Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/05e109-2347-4a7c-8adb-d1981dd446cf/1/FHLTz7eMLek_aYecVPBRBgPGQhQ.roa
File:                     FHLTz7eMLek_aYecVPBRBgPGQhQ.roa (raw, json)
Hash identifier:          Na8GtSKEphzVEf9bolaQpGxI+1spXDJXJsiq6zvKyUc=
Subject key identifier:   14:72:D3:CF:B7:8C:2D:E9:3F:69:87:9C:54:F0:51:06:03:C6:42:14
Certificate issuer:       /CN=4121c7fb04153829d96a1c038f0df714da595404
Certificate serial:       018CC2DB4CB1E85D80D00E3158E58FDFBC21
Authority key identifier: 41:21:C7:FB:04:15:38:29:D9:6A:1C:03:8F:0D:F7:14:DA:59:54:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QSHH-wQVOCnZahwDjw33FNpZVAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/05e109-2347-4a7c-8adb-d1981dd446cf/1/FHLTz7eMLek_aYecVPBRBgPGQhQ.roa
Signing time:             Mon 01 Jan 2024 02:30:01 +0000
ROA not before:           Mon 01 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213032
IP address blocks:        2001:678:dc8::/48 maxlen: 48
                          2001:67c:27c4::/48 maxlen: 48
                          2001:678:dc4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/05e109-2347-4a7c-8adb-d1981dd446cf/1/QSHH-wQVOCnZahwDjw33FNpZVAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/05e109-2347-4a7c-8adb-d1981dd446cf/1/QSHH-wQVOCnZahwDjw33FNpZVAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QSHH-wQVOCnZahwDjw33FNpZVAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 01:03:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:4c:b1:e8:5d:80:d0:0e:31:58:e5:8f:df:bc:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4121c7fb04153829d96a1c038f0df714da595404
        Validity
            Not Before: Jan  1 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1472d3cfb78c2de93f69879c54f0510603c64214
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:03:f9:72:b2:2f:f8:cf:f8:3e:bd:a4:dd:e1:
                    82:0a:c0:ef:7f:69:44:08:f3:19:2d:27:1d:71:21:
                    15:8c:04:f3:6a:a0:1c:17:cb:43:24:a1:1a:77:0f:
                    f6:65:71:61:9d:fd:f7:a1:42:81:dc:23:0b:ee:f8:
                    89:f2:a2:c0:b0:e7:15:db:9e:6f:c0:62:f2:64:bc:
                    b0:ba:24:fc:58:1b:f0:f2:50:8c:d5:9d:bc:ca:b0:
                    a3:09:35:68:23:af:50:fa:3d:88:77:01:19:d8:4f:
                    b0:1e:dd:09:91:43:5c:0d:1a:7e:9f:61:cb:62:6a:
                    6f:96:a4:b6:de:0e:d2:62:09:ae:e9:93:c9:fd:c2:
                    4e:f1:0c:0b:25:a6:d2:c1:da:05:3c:97:f5:10:9f:
                    25:a3:6b:1f:6e:c3:6e:c8:ff:d3:82:51:97:0a:6d:
                    4e:d6:0d:f6:dd:bc:60:52:0b:06:20:71:2c:4a:69:
                    7a:f9:22:d9:07:5c:53:59:fc:65:7b:6a:5e:fc:42:
                    b5:85:46:5c:5c:5f:0f:97:a4:fb:6e:66:d0:e3:bc:
                    da:f8:01:4b:19:2d:77:1a:96:cf:80:04:89:2a:43:
                    bc:37:ac:20:bd:8e:34:50:47:b5:d8:65:fe:98:8c:
                    e2:4a:24:bd:75:dc:9b:8b:ab:01:30:9b:98:8b:6d:
                    f6:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:72:D3:CF:B7:8C:2D:E9:3F:69:87:9C:54:F0:51:06:03:C6:42:14
            X509v3 Authority Key Identifier:
