Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/6e51cb-517f-4cb1-a3a0-d721bd2e9d53/1/FnfsUrj9jCD0wazsa-jPrFT5Obc.roa
File:                     FnfsUrj9jCD0wazsa-jPrFT5Obc.roa (raw, json)
Hash identifier:          gKc045wynWQwTcJeMAUKrQB0fRtUIE8NZ/2+TWh7mpw=
Subject key identifier:   16:77:EC:52:B8:FD:8C:20:F4:C1:AC:EC:6B:E8:CF:AC:54:F9:39:B7
Certificate issuer:       /CN=d22f3bd0bae603ab790602a96bbbc42b5322e88f
Certificate serial:       018CC56E26269C167FD2AD8EA2FD3EDE43E6
Authority key identifier: D2:2F:3B:D0:BA:E6:03:AB:79:06:02:A9:6B:BB:C4:2B:53:22:E8:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0i870LrmA6t5BgKpa7vEK1Mi6I8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/6e51cb-517f-4cb1-a3a0-d721bd2e9d53/1/FnfsUrj9jCD0wazsa-jPrFT5Obc.roa
Signing time:             Mon 01 Jan 2024 14:29:39 +0000
ROA not before:           Mon 01 Jan 2024 14:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        194.38.4.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/6e51cb-517f-4cb1-a3a0-d721bd2e9d53/1/0i870LrmA6t5BgKpa7vEK1Mi6I8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/6e51cb-517f-4cb1-a3a0-d721bd2e9d53/1/0i870LrmA6t5BgKpa7vEK1Mi6I8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0i870LrmA6t5BgKpa7vEK1Mi6I8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:26:26:9c:16:7f:d2:ad:8e:a2:fd:3e:de:43:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d22f3bd0bae603ab790602a96bbbc42b5322e88f
        Validity
            Not Before: Jan  1 14:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1677ec52b8fd8c20f4c1acec6be8cfac54f939b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:11:7a:86:75:76:db:0f:39:11:d7:bc:3b:38:
                    06:e6:fe:fd:d6:ca:66:25:6f:f2:79:e8:15:ed:b9:
                    e8:83:05:5d:14:9e:fa:c1:a5:d6:f1:92:fe:42:cc:
                    ed:4b:61:46:44:58:84:fb:5c:ed:95:b3:6f:d1:3b:
                    4f:36:48:7a:74:01:35:be:ff:d4:23:6e:c7:98:ec:
                    d1:c6:7d:07:51:46:2e:17:dc:3f:70:ae:ce:0a:08:
                    0a:a2:3e:f1:2d:f9:7b:57:70:b5:36:60:cb:5c:80:
                    5c:3d:01:bc:d5:0d:5a:a3:3c:c9:6c:04:b5:95:f1:
                    1e:69:b4:48:b6:f5:26:4d:35:00:60:49:ec:9f:d5:
                    5d:89:91:4e:c5:26:e7:3a:da:53:a2:09:76:91:25:
                    bc:1f:2d:60:e7:6a:b7:bf:c2:b8:3c:69:48:ae:61:
                    3e:43:bc:4d:b5:b8:5e:50:ff:63:16:79:7f:d5:18:
                    51:1c:5b:df:b0:64:e0:7e:ae:52:76:cd:69:9b:5f:
                    5f:d5:ca:a8:88:dd:b7:b6:d0:f8:19:19:f9:0c:29:
                    06:83:57:f9:1f:8d:1c:bd:8a:05:cb:32:f5:04:94:
                    a7:8f:d3:3f:b9:cc:ec:e4:41:3f:33:22:bb:c6:3b:
                    f3:5d:b9:f8:5a:71:88:b4:ce:6c:e6:2d:73:c1:d0:
                    b6:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:77:EC:52:B8:FD:8C:20:F4:C1:AC:EC:6B:E8:CF:AC:54:F9:39:B7
            X509v3 Authority Key Identifier:
