Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/cffff8-3530-4e5b-a5e2-c77905fbba7b/1/tbP8hxJL4cY2T6FM1_Fpl_us5a8.roa
File:                     tbP8hxJL4cY2T6FM1_Fpl_us5a8.roa (raw, json)
Hash identifier:          gvIWNc4+6W8cDMjHk61tsdScna3D3kjj7DAdDPqu7nA=
Subject key identifier:   B5:B3:FC:87:12:4B:E1:C6:36:4F:A1:4C:D7:F1:69:97:FB:AC:E5:AF
Certificate issuer:       /CN=45bbd2193642530a017f4f1cbe562e2170b3dfbd
Certificate serial:       018D5B9F8D7BA8022F18D9D0508C458A25F7
Authority key identifier: 45:BB:D2:19:36:42:53:0A:01:7F:4F:1C:BE:56:2E:21:70:B3:DF:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RbvSGTZCUwoBf08cvlYuIXCz370.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/cffff8-3530-4e5b-a5e2-c77905fbba7b/1/tbP8hxJL4cY2T6FM1_Fpl_us5a8.roa
Signing time:             Tue 30 Jan 2024 18:26:39 +0000
ROA not before:           Tue 30 Jan 2024 18:26:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209854
IP address blocks:        193.56.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/cffff8-3530-4e5b-a5e2-c77905fbba7b/1/RbvSGTZCUwoBf08cvlYuIXCz370.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/cffff8-3530-4e5b-a5e2-c77905fbba7b/1/RbvSGTZCUwoBf08cvlYuIXCz370.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RbvSGTZCUwoBf08cvlYuIXCz370.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5b:9f:8d:7b:a8:02:2f:18:d9:d0:50:8c:45:8a:25:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45bbd2193642530a017f4f1cbe562e2170b3dfbd
        Validity
            Not Before: Jan 30 18:26:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5b3fc87124be1c6364fa14cd7f16997fbace5af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:16:2e:f2:2b:fc:ed:e1:3d:f0:ef:d5:23:f5:
                    67:c0:bd:4a:27:f3:bf:99:7e:17:40:10:1d:c8:f2:
                    c9:fd:9c:eb:08:18:8d:2d:0f:a0:54:31:40:c2:57:
                    f6:a7:3e:95:ff:c6:33:e6:29:58:a3:a3:b8:9d:42:
                    6e:3d:34:c9:ef:17:79:cf:0a:5c:15:5c:6f:f9:34:
                    30:da:21:0e:90:7c:25:88:ce:e9:3d:91:32:d3:9e:
                    21:b4:e4:59:9e:ca:b8:bc:01:74:7f:39:4f:3e:c0:
                    c7:26:c5:9c:a5:c3:5e:ae:6f:b8:3a:26:4d:f1:e6:
                    b2:23:e5:26:7e:39:73:86:7a:28:0d:07:63:75:8c:
                    80:3e:4d:ed:f8:16:5e:78:f1:5a:c1:49:6d:a9:90:
                    bd:34:2f:b9:48:e8:02:5a:48:36:c9:b9:1e:bb:f9:
                    ec:87:43:b9:65:bf:32:d8:d0:ee:79:23:08:36:cf:
                    55:c8:be:db:24:b0:ce:97:2e:54:00:27:0a:8c:3b:
                    fb:ff:e1:f0:f6:d7:4c:56:6f:b5:94:e4:81:04:ea:
                    77:cb:96:d8:86:9e:0b:b5:ae:a1:32:8c:79:5c:b0:
                    8a:a1:8c:07:78:e9:93:ac:79:f2:41:57:96:81:12:
                    bd:ca:bd:52:3c:57:77:f0:77:e9:bd:6b:62:f5:1c:
                    8a:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:B3:FC:87:12:4B:E1:C6:36:4F:A1:4C:D7:F1:69:97:FB:AC:E5:AF
            X509v3 Authority Key Identifier:
