Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/54c1d1-363b-45ba-8927-9689fbf6f6ee/1/Fg_EZoeceqr39Rui-rGE6YxYzEM.roa
File:                     Fg_EZoeceqr39Rui-rGE6YxYzEM.roa (raw, json)
Hash identifier:          UsXdQm4J4sfbna+Ew1NojjQbs2PbZLWIDh4TlsSZRe8=
Subject key identifier:   16:0F:C4:66:87:9C:7A:AA:F7:F5:1B:A2:FA:B1:84:E9:8C:58:CC:43
Certificate issuer:       /CN=3ebc9e51baab3c3e6ab699fcb443f007f546c3fb
Certificate serial:       018CC6B7877F97535327C55CEED81D51BDA3
Authority key identifier: 3E:BC:9E:51:BA:AB:3C:3E:6A:B6:99:FC:B4:43:F0:07:F5:46:C3:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PryeUbqrPD5qtpn8tEPwB_VGw_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/54c1d1-363b-45ba-8927-9689fbf6f6ee/1/Fg_EZoeceqr39Rui-rGE6YxYzEM.roa
Signing time:             Mon 01 Jan 2024 20:29:25 +0000
ROA not before:           Mon 01 Jan 2024 20:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1161
IP address blocks:        131.155.0.0/16 maxlen: 16
                          192.31.168.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/54c1d1-363b-45ba-8927-9689fbf6f6ee/1/PryeUbqrPD5qtpn8tEPwB_VGw_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/54c1d1-363b-45ba-8927-9689fbf6f6ee/1/PryeUbqrPD5qtpn8tEPwB_VGw_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PryeUbqrPD5qtpn8tEPwB_VGw_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:87:7f:97:53:53:27:c5:5c:ee:d8:1d:51:bd:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ebc9e51baab3c3e6ab699fcb443f007f546c3fb
        Validity
            Not Before: Jan  1 20:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=160fc466879c7aaaf7f51ba2fab184e98c58cc43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:29:52:67:80:59:36:fb:97:9c:e0:d4:46:d8:
                    89:4c:ce:e0:ce:07:48:00:a3:49:6a:7f:a2:cb:65:
                    b8:d7:f4:de:4f:4c:e8:13:c9:06:87:8f:c9:bb:8f:
                    48:c2:d2:ee:20:3b:b4:6e:af:de:e7:9b:d6:6a:69:
                    f6:f4:a2:4c:67:50:20:90:1c:d6:f0:a9:9d:59:3d:
                    26:5b:73:e3:88:50:6c:22:e9:85:3a:fa:6d:33:1d:
                    ba:32:a5:1a:04:b1:38:49:02:b3:f7:cb:a8:2b:6b:
                    39:bb:ae:0b:1e:d6:b0:72:e9:4e:4a:85:30:dd:da:
                    bb:64:77:b3:9a:0d:4f:54:35:cc:6f:a1:99:21:7a:
                    5d:e7:fb:e4:8b:d3:f0:0c:ac:6c:1e:f9:51:a4:11:
                    9d:ba:5d:b8:5e:90:9d:b0:2a:7f:34:19:57:bb:ea:
                    c9:b8:0a:d5:b2:1e:eb:c2:35:39:7c:75:86:64:83:
                    a1:ef:59:80:be:ee:dc:2d:34:cb:25:b5:85:0d:12:
                    96:45:59:a1:72:fc:28:11:f4:7d:47:12:1e:65:6d:
                    24:72:1a:90:8b:14:9d:06:f3:02:5b:49:e0:b9:c1:
                    d7:84:b7:cc:b5:4a:99:67:80:0d:22:d6:98:64:2c:
                    9b:56:b3:cd:9c:9d:9b:d6:bc:45:29:53:01:56:e7:
                    c5:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:0F:C4:66:87:9C:7A:AA:F7:F5:1B:A2:FA:B1:84:E9:8C:58:CC:43
            X509v3 Authority Key Identifier:
                keyid:3E:BC:9E:51:BA:AB:3C:3E:6A:B6:99:FC:B4:43:F0:07:F5:46:C3:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PryeUbqrPD5qtpn8tEPwB_VGw_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/54c1d1-363b-45ba-8927-9689fbf6f6ee/1/Fg_EZoeceqr39Rui-rGE6YxYzEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/54c1d1-363b-45ba-8927-9689fbf6f6ee/1/PryeUbqrPD5qtpn8tEPwB_VGw_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.155.0.0/16
                  192.31.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:c9:7c:07:93:52:7b:fc:f5:6a:c7:1e:88:c4:8a:2c:c8:f9:
         b0:7a:56:f5:5a:52:b6:7f:17:26:ce:ed:f5:97:d2:73:4e:03:
         7c:c8:79:b6:15:ad:62:36:6f:e3:5b:9e:57:fe:d5:d0:03:51:
         8f:29:7d:37:5a:c8:5b:ee:ea:7d:b5:0b:c4:75:59:da:67:d8:
         d9:ad:69:9c:c9:79:78:dd:93:5c:d3:c5:ca:3f:fc:1b:9e:1a:
         c4:79:99:25:56:37:ae:bc:1b:90:0c:53:77:dd:8f:4a:d8:d3:
         32:9a:03:16:e4:22:70:a0:72:c8:46:a7:0c:b1:2e:a4:dc:49:
         29:ff:7b:2c:51:97:5d:c5:e4:4d:54:61:a1:c6:20:1c:c2:da:
         b7:b3:91:7f:8f:b0:64:80:1e:2c:2d:8c:c0:ee:36:58:94:13:
         25:bc:c5:d5:3e:7a:c3:4b:06:91:0b:a1:59:a3:4f:e9:84:a1:
         ce:62:64:11:d2:36:87:73:7b:69:ae:14:9f:95:ec:30:00:26:
         89:a1:9d:0d:ce:98:9f:c5:4b:3e:3a:b8:43:ff:fb:0e:62:c7:
         4b:29:0f:4c:40:e2:99:c8:f4:db:60:67:79:dc:42:51:39:f2:
         e4:9c:ba:69:42:5d:16:e8:a6:38:6d:ec:37:ec:4b:9c:56:88:
         a1:67:0f:ff
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzGt4d/l1NTJ8Vc7tgdUb2jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYmM5ZTUxYmFhYjNjM2U2YWI2OTlmY2I0NDNmMDA3ZjU0
NmMzZmIwHhcNMjQwMTAxMjAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjBmYzQ2Njg3OWM3YWFhZjdmNTFiYTJmYWIxODRlOThjNThjYzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmilSZ4BZNvuXnODURtiJTM7gzgdI
AKNJan+iy2W41/TeT0zoE8kGh4/Ju49IwtLuIDu0bq/e55vWamn29KJMZ1AgkBzW
8KmdWT0mW3PjiFBsIumFOvptMx26MqUaBLE4SQKz98uoK2s5u64LHtawculOSoUw
3dq7ZHezmg1PVDXMb6GZIXpd5/vki9PwDKxsHvlRpBGdul24XpCdsCp/NBlXu+rJ
uArVsh7rwjU5fHWGZIOh71mAvu7cLTTLJbWFDRKWRVmhcvwoEfR9RxIeZW0kchqQ
ixSdBvMCW0ngucHXhLfMtUqZZ4ANItaYZCybVrPNnJ2b1rxFKVMBVufF3QIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFBYPxGaHnHqq9/UbovqxhOmMWMxDMB8GA1UdIwQY
MBaAFD68nlG6qzw+araZ/LRD8Af1RsP7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHJ5ZVVicXJQRDVxdHBuOHRFUHdCX1ZHd19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC81NGMxZDEtMzYzYi00NWJhLTg5Mjct
OTY4OWZiZjZmNmVlLzEvRmdfRVpvZWNlcXIzOVJ1aS1yR0U2WXhZekVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC81NGMxZDEtMzYzYi00NWJhLTg5MjctOTY4OWZiZjZmNmVl
LzEvUHJ5ZVVicXJQRDVxdHBuOHRFUHdCX1ZHd19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAg5sDBALA
H6gwDQYJKoZIhvcNAQELBQADggEBAEXJfAeTUnv89WrHHojEiizI+bB6VvVaUrZ/
FybO7fWX0nNOA3zIebYVrWI2b+Nbnlf+1dADUY8pfTdayFvu6n21C8R1Wdpn2Nmt
aZzJeXjdk1zTxco//BueGsR5mSVWN668G5AMU3fdj0rY0zKaAxbkInCgcshGpwyx
LqTcSSn/eyxRl13F5E1UYaHGIBzC2rezkX+PsGSAHiwtjMDuNliUEyW8xdU+esNL
BpELoVmjT+mEoc5iZBHSNodze2muFJ+V7DAAJomhnQ3OmJ/FSz46uEP/+w5ix0sp
D0xA4pnI9NtgZ3ncQlE58uScumlCXRbopjht7DfsS5xWiKFnD/8=
-----END CERTIFICATE-----