Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/1aae45-f6be-401c-b3d0-f467b2f42af6/1/FCSdlo80WFCmJgOLi6vUM5tAOAA.roa
File:                     FCSdlo80WFCmJgOLi6vUM5tAOAA.roa (raw, json)
Hash identifier:          hLY5v+x+f9On7VZ2H6ycInnku9iSb30He+RctaedEM4=
Subject key identifier:   14:24:9D:96:8F:34:58:50:A6:26:03:8B:8B:AB:D4:33:9B:40:38:00
Certificate issuer:       /CN=b4c814ffca5310862a2224f0afd90caa96ac0b54
Certificate serial:       018E191A5A57A3E9ADF5A834C617E1065B69
Authority key identifier: B4:C8:14:FF:CA:53:10:86:2A:22:24:F0:AF:D9:0C:AA:96:AC:0B:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tMgU_8pTEIYqIiTwr9kMqpasC1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/1aae45-f6be-401c-b3d0-f467b2f42af6/1/FCSdlo80WFCmJgOLi6vUM5tAOAA.roa
Signing time:             Thu 07 Mar 2024 13:29:01 +0000
ROA not before:           Thu 07 Mar 2024 13:29:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45014
IP address blocks:        5.159.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/1aae45-f6be-401c-b3d0-f467b2f42af6/1/tMgU_8pTEIYqIiTwr9kMqpasC1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/1aae45-f6be-401c-b3d0-f467b2f42af6/1/tMgU_8pTEIYqIiTwr9kMqpasC1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tMgU_8pTEIYqIiTwr9kMqpasC1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:19:1a:5a:57:a3:e9:ad:f5:a8:34:c6:17:e1:06:5b:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4c814ffca5310862a2224f0afd90caa96ac0b54
        Validity
            Not Before: Mar  7 13:29:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14249d968f345850a626038b8babd4339b403800
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:fa:44:86:6a:ae:02:9d:91:b6:22:65:ac:d5:
                    4a:30:31:4c:db:cd:4e:c7:06:55:8e:10:f2:df:03:
                    cf:28:5b:60:94:64:8a:49:14:e1:ed:09:72:f6:47:
                    c1:7c:c3:26:47:84:16:dd:dc:23:1b:df:0a:5e:4a:
                    96:33:c1:66:18:54:3c:36:5b:d0:ae:49:ea:b7:d1:
                    fe:57:b3:8a:9e:b4:75:b2:ad:d3:5b:9a:12:5a:e4:
                    5a:dc:41:ee:b4:f5:97:fb:27:09:22:4d:8d:1d:8b:
                    e1:0c:0e:8a:0c:d7:ea:0f:bb:7f:2a:db:ef:db:9f:
                    7b:ff:2a:eb:15:0a:5d:2d:27:2b:af:7b:1b:f3:ec:
                    16:7b:98:5d:48:6f:e8:e0:39:d7:9b:9b:60:1f:f4:
                    2f:80:84:10:61:f9:59:77:8f:db:d2:75:25:36:b5:
                    21:d8:5a:6f:f6:8c:5f:8b:57:f2:12:7b:e7:db:5e:
                    c2:7b:2c:e6:5f:37:5a:e3:3e:3d:14:10:bc:f6:76:
                    08:01:55:0b:53:9f:5b:72:55:79:9e:bd:ad:54:36:
                    64:dc:28:84:35:70:65:9d:a6:d9:66:ab:a2:75:84:
                    1a:a9:2e:a9:ab:ae:33:83:9c:ac:e6:48:a9:c4:26:
                    0a:12:3e:56:45:8e:25:1a:9d:9e:c9:03:f3:60:39:
                    95:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:24:9D:96:8F:34:58:50:A6:26:03:8B:8B:AB:D4:33:9B:40:38:00
            X509v3 Authority Key Identifier:
