Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/FG9OY5v9Y1IP-c1jIjwcuhI1grg.roa
File:                     FG9OY5v9Y1IP-c1jIjwcuhI1grg.roa (raw, json)
Hash identifier:          NvwPRAq5zC24tyTsVeMQBuEldKKppAT8v25VKInZiLQ=
Subject key identifier:   14:6F:4E:63:9B:FD:63:52:0F:F9:CD:63:22:3C:1C:BA:12:35:82:B8
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       018CC794EA14D84FC9D5DCDDBDDA5503F167
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/FG9OY5v9Y1IP-c1jIjwcuhI1grg.roa
Signing time:             Tue 02 Jan 2024 00:31:14 +0000
ROA not before:           Tue 02 Jan 2024 00:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     17098
IP address blocks:        45.141.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:ea:14:d8:4f:c9:d5:dc:dd:bd:da:55:03:f1:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 00:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=146f4e639bfd63520ff9cd63223c1cba123582b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a1:8d:ed:df:7e:c7:5c:06:e2:c5:12:f1:d6:
                    94:e2:e8:c7:5e:97:06:1d:53:92:45:e2:dc:20:e6:
                    0a:ab:d1:5d:f2:9c:be:12:16:c0:9c:fc:b5:23:fc:
                    3d:4a:13:28:7b:2b:18:e6:94:1b:c1:d5:b7:1c:0d:
                    94:3a:f8:a2:77:c8:39:28:fe:31:38:a9:83:38:9b:
                    89:eb:bf:45:4e:28:10:48:4d:eb:86:b4:37:42:c2:
                    53:d7:b1:21:3f:a3:6d:4d:9b:d2:09:24:3f:8b:73:
                    0c:14:87:ea:cc:9b:57:32:4f:56:7c:28:24:b8:44:
                    ec:71:0c:23:71:72:3a:9c:63:fc:e6:f7:f0:6d:96:
                    80:0a:fa:b3:3a:bc:f6:09:f4:c8:39:e4:2d:5e:bf:
                    1a:f8:e0:98:70:38:1f:d8:73:53:f3:e5:a5:e5:4d:
                    72:1e:71:d8:2d:38:10:00:fb:26:98:31:c1:de:82:
                    6d:7a:86:90:46:08:7b:5f:96:dc:d5:c1:27:f6:5b:
                    6e:75:40:dd:f6:99:5e:2a:50:e1:e2:91:fe:cf:35:
                    6c:90:7c:a5:d0:29:83:47:80:9b:97:ab:53:ed:3d:
                    a4:9f:73:26:dd:4d:67:b5:69:f8:17:81:88:e7:23:
                    0c:9b:6d:6c:ff:89:00:28:ff:94:1d:d8:b3:8d:13:
                    9d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:6F:4E:63:9B:FD:63:52:0F:F9:CD:63:22:3C:1C:BA:12:35:82:B8
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/FG9OY5v9Y1IP-c1jIjwcuhI1grg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:de:a5:f5:58:a5:c0:59:46:23:52:7b:50:c0:12:ec:02:fe:
         b7:de:8a:ba:8d:20:91:6d:79:85:f4:e5:90:b8:de:91:73:24:
         77:37:bd:3d:e9:e6:6d:63:33:6d:d0:16:a3:51:1e:6a:16:fd:
         1f:93:e1:b7:a7:49:85:46:34:72:23:02:62:73:57:57:bd:61:
         76:03:23:10:e9:75:91:65:6d:ef:06:87:8c:2c:b3:d0:90:e4:
         89:4b:ab:0f:3f:e6:1c:05:c1:90:39:5c:2d:33:27:8d:d1:10:
         2c:92:b0:59:f4:ed:99:08:ee:e2:c3:5c:ec:32:af:eb:99:6f:
         b7:9d:55:cd:64:95:3f:3d:83:fb:db:df:63:b5:7a:47:53:21:
         04:a2:35:92:b2:4b:69:48:c5:f3:44:16:62:a6:7b:4e:7d:19:
         85:70:4e:87:fb:96:44:ae:de:16:42:1a:7e:93:27:4c:7b:c5:
         78:7b:89:10:75:f5:c9:3d:96:3a:83:4e:c3:4e:1b:f6:3b:f3:
         a0:3a:d9:60:c6:48:4d:2a:db:24:c7:51:cf:81:86:f9:46:6b:
         45:de:cf:1e:6b:8b:ed:41:11:fb:1d:71:1e:42:e8:f7:73:67:
         1b:34:d5:b0:8c:cf:df:96:e5:3c:55:d7:4e:34:73:56:31:22:
         56:bc:f0:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlOoU2E/J1dzdvdpVA/FnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjQwMTAyMDAzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDZmNGU2MzliZmQ2MzUyMGZmOWNkNjMyMjNjMWNiYTEyMzU4MmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqGN7d9+x1wG4sUS8daU4ujHXpcG
HVOSReLcIOYKq9Fd8py+EhbAnPy1I/w9ShMoeysY5pQbwdW3HA2UOviid8g5KP4x
OKmDOJuJ679FTigQSE3rhrQ3QsJT17EhP6NtTZvSCSQ/i3MMFIfqzJtXMk9WfCgk
uETscQwjcXI6nGP85vfwbZaACvqzOrz2CfTIOeQtXr8a+OCYcDgf2HNT8+Wl5U1y
HnHYLTgQAPsmmDHB3oJteoaQRgh7X5bc1cEn9ltudUDd9pleKlDh4pH+zzVskHyl
0CmDR4Cbl6tT7T2kn3Mm3U1ntWn4F4GI5yMMm21s/4kAKP+UHdizjROdewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRvTmOb/WNSD/nNYyI8HLoSNYK4MB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvRkc5T1k1djlZMUlQLWMxaklqd2N1aEkxZ3JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY2BMA0G
CSqGSIb3DQEBCwUAA4IBAQAq3qX1WKXAWUYjUntQwBLsAv633oq6jSCRbXmF9OWQ
uN6RcyR3N7096eZtYzNt0BajUR5qFv0fk+G3p0mFRjRyIwJic1dXvWF2AyMQ6XWR
ZW3vBoeMLLPQkOSJS6sPP+YcBcGQOVwtMyeN0RAskrBZ9O2ZCO7iw1zsMq/rmW+3
nVXNZJU/PYP7299jtXpHUyEEojWSsktpSMXzRBZipntOfRmFcE6H+5ZErt4WQhp+
kydMe8V4e4kQdfXJPZY6g07DThv2O/OgOtlgxkhNKtskx1HPgYb5RmtF3s8ea4vt
QRH7HXEeQuj3c2cbNNWwjM/fluU8VddONHNWMSJWvPCf
-----END CERTIFICATE-----