Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/fzsp7PHSzmWVIn8yVOXQa_7FmKQ.roa
File:                     fzsp7PHSzmWVIn8yVOXQa_7FmKQ.roa (raw, json)
Hash identifier:          SkYI08EYzD7GCVvQI07IBr+EWXXpCIcicBxWwCpdN4s=
Subject key identifier:   7F:3B:29:EC:F1:D2:CE:65:95:22:7F:32:54:E5:D0:6B:FE:C5:98:A4
Certificate issuer:       /CN=1224e5eff1abc0e6d8bf029e4f732e0ab71bc16a
Certificate serial:       01941FFA5C095655458E1BF1CCAB131D4F0F
Authority key identifier: 12:24:E5:EF:F1:AB:C0:E6:D8:BF:02:9E:4F:73:2E:0A:B7:1B:C1:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/fzsp7PHSzmWVIn8yVOXQa_7FmKQ.roa
Signing time:             Wed 01 Jan 2025 03:48:08 +0000
ROA not before:           Wed 01 Jan 2025 03:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49043
IP address blocks:        86.117.18.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/EiTl7_GrwObYvwKeT3MuCrcbwWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/EiTl7_GrwObYvwKeT3MuCrcbwWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:5c:09:56:55:45:8e:1b:f1:cc:ab:13:1d:4f:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1224e5eff1abc0e6d8bf029e4f732e0ab71bc16a
        Validity
            Not Before: Jan  1 03:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f3b29ecf1d2ce6595227f3254e5d06bfec598a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:37:8c:46:76:ef:d3:e1:db:7f:80:15:10:91:
                    db:41:9e:a7:c8:e9:4a:27:f5:90:cc:f4:b8:ba:26:
                    ac:74:4e:8d:62:5f:73:89:75:a6:45:07:a1:8c:af:
                    46:1c:0e:cb:28:ea:57:db:14:a7:39:2b:4a:e7:ec:
                    4f:ca:3a:d8:e8:79:a3:3b:5f:70:7c:73:bc:72:c1:
                    e8:18:14:db:07:c0:7c:1b:79:16:97:d6:d1:23:09:
                    8f:81:82:bf:d1:8c:a9:e0:52:4f:9f:00:06:e8:9b:
                    62:e9:86:cb:8a:8e:49:dc:c1:ac:e0:ee:7b:8f:a5:
                    5d:13:0f:87:00:38:b0:6f:b7:44:24:57:10:e8:52:
                    f0:92:83:af:ef:0b:58:1d:da:b7:12:82:af:00:30:
                    ca:34:05:cf:cc:6f:2d:e9:a5:0c:79:4e:f2:54:01:
                    7c:31:a8:cc:55:36:3e:f8:bc:23:4b:27:a8:f8:d9:
                    eb:b4:df:7f:2c:02:95:b9:3c:9a:48:0a:de:f9:86:
                    18:50:c2:e4:12:c6:25:81:c3:49:72:10:73:14:b0:
                    1b:a7:6f:4b:35:9f:66:ad:a5:23:d0:ed:b1:86:9c:
                    81:f2:bb:79:09:df:1c:49:cd:5e:f5:c1:4a:09:2b:
                    65:94:b9:be:6d:37:e4:15:33:d7:4c:c3:65:87:3e:
                    22:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:3B:29:EC:F1:D2:CE:65:95:22:7F:32:54:E5:D0:6B:FE:C5:98:A4
            X509v3 Authority Key Identifier:
                keyid:12:24:E5:EF:F1:AB:C0:E6:D8:BF:02:9E:4F:73:2E:0A:B7:1B:C1:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/fzsp7PHSzmWVIn8yVOXQa_7FmKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/EiTl7_GrwObYvwKeT3MuCrcbwWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.117.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:db:f8:ba:37:63:1c:0d:73:f3:f9:4c:6a:3d:8a:fe:2d:0f:
         aa:65:58:0d:c3:85:80:b9:c7:45:97:2a:95:d5:97:27:d8:b1:
         24:f5:b8:6b:aa:8f:14:f5:e8:0a:22:97:28:b0:15:dc:f8:96:
         9e:5f:95:37:59:ee:72:30:bc:6a:65:d9:dd:80:1c:5f:1a:81:
         ba:f9:78:e8:ba:10:13:4c:42:c5:3f:f3:a4:66:ba:19:3f:84:
         a8:59:db:a5:b3:65:b1:f7:02:0a:67:9f:5a:ff:3e:1c:3f:6c:
         9e:1a:02:b7:95:e9:d9:0d:86:59:f7:12:d5:14:22:ac:db:4f:
         09:6c:45:4e:c5:0e:33:36:a7:ec:cc:4d:ae:eb:56:7e:b3:0e:
         6a:17:55:3e:a9:90:03:60:0f:db:8e:f4:00:42:6a:84:fb:a4:
         b9:74:9d:ef:93:fa:7d:ab:4a:25:a7:11:a6:e7:f6:13:20:a5:
         3a:b4:5b:61:97:cd:89:f2:fb:23:83:b3:ab:e8:2a:bb:45:fa:
         93:e9:11:2b:dd:d1:87:bf:17:2c:37:2d:11:69:45:00:b5:2e:
         00:82:cf:e0:16:77:01:3b:08:40:1b:f4:fd:84:88:ee:b9:b4:
         27:1a:88:96:71:c5:37:80:6c:cc:c9:84:08:7e:1f:dd:44:90:
         a9:23:f2:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+lwJVlVFjhvxzKsTHU8PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMjRlNWVmZjFhYmMwZTZkOGJmMDI5ZTRmNzMyZTBhYjcx
YmMxNmEwHhcNMjUwMTAxMDM0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjNiMjllY2YxZDJjZTY1OTUyMjdmMzI1NGU1ZDA2YmZlYzU5OGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDeMRnbv0+Hbf4AVEJHbQZ6nyOlK
J/WQzPS4uiasdE6NYl9ziXWmRQehjK9GHA7LKOpX2xSnOStK5+xPyjrY6HmjO19w
fHO8csHoGBTbB8B8G3kWl9bRIwmPgYK/0Yyp4FJPnwAG6Jti6YbLio5J3MGs4O57
j6VdEw+HADiwb7dEJFcQ6FLwkoOv7wtYHdq3EoKvADDKNAXPzG8t6aUMeU7yVAF8
MajMVTY++LwjSyeo+NnrtN9/LAKVuTyaSAre+YYYUMLkEsYlgcNJchBzFLAbp29L
NZ9mraUj0O2xhpyB8rt5Cd8cSc1e9cFKCStllLm+bTfkFTPXTMNlhz4i9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH87Kezx0s5llSJ/MlTl0Gv+xZikMB8GA1UdIwQY
MBaAFBIk5e/xq8Dm2L8Cnk9zLgq3G8FqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWlUbDdfR3J3T2JZdndLZVQzTXVDcmNid1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8xMWJlMjMtM2JlNi00ODgxLWEzZDEt
NTM4NmIxZDk2M2JjLzEvZnpzcDdQSFN6bVdWSW44eVZPWFFhXzdGbUtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8xMWJlMjMtM2JlNi00ODgxLWEzZDEtNTM4NmIxZDk2M2Jj
LzEvRWlUbDdfR3J3T2JZdndLZVQzTXVDcmNid1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVnUSMA0G
CSqGSIb3DQEBCwUAA4IBAQAB2/i6N2McDXPz+UxqPYr+LQ+qZVgNw4WAucdFlyqV
1Zcn2LEk9bhrqo8U9egKIpcosBXc+JaeX5U3We5yMLxqZdndgBxfGoG6+XjouhAT
TELFP/OkZroZP4SoWduls2Wx9wIKZ59a/z4cP2yeGgK3lenZDYZZ9xLVFCKs208J
bEVOxQ4zNqfszE2u61Z+sw5qF1U+qZADYA/bjvQAQmqE+6S5dJ3vk/p9q0olpxGm
5/YTIKU6tFthl82J8vsjg7Or6Cq7RfqT6REr3dGHvxcsNy0RaUUAtS4Ags/gFncB
OwhAG/T9hIjuubQnGoiWccU3gGzMyYQIfh/dRJCpI/LU
-----END CERTIFICATE-----