Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/Fnh9GVa_fvnoNRzF2991qb7jjwo.roa
File:                     Fnh9GVa_fvnoNRzF2991qb7jjwo.roa (raw, json)
Hash identifier:          3BjRnTcWutTShoyklANMFkV25gkqiaqxtmRqk9L6LMc=
Subject key identifier:   16:78:7D:19:56:BF:7E:F9:E8:35:1C:C5:DB:DF:75:A9:BE:E3:8F:0A
Certificate issuer:       /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial:       018CC56DE7E004BC913EC10AC2F2B3FB19A2
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/Fnh9GVa_fvnoNRzF2991qb7jjwo.roa
Signing time:             Mon 01 Jan 2024 14:29:23 +0000
ROA not before:           Mon 01 Jan 2024 14:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50565
IP address blocks:        45.143.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e7:e0:04:bc:91:3e:c1:0a:c2:f2:b3:fb:19:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
        Validity
            Not Before: Jan  1 14:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16787d1956bf7ef9e8351cc5dbdf75a9bee38f0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:89:93:12:38:65:25:3e:4e:f6:72:59:db:e7:
                    8a:ca:29:64:1d:a5:8d:b3:fe:18:34:90:55:a1:8e:
                    3e:9d:97:28:72:e2:68:62:47:d8:63:de:6a:42:4f:
                    30:9f:06:51:b3:be:8c:91:00:99:5a:cd:b8:9f:12:
                    be:fc:50:13:be:79:81:f0:9d:53:c2:23:ba:4a:12:
                    03:aa:9b:8c:6b:fc:02:0a:7c:ca:c0:95:13:b1:da:
                    7f:8e:ee:b9:9c:f7:7a:a6:cb:76:57:82:46:dc:3e:
                    dd:0d:f9:ec:9a:a0:52:0d:49:5e:3e:8a:d0:d1:e4:
                    b3:e8:39:00:7c:40:01:1f:99:36:ba:21:ae:50:54:
                    44:88:95:26:30:38:80:00:b1:da:ab:ce:d7:21:84:
                    c9:d0:e3:b9:ee:82:5e:8d:69:7f:77:46:a6:44:ec:
                    5c:08:bd:e9:cd:64:4e:ce:93:ee:9f:ff:91:1a:ef:
                    d4:d3:33:62:23:1c:d9:d1:01:91:7e:0f:2d:23:12:
                    bf:59:84:22:be:fe:22:de:9c:75:29:05:56:81:05:
                    dc:01:f5:b3:93:2d:1a:e5:f2:9a:8b:3f:f4:85:c6:
                    57:56:a3:c4:c0:e4:88:9f:92:85:ef:70:20:57:31:
                    93:bd:66:9f:96:77:b2:8d:6b:3b:7d:3d:de:33:ee:
                    0e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:78:7D:19:56:BF:7E:F9:E8:35:1C:C5:DB:DF:75:A9:BE:E3:8F:0A
            X509v3 Authority Key Identifier:
                keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/Fnh9GVa_fvnoNRzF2991qb7jjwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:47:24:5c:f0:3d:86:63:ea:83:a7:36:62:a9:31:f5:8e:34:
         26:96:d2:77:df:46:f8:6e:51:12:6b:97:79:a4:8a:dd:5e:0e:
         c4:47:25:1c:2c:04:61:2e:d9:a8:ce:46:6a:55:ca:aa:28:58:
         f3:9a:1a:d5:ad:d5:99:e9:d0:b8:0c:0a:29:b8:90:33:34:35:
         fd:96:96:a9:94:e6:4e:44:ca:71:90:5a:29:9b:49:80:38:1b:
         ff:da:0a:b3:3b:a5:5d:19:77:f8:84:0a:0a:98:06:a0:f4:ad:
         69:7d:ea:fe:be:54:e6:ee:eb:9a:b8:0d:f6:10:5b:01:94:b9:
         c4:c2:24:56:3c:41:78:36:5f:43:41:f4:07:a7:ea:9b:10:3c:
         04:55:30:13:81:57:b2:02:e7:1d:3e:c8:37:cb:1f:17:cd:52:
         3f:7f:8b:5d:19:b2:f0:69:ff:4d:5d:8e:b5:3f:36:98:7b:93:
         2f:f1:f5:6c:19:9f:25:c8:9a:33:ce:3b:bb:2c:74:71:e2:68:
         10:82:44:df:1d:0c:80:1a:b9:f0:99:e7:6f:6f:31:36:94:af:
         ab:8f:79:79:29:3d:ee:b6:59:ef:49:f3:4e:46:94:71:0a:71:
         73:00:57:23:b0:3b:3f:6b:3e:06:70:88:5a:23:0a:03:64:69:
         92:63:bd:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbefgBLyRPsEKwvKz+xmiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjQwMTAxMTQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjc4N2QxOTU2YmY3ZWY5ZTgzNTFjYzVkYmRmNzVhOWJlZTM4ZjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjImTEjhlJT5O9nJZ2+eKyilkHaWN
s/4YNJBVoY4+nZcocuJoYkfYY95qQk8wnwZRs76MkQCZWs24nxK+/FATvnmB8J1T
wiO6ShIDqpuMa/wCCnzKwJUTsdp/ju65nPd6pst2V4JG3D7dDfnsmqBSDUlePorQ
0eSz6DkAfEABH5k2uiGuUFREiJUmMDiAALHaq87XIYTJ0OO57oJejWl/d0amROxc
CL3pzWROzpPun/+RGu/U0zNiIxzZ0QGRfg8tIxK/WYQivv4i3px1KQVWgQXcAfWz
ky0a5fKaiz/0hcZXVqPEwOSIn5KF73AgVzGTvWaflneyjWs7fT3eM+4OYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZ4fRlWv3756DUcxdvfdam+448KMB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEvRm5oOUdWYV9mdm5vTlJ6RjI5OTFxYjdqandvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY9hMA0G
CSqGSIb3DQEBCwUAA4IBAQAPRyRc8D2GY+qDpzZiqTH1jjQmltJ330b4blESa5d5
pIrdXg7ERyUcLARhLtmozkZqVcqqKFjzmhrVrdWZ6dC4DAopuJAzNDX9lpaplOZO
RMpxkFopm0mAOBv/2gqzO6VdGXf4hAoKmAag9K1pfer+vlTm7uuauA32EFsBlLnE
wiRWPEF4Nl9DQfQHp+qbEDwEVTATgVeyAucdPsg3yx8XzVI/f4tdGbLwaf9NXY61
PzaYe5Mv8fVsGZ8lyJozzju7LHRx4mgQgkTfHQyAGrnwmedvbzE2lK+rj3l5KT3u
tlnvSfNORpRxCnFzAFcjsDs/az4GcIhaIwoDZGmSY73U
-----END CERTIFICATE-----