Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/1d72ce-be4c-4498-a823-3aebc9f817ce/1/fj_X5eMK8TU9PsgAZ7seJStFgfk.roa
File:                     fj_X5eMK8TU9PsgAZ7seJStFgfk.roa (raw, json)
Hash identifier:          gGMreqo4MZTHNvo8MdR/g/5c9/CRzAb0GIPFHlmBiao=
Subject key identifier:   7E:3F:D7:E5:E3:0A:F1:35:3D:3E:C8:00:67:BB:1E:25:2B:45:81:F9
Certificate issuer:       /CN=297a4229714f34e29d3d92b25f7b59c748f0dfc6
Certificate serial:       018CC7272E7C1F42491D5E8022588E42AF1D
Authority key identifier: 29:7A:42:29:71:4F:34:E2:9D:3D:92:B2:5F:7B:59:C7:48:F0:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXpCKXFPNOKdPZKyX3tZx0jw38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/1d72ce-be4c-4498-a823-3aebc9f817ce/1/fj_X5eMK8TU9PsgAZ7seJStFgfk.roa
Signing time:             Mon 01 Jan 2024 22:31:22 +0000
ROA not before:           Mon 01 Jan 2024 22:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44430
IP address blocks:        46.16.120.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/1d72ce-be4c-4498-a823-3aebc9f817ce/1/KXpCKXFPNOKdPZKyX3tZx0jw38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/1d72ce-be4c-4498-a823-3aebc9f817ce/1/KXpCKXFPNOKdPZKyX3tZx0jw38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXpCKXFPNOKdPZKyX3tZx0jw38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:2e:7c:1f:42:49:1d:5e:80:22:58:8e:42:af:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297a4229714f34e29d3d92b25f7b59c748f0dfc6
        Validity
            Not Before: Jan  1 22:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e3fd7e5e30af1353d3ec80067bb1e252b4581f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:b6:47:c8:39:f9:d8:e0:64:8a:55:a7:db:a6:
                    b1:77:ec:0a:b1:1c:5a:53:c5:ba:b7:ae:cf:72:67:
                    81:3a:53:19:87:a1:f6:bd:77:bd:ca:fe:03:71:c2:
                    48:a1:e4:29:22:54:2b:b1:ed:d0:95:70:35:85:f3:
                    f3:02:50:5e:51:f5:fa:a7:ad:4e:b4:f2:e7:f0:88:
                    fd:96:01:af:67:a4:fb:0b:9f:4a:1a:19:fb:f3:4c:
                    56:d5:2e:d1:78:a2:b8:23:d6:84:7f:71:87:be:0d:
                    a8:1b:09:e1:eb:6d:cf:1b:70:93:85:1e:57:67:91:
                    07:fa:9d:1f:49:4b:f1:85:33:32:d7:0f:e5:5e:b5:
                    74:82:a6:e9:e9:87:15:57:87:97:66:fe:b3:ef:50:
                    ca:8c:27:70:44:ed:cd:9b:63:4b:dd:8e:1d:fd:d8:
                    f4:44:9b:ef:f8:70:36:fa:d0:7b:99:9f:8f:d3:81:
                    17:80:a8:e4:1d:70:f4:14:c6:cc:f9:8b:35:32:b9:
                    22:30:aa:71:ff:c8:c6:03:ce:1e:2b:04:11:d0:ea:
                    82:66:f6:65:9d:92:32:02:d1:24:2e:cf:6b:20:75:
                    7e:7e:af:0c:38:a5:02:b7:de:4a:ed:b0:f0:90:dd:
                    f4:a7:c5:2b:5a:3f:cd:f7:aa:cd:8f:a2:41:43:83:
                    96:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:3F:D7:E5:E3:0A:F1:35:3D:3E:C8:00:67:BB:1E:25:2B:45:81:F9
            X509v3 Authority Key Identifier:
