Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/AkFPzXPm7StT5Wvua-moqJZfNOA.roa
File:                     AkFPzXPm7StT5Wvua-moqJZfNOA.roa (raw, json)
Hash identifier:          QNA+TXq7EjVQN0U+vEdFtoV68DWcn47AdCdGUcogbGg=
Subject key identifier:   02:41:4F:CD:73:E6:ED:2B:53:E5:6B:EE:6B:E9:A8:A8:96:5F:34:E0
Certificate issuer:       /CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
Certificate serial:       018DA7A84EDD2496E82A545A6FF0800C1D19
Authority key identifier: F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/AkFPzXPm7StT5Wvua-moqJZfNOA.roa
Signing time:             Wed 14 Feb 2024 12:47:21 +0000
ROA not before:           Wed 14 Feb 2024 12:47:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        78.142.216.0/22 maxlen: 24
                          94.124.160.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:a8:4e:dd:24:96:e8:2a:54:5a:6f:f0:80:0c:1d:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
        Validity
            Not Before: Feb 14 12:47:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02414fcd73e6ed2b53e56bee6be9a8a8965f34e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a3:ac:ae:dc:8e:15:2b:f3:56:fb:55:8e:46:
                    53:92:f2:69:4d:2d:6a:26:8e:a3:36:11:dd:0e:8c:
                    a0:1b:28:c0:35:a2:32:1c:11:61:54:16:8c:84:95:
                    f3:f9:8f:c2:ad:27:38:6e:bf:5a:5d:0d:82:c6:01:
                    ae:56:a8:ee:6b:12:bb:61:f5:d5:dc:28:e3:08:c7:
                    ec:2f:d3:0e:a4:aa:96:f7:8e:ee:01:b7:e6:d0:0d:
                    fc:3b:1d:8d:f1:1a:9b:8b:28:c6:95:24:8e:01:41:
                    94:bb:7d:de:44:46:4c:18:d2:34:30:86:d3:f0:28:
                    5a:87:2b:83:e6:f9:95:7e:94:de:17:7e:b5:84:1d:
                    75:d5:80:08:b4:c4:ec:f4:2f:75:90:1e:f2:21:2a:
                    4b:70:75:ae:e7:7a:f0:9b:0d:4d:14:8c:00:a6:47:
                    ed:92:99:be:c5:a4:0a:8b:df:89:21:f7:7f:df:e8:
                    40:66:f8:a9:27:08:47:6d:dd:58:b3:76:ea:7e:25:
                    41:00:3b:8e:e3:1c:ba:13:1c:e8:15:4c:7e:ca:3e:
                    5d:94:00:02:9b:71:0c:e2:f3:61:d1:ed:e3:35:62:
                    84:c5:b4:51:f1:c8:79:f6:20:c1:28:10:54:aa:58:
                    46:2c:2d:4b:9f:cc:1c:ed:c8:23:df:26:43:70:ab:
                    fc:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:41:4F:CD:73:E6:ED:2B:53:E5:6B:EE:6B:E9:A8:A8:96:5F:34:E0
            X509v3 Authority Key Identifier:
                keyid:F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/AkFPzXPm7StT5Wvua-moqJZfNOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.216.0/22
                  94.124.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:4c:13:c3:48:0b:61:4c:7e:1e:f7:00:19:03:4f:bb:f1:85:
         51:d0:94:be:63:24:2a:ad:92:30:a9:28:79:21:c4:2d:0d:cc:
         62:56:a6:69:85:c5:05:00:81:e3:05:20:b4:c9:70:c3:46:2d:
         03:3b:5a:19:6f:48:0c:c6:69:6b:62:d3:2f:75:2b:17:18:f4:
         ac:17:33:3e:25:d3:77:b3:44:10:6b:cd:48:0e:89:9f:34:07:
         42:37:e0:92:57:9c:00:78:1c:32:98:3e:55:d0:56:02:38:31:
         e3:8a:84:57:fd:13:38:3f:6e:e1:fc:db:70:98:44:80:82:c9:
         40:e1:dc:e0:7e:50:45:e3:05:cb:24:9a:99:ac:ee:e5:10:ea:
         04:45:f6:09:90:78:59:d0:4f:b1:c2:68:58:fb:fd:c2:0e:97:
         7d:9e:e7:ce:9e:62:a8:21:08:39:b2:b7:af:5e:4e:0a:bb:c2:
         29:8d:7b:25:ea:e6:eb:19:d7:d7:3d:78:a3:13:04:17:02:32:
         1c:1b:15:15:de:e0:60:4b:ec:8e:93:1f:e6:98:e3:93:1e:92:
         b7:93:92:7c:ea:2c:8a:d3:ed:36:6c:1d:5b:f1:59:69:bc:ac:
         02:95:85:2e:fa:55:f0:2d:7a:e6:9b:65:94:5d:d7:e3:38:6a:
         7d:90:d7:bd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2nqE7dJJboKlRab/CADB0ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZDA4YTFlMWNiYzkwOTI1NGU5ZTZiOWM5MzlmZDg1YTI2
OGIxZTEwHhcNMjQwMjE0MTI0NzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjQxNGZjZDczZTZlZDJiNTNlNTZiZWU2YmU5YThhODk2NWYzNGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiaOsrtyOFSvzVvtVjkZTkvJpTS1q
Jo6jNhHdDoygGyjANaIyHBFhVBaMhJXz+Y/CrSc4br9aXQ2CxgGuVqjuaxK7YfXV
3CjjCMfsL9MOpKqW947uAbfm0A38Ox2N8RqbiyjGlSSOAUGUu33eREZMGNI0MIbT
8ChahyuD5vmVfpTeF361hB111YAItMTs9C91kB7yISpLcHWu53rwmw1NFIwApkft
kpm+xaQKi9+JIfd/3+hAZvipJwhHbd1Ys3bqfiVBADuO4xy6ExzoFUx+yj5dlAAC
m3EM4vNh0e3jNWKExbRR8ch59iDBKBBUqlhGLC1Ln8wc7cgj3yZDcKv8TwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAJBT81z5u0rU+Vr7mvpqKiWXzTgMB8GA1UdIwQY
MBaAFPTQih4cvJCSVOnmuck5/YWiaLHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2Ut
ZGNlOTQ3ZTI5NGI2LzEvQWtGUHpYUG03U3RUNVd2dWEtbW9xSlpmTk9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2UtZGNlOTQ3ZTI5NGI2
LzEvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCTo7YAwQB
XnygMA0GCSqGSIb3DQEBCwUAA4IBAQCRTBPDSAthTH4e9wAZA0+78YVR0JS+YyQq
rZIwqSh5IcQtDcxiVqZphcUFAIHjBSC0yXDDRi0DO1oZb0gMxmlrYtMvdSsXGPSs
FzM+JdN3s0QQa81IDomfNAdCN+CSV5wAeBwymD5V0FYCODHjioRX/RM4P27h/Ntw
mESAgslA4dzgflBF4wXLJJqZrO7lEOoERfYJkHhZ0E+xwmhY+/3CDpd9nufOnmKo
IQg5srevXk4Ku8IpjXsl6ubrGdfXPXijEwQXAjIcGxUV3uBgS+yOkx/mmOOTHpK3
k5J86iyK0+02bB1b8VlpvKwClYUu+lXwLXrmm2WUXdfjOGp9kNe9
-----END CERTIFICATE-----