                keyid:45:BB:D2:19:36:42:53:0A:01:7F:4F:1C:BE:56:2E:21:70:B3:DF:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RbvSGTZCUwoBf08cvlYuIXCz370.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/cffff8-3530-4e5b-a5e2-c77905fbba7b/1/tbP8hxJL4cY2T6FM1_Fpl_us5a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/cffff8-3530-4e5b-a5e2-c77905fbba7b/1/RbvSGTZCUwoBf08cvlYuIXCz370.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:74:01:9b:20:62:e4:e9:52:f8:45:35:c0:5b:e5:82:53:20:
         fb:3c:ae:76:7d:3d:40:0a:36:3f:a7:66:23:75:3c:00:71:b3:
         a7:43:1c:49:aa:c5:d6:b8:00:01:fc:b6:d1:30:4f:a0:74:f4:
         9d:e1:7d:bb:e1:ef:91:80:fd:0e:6e:9b:3a:f6:e8:48:fe:57:
         b4:51:9e:78:2f:09:de:12:77:1b:2d:22:24:8b:67:8e:a2:0b:
         10:0d:36:3d:76:c9:f7:7d:64:c4:f3:c8:19:d9:90:bf:0a:ca:
         5c:ca:b0:4b:86:58:e4:33:96:84:01:62:a4:43:3c:fc:49:17:
         b0:b0:1f:43:2c:1a:5f:b9:7e:c7:3a:88:f3:67:9f:74:19:da:
         72:3e:8e:33:b9:00:76:95:41:3a:e8:27:35:c2:f5:99:99:c2:
         53:13:06:e0:69:48:cc:93:01:08:6c:f7:12:42:0c:61:70:89:
         b8:f6:26:1a:4c:25:b1:44:a3:4f:ca:96:90:1e:c2:f7:ae:43:
         c8:f9:a1:cc:77:3b:ae:c5:4f:80:40:fc:53:a7:f6:e6:cd:c7:
         f7:46:37:f6:94:67:23:72:ef:00:4c:35:53:e3:87:e1:72:b6:
         75:ad:75:65:33:3e:c6:e6:b3:91:5d:76:8d:7a:f7:a4:cf:83:
         e6:f9:bc:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1bn417qAIvGNnQUIxFiiX3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1YmJkMjE5MzY0MjUzMGEwMTdmNGYxY2JlNTYyZTIxNzBi
M2RmYmQwHhcNMjQwMTMwMTgyNjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWIzZmM4NzEyNGJlMWM2MzY0ZmExNGNkN2YxNjk5N2ZiYWNlNWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhYu8iv87eE98O/VI/VnwL1KJ/O/
mX4XQBAdyPLJ/ZzrCBiNLQ+gVDFAwlf2pz6V/8Yz5ilYo6O4nUJuPTTJ7xd5zwpc
FVxv+TQw2iEOkHwliM7pPZEy054htORZnsq4vAF0fzlPPsDHJsWcpcNerm+4OiZN
8eayI+UmfjlzhnooDQdjdYyAPk3t+BZeePFawUltqZC9NC+5SOgCWkg2ybkeu/ns
h0O5Zb8y2NDueSMINs9VyL7bJLDOly5UACcKjDv7/+Hw9tdMVm+1lOSBBOp3y5bY
hp4Lta6hMox5XLCKoYwHeOmTrHnyQVeWgRK9yr1SPFd38HfpvWti9RyKUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWz/IcSS+HGNk+hTNfxaZf7rOWvMB8GA1UdIwQY
MBaAFEW70hk2QlMKAX9PHL5WLiFws9+9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmJ2U0dUWkNVd29CZjA4Y3ZsWXVJWEN6MzcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9jZmZmZjgtMzUzMC00ZTViLWE1ZTIt
Yzc3OTA1ZmJiYTdiLzEvdGJQOGh4Skw0Y1kyVDZGTTFfRnBsX3VzNWE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9jZmZmZjgtMzUzMC00ZTViLWE1ZTItYzc3OTA1ZmJiYTdi
LzEvUmJ2U0dUWkNVd29CZjA4Y3ZsWXVJWEN6MzcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwThxMA0G
CSqGSIb3DQEBCwUAA4IBAQCYdAGbIGLk6VL4RTXAW+WCUyD7PK52fT1ACjY/p2Yj
dTwAcbOnQxxJqsXWuAAB/LbRME+gdPSd4X274e+RgP0Obps69uhI/le0UZ54Lwne
EncbLSIki2eOogsQDTY9dsn3fWTE88gZ2ZC/CspcyrBLhljkM5aEAWKkQzz8SRew
sB9DLBpfuX7HOojzZ590GdpyPo4zuQB2lUE66Cc1wvWZmcJTEwbgaUjMkwEIbPcS
QgxhcIm49iYaTCWxRKNPypaQHsL3rkPI+aHMdzuuxU+AQPxTp/bmzcf3Rjf2lGcj
cu8ATDVT44fhcrZ1rXVlMz7G5rORXXaNevekz4Pm+byV
-----END CERTIFICATE-----