Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/FFNMR0W6GkxMPvIZRjAm0gwnVlU.roa
File:                     FFNMR0W6GkxMPvIZRjAm0gwnVlU.roa (raw, json)
Hash identifier:          TawGzYD+27D/NvePDO25WOGE+pcUbEFcV9ccjXwvWwo=
Subject key identifier:   14:53:4C:47:45:BA:1A:4C:4C:3E:F2:19:46:30:26:D2:0C:27:56:55
Certificate issuer:       /CN=592e7c1f2394c3e3aaa8ccb647fd83671d6098b7
Certificate serial:       018CC2DB3E9F1E1D7D070A96B09CC573DB2F
Authority key identifier: 59:2E:7C:1F:23:94:C3:E3:AA:A8:CC:B6:47:FD:83:67:1D:60:98:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WS58HyOUw-OqqMy2R_2DZx1gmLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/FFNMR0W6GkxMPvIZRjAm0gwnVlU.roa
Signing time:             Mon 01 Jan 2024 02:29:57 +0000
ROA not before:           Mon 01 Jan 2024 02:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210538
IP address blocks:        37.247.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/WS58HyOUw-OqqMy2R_2DZx1gmLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/WS58HyOUw-OqqMy2R_2DZx1gmLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WS58HyOUw-OqqMy2R_2DZx1gmLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3e:9f:1e:1d:7d:07:0a:96:b0:9c:c5:73:db:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=592e7c1f2394c3e3aaa8ccb647fd83671d6098b7
        Validity
            Not Before: Jan  1 02:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14534c4745ba1a4c4c3ef219463026d20c275655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:be:fb:b7:b8:e7:b6:eb:8c:2f:32:0b:78:20:
                    e5:53:23:db:6b:a2:37:33:3f:d4:f3:e3:4f:23:93:
                    a7:5a:a7:8e:1c:46:25:b9:81:f9:9c:9d:a1:31:6b:
                    37:17:ba:bb:62:a0:aa:80:bf:cf:42:56:c7:56:6e:
                    48:b3:73:af:c9:f8:c4:8a:f4:86:41:ed:b7:7d:a0:
                    c7:8b:24:b6:fc:96:91:47:78:35:86:d4:19:28:f9:
                    d8:8e:cf:d3:d7:14:40:e7:30:b6:29:27:07:3c:8e:
                    b6:f3:91:ab:c5:d7:55:ce:dc:d2:ee:ab:7b:31:11:
                    fa:ec:34:67:3d:a7:a9:ab:5e:99:99:b9:57:ae:93:
                    6f:66:c4:18:43:e3:ed:92:eb:c9:0f:3e:01:24:fd:
                    10:ae:e8:b4:1c:0b:82:7f:6f:89:d9:c1:c1:62:5b:
                    28:b6:e5:80:72:f5:b7:c2:de:eb:7e:93:7f:31:e3:
                    3a:b1:41:f6:b4:78:76:cd:f0:be:c3:60:95:99:8d:
                    af:24:38:62:e9:e4:52:a7:6b:6a:2c:9b:c4:a3:0d:
                    b6:eb:30:15:a0:8e:72:8e:ea:a3:6a:86:f9:05:cb:
                    80:de:79:a6:ce:fc:26:c0:ab:52:3a:ef:4a:9e:ea:
                    bf:b1:6b:c2:1e:8c:63:43:85:50:50:71:ce:b2:bb:
                    0a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:53:4C:47:45:BA:1A:4C:4C:3E:F2:19:46:30:26:D2:0C:27:56:55
            X509v3 Authority Key Identifier:
