Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/Fb3KYJ2MWUBeAV0HfmsSH1GMHXQ.roa
File:                     Fb3KYJ2MWUBeAV0HfmsSH1GMHXQ.roa (raw, json)
Hash identifier:          1FSRdZ+olhPtFZNtJ3krLl8LahEAyFlNEVaRycErmEA=
Subject key identifier:   15:BD:CA:60:9D:8C:59:40:5E:01:5D:07:7E:6B:12:1F:51:8C:1D:74
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       018CC86FB46307D7CAF0FE6D2AEAF7D98EEF
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/Fb3KYJ2MWUBeAV0HfmsSH1GMHXQ.roa
Signing time:             Tue 02 Jan 2024 04:30:13 +0000
ROA not before:           Tue 02 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204958
IP address blocks:        152.89.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b4:63:07:d7:ca:f0:fe:6d:2a:ea:f7:d9:8e:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  2 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15bdca609d8c59405e015d077e6b121f518c1d74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:03:d1:ad:b6:79:37:1e:cf:4b:69:94:17:74:
                    86:23:ec:7d:a3:1d:1a:6a:f1:65:d7:4f:8a:5b:0b:
                    0c:3e:2d:51:9a:1b:f1:31:d8:b1:aa:2b:bf:1c:a9:
                    35:77:5e:b5:dc:f0:97:d4:c8:52:3d:a7:a1:be:0c:
                    5f:07:68:9a:4a:c8:a3:3b:da:e3:5e:f2:f0:c5:e4:
                    1a:b7:7a:93:37:85:d6:30:00:65:e5:93:3d:1f:73:
                    6d:e3:02:67:ed:10:9c:94:40:68:16:54:89:50:24:
                    50:be:7b:c3:d2:a9:00:25:63:56:95:9f:7d:26:59:
                    e6:23:a0:4a:d3:b5:a5:e8:df:bc:b9:e4:f8:8e:c5:
                    bd:32:2b:84:a1:ab:5c:27:44:ce:87:c5:ac:01:04:
                    64:e3:8c:26:7b:23:b9:72:e2:1f:b4:e0:c4:f9:4a:
                    70:6c:22:b0:c8:2a:ad:c6:10:09:b9:e8:48:fb:b0:
                    55:8f:72:2a:d9:57:33:5a:91:a9:a6:9d:be:84:7c:
                    8e:e8:2a:6a:3c:ed:a6:6c:5e:45:30:88:76:04:35:
                    a4:47:75:be:94:3f:5c:13:23:88:19:50:79:93:e7:
                    6c:b0:8b:2b:bb:23:4c:2f:0f:58:e3:60:c3:43:67:
                    0c:df:89:0e:d3:12:50:04:f3:68:2d:34:2c:a3:2c:
                    6c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:BD:CA:60:9D:8C:59:40:5E:01:5D:07:7E:6B:12:1F:51:8C:1D:74
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/Fb3KYJ2MWUBeAV0HfmsSH1GMHXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:b9:93:b6:cc:1f:0e:62:bf:90:50:39:1d:73:f0:68:5b:d1:
         21:11:42:ed:02:ed:49:55:97:b5:c6:be:cc:bf:d6:4f:59:bc:
         93:37:35:0d:e6:88:25:e9:9e:1f:5b:ee:82:ca:57:01:ad:c2:
         33:98:6f:dc:ba:c4:ea:1d:62:5f:41:5d:f4:ae:27:f4:16:5d:
         43:80:22:77:bc:53:51:97:f7:1d:c0:f7:b2:cd:5d:6d:45:74:
         f3:1f:b0:96:73:92:d2:81:1b:cb:e6:2e:db:6b:4f:2e:02:43:
         73:3a:63:0f:c8:1d:3b:bc:4a:85:d4:e2:2d:22:db:e0:c9:b7:
         37:ab:fa:1e:a8:1a:53:d6:60:2a:0e:50:8a:a9:16:ad:77:45:
         fe:25:22:47:65:07:c9:48:ac:c0:2b:b7:03:fd:8d:9b:cf:a7:
         0e:79:ae:5e:5c:b2:34:2e:70:ac:ab:8e:6c:01:47:c4:f7:9a:
         c1:ea:77:e5:fe:71:be:22:9a:b2:2f:0c:5b:e9:7e:d4:4d:ae:
         2a:35:33:04:bd:5b:10:94:63:81:89:2a:48:d8:a2:36:39:1e:
         fd:d7:79:4c:1f:37:82:50:32:76:23:23:45:a1:f1:72:7b:bc:
         81:4d:67:95:b3:cf:0d:c0:4d:f3:0e:ce:fb:c6:fc:c2:08:46:
         3c:9c:8a:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb7RjB9fK8P5tKur32Y7vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwMTAyMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWJkY2E2MDlkOGM1OTQwNWUwMTVkMDc3ZTZiMTIxZjUxOGMxZDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQPRrbZ5Nx7PS2mUF3SGI+x9ox0a
avFl10+KWwsMPi1RmhvxMdixqiu/HKk1d1613PCX1MhSPaehvgxfB2iaSsijO9rj
XvLwxeQat3qTN4XWMABl5ZM9H3Nt4wJn7RCclEBoFlSJUCRQvnvD0qkAJWNWlZ99
JlnmI6BK07Wl6N+8ueT4jsW9MiuEoatcJ0TOh8WsAQRk44wmeyO5cuIftODE+Upw
bCKwyCqtxhAJuehI+7BVj3Iq2VczWpGppp2+hHyO6CpqPO2mbF5FMIh2BDWkR3W+
lD9cEyOIGVB5k+dssIsruyNMLw9Y42DDQ2cM34kO0xJQBPNoLTQsoyxsKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBW9ymCdjFlAXgFdB35rEh9RjB10MB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvRmIzS1lKMk1XVUJlQVYwSGZtc1NIMUdNSFhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmFmrMA0G
CSqGSIb3DQEBCwUAA4IBAQBRuZO2zB8OYr+QUDkdc/BoW9EhEULtAu1JVZe1xr7M
v9ZPWbyTNzUN5ogl6Z4fW+6CylcBrcIzmG/cusTqHWJfQV30rif0Fl1DgCJ3vFNR
l/cdwPeyzV1tRXTzH7CWc5LSgRvL5i7ba08uAkNzOmMPyB07vEqF1OItItvgybc3
q/oeqBpT1mAqDlCKqRatd0X+JSJHZQfJSKzAK7cD/Y2bz6cOea5eXLI0LnCsq45s
AUfE95rB6nfl/nG+IpqyLwxb6X7UTa4qNTMEvVsQlGOBiSpI2KI2OR7913lMHzeC
UDJ2IyNFofFye7yBTWeVs88NwE3zDs77xvzCCEY8nIqV
-----END CERTIFICATE-----