Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/_FniK5HX2kEFzjvw6lb2GuCGYPg.roa
File:                     _FniK5HX2kEFzjvw6lb2GuCGYPg.roa (raw, json)
Hash identifier:          1aFy8KhkEwg9coJ+dkcfk60ceAWGiPD/iAdmtH/yHc0=
Subject key identifier:   FC:59:E2:2B:91:D7:DA:41:05:CE:3B:F0:EA:56:F6:1A:E0:86:60:F8
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       0191B8345339AB06DD284DA0A2C3BDADE193
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/_FniK5HX2kEFzjvw6lb2GuCGYPg.roa
Signing time:             Tue 03 Sep 2024 14:05:22 +0000
ROA not before:           Tue 03 Sep 2024 14:05:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214455
IP address blocks:        139.45.216.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b8:34:53:39:ab:06:dd:28:4d:a0:a2:c3:bd:ad:e1:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Sep  3 14:05:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc59e22b91d7da4105ce3bf0ea56f61ae08660f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ea:86:51:3a:b6:1c:6d:8c:68:48:76:fc:09:
                    98:36:97:1d:20:33:03:c7:e0:2c:8c:1b:d4:80:9b:
                    c6:0c:79:b1:60:b8:16:53:14:44:a9:15:b5:83:3e:
                    ea:19:5f:cf:8f:ec:cb:33:e1:02:78:bd:b5:47:b8:
                    14:e8:81:ca:3b:35:00:7e:43:8b:c3:49:6f:29:a0:
                    18:30:26:fc:38:8b:01:73:fa:5a:70:c4:9b:44:05:
                    51:d8:79:00:ee:30:db:60:86:1f:9d:b3:4f:5e:a5:
                    34:d1:8c:a9:1b:6e:17:f3:e9:4b:bf:82:97:90:c6:
                    a6:2a:32:f1:e6:cb:b6:ed:5d:f0:af:74:29:c9:27:
                    af:e2:7c:9d:e4:17:a8:e7:48:0c:b8:5a:14:b6:24:
                    cb:59:85:ca:10:8e:50:80:f0:7d:8c:37:b6:c4:64:
                    f0:27:a2:6c:a1:b4:10:69:1a:ff:37:6d:51:dd:a6:
                    a8:48:cd:cb:a8:81:8c:f1:44:0b:08:7c:7a:d1:45:
                    05:cd:cc:a1:01:7f:28:12:a5:82:46:c9:e8:7e:34:
                    80:ba:a1:91:0e:d6:e6:16:16:a1:f4:d4:65:f2:b4:
                    c9:5a:74:0a:e5:97:58:7b:b6:e4:a1:64:1a:a9:7c:
                    c0:58:20:b1:44:e9:f1:c4:72:52:90:e4:f5:4c:5b:
                    38:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:59:E2:2B:91:D7:DA:41:05:CE:3B:F0:EA:56:F6:1A:E0:86:60:F8
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/_FniK5HX2kEFzjvw6lb2GuCGYPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.45.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:32:40:40:eb:88:41:4b:04:07:ce:e5:1d:50:b1:b8:b7:c9:
         05:79:c2:47:f7:a3:45:cd:b2:cf:b9:52:19:1e:b8:e7:2e:e1:
         7f:16:16:1e:8e:ba:1f:74:d7:f5:8c:dd:ab:95:78:16:ca:e1:
         37:de:bb:c3:c6:03:5c:1d:3f:ec:08:89:eb:63:6e:bd:f4:b9:
         d1:6a:4a:cd:90:a9:87:ef:df:89:1e:a5:8a:b2:a1:84:98:36:
         08:a6:87:8f:3d:c8:97:7f:7e:ed:00:ee:36:0b:84:5f:f9:2c:
         0e:21:71:d3:2b:5f:50:89:c0:90:b6:69:44:a3:69:de:09:6c:
         b0:45:5c:35:7e:f8:89:51:cc:10:5d:e0:88:d5:55:a8:bc:31:
         ef:b3:ef:09:19:d4:d2:b2:bc:ff:39:50:44:7e:ff:e9:f4:9c:
         a2:f8:de:44:70:51:fa:34:7e:56:fb:d8:60:a3:0a:c0:ff:d9:
         2d:d9:fa:74:89:ea:cc:91:b7:c4:09:eb:7d:f3:c9:21:70:c6:
         bf:6e:aa:cb:ca:49:97:b2:d0:73:dc:29:33:5a:ae:08:a0:62:
         51:f4:ac:6f:60:07:91:d1:f7:db:6d:8d:b5:6d:3b:8c:e0:af:
         f2:f4:a5:83:7c:c5:0a:38:76:1d:67:3e:65:39:9f:dd:70:a3:
         60:b7:51:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG4NFM5qwbdKE2gosO9reGTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjQwOTAzMTQwNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzU5ZTIyYjkxZDdkYTQxMDVjZTNiZjBlYTU2ZjYxYWUwODY2MGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeqGUTq2HG2MaEh2/AmYNpcdIDMD
x+AsjBvUgJvGDHmxYLgWUxREqRW1gz7qGV/Pj+zLM+ECeL21R7gU6IHKOzUAfkOL
w0lvKaAYMCb8OIsBc/pacMSbRAVR2HkA7jDbYIYfnbNPXqU00YypG24X8+lLv4KX
kMamKjLx5su27V3wr3QpySev4nyd5Beo50gMuFoUtiTLWYXKEI5QgPB9jDe2xGTw
J6JsobQQaRr/N21R3aaoSM3LqIGM8UQLCHx60UUFzcyhAX8oEqWCRsnofjSAuqGR
DtbmFhah9NRl8rTJWnQK5ZdYe7bkoWQaqXzAWCCxROnxxHJSkOT1TFs4uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxZ4iuR19pBBc478OpW9hrghmD4MB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvX0ZuaUs1SFgya0VGemp2dzZsYjJHdUNHWVBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBiy3YMA0G
CSqGSIb3DQEBCwUAA4IBAQB2MkBA64hBSwQHzuUdULG4t8kFecJH96NFzbLPuVIZ
HrjnLuF/FhYejrofdNf1jN2rlXgWyuE33rvDxgNcHT/sCInrY2699LnRakrNkKmH
79+JHqWKsqGEmDYIpoePPciXf37tAO42C4Rf+SwOIXHTK19QicCQtmlEo2neCWyw
RVw1fviJUcwQXeCI1VWovDHvs+8JGdTSsrz/OVBEfv/p9Jyi+N5EcFH6NH5W+9hg
owrA/9kt2fp0ierMkbfECet988khcMa/bqrLykmXstBz3CkzWq4IoGJR9KxvYAeR
0ffbbY21bTuM4K/y9KWDfMUKOHYdZz5lOZ/dcKNgt1El
-----END CERTIFICATE-----