                keyid:59:2E:7C:1F:23:94:C3:E3:AA:A8:CC:B6:47:FD:83:67:1D:60:98:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WS58HyOUw-OqqMy2R_2DZx1gmLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/FFNMR0W6GkxMPvIZRjAm0gwnVlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/WS58HyOUw-OqqMy2R_2DZx1gmLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.247.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:d1:d2:06:6b:fc:d8:78:40:96:91:94:e9:a8:2e:a3:a5:26:
         80:f6:69:7e:f1:9a:9a:e5:3b:2a:f2:6b:7c:27:bf:57:ac:06:
         15:b9:7e:0d:81:0f:09:a2:25:b9:5f:66:2b:3a:4c:33:69:25:
         bc:2a:d3:15:0e:77:3d:27:4b:42:a6:94:89:62:8f:ee:33:a8:
         1b:c7:f5:f2:44:96:aa:57:33:23:d3:ea:ed:c5:ac:54:90:3c:
         ed:21:96:c0:3a:88:23:b7:d7:55:64:f3:6a:82:13:f4:d2:bc:
         cf:3b:ff:8b:ba:16:c2:8f:67:df:95:57:30:15:2b:87:bc:3a:
         04:44:1f:33:e8:9e:1c:53:7c:57:22:f3:09:46:6c:99:b5:6f:
         35:36:f1:2d:4a:fd:00:7c:fa:46:ff:28:78:03:fb:bf:6e:48:
         ab:69:b9:38:06:3a:b4:49:a4:7e:2d:cf:a6:7d:c0:8e:eb:c2:
         74:e1:4b:f8:fe:e1:38:10:2a:2c:6f:7b:30:21:9b:4a:9f:29:
         e4:fc:b3:a5:41:8d:98:4b:ad:4f:12:d8:31:f6:6a:18:cd:44:
         fa:76:0e:c9:59:d0:7c:d3:7a:c6:0e:15:26:9c:34:f1:14:2c:
         24:fb:fe:08:5c:5e:1d:ae:97:a1:06:36:f9:f5:c1:03:95:fa:
         7c:12:cc:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2z6fHh19BwqWsJzFc9svMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5MmU3YzFmMjM5NGMzZTNhYWE4Y2NiNjQ3ZmQ4MzY3MWQ2
MDk4YjcwHhcNMjQwMTAxMDIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDUzNGM0NzQ1YmExYTRjNGMzZWYyMTk0NjMwMjZkMjBjMjc1NjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtr77t7jntuuMLzILeCDlUyPba6I3
Mz/U8+NPI5OnWqeOHEYluYH5nJ2hMWs3F7q7YqCqgL/PQlbHVm5Is3OvyfjEivSG
Qe23faDHiyS2/JaRR3g1htQZKPnYjs/T1xRA5zC2KScHPI6285GrxddVztzS7qt7
MRH67DRnPaepq16ZmblXrpNvZsQYQ+PtkuvJDz4BJP0Qrui0HAuCf2+J2cHBYlso
tuWAcvW3wt7rfpN/MeM6sUH2tHh2zfC+w2CVmY2vJDhi6eRSp2tqLJvEow226zAV
oI5yjuqjaob5BcuA3nmmzvwmwKtSOu9Knuq/sWvCHoxjQ4VQUHHOsrsKLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRTTEdFuhpMTD7yGUYwJtIMJ1ZVMB8GA1UdIwQY
MBaAFFkufB8jlMPjqqjMtkf9g2cdYJi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1M1OEh5T1V3LU9xcU15MlJfMkRaeDFnbUxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi85NTcxZDYtOTc0Zi00MzI3LWI5ZTAt
NDQzYmU2M2ZjMTIzLzEvRkZOTVIwVzZHa3hNUHZJWlJqQW0wZ3duVmxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi85NTcxZDYtOTc0Zi00MzI3LWI5ZTAtNDQzYmU2M2ZjMTIz
LzEvV1M1OEh5T1V3LU9xcU15MlJfMkRaeDFnbUxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJfdsMA0G
CSqGSIb3DQEBCwUAA4IBAQAh0dIGa/zYeECWkZTpqC6jpSaA9ml+8Zqa5Tsq8mt8
J79XrAYVuX4NgQ8JoiW5X2YrOkwzaSW8KtMVDnc9J0tCppSJYo/uM6gbx/XyRJaq
VzMj0+rtxaxUkDztIZbAOogjt9dVZPNqghP00rzPO/+LuhbCj2fflVcwFSuHvDoE
RB8z6J4cU3xXIvMJRmyZtW81NvEtSv0AfPpG/yh4A/u/bkirabk4Bjq0SaR+Lc+m
fcCO68J04Uv4/uE4ECosb3swIZtKnynk/LOlQY2YS61PEtgx9moYzUT6dg7JWdB8
03rGDhUmnDTxFCwk+/4IXF4drpehBjb59cEDlfp8Eswm
-----END CERTIFICATE-----