Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/562e1d-952a-4fea-9e4a-67a98e256cc7/1/Mi4rMBilffJFYoUOB2q3n62YE2Y.roa
File:                     Mi4rMBilffJFYoUOB2q3n62YE2Y.roa (raw, json)
Hash identifier:          faXKGLHQL7dcIIMenmL342SBs+vJJ+ykTBzk+dGAWx4=
Subject key identifier:   32:2E:2B:30:18:A5:7D:F2:45:62:85:0E:07:6A:B7:9F:AD:98:13:66
Certificate issuer:       /CN=fcaae514c5f9940391435614d79404bee1209b3b
Certificate serial:       018CCA99835F67ADC72CB5240D45715A84EE
Authority key identifier: FC:AA:E5:14:C5:F9:94:03:91:43:56:14:D7:94:04:BE:E1:20:9B:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_KrlFMX5lAORQ1YU15QEvuEgmzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/562e1d-952a-4fea-9e4a-67a98e256cc7/1/Mi4rMBilffJFYoUOB2q3n62YE2Y.roa
Signing time:             Tue 02 Jan 2024 14:35:07 +0000
ROA not before:           Tue 02 Jan 2024 14:35:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15372
IP address blocks:        176.111.245.0/24 maxlen: 24
                          2001:67c:12b8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/562e1d-952a-4fea-9e4a-67a98e256cc7/1/_KrlFMX5lAORQ1YU15QEvuEgmzs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/562e1d-952a-4fea-9e4a-67a98e256cc7/1/_KrlFMX5lAORQ1YU15QEvuEgmzs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_KrlFMX5lAORQ1YU15QEvuEgmzs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:83:5f:67:ad:c7:2c:b5:24:0d:45:71:5a:84:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fcaae514c5f9940391435614d79404bee1209b3b
        Validity
            Not Before: Jan  2 14:35:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=322e2b3018a57df24562850e076ab79fad981366
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:61:0d:12:2a:6c:43:b1:55:d3:b4:7c:49:f6:
                    97:dd:48:4e:9f:0b:5e:9e:65:d3:bc:47:99:34:9c:
                    c0:00:3a:5c:ac:28:b3:8a:af:bc:ab:00:27:42:9d:
                    e5:44:d1:5d:bf:99:e3:c1:17:06:1b:e9:87:86:96:
                    01:0c:2b:1d:ad:d3:88:ba:d3:0d:00:3d:79:14:c2:
                    88:37:13:ac:e0:d8:5b:54:3f:2c:5b:06:de:1d:c3:
                    6b:43:3d:78:4a:0e:4c:42:75:b5:98:1a:0d:16:76:
                    d6:fa:09:66:86:b8:65:01:aa:bc:26:e4:01:80:e9:
                    7e:bb:11:8a:07:f5:84:d9:0a:f9:17:4a:5f:6f:5b:
                    4d:e3:f7:23:e7:8c:6c:81:c9:59:15:27:01:65:c8:
                    b9:8d:f1:8d:dd:d0:6f:85:9e:4e:cb:30:fe:7c:b8:
                    b4:20:0b:c3:d4:e3:9e:da:c1:0b:a7:d5:da:41:89:
                    83:ad:96:ad:2d:3c:c8:b2:d6:60:36:5c:0d:24:b7:
                    80:0e:73:58:91:02:49:c3:89:03:d2:12:2c:77:66:
                    30:6d:9a:9c:08:5e:8a:70:5a:58:b0:88:3b:f9:84:
                    bf:ff:d2:a8:ce:8a:ae:28:34:9b:f9:46:0a:6f:d1:
                    1b:c4:d0:a9:9d:5a:e8:40:3a:77:61:e3:f7:d6:00:
                    9c:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:2E:2B:30:18:A5:7D:F2:45:62:85:0E:07:6A:B7:9F:AD:98:13:66
            X509v3 Authority Key Identifier:
                keyid:FC:AA:E5:14:C5:F9:94:03:91:43:56:14:D7:94:04:BE:E1:20:9B:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_KrlFMX5lAORQ1YU15QEvuEgmzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/562e1d-952a-4fea-9e4a-67a98e256cc7/1/Mi4rMBilffJFYoUOB2q3n62YE2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/562e1d-952a-4fea-9e4a-67a98e256cc7/1/_KrlFMX5lAORQ1YU15QEvuEgmzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.111.245.0/24
                IPv6:
                  2001:67c:12b8::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:a9:b7:d9:07:c5:ad:93:a5:99:00:c5:84:21:c3:00:1a:e3:
         1a:11:2c:dd:35:b9:77:fe:e4:f6:c1:c4:c4:e3:12:1b:91:1b:
         4d:95:2b:fd:bd:e4:77:ac:8e:05:fe:7d:2c:a4:47:26:3b:f4:
         93:44:49:ba:d9:6a:09:4a:be:58:5d:22:5a:d9:65:95:90:c5:
         5e:c0:51:92:3f:6a:5d:da:52:22:ce:e5:23:e1:45:8e:46:8b:
         e6:20:e7:14:de:79:eb:1e:79:fe:54:d4:66:ae:e4:fb:26:6b:
         3a:61:05:83:78:8c:14:ac:63:55:82:db:d0:a9:b3:63:89:81:
         87:cc:7f:a1:9b:65:7f:ae:b4:6c:5e:de:39:3b:8a:1e:93:4f:
         95:96:2b:81:ab:e0:60:63:3a:e7:41:1d:42:4d:3f:e2:73:03:
         f0:15:f3:9c:51:bb:ad:07:97:62:98:29:6c:ba:b1:32:99:b8:
         78:36:31:61:30:7d:65:1f:1e:cc:42:4b:c2:e1:63:75:37:f0:
         dc:c0:a0:e1:fd:23:be:a0:24:43:3c:b4:d4:99:ea:e4:fb:92:
         64:00:8f:f9:38:ca:64:24:78:5b:5d:db:0a:32:dd:fd:d9:89:
         ec:e0:ee:99:e9:91:2e:3f:9a:92:ac:32:3d:4b:4a:f7:53:e9:
         3b:4e:d2:c2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKmYNfZ63HLLUkDUVxWoTuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYWFlNTE0YzVmOTk0MDM5MTQzNTYxNGQ3OTQwNGJlZTEy
MDliM2IwHhcNMjQwMTAyMTQzNTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjJlMmIzMDE4YTU3ZGYyNDU2Mjg1MGUwNzZhYjc5ZmFkOTgxMzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmENEipsQ7FV07R8SfaX3UhOnwte
nmXTvEeZNJzAADpcrCiziq+8qwAnQp3lRNFdv5njwRcGG+mHhpYBDCsdrdOIutMN
AD15FMKINxOs4NhbVD8sWwbeHcNrQz14Sg5MQnW1mBoNFnbW+glmhrhlAaq8JuQB
gOl+uxGKB/WE2Qr5F0pfb1tN4/cj54xsgclZFScBZci5jfGN3dBvhZ5OyzD+fLi0
IAvD1OOe2sELp9XaQYmDrZatLTzIstZgNlwNJLeADnNYkQJJw4kD0hIsd2YwbZqc
CF6KcFpYsIg7+YS//9KozoquKDSb+UYKb9EbxNCpnVroQDp3YeP31gCcnQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDIuKzAYpX3yRWKFDgdqt5+tmBNmMB8GA1UdIwQY
MBaAFPyq5RTF+ZQDkUNWFNeUBL7hIJs7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0tybEZNWDVsQU9SUTFZVTE1UUV2dUVnbXpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy81NjJlMWQtOTUyYS00ZmVhLTllNGEt
NjdhOThlMjU2Y2M3LzEvTWk0ck1CaWxmZkpGWW9VT0IycTNuNjJZRTJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy81NjJlMWQtOTUyYS00ZmVhLTllNGEtNjdhOThlMjU2Y2M3
LzEvX0tybEZNWDVsQU9SUTFZVTE1UUV2dUVnbXpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAsG/1MA8E
AgACMAkDBwAgAQZ8ErgwDQYJKoZIhvcNAQELBQADggEBAE2pt9kHxa2TpZkAxYQh
wwAa4xoRLN01uXf+5PbBxMTjEhuRG02VK/295HesjgX+fSykRyY79JNESbrZaglK
vlhdIlrZZZWQxV7AUZI/al3aUiLO5SPhRY5Gi+Yg5xTeeeseef5U1Gau5Psmazph
BYN4jBSsY1WC29Cps2OJgYfMf6GbZX+utGxe3jk7ih6TT5WWK4Gr4GBjOudBHUJN
P+JzA/AV85xRu60Hl2KYKWy6sTKZuHg2MWEwfWUfHsxCS8LhY3U38NzAoOH9I76g
JEM8tNSZ6uT7kmQAj/k4ymQkeFtd2woy3f3Ziezg7pnpkS4/mpKsMj1LSvdT6TtO
0sI=
-----END CERTIFICATE-----