Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/591a46-1e21-4590-874c-58c7bfcdcfdf/1/FbR2IPes4gXBYl6il39AE-CJxFE.roa
File:                     FbR2IPes4gXBYl6il39AE-CJxFE.roa (raw, json)
Hash identifier:          NxF87V2OElWtm1avKCZz6XoG8s4CEgXZjzTvLA0d00c=
Subject key identifier:   15:B4:76:20:F7:AC:E2:05:C1:62:5E:A2:97:7F:40:13:E0:89:C4:51
Certificate issuer:       /CN=14db04f9c92317ecc7a2aaff2ca4d7098d1bd26a
Certificate serial:       018CC86F29A81108B430781B603424EB3318
Authority key identifier: 14:DB:04:F9:C9:23:17:EC:C7:A2:AA:FF:2C:A4:D7:09:8D:1B:D2:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FNsE-ckjF-zHoqr_LKTXCY0b0mo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/591a46-1e21-4590-874c-58c7bfcdcfdf/1/FbR2IPes4gXBYl6il39AE-CJxFE.roa
Signing time:             Tue 02 Jan 2024 04:29:37 +0000
ROA not before:           Tue 02 Jan 2024 04:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33915
IP address blocks:        185.72.124.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/591a46-1e21-4590-874c-58c7bfcdcfdf/1/FNsE-ckjF-zHoqr_LKTXCY0b0mo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/591a46-1e21-4590-874c-58c7bfcdcfdf/1/FNsE-ckjF-zHoqr_LKTXCY0b0mo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FNsE-ckjF-zHoqr_LKTXCY0b0mo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:29:a8:11:08:b4:30:78:1b:60:34:24:eb:33:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14db04f9c92317ecc7a2aaff2ca4d7098d1bd26a
        Validity
            Not Before: Jan  2 04:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15b47620f7ace205c1625ea2977f4013e089c451
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:75:7e:81:c5:91:cb:37:74:2e:85:ad:86:2d:
                    d5:29:10:fa:59:18:47:86:2c:75:15:13:23:32:7b:
                    76:77:3b:e7:a1:bc:ec:53:12:8e:e8:a7:a4:92:71:
                    81:61:ce:4b:f9:e0:99:cf:6c:e8:ab:21:78:b4:d8:
                    3c:fb:23:78:78:e8:71:c8:d9:af:08:9e:30:3a:3f:
                    c8:0e:56:4e:73:4d:fd:fb:19:c9:9e:39:e6:48:89:
                    d2:1e:44:2a:35:2c:be:b5:f6:ff:75:d6:c0:c6:c7:
                    ff:3d:6c:9c:d9:9e:3c:85:fd:d8:45:99:65:0d:52:
                    a2:26:f1:65:c0:bf:0c:71:fd:ef:d2:a3:f6:5b:9a:
                    77:47:12:1f:7c:f7:af:df:ff:13:72:f0:f0:9d:ae:
                    18:4a:cf:f2:12:72:b9:94:6f:c1:5f:aa:9f:3f:0d:
                    d6:aa:05:79:10:fd:f1:b2:6c:3d:7b:d9:e4:a0:da:
                    fa:23:ad:8b:6e:b3:05:1c:62:28:5d:e4:98:2e:c7:
                    25:c7:f5:b6:3b:3b:39:09:21:9a:d5:0f:a8:33:67:
                    ac:2e:a7:67:cb:b6:f4:17:e5:bc:9d:6d:e8:b3:9d:
                    2e:5c:4d:bc:e1:b0:64:56:53:bd:44:f5:83:81:0c:
                    84:14:5a:b9:2f:6c:21:7a:6b:c3:e5:61:20:aa:9c:
                    21:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:B4:76:20:F7:AC:E2:05:C1:62:5E:A2:97:7F:40:13:E0:89:C4:51
            X509v3 Authority Key Identifier:
                keyid:14:DB:04:F9:C9:23:17:EC:C7:A2:AA:FF:2C:A4:D7:09:8D:1B:D2:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FNsE-ckjF-zHoqr_LKTXCY0b0mo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/591a46-1e21-4590-874c-58c7bfcdcfdf/1/FbR2IPes4gXBYl6il39AE-CJxFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/591a46-1e21-4590-874c-58c7bfcdcfdf/1/FNsE-ckjF-zHoqr_LKTXCY0b0mo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:68:d1:58:08:70:fd:31:6e:c9:98:da:83:85:9e:98:cb:a5:
         9c:17:3d:fa:8e:48:ab:4d:b6:4f:6c:81:55:c2:08:f9:32:10:
         d5:57:9b:35:4b:5a:8c:b3:f4:78:b0:b7:29:69:e1:b5:c8:31:
         d2:4c:f6:28:7b:62:b2:d5:81:02:2f:ed:72:89:a1:d2:20:35:
         ff:97:6e:3b:a9:24:82:2f:98:e0:60:c1:46:58:e3:4d:ba:fc:
         3e:c8:da:83:d5:c7:c3:14:43:42:77:71:35:38:23:2e:66:71:
         74:a6:ba:db:c1:62:cf:6b:d0:10:83:4b:ee:c2:23:00:b8:97:
         1c:27:6a:07:00:5f:0a:57:0c:e8:db:d5:2e:17:09:30:54:ea:
         37:29:37:53:0b:48:3e:f4:05:93:a1:b4:8d:86:60:89:94:1f:
         56:68:eb:f9:f3:3d:77:a8:06:8c:96:34:ec:24:2e:32:55:d3:
         cf:e0:0d:8b:1c:f3:95:b4:06:28:6d:bb:e3:ca:33:8c:4e:ce:
         7e:85:b6:db:39:da:ef:83:67:09:34:4b:c9:18:3c:3d:08:c5:
         01:de:db:27:7e:0c:3b:a0:87:71:00:0f:3f:97:2f:d5:cb:a1:
         52:0d:de:6c:8f:7a:40:7d:d9:4c:dc:32:44:13:b3:a2:37:ca:
         95:06:25:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbymoEQi0MHgbYDQk6zMYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0ZGIwNGY5YzkyMzE3ZWNjN2EyYWFmZjJjYTRkNzA5OGQx
YmQyNmEwHhcNMjQwMTAyMDQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWI0NzYyMGY3YWNlMjA1YzE2MjVlYTI5NzdmNDAxM2UwODljNDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHV+gcWRyzd0LoWthi3VKRD6WRhH
hix1FRMjMnt2dzvnobzsUxKO6KekknGBYc5L+eCZz2zoqyF4tNg8+yN4eOhxyNmv
CJ4wOj/IDlZOc039+xnJnjnmSInSHkQqNSy+tfb/ddbAxsf/PWyc2Z48hf3YRZll
DVKiJvFlwL8Mcf3v0qP2W5p3RxIffPev3/8TcvDwna4YSs/yEnK5lG/BX6qfPw3W
qgV5EP3xsmw9e9nkoNr6I62LbrMFHGIoXeSYLsclx/W2Ozs5CSGa1Q+oM2esLqdn
y7b0F+W8nW3os50uXE284bBkVlO9RPWDgQyEFFq5L2whemvD5WEgqpwhzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBW0diD3rOIFwWJeopd/QBPgicRRMB8GA1UdIwQY
MBaAFBTbBPnJIxfsx6Kq/yyk1wmNG9JqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRk5zRS1ja2pGLXpIb3FyX0xLVFhDWTBiMG1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy81OTFhNDYtMWUyMS00NTkwLTg3NGMt
NThjN2JmY2RjZmRmLzEvRmJSMklQZXM0Z1hCWWw2aWwzOUFFLUNKeEZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy81OTFhNDYtMWUyMS00NTkwLTg3NGMtNThjN2JmY2RjZmRm
LzEvRk5zRS1ja2pGLXpIb3FyX0xLVFhDWTBiMG1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUh8MA0G
CSqGSIb3DQEBCwUAA4IBAQB3aNFYCHD9MW7JmNqDhZ6Yy6WcFz36jkirTbZPbIFV
wgj5MhDVV5s1S1qMs/R4sLcpaeG1yDHSTPYoe2Ky1YECL+1yiaHSIDX/l247qSSC
L5jgYMFGWONNuvw+yNqD1cfDFENCd3E1OCMuZnF0prrbwWLPa9AQg0vuwiMAuJcc
J2oHAF8KVwzo29UuFwkwVOo3KTdTC0g+9AWTobSNhmCJlB9WaOv58z13qAaMljTs
JC4yVdPP4A2LHPOVtAYobbvjyjOMTs5+hbbbOdrvg2cJNEvJGDw9CMUB3tsnfgw7
oIdxAA8/ly/Vy6FSDd5sj3pAfdlM3DJEE7OiN8qVBiWn
-----END CERTIFICATE-----