                keyid:D2:2F:3B:D0:BA:E6:03:AB:79:06:02:A9:6B:BB:C4:2B:53:22:E8:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0i870LrmA6t5BgKpa7vEK1Mi6I8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6e51cb-517f-4cb1-a3a0-d721bd2e9d53/1/FnfsUrj9jCD0wazsa-jPrFT5Obc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6e51cb-517f-4cb1-a3a0-d721bd2e9d53/1/0i870LrmA6t5BgKpa7vEK1Mi6I8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.38.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:45:22:18:e0:d6:c6:ca:31:a3:50:dc:29:79:9a:10:e4:f7:
         b6:a3:f2:72:41:b6:8b:ee:64:83:c0:61:aa:6e:51:02:19:16:
         6b:1c:70:c9:1c:31:4e:20:74:03:96:c7:35:93:5b:44:48:40:
         fb:df:3c:2b:c2:40:d5:f3:f4:6e:42:71:44:5b:a1:59:b4:64:
         7e:2a:c8:17:61:5a:a9:a0:13:b0:9e:f4:0b:1f:b0:7f:72:11:
         56:f7:fd:32:3e:6f:fc:3e:d7:ed:16:f8:db:67:69:64:da:46:
         36:ee:b9:eb:91:72:41:e8:98:2c:74:1d:dc:65:44:99:4a:5c:
         ea:c7:0a:32:2b:4e:44:d3:7a:54:d9:b3:ec:78:50:75:0f:31:
         a5:a0:b9:ea:33:44:db:75:85:17:e5:45:01:26:aa:96:f3:11:
         4b:6f:f9:3f:06:04:b8:6c:ec:38:86:9f:e3:32:bd:4a:4d:21:
         3f:0a:1c:b9:1e:43:09:84:c3:fd:f7:a9:b5:dd:c8:61:5c:56:
         3b:18:69:9e:ec:a6:8c:87:bb:16:f2:ea:5e:c5:2c:9c:88:c3:
         d2:d3:1d:e0:b5:09:8f:7a:b6:cc:b7:08:69:43:96:e5:22:74:
         d5:2d:28:98:ec:c0:fc:83:0e:dd:d6:e0:e5:bf:7a:d9:9a:89:
         af:31:3e:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbiYmnBZ/0q2Oov0+3kPmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMmYzYmQwYmFlNjAzYWI3OTA2MDJhOTZiYmJjNDJiNTMy
MmU4OGYwHhcNMjQwMTAxMTQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjc3ZWM1MmI4ZmQ4YzIwZjRjMWFjZWM2YmU4Y2ZhYzU0ZjkzOWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxF6hnV22w85Ede8OzgG5v791spm
JW/yeegV7bnogwVdFJ76waXW8ZL+QsztS2FGRFiE+1ztlbNv0TtPNkh6dAE1vv/U
I27HmOzRxn0HUUYuF9w/cK7OCggKoj7xLfl7V3C1NmDLXIBcPQG81Q1aozzJbAS1
lfEeabRItvUmTTUAYEnsn9VdiZFOxSbnOtpTogl2kSW8Hy1g52q3v8K4PGlIrmE+
Q7xNtbheUP9jFnl/1RhRHFvfsGTgfq5Sds1pm19f1cqoiN23ttD4GRn5DCkGg1f5
H40cvYoFyzL1BJSnj9M/uczs5EE/MyK7xjvzXbn4WnGItM5s5i1zwdC24QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZ37FK4/Ywg9MGs7Gvoz6xU+Tm3MB8GA1UdIwQY
MBaAFNIvO9C65gOreQYCqWu7xCtTIuiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGk4NzBMcm1BNnQ1QmdLcGE3dkVLMU1pNkk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS82ZTUxY2ItNTE3Zi00Y2IxLWEzYTAt
ZDcyMWJkMmU5ZDUzLzEvRm5mc1VyajlqQ0Qwd2F6c2EtalByRlQ1T2JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS82ZTUxY2ItNTE3Zi00Y2IxLWEzYTAtZDcyMWJkMmU5ZDUz
LzEvMGk4NzBMcm1BNnQ1QmdLcGE3dkVLMU1pNkk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiYEMA0G
CSqGSIb3DQEBCwUAA4IBAQBRRSIY4NbGyjGjUNwpeZoQ5Pe2o/JyQbaL7mSDwGGq
blECGRZrHHDJHDFOIHQDlsc1k1tESED73zwrwkDV8/RuQnFEW6FZtGR+KsgXYVqp
oBOwnvQLH7B/chFW9/0yPm/8PtftFvjbZ2lk2kY27rnrkXJB6JgsdB3cZUSZSlzq
xwoyK05E03pU2bPseFB1DzGloLnqM0TbdYUX5UUBJqqW8xFLb/k/BgS4bOw4hp/j
Mr1KTSE/Chy5HkMJhMP996m13chhXFY7GGme7KaMh7sW8upexSyciMPS0x3gtQmP
erbMtwhpQ5blInTVLSiY7MD8gw7d1uDlv3rZmomvMT4D
-----END CERTIFICATE-----