Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Fv1mhjlVMuy4QJR_F81Y50TeCT8.roa
File:                     Fv1mhjlVMuy4QJR_F81Y50TeCT8.roa (raw, json)
Hash identifier:          Sscgng93n48E6xZFWtWbMe0v6Zjl6oA7z7+t6wkKP/I=
Subject key identifier:   16:FD:66:86:39:55:32:EC:B8:40:94:7F:17:CD:58:E7:44:DE:09:3F
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       01921557CDCBDD23D5FD1F4D2A50F10C392D
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Fv1mhjlVMuy4QJR_F81Y50TeCT8.roa
Signing time:             Sat 21 Sep 2024 16:08:48 +0000
ROA not before:           Sat 21 Sep 2024 16:08:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398779
IP address blocks:        45.133.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:15:57:cd:cb:dd:23:d5:fd:1f:4d:2a:50:f1:0c:39:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Sep 21 16:08:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16fd6686395532ecb840947f17cd58e744de093f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:14:54:1b:fc:bc:06:85:9c:ce:95:d4:cb:75:
                    e3:dc:b3:29:17:0f:61:11:52:08:45:e8:5c:d7:cc:
                    f4:e0:cc:57:47:8c:6a:54:9f:46:d8:36:c3:a6:84:
                    63:6b:b1:00:dc:b7:b0:8c:6d:d5:ee:cc:c0:9c:22:
                    7d:4b:76:fc:8d:0d:cc:e9:a1:40:ad:c5:61:ff:8c:
                    2f:d8:61:dd:29:79:de:2b:54:85:7a:91:2c:c7:30:
                    57:e7:e4:de:95:3e:83:dc:b4:90:58:01:9c:2f:42:
                    1d:db:a2:1e:e2:2d:ee:87:f6:21:3a:51:72:35:81:
                    42:49:dd:30:55:33:25:ab:8d:d0:22:2a:72:3e:42:
                    81:66:43:1e:3a:e0:54:d9:ea:1a:12:04:ba:28:ec:
                    4c:88:9d:f1:51:97:8c:f1:db:f0:32:d6:8b:ae:75:
                    73:06:69:d7:72:b3:c6:99:ed:e7:87:c8:fe:54:fa:
                    5d:ed:40:d8:8c:33:1f:dc:df:1c:94:e1:98:39:5b:
                    b4:8f:6a:4e:1e:85:53:cf:f5:7d:66:8b:b7:3e:cd:
                    37:d1:2e:3a:c5:08:00:99:ab:d5:d1:1a:bb:ca:c7:
                    e7:1a:5d:d7:cd:83:c7:6e:e9:84:e6:57:e1:2e:c4:
                    85:a6:b7:b1:cf:84:b3:f8:35:90:a5:18:cf:49:13:
                    73:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:FD:66:86:39:55:32:EC:B8:40:94:7F:17:CD:58:E7:44:DE:09:3F
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Fv1mhjlVMuy4QJR_F81Y50TeCT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:df:fc:b3:5b:f7:4a:8a:a8:23:e8:b2:0d:2e:51:ce:9e:a0:
         48:65:f8:f4:6b:f1:bb:51:06:d5:98:47:98:58:96:53:05:88:
         f6:c2:32:98:ef:8d:51:4c:09:ea:26:34:ed:73:6e:9e:9b:f7:
         38:0d:d2:7c:8d:4e:b8:f2:82:0d:f0:a1:78:82:d0:4c:b3:41:
         b8:c0:c2:36:f6:45:c5:16:a5:9e:d8:8f:be:2a:b6:51:bd:2b:
         f4:99:d8:14:52:4e:0d:eb:6c:63:0e:9d:9a:65:96:81:43:f4:
         ed:a2:02:ca:b6:5b:b7:ce:07:bd:89:ab:12:9f:27:ad:44:f0:
         ab:3f:f3:c5:c5:b6:09:bb:53:aa:03:75:d5:e6:1b:60:7a:63:
         bb:10:bb:6c:92:f9:c5:8f:21:d2:c9:8a:f0:76:61:e5:ac:14:
         77:1b:de:fd:61:39:d6:a1:23:c8:7d:00:af:44:bc:a9:23:85:
         14:a6:44:62:53:a4:8d:1c:0c:60:34:46:91:b2:7b:27:de:83:
         86:b6:e7:7b:7d:83:04:b5:5a:e9:15:8f:b2:1f:88:1e:c8:ee:
         e6:89:a7:14:38:a5:62:11:9b:57:07:6b:36:c9:8c:61:94:a1:
         02:2a:7a:f3:31:b1:10:e1:83:9d:81:92:76:2d:b6:81:8d:8b:
         69:82:6f:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIVV83L3SPV/R9NKlDxDDktMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwOTIxMTYwODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmZkNjY4NjM5NTUzMmVjYjg0MDk0N2YxN2NkNThlNzQ0ZGUwOTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBRUG/y8BoWczpXUy3Xj3LMpFw9h
EVIIRehc18z04MxXR4xqVJ9G2DbDpoRja7EA3LewjG3V7szAnCJ9S3b8jQ3M6aFA
rcVh/4wv2GHdKXneK1SFepEsxzBX5+TelT6D3LSQWAGcL0Id26Ie4i3uh/YhOlFy
NYFCSd0wVTMlq43QIipyPkKBZkMeOuBU2eoaEgS6KOxMiJ3xUZeM8dvwMtaLrnVz
BmnXcrPGme3nh8j+VPpd7UDYjDMf3N8clOGYOVu0j2pOHoVTz/V9Zou3Ps030S46
xQgAmavV0Rq7ysfnGl3XzYPHbumE5lfhLsSFprexz4Sz+DWQpRjPSRNzSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBb9ZoY5VTLsuECUfxfNWOdE3gk/MB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvRnYxbWhqbFZNdXk0UUpSX0Y4MVk1MFRlQ1Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYVIMA0G
CSqGSIb3DQEBCwUAA4IBAQCC3/yzW/dKiqgj6LINLlHOnqBIZfj0a/G7UQbVmEeY
WJZTBYj2wjKY741RTAnqJjTtc26em/c4DdJ8jU648oIN8KF4gtBMs0G4wMI29kXF
FqWe2I++KrZRvSv0mdgUUk4N62xjDp2aZZaBQ/TtogLKtlu3zge9iasSnyetRPCr
P/PFxbYJu1OqA3XV5htgemO7ELtskvnFjyHSyYrwdmHlrBR3G979YTnWoSPIfQCv
RLypI4UUpkRiU6SNHAxgNEaRsnsn3oOGtud7fYMEtVrpFY+yH4geyO7miacUOKVi
EZtXB2s2yYxhlKECKnrzMbEQ4YOdgZJ2LbaBjYtpgm+m
-----END CERTIFICATE-----