                keyid:41:21:C7:FB:04:15:38:29:D9:6A:1C:03:8F:0D:F7:14:DA:59:54:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QSHH-wQVOCnZahwDjw33FNpZVAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/05e109-2347-4a7c-8adb-d1981dd446cf/1/FHLTz7eMLek_aYecVPBRBgPGQhQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/05e109-2347-4a7c-8adb-d1981dd446cf/1/QSHH-wQVOCnZahwDjw33FNpZVAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:dc4::/48
                  2001:678:dc8::/48
                  2001:67c:27c4::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:85:d0:4f:e4:c5:c3:08:fb:c7:52:28:4a:4b:fa:da:44:fe:
         9c:8e:f3:f1:ae:18:16:aa:56:dc:21:cb:c9:5a:99:f6:e3:65:
         53:a5:46:08:b7:26:ca:16:7f:1c:65:8b:9d:28:76:3d:16:0d:
         45:20:43:b3:15:dc:34:eb:2a:73:e3:e7:1b:6c:a4:65:20:9e:
         8f:e1:40:5a:da:9b:34:19:33:41:23:3c:dc:6f:27:76:ef:a4:
         1f:dd:20:5b:66:8b:a1:79:2d:6b:36:e8:2b:7c:4b:5b:50:4c:
         d8:a5:c5:f8:e8:6e:13:ce:f2:ac:5a:40:85:78:1a:b6:5c:d4:
         90:f3:d8:17:9c:5b:50:16:a5:9e:13:5b:74:c6:f8:66:32:d3:
         8e:b5:c9:fa:cc:d9:0b:33:24:ff:92:a6:0f:4b:fe:36:4d:dc:
         90:18:fd:7a:cf:eb:11:d3:30:7e:e3:f4:b0:21:45:7f:04:70:
         d0:69:9a:67:df:80:a7:4d:c9:be:10:d1:82:7b:dc:39:bc:97:
         91:cf:63:fa:5c:77:b4:90:d2:90:a4:3f:b7:c6:a3:4c:d0:6d:
         9d:9f:fe:01:14:e0:d3:a6:89:64:d7:47:15:3b:cd:34:a8:2a:
         f0:07:12:91:07:60:34:41:51:d6:eb:0e:06:11:10:81:55:57:
         92:56:06:52
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzC20yx6F2A0A4xWOWP37whMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMjFjN2ZiMDQxNTM4MjlkOTZhMWMwMzhmMGRmNzE0ZGE1
OTU0MDQwHhcNMjQwMTAxMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDcyZDNjZmI3OGMyZGU5M2Y2OTg3OWM1NGYwNTEwNjAzYzY0MjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwP5crIv+M/4Pr2k3eGCCsDvf2lE
CPMZLScdcSEVjATzaqAcF8tDJKEadw/2ZXFhnf33oUKB3CML7viJ8qLAsOcV255v
wGLyZLywuiT8WBvw8lCM1Z28yrCjCTVoI69Q+j2IdwEZ2E+wHt0JkUNcDRp+n2HL
YmpvlqS23g7SYgmu6ZPJ/cJO8QwLJabSwdoFPJf1EJ8lo2sfbsNuyP/TglGXCm1O
1g323bxgUgsGIHEsSml6+SLZB1xTWfxle2pe/EK1hUZcXF8Pl6T7bmbQ47za+AFL
GS13GpbPgASJKkO8N6wgvY40UEe12GX+mIziSiS9ddybi6sBMJuYi232EQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBRy08+3jC3pP2mHnFTwUQYDxkIUMB8GA1UdIwQY
MBaAFEEhx/sEFTgp2WocA48N9xTaWVQEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVNISC13UVZPQ25aYWh3RGp3MzNGTnBaVkFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8wNWUxMDktMjM0Ny00YTdjLThhZGIt
ZDE5ODFkZDQ0NmNmLzEvRkhMVHo3ZU1MZWtfYVllY1ZQQlJCZ1BHUWhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8wNWUxMDktMjM0Ny00YTdjLThhZGItZDE5ODFkZDQ0NmNm
LzEvUVNISC13UVZPQ25aYWh3RGp3MzNGTnBaVkFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAIAEGeA3E
AwcAIAEGeA3IAwcAIAEGfCfEMA0GCSqGSIb3DQEBCwUAA4IBAQBIhdBP5MXDCPvH
UihKS/raRP6cjvPxrhgWqlbcIcvJWpn242VTpUYItybKFn8cZYudKHY9Fg1FIEOz
Fdw06ypz4+cbbKRlIJ6P4UBa2ps0GTNBIzzcbyd276Qf3SBbZouheS1rNugrfEtb
UEzYpcX46G4TzvKsWkCFeBq2XNSQ89gXnFtQFqWeE1t0xvhmMtOOtcn6zNkLMyT/
kqYPS/42TdyQGP16z+sR0zB+4/SwIUV/BHDQaZpn34CnTcm+ENGCe9w5vJeRz2P6
XHe0kNKQpD+3xqNM0G2dn/4BFODTpolk10cVO800qCrwBxKRB2A0QVHW6w4GERCB
VVeSVgZS
-----END CERTIFICATE-----