Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/FVo6JY-AZ3nPjf2db6oH4dU3Nvs.roa
File:                     FVo6JY-AZ3nPjf2db6oH4dU3Nvs.roa (raw, json)
Hash identifier:          iTGl3/R89arJtDku2DrlL4WQyvNGk3QjlPw9SVaDSmY=
Subject key identifier:   15:5A:3A:25:8F:80:67:79:CF:8D:FD:9D:6F:AA:07:E1:D5:37:36:FB
Certificate issuer:       /CN=0af61798dd18965c027afa7f93ae030ff5e1d76e
Certificate serial:       018CC3B6F8DF8EEBC42154A4051E268ED098
Authority key identifier: 0A:F6:17:98:DD:18:96:5C:02:7A:FA:7F:93:AE:03:0F:F5:E1:D7:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CvYXmN0YllwCevp_k64DD_Xh124.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/FVo6JY-AZ3nPjf2db6oH4dU3Nvs.roa
Signing time:             Mon 01 Jan 2024 06:29:57 +0000
ROA not before:           Mon 01 Jan 2024 06:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38981
IP address blocks:        87.237.109.0/24 maxlen: 24
                          87.237.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/CvYXmN0YllwCevp_k64DD_Xh124.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/CvYXmN0YllwCevp_k64DD_Xh124.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CvYXmN0YllwCevp_k64DD_Xh124.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f8:df:8e:eb:c4:21:54:a4:05:1e:26:8e:d0:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0af61798dd18965c027afa7f93ae030ff5e1d76e
        Validity
            Not Before: Jan  1 06:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=155a3a258f806779cf8dfd9d6faa07e1d53736fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:e5:8b:f8:ac:4e:28:13:1d:fe:33:32:07:13:
                    80:b3:0b:95:63:77:8d:c1:96:5b:0b:22:3b:ff:6f:
                    8e:66:09:ad:b9:b1:1d:f7:1a:74:5e:5c:60:4f:40:
                    c2:d5:89:05:82:60:22:fc:10:b8:fa:7e:d8:6c:37:
                    d9:4b:fa:f3:12:91:51:a0:44:b4:80:f9:f3:ca:1f:
                    93:fe:a3:29:d7:c3:76:d2:10:39:14:e7:d4:6b:3f:
                    c0:ae:a9:15:1c:cb:c5:a3:cb:d2:b2:e1:f1:46:bd:
                    8d:d3:94:49:1b:17:c2:8d:fb:38:45:32:5b:51:e7:
                    9f:45:d2:91:16:06:6f:4d:41:a6:b9:64:d6:9a:29:
                    23:05:55:29:e8:62:e1:a4:c4:cf:c4:c6:3b:b0:0f:
                    89:58:97:4d:68:0b:a9:bd:3c:95:5d:4c:3f:c8:db:
                    39:46:a8:0e:f0:fb:d2:78:df:e0:b0:82:d4:8f:9e:
                    07:bf:84:57:6c:7e:b3:08:b6:0b:35:f0:f4:5d:8f:
                    3d:0b:0a:c5:f4:3c:e7:30:d5:36:66:61:b2:af:92:
                    5a:d3:dc:b9:7f:b8:45:27:27:f9:b7:39:33:71:44:
                    90:b8:c2:4e:d8:2e:03:79:37:25:c3:a4:e6:aa:77:
                    66:05:d6:57:ee:3d:30:34:37:9c:ad:32:83:9d:a4:
                    14:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:5A:3A:25:8F:80:67:79:CF:8D:FD:9D:6F:AA:07:E1:D5:37:36:FB
            X509v3 Authority Key Identifier:
