Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/Fjz84koCC2CTXULX-z4Zii44cPw.roa
File:                     Fjz84koCC2CTXULX-z4Zii44cPw.roa (raw, json)
Hash identifier:          5jqFkRzM/hYF4pmlOvY99EwUYRzhIuMKThdJR5p/sJY=
Subject key identifier:   16:3C:FC:E2:4A:02:0B:60:93:5D:42:D7:FB:3E:19:8A:2E:38:70:FC
Certificate issuer:       /CN=09f0dcceb74f1185acd97aeeaac25dda5e9b0936
Certificate serial:       018CCA2A00045FF58E950751E69EE5A61B6E
Authority key identifier: 09:F0:DC:CE:B7:4F:11:85:AC:D9:7A:EE:AA:C2:5D:DA:5E:9B:09:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/Fjz84koCC2CTXULX-z4Zii44cPw.roa
Signing time:             Tue 02 Jan 2024 12:33:19 +0000
ROA not before:           Tue 02 Jan 2024 12:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136714
IP address blocks:        178.248.112.0/22 maxlen: 24
                          178.248.118.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:00:04:5f:f5:8e:95:07:51:e6:9e:e5:a6:1b:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09f0dcceb74f1185acd97aeeaac25dda5e9b0936
        Validity
            Not Before: Jan  2 12:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=163cfce24a020b60935d42d7fb3e198a2e3870fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ce:78:e0:33:d1:a2:e7:fd:b4:16:e1:82:81:
                    2f:4e:7a:60:55:c8:03:3c:29:0b:93:47:fd:a5:93:
                    2e:c7:9a:bf:53:bf:8b:ee:46:58:2d:a6:a3:89:e2:
                    d8:70:b9:43:21:39:9c:59:22:bb:17:68:97:e8:2f:
                    4b:f0:83:bc:dc:96:ee:f2:83:b4:fe:ac:73:7d:da:
                    70:6e:78:bd:5c:60:ac:99:33:53:47:38:40:55:f0:
                    ce:d7:a4:76:ac:24:f6:86:64:f7:9a:63:43:44:4a:
                    19:a3:67:53:7e:cb:50:a3:88:7c:ba:14:44:0d:88:
                    66:c1:52:60:7d:60:9a:12:c8:46:41:b3:76:0e:84:
                    53:a7:47:20:91:8a:28:b5:54:b1:6c:29:e7:68:c6:
                    cd:77:fd:05:7d:0d:ae:f9:41:5c:88:90:be:81:d6:
                    95:ff:9c:d4:71:55:22:6e:07:a4:2c:d4:43:73:65:
                    77:1a:95:4f:44:c8:3f:f6:18:02:93:e0:44:bf:02:
                    1f:f5:c8:60:e7:55:5f:3e:2e:e3:51:bf:03:a8:e7:
                    95:b2:ec:db:87:d5:f0:3c:8d:f8:6d:f1:37:fe:ef:
                    70:d8:94:77:75:06:f2:ac:85:51:91:36:9f:61:c5:
                    9c:68:53:1f:f3:b9:ec:98:dc:ac:91:85:41:55:23:
                    8b:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:3C:FC:E2:4A:02:0B:60:93:5D:42:D7:FB:3E:19:8A:2E:38:70:FC
            X509v3 Authority Key Identifier:
                keyid:09:F0:DC:CE:B7:4F:11:85:AC:D9:7A:EE:AA:C2:5D:DA:5E:9B:09:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/Fjz84koCC2CTXULX-z4Zii44cPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.248.112.0/22
