Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/FWg8FBfYunsoVJDBQMIdqdUl6ZY.roa
File:                     FWg8FBfYunsoVJDBQMIdqdUl6ZY.roa (raw, json)
Hash identifier:          Se2GyIuI2/e+UgrEM9K65f7zlKhpQUROAwWtdVkTljw=
Subject key identifier:   15:68:3C:14:17:D8:BA:7B:28:54:90:C1:40:C2:1D:A9:D5:25:E9:96
Certificate issuer:       /CN=66104e4f7d9f38d8e22a2d32be019031930c1a47
Certificate serial:       018D9E63438C21C36BC7D1D1C9D89BD26A5A
Authority key identifier: 66:10:4E:4F:7D:9F:38:D8:E2:2A:2D:32:BE:01:90:31:93:0C:1A:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZhBOT32fONjiKi0yvgGQMZMMGkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/FWg8FBfYunsoVJDBQMIdqdUl6ZY.roa
Signing time:             Mon 12 Feb 2024 17:35:21 +0000
ROA not before:           Mon 12 Feb 2024 17:35:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3281
IP address blocks:        92.63.91.0/24 maxlen: 24
                          185.129.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/ZhBOT32fONjiKi0yvgGQMZMMGkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/ZhBOT32fONjiKi0yvgGQMZMMGkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZhBOT32fONjiKi0yvgGQMZMMGkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9e:63:43:8c:21:c3:6b:c7:d1:d1:c9:d8:9b:d2:6a:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66104e4f7d9f38d8e22a2d32be019031930c1a47
        Validity
            Not Before: Feb 12 17:35:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15683c1417d8ba7b285490c140c21da9d525e996
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:99:bf:a7:76:1d:82:30:c2:1a:13:a4:17:ec:
                    1a:09:0d:63:6c:ae:85:73:66:86:f0:89:65:ac:56:
                    55:4f:51:76:42:8a:1f:f1:86:76:f3:7b:6c:03:f1:
                    16:a0:c5:da:f8:a2:38:2c:77:4e:1e:f0:1e:22:c1:
                    e0:f4:c8:53:c3:bf:74:82:72:5f:9a:91:65:a0:3a:
                    49:2f:36:ed:63:d0:a0:83:41:44:22:00:89:95:de:
                    d1:de:56:01:ca:98:c4:32:ef:6c:91:5e:3c:0b:98:
                    30:e9:b9:a2:0d:3d:3f:d4:4e:1c:bf:9d:15:c9:f3:
                    38:93:82:e8:97:4e:44:23:3a:b5:43:06:ae:91:e9:
                    f6:84:d8:96:92:5e:ad:67:43:1c:41:06:a0:98:96:
                    b1:ff:2a:73:58:09:13:d8:d9:c5:9b:8b:ab:65:1e:
                    e4:61:0a:49:f9:1a:c9:06:4a:8a:70:b0:d1:fb:b1:
                    17:1e:3a:56:d9:62:45:09:ef:17:54:04:4c:49:d4:
                    d2:7f:36:10:7f:b2:22:04:4f:1b:d2:f5:ba:08:bc:
                    5f:56:33:d3:eb:e7:ca:69:8b:93:63:e3:70:8a:07:
                    fa:0f:29:62:68:1c:08:56:65:5a:29:83:c6:62:ea:
                    e3:a1:33:bd:92:72:09:61:99:fb:6e:23:65:47:45:
                    7e:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:68:3C:14:17:D8:BA:7B:28:54:90:C1:40:C2:1D:A9:D5:25:E9:96
            X509v3 Authority Key Identifier:
