Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/2bbcd4-edab-48ee-a411-28fc7063d952/1/FLC1w9uXw8WH564LlMWCztoe26g.roa
File:                     FLC1w9uXw8WH564LlMWCztoe26g.roa (raw, json)
Hash identifier:          LxNTaguIUPWBMNI9ZhNBGb51Vqi0i7wXlCSEB0wDN2k=
Subject key identifier:   14:B0:B5:C3:DB:97:C3:C5:87:E7:AE:0B:94:C5:82:CE:DA:1E:DB:A8
Certificate issuer:       /CN=2890da765a999f719875c51eecf4c7d6148a1bd9
Certificate serial:       018CC26D0AFBDDF1EA0F41CD01E2311FC62F
Authority key identifier: 28:90:DA:76:5A:99:9F:71:98:75:C5:1E:EC:F4:C7:D6:14:8A:1B:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KJDadlqZn3GYdcUe7PTH1hSKG9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/2bbcd4-edab-48ee-a411-28fc7063d952/1/FLC1w9uXw8WH564LlMWCztoe26g.roa
Signing time:             Mon 01 Jan 2024 00:29:35 +0000
ROA not before:           Mon 01 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206783
IP address blocks:        45.143.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/2bbcd4-edab-48ee-a411-28fc7063d952/1/KJDadlqZn3GYdcUe7PTH1hSKG9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/2bbcd4-edab-48ee-a411-28fc7063d952/1/KJDadlqZn3GYdcUe7PTH1hSKG9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KJDadlqZn3GYdcUe7PTH1hSKG9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0a:fb:dd:f1:ea:0f:41:cd:01:e2:31:1f:c6:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2890da765a999f719875c51eecf4c7d6148a1bd9
        Validity
            Not Before: Jan  1 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14b0b5c3db97c3c587e7ae0b94c582ceda1edba8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:a5:43:a9:5d:f8:97:ce:b7:1e:fe:e3:2e:b3:
                    08:51:41:87:67:46:59:51:d1:bc:a1:5f:51:d8:d2:
                    0e:f5:50:35:cc:a2:ce:69:24:f5:4d:c6:a7:55:a6:
                    ce:bc:0c:52:fc:60:15:d3:70:71:96:3b:36:49:29:
                    04:36:b8:18:a9:e2:ea:90:9b:94:89:df:15:2a:f1:
                    2a:d5:91:f2:db:14:6a:12:97:c4:06:80:df:b6:da:
                    d0:5e:fe:a7:35:95:ae:1b:98:18:db:07:59:d7:e7:
                    7d:3a:77:a1:20:94:2f:10:04:e8:9c:98:66:a9:ec:
                    19:f6:bc:83:99:17:c3:5a:2c:3f:3e:81:1c:f4:31:
                    09:cb:03:7e:b4:27:81:7b:ab:fc:22:10:b1:30:f7:
                    31:63:53:ca:27:cf:81:76:06:39:c4:bd:5a:34:4a:
                    6d:66:1d:2f:1f:63:31:3c:0b:f8:79:13:4b:fe:dc:
                    93:d1:3c:c9:7b:17:32:57:a6:74:58:67:cf:26:ba:
                    f5:e8:b6:72:81:94:59:a1:c6:3c:48:57:d5:39:1e:
                    4e:0b:d1:80:fc:de:ab:0b:c9:1a:f0:f2:fb:7c:87:
                    19:12:59:94:e0:9c:af:c5:a4:b5:c3:3c:ea:fd:f6:
                    41:cf:29:b9:f1:36:5e:ca:3e:5e:e7:c7:ec:08:bd:
                    2c:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:B0:B5:C3:DB:97:C3:C5:87:E7:AE:0B:94:C5:82:CE:DA:1E:DB:A8
            X509v3 Authority Key Identifier:
                keyid:28:90:DA:76:5A:99:9F:71:98:75:C5:1E:EC:F4:C7:D6:14:8A:1B:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KJDadlqZn3GYdcUe7PTH1hSKG9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2bbcd4-edab-48ee-a411-28fc7063d952/1/FLC1w9uXw8WH564LlMWCztoe26g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2bbcd4-edab-48ee-a411-28fc7063d952/1/KJDadlqZn3GYdcUe7PTH1hSKG9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:8c:b6:50:25:95:2a:45:c0:43:4f:6a:ba:b6:15:4b:8c:f3:
         aa:8d:2c:e2:97:2d:72:3a:f7:15:2e:38:a9:37:4d:fe:65:47:
         4d:cc:8b:72:b8:f3:5d:83:f3:4b:9d:36:df:d2:42:fc:fe:65:
         26:4a:8f:7f:5d:b6:2a:ad:bd:d3:53:96:1e:bc:8d:71:8d:ad:
         60:4a:5e:a6:22:b5:32:f3:ad:8d:4a:5d:f4:7d:b5:db:48:81:
         a4:61:4b:56:39:d8:a9:2c:64:b5:1a:46:3b:a9:80:31:86:c5:
         00:19:46:cd:9a:fa:4d:f1:f6:65:4f:68:c6:91:df:16:bc:0d:
         96:40:3b:8c:a3:1e:a1:57:9b:e1:bd:33:64:8c:c8:c7:b2:c2:
         1f:27:97:cf:20:c8:1b:06:34:56:a5:68:f4:03:7c:f5:45:0a:
         e4:0f:9a:08:5e:88:bf:85:ea:8e:a1:04:45:28:02:9b:a2:40:
         1c:f7:59:cc:44:58:aa:76:f2:a0:d7:46:00:81:18:e0:e6:1b:
         45:86:65:7e:44:79:4e:14:81:35:60:1d:23:98:43:ab:fa:2d:
         28:a5:66:63:de:1e:82:a6:25:bf:70:f9:12:9b:42:0e:24:2b:
         58:57:5c:d9:81:3a:80:3c:3d:ea:40:9b:67:d9:bf:fa:f8:31:
         db:4d:ad:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQr73fHqD0HNAeIxH8YvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4OTBkYTc2NWE5OTlmNzE5ODc1YzUxZWVjZjRjN2Q2MTQ4
YTFiZDkwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGIwYjVjM2RiOTdjM2M1ODdlN2FlMGI5NGM1ODJjZWRhMWVkYmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhaVDqV34l863Hv7jLrMIUUGHZ0ZZ
UdG8oV9R2NIO9VA1zKLOaST1TcanVabOvAxS/GAV03Bxljs2SSkENrgYqeLqkJuU
id8VKvEq1ZHy2xRqEpfEBoDfttrQXv6nNZWuG5gY2wdZ1+d9OnehIJQvEATonJhm
qewZ9ryDmRfDWiw/PoEc9DEJywN+tCeBe6v8IhCxMPcxY1PKJ8+BdgY5xL1aNEpt
Zh0vH2MxPAv4eRNL/tyT0TzJexcyV6Z0WGfPJrr16LZygZRZocY8SFfVOR5OC9GA
/N6rC8ka8PL7fIcZElmU4JyvxaS1wzzq/fZBzym58TZeyj5e58fsCL0sTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSwtcPbl8PFh+euC5TFgs7aHtuoMB8GA1UdIwQY
MBaAFCiQ2nZamZ9xmHXFHuz0x9YUihvZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0pEYWRscVpuM0dZZGNVZTdQVEgxaFNLRzlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8yYmJjZDQtZWRhYi00OGVlLWE0MTEt
MjhmYzcwNjNkOTUyLzEvRkxDMXc5dVh3OFdINTY0TGxNV0N6dG9lMjZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8yYmJjZDQtZWRhYi00OGVlLWE0MTEtMjhmYzcwNjNkOTUy
LzEvS0pEYWRscVpuM0dZZGNVZTdQVEgxaFNLRzlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY/PMA0G
CSqGSIb3DQEBCwUAA4IBAQCHjLZQJZUqRcBDT2q6thVLjPOqjSzily1yOvcVLjip
N03+ZUdNzItyuPNdg/NLnTbf0kL8/mUmSo9/XbYqrb3TU5YevI1xja1gSl6mIrUy
862NSl30fbXbSIGkYUtWOdipLGS1GkY7qYAxhsUAGUbNmvpN8fZlT2jGkd8WvA2W
QDuMox6hV5vhvTNkjMjHssIfJ5fPIMgbBjRWpWj0A3z1RQrkD5oIXoi/heqOoQRF
KAKbokAc91nMRFiqdvKg10YAgRjg5htFhmV+RHlOFIE1YB0jmEOr+i0opWZj3h6C
piW/cPkSm0IOJCtYV1zZgTqAPD3qQJtn2b/6+DHbTa1u
-----END CERTIFICATE-----