Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/FtGFRxU5Ch8jfjtlUO_tDiZINyA.roa
File:                     FtGFRxU5Ch8jfjtlUO_tDiZINyA.roa (raw, json)
Hash identifier:          ehp1lL2JWcX5bvsh0d+qOkVlCc7fJvsx9YSCxjm8iC0=
Subject key identifier:   16:D1:85:47:15:39:0A:1F:23:7E:3B:65:50:EF:ED:0E:26:48:37:20
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       018CC9BC8BB3446B65AA4E72B8BE4057ED17
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/FtGFRxU5Ch8jfjtlUO_tDiZINyA.roa
Signing time:             Tue 02 Jan 2024 10:33:46 +0000
ROA not before:           Tue 02 Jan 2024 10:33:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     27
IP address blocks:        82.112.101.200/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:8b:b3:44:6b:65:aa:4e:72:b8:be:40:57:ed:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 10:33:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16d1854715390a1f237e3b6550efed0e26483720
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f9:b7:14:47:66:a9:e1:95:d9:fa:d1:57:c5:
                    26:8a:aa:dd:e3:9c:c4:c9:bd:1d:bc:2b:d6:37:c1:
                    fa:71:bf:94:7f:30:30:ff:30:a0:68:75:f3:b9:c8:
                    dd:df:56:cb:2e:41:4a:ab:1c:9a:00:0b:42:00:54:
                    0a:c1:e6:8c:6f:00:40:90:2e:cb:2f:82:67:f0:28:
                    a4:98:4b:54:f8:af:b7:6c:2f:34:21:95:50:73:1e:
                    36:65:13:e9:43:72:6a:64:e9:52:94:f1:ae:77:69:
                    09:b5:3e:cd:f9:4d:ba:89:be:96:e3:da:29:2d:9f:
                    e6:f2:cf:59:5b:70:0a:ec:a0:3a:3c:cf:88:5a:0a:
                    2b:e8:73:cc:81:c7:6e:98:58:ae:24:11:ea:f3:0a:
                    5e:20:fa:b6:41:93:a1:80:d4:06:66:d0:bd:21:74:
                    dd:0d:64:44:61:12:f8:42:2c:67:7f:33:6d:75:98:
                    c0:3f:f6:30:9f:8f:e2:b6:5e:e4:44:29:1c:1a:89:
                    bd:b8:c5:0b:a0:b6:0c:da:3f:99:95:82:33:3d:97:
                    ba:59:42:46:62:4c:4a:23:92:73:b5:ca:56:46:9d:
                    fc:a1:24:9a:3d:fa:cd:cf:4f:9e:1c:ba:ee:f0:4d:
                    ac:6e:52:d4:d7:22:65:4f:86:24:84:9b:c4:9c:3f:
                    7a:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:D1:85:47:15:39:0A:1F:23:7E:3B:65:50:EF:ED:0E:26:48:37:20
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/FtGFRxU5Ch8jfjtlUO_tDiZINyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.112.101.200/29

    Signature Algorithm: sha256WithRSAEncryption
         35:1a:92:50:52:43:d4:65:18:55:c3:b7:7b:b5:e4:e9:e8:92:
         cb:ad:cf:46:8e:46:73:e2:3d:5b:cd:40:8f:e5:29:9b:51:1d:
         a3:fe:b3:24:07:8f:ad:73:ce:7b:dc:65:91:11:c9:47:2b:cd:
         79:64:4c:54:50:c7:f6:1f:2d:6e:04:9c:ed:a6:2d:10:45:a1:
         3b:96:2f:18:3c:fe:45:e8:50:76:db:c8:36:60:5e:25:8a:81:
         96:49:67:dd:9a:4f:f3:ef:e1:c4:cc:62:24:f3:20:a6:9b:7e:
         f7:d9:f0:be:ec:d9:c6:93:29:61:0c:d6:4a:2d:5b:3e:70:5e:
         54:66:63:60:b5:82:10:fe:2c:e8:b8:ce:61:b6:02:1d:0d:08:
         54:0f:b1:5c:33:35:69:c3:e3:53:c7:31:e4:6e:cd:b3:42:d0:
         e5:25:c7:36:4b:85:e5:df:81:fe:4a:e6:05:4f:f0:93:4e:ba:
         15:9d:c0:45:1e:1f:0d:ae:56:11:46:54:d3:4d:08:6d:c5:d4:
         bd:e0:8d:20:4e:a5:a8:0b:68:66:e5:66:32:18:10:23:98:e8:
         e1:c1:5a:cb:a9:cf:01:47:f2:5b:6c:ad:31:36:5d:8a:f8:ca:
         33:a7:73:bd:19:bd:77:7a:0e:f2:1d:9f:90:70:ae:94:4b:aa:
         37:28:e8:47
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJvIuzRGtlqk5yuL5AV+0XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjQwMTAyMTAzMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmQxODU0NzE1MzkwYTFmMjM3ZTNiNjU1MGVmZWQwZTI2NDgzNzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifm3FEdmqeGV2frRV8Umiqrd45zE
yb0dvCvWN8H6cb+UfzAw/zCgaHXzucjd31bLLkFKqxyaAAtCAFQKweaMbwBAkC7L
L4Jn8CikmEtU+K+3bC80IZVQcx42ZRPpQ3JqZOlSlPGud2kJtT7N+U26ib6W49op
LZ/m8s9ZW3AK7KA6PM+IWgor6HPMgcdumFiuJBHq8wpeIPq2QZOhgNQGZtC9IXTd
DWREYRL4QixnfzNtdZjAP/Ywn4/itl7kRCkcGom9uMULoLYM2j+ZlYIzPZe6WUJG
YkxKI5JztcpWRp38oSSaPfrNz0+eHLru8E2sblLU1yJlT4YkhJvEnD96HQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBbRhUcVOQofI347ZVDv7Q4mSDcgMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvRnRHRlJ4VTVDaDhqZmp0bFVPX3REaVpJTnlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUDUnBlyDAN
BgkqhkiG9w0BAQsFAAOCAQEANRqSUFJD1GUYVcO3e7Xk6eiSy63PRo5Gc+I9W81A
j+Upm1Edo/6zJAePrXPOe9xlkRHJRyvNeWRMVFDH9h8tbgSc7aYtEEWhO5YvGDz+
RehQdtvINmBeJYqBlkln3ZpP8+/hxMxiJPMgppt+99nwvuzZxpMpYQzWSi1bPnBe
VGZjYLWCEP4s6LjOYbYCHQ0IVA+xXDM1acPjU8cx5G7Ns0LQ5SXHNkuF5d+B/krm
BU/wk066FZ3ARR4fDa5WEUZU000IbcXUveCNIE6lqAtoZuVmMhgQI5jo4cFay6nP
AUfyW2ytMTZdivjKM6dzvRm9d3oO8h2fkHCulEuqNyjoRw==
-----END CERTIFICATE-----