                keyid:66:10:4E:4F:7D:9F:38:D8:E2:2A:2D:32:BE:01:90:31:93:0C:1A:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZhBOT32fONjiKi0yvgGQMZMMGkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/FWg8FBfYunsoVJDBQMIdqdUl6ZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/ZhBOT32fONjiKi0yvgGQMZMMGkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.63.91.0/24
                  185.129.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:43:c3:4f:51:0f:50:02:e4:b1:43:d6:ac:9a:50:b9:0f:93:
         29:2a:0c:ae:5d:d8:cc:46:8c:d1:21:d0:d0:25:8c:cb:6f:e5:
         12:88:ef:b4:66:9a:d4:1a:bb:99:5d:e5:98:56:73:8f:cc:2a:
         9d:5d:11:fc:12:e6:8a:40:22:59:0a:b6:82:93:5b:54:49:4e:
         f0:a1:0e:c3:46:0f:84:b5:50:3b:67:da:75:62:32:51:5a:38:
         6a:5e:39:dd:67:ce:20:2d:04:7f:2e:35:c5:28:21:69:01:d1:
         99:cd:29:90:c4:94:60:2c:b4:aa:95:b9:51:d3:c1:6e:cb:6e:
         5e:f5:46:c2:c1:e2:f4:f6:21:ee:68:54:1e:cd:b5:81:4b:6a:
         0a:5b:e9:61:71:28:08:4a:92:7f:85:9d:fe:1b:b5:a0:53:fa:
         c7:00:91:c8:a4:8d:b0:ec:55:ad:d2:73:0c:af:6b:27:ed:d6:
         4e:73:a7:23:f4:11:7f:0a:7e:88:a7:1e:63:1d:fe:ff:95:ba:
         b8:d2:1a:2e:f7:90:fc:61:cc:d4:57:09:96:9b:af:cf:c5:84:
         0d:13:bd:9b:0a:97:9a:b0:f7:47:d6:06:bd:48:03:48:44:ff:
         b7:4f:50:78:09:a8:94:6d:f4:74:6e:37:2c:f0:80:30:16:b5:
         b3:55:70:41
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2eY0OMIcNrx9HRydib0mpaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2MTA0ZTRmN2Q5ZjM4ZDhlMjJhMmQzMmJlMDE5MDMxOTMw
YzFhNDcwHhcNMjQwMjEyMTczNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTY4M2MxNDE3ZDhiYTdiMjg1NDkwYzE0MGMyMWRhOWQ1MjVlOTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJm/p3YdgjDCGhOkF+waCQ1jbK6F
c2aG8IllrFZVT1F2Qoof8YZ283tsA/EWoMXa+KI4LHdOHvAeIsHg9MhTw790gnJf
mpFloDpJLzbtY9Cgg0FEIgCJld7R3lYBypjEMu9skV48C5gw6bmiDT0/1E4cv50V
yfM4k4Lol05EIzq1Qwauken2hNiWkl6tZ0McQQagmJax/ypzWAkT2NnFm4urZR7k
YQpJ+RrJBkqKcLDR+7EXHjpW2WJFCe8XVARMSdTSfzYQf7IiBE8b0vW6CLxfVjPT
6+fKaYuTY+Nwigf6DyliaBwIVmVaKYPGYurjoTO9knIJYZn7biNlR0V+lQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBVoPBQX2Lp7KFSQwUDCHanVJemWMB8GA1UdIwQY
MBaAFGYQTk99nzjY4iotMr4BkDGTDBpHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmhCT1QzMmZPTmppS2kweXZnR1FNWk1NR2tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS84MmQyMjItMjIwMi00NWYyLWI5MDQt
NDc0NzJlZDNiZWNiLzEvRldnOEZCZll1bnNvVkpEQlFNSWRxZFVsNlpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS84MmQyMjItMjIwMi00NWYyLWI5MDQtNDc0NzJlZDNiZWNi
LzEvWmhCT1QzMmZPTmppS2kweXZnR1FNWk1NR2tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXD9bAwQA
uYGXMA0GCSqGSIb3DQEBCwUAA4IBAQBNQ8NPUQ9QAuSxQ9asmlC5D5MpKgyuXdjM
RozRIdDQJYzLb+USiO+0ZprUGruZXeWYVnOPzCqdXRH8EuaKQCJZCraCk1tUSU7w
oQ7DRg+EtVA7Z9p1YjJRWjhqXjndZ84gLQR/LjXFKCFpAdGZzSmQxJRgLLSqlblR
08Fuy25e9UbCweL09iHuaFQezbWBS2oKW+lhcSgISpJ/hZ3+G7WgU/rHAJHIpI2w
7FWt0nMMr2sn7dZOc6cj9BF/Cn6Ipx5jHf7/lbq40hou95D8YczUVwmWm6/PxYQN
E72bCpeasPdH1ga9SANIRP+3T1B4CaiUbfR0bjcs8IAwFrWzVXBB
-----END CERTIFICATE-----