                keyid:29:7A:42:29:71:4F:34:E2:9D:3D:92:B2:5F:7B:59:C7:48:F0:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXpCKXFPNOKdPZKyX3tZx0jw38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1d72ce-be4c-4498-a823-3aebc9f817ce/1/fj_X5eMK8TU9PsgAZ7seJStFgfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1d72ce-be4c-4498-a823-3aebc9f817ce/1/KXpCKXFPNOKdPZKyX3tZx0jw38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8b:22:e9:4c:4c:67:7d:b1:62:ce:67:38:7a:64:5b:e9:7a:0a:
         b1:a1:8c:24:a0:2d:f9:ca:0d:17:10:74:50:f1:c8:5f:6d:2b:
         76:31:29:3b:ee:71:9b:12:e7:c6:a6:95:d7:d0:47:9e:4a:6a:
         a6:82:d1:cd:09:04:ec:24:4c:39:5b:86:34:34:c9:a8:92:f8:
         07:a9:9d:95:d2:25:33:b6:69:f7:57:2c:2a:8c:11:ad:e9:99:
         ca:36:97:b9:35:0d:7f:14:b1:3c:50:b0:c1:11:35:ba:4d:d7:
         2c:08:63:d4:72:26:98:a1:76:a6:c7:48:49:d5:87:eb:f4:b9:
         7d:06:4b:d2:2e:62:48:49:11:67:bf:94:d9:60:3e:73:d4:75:
         7d:86:91:00:48:e3:f9:83:32:6e:5a:17:df:bb:ae:17:39:93:
         74:e5:7c:8b:88:fd:2b:73:13:b7:05:10:9e:e4:4a:f2:30:66:
         40:a6:03:40:96:7d:95:e0:2f:89:c0:f6:11:10:27:e5:d8:9c:
         d1:c3:a1:56:43:5c:cd:14:a6:18:ca:2c:f7:b8:61:32:7e:5f:
         f8:d3:26:96:0b:27:2a:d4:34:b2:6d:32:79:89:88:85:82:b3:
         c2:b1:90:44:ac:4e:ce:4e:86:f1:a9:2c:76:d0:b3:35:30:b7:
         37:7b:5b:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJy58H0JJHV6AIliOQq8dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2E0MjI5NzE0ZjM0ZTI5ZDNkOTJiMjVmN2I1OWM3NDhm
MGRmYzYwHhcNMjQwMTAxMjIzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTNmZDdlNWUzMGFmMTM1M2QzZWM4MDA2N2JiMWUyNTJiNDU4MWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkbZHyDn52OBkilWn26axd+wKsRxa
U8W6t67PcmeBOlMZh6H2vXe9yv4DccJIoeQpIlQrse3QlXA1hfPzAlBeUfX6p61O
tPLn8Ij9lgGvZ6T7C59KGhn780xW1S7ReKK4I9aEf3GHvg2oGwnh623PG3CThR5X
Z5EH+p0fSUvxhTMy1w/lXrV0gqbp6YcVV4eXZv6z71DKjCdwRO3Nm2NL3Y4d/dj0
RJvv+HA2+tB7mZ+P04EXgKjkHXD0FMbM+Ys1MrkiMKpx/8jGA84eKwQR0OqCZvZl
nZIyAtEkLs9rIHV+fq8MOKUCt95K7bDwkN30p8UrWj/N96rNj6JBQ4OWeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH4/1+XjCvE1PT7IAGe7HiUrRYH5MB8GA1UdIwQY
MBaAFCl6QilxTzTinT2Ssl97WcdI8N/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hwQ0tYRlBOT0tkUFpLeVgzdFp4MGp3MzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8xZDcyY2UtYmU0Yy00NDk4LWE4MjMt
M2FlYmM5ZjgxN2NlLzEvZmpfWDVlTUs4VFU5UHNnQVo3c2VKU3RGZ2ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8xZDcyY2UtYmU0Yy00NDk4LWE4MjMtM2FlYmM5ZjgxN2Nl
LzEvS1hwQ0tYRlBOT0tkUFpLeVgzdFp4MGp3MzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLhB4MA0G
CSqGSIb3DQEBCwUAA4IBAQCLIulMTGd9sWLOZzh6ZFvpegqxoYwkoC35yg0XEHRQ
8chfbSt2MSk77nGbEufGppXX0EeeSmqmgtHNCQTsJEw5W4Y0NMmokvgHqZ2V0iUz
tmn3VywqjBGt6ZnKNpe5NQ1/FLE8ULDBETW6TdcsCGPUciaYoXamx0hJ1Yfr9Ll9
BkvSLmJISRFnv5TZYD5z1HV9hpEASOP5gzJuWhffu64XOZN05XyLiP0rcxO3BRCe
5EryMGZApgNAln2V4C+JwPYRECfl2JzRw6FWQ1zNFKYYyiz3uGEyfl/40yaWCycq
1DSybTJ5iYiFgrPCsZBErE7OTobxqSx20LM1MLc3e1ui
-----END CERTIFICATE-----