                keyid:0A:F6:17:98:DD:18:96:5C:02:7A:FA:7F:93:AE:03:0F:F5:E1:D7:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CvYXmN0YllwCevp_k64DD_Xh124.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/FVo6JY-AZ3nPjf2db6oH4dU3Nvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/CvYXmN0YllwCevp_k64DD_Xh124.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.237.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:a5:b4:1a:1d:34:22:8f:be:4a:fc:9a:12:5d:7a:17:ca:be:
         79:51:fd:0c:ec:2f:d4:73:26:bf:a8:26:94:c6:46:c4:37:23:
         12:a6:9c:38:66:73:f1:78:f1:f9:18:f9:2e:cc:a3:04:47:c3:
         e9:73:d2:17:a3:d4:e9:ed:e6:f0:41:2c:f0:71:b7:4d:00:37:
         a5:83:ff:ea:c1:b2:7f:d3:88:60:bc:6f:d5:33:1d:a8:e3:cb:
         97:52:1d:f6:c9:44:27:55:3f:06:06:b4:e3:c0:14:27:21:c4:
         0f:e2:a8:b5:47:30:67:55:f6:88:ee:63:f5:58:9f:08:56:81:
         fa:ed:1d:c2:a7:26:c5:1e:3d:3d:e0:ee:75:6b:b7:c8:cf:3c:
         dd:aa:71:27:6e:6e:4f:b2:72:93:54:0b:90:98:08:b3:7f:fd:
         ea:d3:4f:d7:8e:15:85:e0:d5:06:3d:c4:dd:b4:8d:54:34:7a:
         e2:75:36:8e:11:d8:00:ac:45:35:d6:5f:7c:e2:ed:61:36:e7:
         fb:e3:95:ef:1a:c8:de:a0:7b:22:1c:e6:89:b1:6b:6e:25:c9:
         fe:c8:71:87:42:ce:19:57:b8:9b:8c:44:5b:4a:67:90:72:a4:
         1b:e5:cd:84:6d:e2:13:8d:59:85:12:df:a3:ac:34:9c:3b:7e:
         44:3b:44:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvjfjuvEIVSkBR4mjtCYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhZjYxNzk4ZGQxODk2NWMwMjdhZmE3ZjkzYWUwMzBmZjVl
MWQ3NmUwHhcNMjQwMTAxMDYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTVhM2EyNThmODA2Nzc5Y2Y4ZGZkOWQ2ZmFhMDdlMWQ1MzczNmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAieWL+KxOKBMd/jMyBxOAswuVY3eN
wZZbCyI7/2+OZgmtubEd9xp0XlxgT0DC1YkFgmAi/BC4+n7YbDfZS/rzEpFRoES0
gPnzyh+T/qMp18N20hA5FOfUaz/ArqkVHMvFo8vSsuHxRr2N05RJGxfCjfs4RTJb
UeefRdKRFgZvTUGmuWTWmikjBVUp6GLhpMTPxMY7sA+JWJdNaAupvTyVXUw/yNs5
RqgO8PvSeN/gsILUj54Hv4RXbH6zCLYLNfD0XY89CwrF9DznMNU2ZmGyr5Ja09y5
f7hFJyf5tzkzcUSQuMJO2C4DeTclw6TmqndmBdZX7j0wNDecrTKDnaQUSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVaOiWPgGd5z439nW+qB+HVNzb7MB8GA1UdIwQY
MBaAFAr2F5jdGJZcAnr6f5OuAw/14dduMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3ZZWG1OMFlsbHdDZXZwX2s2NEREX1hoMTI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC82MTUxNjQtNmQ5Ni00ODhhLTk2YmEt
ZDZlMWUzNDdmOWM3LzEvRlZvNkpZLUFaM25QamYyZGI2b0g0ZFUzTnZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC82MTUxNjQtNmQ5Ni00ODhhLTk2YmEtZDZlMWUzNDdmOWM3
LzEvQ3ZZWG1OMFlsbHdDZXZwX2s2NEREX1hoMTI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV+1sMA0G
CSqGSIb3DQEBCwUAA4IBAQCFpbQaHTQij75K/JoSXXoXyr55Uf0M7C/Ucya/qCaU
xkbENyMSppw4ZnPxePH5GPkuzKMER8Ppc9IXo9Tp7ebwQSzwcbdNADelg//qwbJ/
04hgvG/VMx2o48uXUh32yUQnVT8GBrTjwBQnIcQP4qi1RzBnVfaI7mP1WJ8IVoH6
7R3CpybFHj094O51a7fIzzzdqnEnbm5PsnKTVAuQmAizf/3q00/XjhWF4NUGPcTd
tI1UNHridTaOEdgArEU11l984u1hNuf745XvGsjeoHsiHOaJsWtuJcn+yHGHQs4Z
V7ibjERbSmeQcqQb5c2EbeITjVmFEt+jrDScO35EO0Qj
-----END CERTIFICATE-----