                keyid:B4:C8:14:FF:CA:53:10:86:2A:22:24:F0:AF:D9:0C:AA:96:AC:0B:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tMgU_8pTEIYqIiTwr9kMqpasC1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/1aae45-f6be-401c-b3d0-f467b2f42af6/1/FCSdlo80WFCmJgOLi6vUM5tAOAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/1aae45-f6be-401c-b3d0-f467b2f42af6/1/tMgU_8pTEIYqIiTwr9kMqpasC1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:a2:ba:96:f1:4c:20:26:02:80:47:9f:d1:78:84:cd:8f:2a:
         be:98:bd:41:e7:6c:26:32:20:ea:0a:01:20:de:d8:ac:d0:2b:
         3a:2f:9b:bc:9f:91:68:f3:40:46:3c:fb:c9:01:5b:6a:3c:ce:
         56:40:52:53:24:a3:04:da:08:4b:b0:cb:bc:0a:4b:a2:68:ff:
         ca:d4:bd:0d:ec:8c:32:3d:d1:a7:bd:76:ff:a8:d8:34:4a:5e:
         d1:19:b9:df:9d:bb:6b:3b:98:18:fb:53:64:4e:78:0c:5f:c2:
         de:85:9e:a8:b4:74:ef:39:c9:3c:61:bb:92:81:e8:2a:75:5c:
         19:ca:34:3a:05:05:f3:06:10:34:b2:03:b1:4f:a7:b5:81:eb:
         a5:ee:06:70:75:31:99:84:d5:97:36:26:fb:b3:d8:ed:de:d1:
         24:0a:30:bc:46:4e:65:1f:1e:1a:e4:2e:0c:2c:08:8c:f8:c2:
         40:74:d6:d6:7b:ff:c7:fc:5c:b7:c6:73:fc:58:aa:5e:73:38:
         b7:5c:28:00:b8:3d:2f:75:a0:82:3a:d6:1d:75:f5:4c:4b:4b:
         a5:80:d0:e0:b3:51:f7:f7:36:5c:7f:ad:be:c4:9e:5e:fc:2b:
         f5:59:14:76:2a:46:71:b6:95:28:40:bb:e8:17:3f:0a:08:a6:
         4c:f2:0c:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4ZGlpXo+mt9ag0xhfhBltpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0YzgxNGZmY2E1MzEwODYyYTIyMjRmMGFmZDkwY2FhOTZh
YzBiNTQwHhcNMjQwMzA3MTMyOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDI0OWQ5NjhmMzQ1ODUwYTYyNjAzOGI4YmFiZDQzMzliNDAzODAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfpEhmquAp2RtiJlrNVKMDFM281O
xwZVjhDy3wPPKFtglGSKSRTh7Qly9kfBfMMmR4QW3dwjG98KXkqWM8FmGFQ8NlvQ
rknqt9H+V7OKnrR1sq3TW5oSWuRa3EHutPWX+ycJIk2NHYvhDA6KDNfqD7t/Ktvv
2597/yrrFQpdLScrr3sb8+wWe5hdSG/o4DnXm5tgH/QvgIQQYflZd4/b0nUlNrUh
2Fpv9oxfi1fyEnvn217CeyzmXzda4z49FBC89nYIAVULU59bclV5nr2tVDZk3CiE
NXBlnabZZquidYQaqS6pq64zg5ys5kipxCYKEj5WRY4lGp2eyQPzYDmV7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBQknZaPNFhQpiYDi4ur1DObQDgAMB8GA1UdIwQY
MBaAFLTIFP/KUxCGKiIk8K/ZDKqWrAtUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE1nVV84cFRFSVlxSWlUd3I5a01xcGFzQzFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8xYWFlNDUtZjZiZS00MDFjLWIzZDAt
ZjQ2N2IyZjQyYWY2LzEvRkNTZGxvODBXRkNtSmdPTGk2dlVNNXRBT0FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8xYWFlNDUtZjZiZS00MDFjLWIzZDAtZjQ2N2IyZjQyYWY2
LzEvdE1nVV84cFRFSVlxSWlUd3I5a01xcGFzQzFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZ/EMA0G
CSqGSIb3DQEBCwUAA4IBAQCHorqW8UwgJgKAR5/ReITNjyq+mL1B52wmMiDqCgEg
3tis0Cs6L5u8n5Fo80BGPPvJAVtqPM5WQFJTJKME2ghLsMu8CkuiaP/K1L0N7Iwy
PdGnvXb/qNg0Sl7RGbnfnbtrO5gY+1NkTngMX8LehZ6otHTvOck8YbuSgegqdVwZ
yjQ6BQXzBhA0sgOxT6e1geul7gZwdTGZhNWXNib7s9jt3tEkCjC8Rk5lHx4a5C4M
LAiM+MJAdNbWe//H/Fy3xnP8WKpeczi3XCgAuD0vdaCCOtYddfVMS0ulgNDgs1H3
9zZcf62+xJ5e/Cv1WRR2KkZxtpUoQLvoFz8KCKZM8gyD
-----END CERTIFICATE-----