3:e9:c3:fc:34:
                    d9:59:45:9d:76:1b:8d:d0:c7:53:b4:7b:be:89:ae:
                    4c:d0:5d:4c:eb:7b:92:0a:ad:91:a1:48:70:31:6d:
                    f3:fa:09:97:43:13:bd:e1:ac:c3:a9:c0:c4:83:af:
                    bc:00:e5:0e:6f:4d:45:f6:ac:2e:c3:d3:42:44:2f:
                    2e:2e:15:3c:50:a4:f0:ba:32:5c:b2:13:34:27:7a:
                    3f:d6:c8:0d:b2:ed:0e:d0:0b:23:fa:32:25:2e:b2:
                    b7:44:71:27:89:14:83:6d:f9:f4:17:48:30:b9:e5:
                    8b:8b:69:b4:d8:5f:df:ac:0e:a6:18:04:bc:05:99:
                    7d:fc:38:cf:d9:e6:9f:22:5c:37:54:8a:23:3a:18:
                    04:9e:28:14:5f:f4:82:cd:11:fd:da:36:37:e6:fb:
                    8a:f3:82:f4:b3:84:5e:96:b6:27:11:8a:3d:8d:ab:
                    80:25:80:8c:45:c0:69:e9:b3:ff:ba:27:ba:b9:47:
                    bd:70:4c:26:eb:01:0a:87:05:d1:c1:43:8c:18:8b:
                    58:67:e6:23:5e:38:68:ac:f4:84:59:92:3b:55:12:
                    29:2b:27:4b:62:83:87:b3:af:4a:37:de:27:4a:5d:
                    28:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:CA:8B:7D:32:92:4D:1E:E3:83:96:33:C5:11:F1:A2:35:28:52:BB
            X509v3 Authority Key Identifier:
                keyid:70:59:E0:3A:08:E1:74:16:F6:65:46:30:79:88:34:99:91:B8:4A:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFngOgjhdBb2ZUYweYg0mZG4Si4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/065dba-eef9-480d-a880-9175c8408e5e/1/FsqLfTKSTR7jg5YzxRHxojUoUrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/065dba-eef9-480d-a880-9175c8408e5e/1/cFngOgjhdBb2ZUYweYg0mZG4Si4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.136.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:50:58:8c:ba:86:3e:67:7b:e5:ad:a8:20:e8:3e:21:3c:06:
         21:60:2d:2e:10:ea:dc:7d:0d:23:23:74:e5:70:9b:bd:83:65:
         06:3f:38:7c:e0:66:0b:af:3c:b5:80:da:6e:91:5f:56:2e:21:
         a7:61:6b:1c:a8:cc:88:d8:74:f7:72:e4:3d:a8:17:3d:14:f0:
         f2:db:cd:96:8b:ff:e4:f5:c8:44:9c:3a:8c:6a:50:cb:bb:2c:
         49:2c:81:fd:eb:7e:09:ce:3b:c0:2f:f1:7e:ff:56:2a:20:65:
         49:d7:13:3c:04:43:e1:d6:0a:60:8d:47:0b:bf:ea:61:5d:a0:
         f8:ef:2f:c6:55:84:21:1a:90:0b:5f:0c:38:c8:c1:7e:2c:3b:
         9f:ef:66:ac:f9:46:64:07:6d:09:25:61:81:75:6f:53:7a:4a:
         47:46:04:3a:68:2a:bf:18:6d:d0:d9:ff:34:66:1f:1c:23:25:
         0d:c3:80:9f:fc:2c:a6:13:00:46:9f:4f:dd:88:06:55:45:90:
         ff:0f:32:fa:90:61:fc:db:3d:2e:6e:7e:42:e1:33:d6:93:b6:
         f3:88:2a:e3:14:68:e4:fb:9d:46:d9:15:3a:a1:9e:1a:a3:d5:
         58:46:a4:c9:ee:33:8a:a0:48:1f:32:3f:cc:21:a1:62:39:1f:
         56:ed:99:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbsFDNuM45g0XF8cuL8O8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNTllMDNhMDhlMTc0MTZmNjY1NDYzMDc5ODgzNDk5OTFi
ODRhMmUwHhcNMjQwMTAxMTQzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmNhOGI3ZDMyOTI0ZDFlZTM4Mzk2MzNjNTExZjFhMjM1Mjg1MmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLMM38+S/5b/Qc2dqW5AjvhaLYO8
X+2i8+nD/DTZWUWddhuN0MdTtHu+ia5M0F1M63uSCq2RoUhwMW3z+gmXQxO94azD
qcDEg6+8AOUOb01F9qwuw9NCRC8uLhU8UKTwujJcshM0J3o/1sgNsu0O0Asj+jIl
LrK3RHEniRSDbfn0F0gwueWLi2m02F/frA6mGAS8BZl9/DjP2eafIlw3VIojOhgE
nigUX/SCzRH92jY35vuK84L0s4RelrYnEYo9jauAJYCMRcBp6bP/uie6uUe9cEwm
6wEKhwXRwUOMGItYZ+YjXjhorPSEWZI7VRIpKydLYoOHs69KN94nSl0oIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBbKi30ykk0e44OWM8UR8aI1KFK7MB8GA1UdIwQY
MBaAFHBZ4DoI4XQW9mVGMHmINJmRuEouMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0ZuZ09namhkQmIyWlVZd2VZZzBtWkc0U2k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8wNjVkYmEtZWVmOS00ODBkLWE4ODAt
OTE3NWM4NDA4ZTVlLzEvRnNxTGZUS1NUUjdqZzVZenhSSHhvalVvVXJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8wNjVkYmEtZWVmOS00ODBkLWE4ODAtOTE3NWM4NDA4ZTVl
LzEvY0ZuZ09namhkQmIyWlVZd2VZZzBtWkc0U2k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU4hMMA0G
CSqGSIb3DQEBCwUAA4IBAQAZUFiMuoY+Z3vlragg6D4hPAYhYC0uEOrcfQ0jI3Tl
cJu9g2UGPzh84GYLrzy1gNpukV9WLiGnYWscqMyI2HT3cuQ9qBc9FPDy282Wi//k
9chEnDqMalDLuyxJLIH9634JzjvAL/F+/1YqIGVJ1xM8BEPh1gpgjUcLv+phXaD4
7y/GVYQhGpALXww4yMF+LDuf72as+UZkB20JJWGBdW9TekpHRgQ6aCq/GG3Q2f80
Zh8cIyUNw4Cf/CymEwBGn0/diAZVRZD/DzL6kGH82z0ubn5C4TPWk7bziCrjFGjk
+51G2RU6oZ4ao9VYRqTJ7jOKoEgfMj/MIaFiOR9W7Znd
-----END CERTIFICATE-----