Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/Fn-NK-51AE09ySLLP8UPiEzzbE0.roa
File:                     Fn-NK-51AE09ySLLP8UPiEzzbE0.roa (raw, json)
Hash identifier:          3TcnyqEGW3D2l181dCl5Bnl3+0u60ZRKVlgiqj21Cww=
Subject key identifier:   16:7F:8D:2B:EE:75:00:4D:3D:C9:22:CB:3F:C5:0F:88:4C:F3:6C:4D
Certificate issuer:       /CN=7c3c39d1899e699bf5177418ee381489edff4380
Certificate serial:       018F6169E3F49F7AAD2E7ECEBD38FB02655D
Authority key identifier: 7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/Fn-NK-51AE09ySLLP8UPiEzzbE0.roa
Signing time:             Fri 10 May 2024 07:31:20 +0000
ROA not before:           Fri 10 May 2024 07:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        185.27.178.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:61:69:e3:f4:9f:7a:ad:2e:7e:ce:bd:38:fb:02:65:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3c39d1899e699bf5177418ee381489edff4380
        Validity
            Not Before: May 10 07:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=167f8d2bee75004d3dc922cb3fc50f884cf36c4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:b5:26:98:4e:3f:41:e9:84:42:60:3f:3e:6a:
                    33:4b:79:15:12:a5:78:e1:d4:0e:93:9c:58:7e:5e:
                    35:b7:3b:f0:3f:e4:dd:76:5f:2c:0d:6e:8d:13:82:
                    7a:d6:8f:45:d0:5a:95:ec:c3:8f:d4:08:2c:55:bb:
                    c6:de:db:e1:2a:d5:6d:f4:04:61:34:47:cf:8c:d3:
                    e4:6e:ba:3a:e8:80:e3:71:de:c1:cf:90:b6:8d:f3:
                    eb:07:ae:0f:b2:15:4f:21:24:1e:9a:6a:46:bf:d7:
                    af:06:5c:90:98:8b:89:a8:1e:c1:8f:77:01:05:e5:
                    c6:73:2b:e0:da:e1:a9:ff:2f:22:fa:9f:e8:51:d5:
                    40:1c:ec:a0:32:88:40:9a:92:e8:22:65:06:c5:28:
                    60:f4:3f:69:07:fe:c9:d3:4b:8e:da:61:83:cb:aa:
                    89:3a:ec:02:45:14:49:44:0e:1c:db:11:d6:1e:e3:
                    c5:27:e5:9e:5a:ca:1a:db:fc:0f:3f:91:11:3f:8f:
                    dc:a2:4c:e0:0a:5d:ff:21:8d:43:31:07:6b:b8:36:
                    2f:32:89:bb:fd:6e:5f:e1:b9:2d:a8:7a:2d:6e:72:
                    5e:c2:80:90:53:8d:4a:b3:fe:8f:33:cb:33:5f:ca:
                    6c:0c:5c:b0:75:b5:e9:e2:d8:14:ca:01:86:3f:e8:
                    f2:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:7F:8D:2B:EE:75:00:4D:3D:C9:22:CB:3F:C5:0F:88:4C:F3:6C:4D
            X509v3 Authority Key Identifier:
                keyid:7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/Fn-NK-51AE09ySLLP8UPiEzzbE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:d2:81:c0:00:f7:e1:e2:1d:f7:b5:3e:bd:02:69:28:21:ec:
         c4:e2:2a:5f:91:16:a8:0f:ca:7b:d8:63:66:05:34:2f:5a:50:
         92:9d:0d:84:46:b0:a2:57:fe:82:f5:76:62:82:fb:79:df:f1:
         d9:e4:3a:d0:47:d4:a9:49:6a:ba:eb:bd:c7:c7:ed:82:02:c7:
         c4:bf:c4:06:72:6b:94:b0:12:60:d6:67:34:fa:3c:bf:52:56:
         89:1c:f0:11:71:04:e0:1a:9e:8b:96:46:48:9e:ce:24:e3:2b:
         35:52:cb:dc:85:8f:b1:29:b6:3f:cb:b4:56:42:ab:61:f0:4a:
         a6:9d:61:ee:23:c1:57:52:fd:37:4e:5e:a7:09:57:ca:40:19:
         5b:57:0a:6e:e5:fa:4f:0b:04:83:60:6e:ec:d5:cb:cf:4f:61:
         aa:7a:51:1a:ea:a2:51:6b:97:1a:28:33:cc:db:6b:db:85:dd:
         9a:69:ba:db:d9:04:70:28:4c:c7:01:a4:f6:1a:3e:f0:0c:18:
         37:7f:92:79:7e:3c:be:41:10:fe:7c:8e:07:c7:69:16:f1:a1:
         e5:27:c4:9b:1b:ea:96:01:bb:3d:bc:40:a0:2b:a9:17:6c:93:
         9d:15:7c:20:50:fc:d0:2b:92:a0:7a:cf:c7:c4:e8:5a:70:84:
         a9:4d:39:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9haeP0n3qtLn7OvTj7AmVdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2MzOWQxODk5ZTY5OWJmNTE3NzQxOGVlMzgxNDg5ZWRm
ZjQzODAwHhcNMjQwNTEwMDczMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjdmOGQyYmVlNzUwMDRkM2RjOTIyY2IzZmM1MGY4ODRjZjM2YzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1bUmmE4/QemEQmA/PmozS3kVEqV4
4dQOk5xYfl41tzvwP+Tddl8sDW6NE4J61o9F0FqV7MOP1AgsVbvG3tvhKtVt9ARh
NEfPjNPkbro66IDjcd7Bz5C2jfPrB64PshVPISQemmpGv9evBlyQmIuJqB7Bj3cB
BeXGcyvg2uGp/y8i+p/oUdVAHOygMohAmpLoImUGxShg9D9pB/7J00uO2mGDy6qJ
OuwCRRRJRA4c2xHWHuPFJ+WeWsoa2/wPP5ERP4/cokzgCl3/IY1DMQdruDYvMom7
/W5f4bktqHotbnJewoCQU41Ks/6PM8szX8psDFywdbXp4tgUygGGP+jyGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZ/jSvudQBNPckiyz/FD4hM82xNMB8GA1UdIwQY
MBaAFHw8OdGJnmmb9Rd0GO44FInt/0OAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAt
MDYzZmNkZDNhMDU3LzEvRm4tTkstNTFBRTA5eVNMTFA4VVBpRXp6YkUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAtMDYzZmNkZDNhMDU3
LzEvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuRuyMA0G
CSqGSIb3DQEBCwUAA4IBAQAg0oHAAPfh4h33tT69AmkoIezE4ipfkRaoD8p72GNm
BTQvWlCSnQ2ERrCiV/6C9XZigvt53/HZ5DrQR9SpSWq6673Hx+2CAsfEv8QGcmuU
sBJg1mc0+jy/UlaJHPARcQTgGp6LlkZIns4k4ys1UsvchY+xKbY/y7RWQqth8Eqm
nWHuI8FXUv03Tl6nCVfKQBlbVwpu5fpPCwSDYG7s1cvPT2GqelEa6qJRa5caKDPM
22vbhd2aabrb2QRwKEzHAaT2Gj7wDBg3f5J5fjy+QRD+fI4Hx2kW8aHlJ8SbG+qW
Abs9vECgK6kXbJOdFXwgUPzQK5Kges/HxOhacISpTTme
-----END CERTIFICATE-----