                  178.248.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a0:d1:a5:85:e4:e4:63:01:65:2f:26:87:27:2e:ef:c6:f1:c2:
         88:ea:d7:58:19:ab:f9:36:9f:da:5b:1b:01:4e:25:d8:81:c7:
         2b:78:1b:c2:c9:51:30:24:30:66:5a:eb:40:b7:89:82:13:21:
         c2:64:d9:92:f5:b3:c5:fc:2e:bd:99:72:2c:8d:bf:e6:fb:4e:
         83:fa:09:9d:fd:79:7b:06:ae:00:27:46:cd:ca:ac:22:46:3e:
         e3:25:1f:28:f0:49:7d:58:a4:3e:82:c1:82:3b:ea:07:11:dd:
         2e:b6:b0:3d:e6:5c:4e:30:5f:8e:cf:8a:13:e8:c3:c1:9f:a7:
         bd:12:f8:ed:a8:47:a6:79:ea:99:8c:38:fb:1e:60:2b:07:15:
         27:7a:5a:88:a9:44:83:64:f3:33:3a:5f:2a:9a:2c:d0:70:15:
         53:d6:39:45:d3:02:48:25:61:0c:7b:55:89:7a:0f:82:fd:6d:
         93:81:2d:c6:44:9f:52:b1:2a:e5:3e:72:f8:d1:21:e1:07:5c:
         31:3e:5f:52:59:c6:18:30:87:dd:75:e5:ed:e4:dd:5c:88:a2:
         27:02:43:1b:c6:34:fc:86:7e:45:4d:3c:17:1f:aa:71:d1:a2:
         51:c8:43:6d:4b:83:b0:55:a3:e9:b1:3e:03:32:e1:47:b8:e6:
         f2:b6:34:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKgAEX/WOlQdR5p7lphtuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZjBkY2NlYjc0ZjExODVhY2Q5N2FlZWFhYzI1ZGRhNWU5
YjA5MzYwHhcNMjQwMTAyMTIzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjNjZmNlMjRhMDIwYjYwOTM1ZDQyZDdmYjNlMTk4YTJlMzg3MGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjc544DPRouf9tBbhgoEvTnpgVcgD
PCkLk0f9pZMux5q/U7+L7kZYLaajieLYcLlDITmcWSK7F2iX6C9L8IO83Jbu8oO0
/qxzfdpwbni9XGCsmTNTRzhAVfDO16R2rCT2hmT3mmNDREoZo2dTfstQo4h8uhRE
DYhmwVJgfWCaEshGQbN2DoRTp0cgkYootVSxbCnnaMbNd/0FfQ2u+UFciJC+gdaV
/5zUcVUibgekLNRDc2V3GpVPRMg/9hgCk+BEvwIf9chg51VfPi7jUb8DqOeVsuzb
h9XwPI34bfE3/u9w2JR3dQbyrIVRkTafYcWcaFMf87nsmNyskYVBVSOL7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBY8/OJKAgtgk11C1/s+GYouOHD8MB8GA1UdIwQY
MBaAFAnw3M63TxGFrNl67qrCXdpemwk2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2ZEY3pyZFBFWVdzMlhydXFzSmQybDZiQ1RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi80NWFjMGYtMzgzYS00ZWI0LWIxODgt
OTk2MTg5ZjljZTE0LzEvRmp6ODRrb0NDMkNUWFVMWC16NFppaTQ0Y1B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi80NWFjMGYtMzgzYS00ZWI0LWIxODgtOTk2MTg5ZjljZTE0
LzEvQ2ZEY3pyZFBFWVdzMlhydXFzSmQybDZiQ1RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCsvhwAwQB
svh2MA0GCSqGSIb3DQEBCwUAA4IBAQCg0aWF5ORjAWUvJocnLu/G8cKI6tdYGav5
Np/aWxsBTiXYgccreBvCyVEwJDBmWutAt4mCEyHCZNmS9bPF/C69mXIsjb/m+06D
+gmd/Xl7Bq4AJ0bNyqwiRj7jJR8o8El9WKQ+gsGCO+oHEd0utrA95lxOMF+Oz4oT
6MPBn6e9EvjtqEemeeqZjDj7HmArBxUnelqIqUSDZPMzOl8qmizQcBVT1jlF0wJI
JWEMe1WJeg+C/W2TgS3GRJ9SsSrlPnL40SHhB1wxPl9SWcYYMIfddeXt5N1ciKIn
AkMbxjT8hn5FTTwXH6px0aJRyENtS4OwVaPpsT4DMuFHuObytjQb
-----END CERTIFICATE-----