Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/FFhkc3DwswkRPKHQC-FORjK2Pas.roa
File:                     FFhkc3DwswkRPKHQC-FORjK2Pas.roa (raw, json)
Hash identifier:          Hol8LO4KXLXuuc8LOrkh8GLEeb1+8kYJiuD9TO3gzY0=
Subject key identifier:   14:58:64:73:70:F0:B3:09:11:3C:A1:D0:0B:E1:4E:46:32:B6:3D:AB
Certificate issuer:       /CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
Certificate serial:       018CC2DB019BC72A9B19F44EF40D2535A61B
Authority key identifier: 98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/FFhkc3DwswkRPKHQC-FORjK2Pas.roa
Signing time:             Mon 01 Jan 2024 02:29:41 +0000
ROA not before:           Mon 01 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137409
IP address blocks:        45.84.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:01:9b:c7:2a:9b:19:f4:4e:f4:0d:25:35:a6:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
        Validity
            Not Before: Jan  1 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1458647370f0b309113ca1d00be14e4632b63dab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:45:c2:db:cd:47:42:25:6a:b9:23:9f:70:10:
                    41:7f:86:3c:6d:72:09:58:91:20:2c:d0:89:ae:b7:
                    cb:cd:e5:54:c9:a2:ce:e3:a2:b4:af:62:f4:dc:06:
                    f0:d4:dc:5c:76:a8:10:3d:39:12:88:aa:40:ee:51:
                    7e:a9:a6:4d:62:ac:ad:90:14:3a:10:c5:7b:93:1f:
                    1c:8d:2e:17:d9:9c:af:bf:b8:f6:41:fb:de:43:4f:
                    5b:07:81:3b:79:cb:46:84:57:1c:ae:bc:86:d2:cf:
                    57:3d:0d:08:d4:90:ca:75:04:88:d0:02:42:7e:11:
                    6d:51:36:df:1e:c7:08:47:7e:2a:c0:08:35:7a:9c:
                    55:b3:46:0c:8e:c6:3e:71:7e:0a:ab:30:8a:bd:32:
                    0e:22:87:df:5f:35:dc:73:15:42:82:1b:e1:6b:f9:
                    0d:cd:9a:58:fe:f7:c3:54:61:5e:19:c3:3c:57:d8:
                    ab:b4:75:2c:97:b7:7c:67:64:bf:b9:9e:c1:ab:a9:
                    e4:8d:2f:7c:a8:2d:b2:de:c5:9e:37:d9:cf:d7:0c:
                    a2:3c:43:1f:47:1e:05:4d:63:b2:6f:0b:c3:b9:c9:
                    61:c3:dc:b3:60:6a:49:9b:a1:ea:55:00:2e:58:45:
                    2d:91:a0:f8:13:b6:53:3f:20:b8:0e:82:55:83:b4:
                    c8:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:58:64:73:70:F0:B3:09:11:3C:A1:D0:0B:E1:4E:46:32:B6:3D:AB
            X509v3 Authority Key Identifier:
                keyid:98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/FFhkc3DwswkRPKHQC-FORjK2Pas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:19:44:4f:5d:2d:3d:6b:7e:ee:b9:e0:f9:23:df:68:60:fb:
         0e:9f:ad:d4:1f:a8:55:b7:38:54:3e:50:48:1e:bb:74:49:a5:
         48:2e:6e:61:79:0d:02:65:62:20:d7:b8:1f:75:9c:3c:97:aa:
         18:27:48:38:1e:22:af:69:79:c4:95:a3:85:56:e5:34:38:99:
         76:b1:e1:ba:08:6c:bd:ac:a3:0c:17:37:82:ec:1b:ab:54:69:
         05:ad:c1:be:6d:a1:d2:3e:fa:bb:2a:23:68:4a:06:69:ca:3c:
         a2:f9:59:d3:57:43:00:af:ca:30:84:d0:1f:3e:9e:76:79:80:
         64:f5:7b:e7:7f:ca:1c:29:c7:24:4e:08:a2:53:9b:98:5d:a9:
         1f:65:5c:89:76:1b:7c:37:25:4b:30:a1:f5:dc:5a:2c:a9:e0:
         2a:44:b6:fa:91:b5:a8:bb:1f:f3:83:89:ba:93:a2:a1:8b:7e:
         70:d5:ab:5c:98:2b:ab:b6:79:6d:fc:a4:55:07:e1:a9:52:7a:
         f2:c2:42:f1:c6:40:04:66:5b:3b:3f:35:57:72:d2:be:c0:92:
         3b:62:79:15:68:27:f0:00:29:b5:65:95:7e:fe:27:d9:89:ef:
         ac:04:f3:f5:13:d5:86:28:ff:e4:38:d2:87:cf:db:b7:84:02:
         59:9d:8c:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2wGbxyqbGfRO9A0lNaYbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NjhhMTk5MmJiODAzN2RkZTgxZDBjOGNkYzA2OTVmY2Vl
MTdjMjcwHhcNMjQwMTAxMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDU4NjQ3MzcwZjBiMzA5MTEzY2ExZDAwYmUxNGU0NjMyYjYzZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUXC281HQiVquSOfcBBBf4Y8bXIJ
WJEgLNCJrrfLzeVUyaLO46K0r2L03Abw1NxcdqgQPTkSiKpA7lF+qaZNYqytkBQ6
EMV7kx8cjS4X2Zyvv7j2QfveQ09bB4E7ectGhFccrryG0s9XPQ0I1JDKdQSI0AJC
fhFtUTbfHscIR34qwAg1epxVs0YMjsY+cX4KqzCKvTIOIoffXzXccxVCghvha/kN
zZpY/vfDVGFeGcM8V9irtHUsl7d8Z2S/uZ7Bq6nkjS98qC2y3sWeN9nP1wyiPEMf
Rx4FTWOybwvDuclhw9yzYGpJm6HqVQAuWEUtkaD4E7ZTPyC4DoJVg7TIFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRYZHNw8LMJETyh0AvhTkYytj2rMB8GA1UdIwQY
MBaAFJhooZkruAN93oHQyM3AaV/O4XwnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2It
ZDc4ZDU2MzFkN2Y2LzEvRkZoa2MzRHdzd2tSUEtIUUMtRk9SaksyUGFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2ItZDc4ZDU2MzFkN2Y2
LzEvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVQ4MA0G
CSqGSIb3DQEBCwUAA4IBAQBsGURPXS09a37uueD5I99oYPsOn63UH6hVtzhUPlBI
Hrt0SaVILm5heQ0CZWIg17gfdZw8l6oYJ0g4HiKvaXnElaOFVuU0OJl2seG6CGy9
rKMMFzeC7BurVGkFrcG+baHSPvq7KiNoSgZpyjyi+VnTV0MAr8owhNAfPp52eYBk
9Xvnf8ocKcckTgiiU5uYXakfZVyJdht8NyVLMKH13FosqeAqRLb6kbWoux/zg4m6
k6Khi35w1atcmCurtnlt/KRVB+GpUnrywkLxxkAEZls7PzVXctK+wJI7YnkVaCfw
ACm1ZZV+/ifZie+sBPP1E9WGKP/kONKHz9u3hAJZnYz/
-----END CERTIFICATE-----