Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/Fkpt5orne3i18gA_1eOtuqpdIKw.roa
File:                     Fkpt5orne3i18gA_1eOtuqpdIKw.roa (raw, json)
Hash identifier:          ZJKkXWHtFqVjy0jGzFewImFsAHhFmfpYt/U4o8zmzw8=
Subject key identifier:   16:4A:6D:E6:8A:E7:7B:78:B5:F2:00:3F:D5:E3:AD:BA:AA:5D:20:AC
Certificate issuer:       /CN=452e7d87922129df90c4870da2a7738404724858
Certificate serial:       01905F4691790392A11CEB228E98817283EB
Authority key identifier: 45:2E:7D:87:92:21:29:DF:90:C4:87:0D:A2:A7:73:84:04:72:48:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RS59h5IhKd-QxIcNoqdzhARySFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/Fkpt5orne3i18gA_1eOtuqpdIKw.roa
Signing time:             Fri 28 Jun 2024 14:36:18 +0000
ROA not before:           Fri 28 Jun 2024 14:36:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200583
IP address blocks:        185.34.248.0/22 maxlen: 22
                          185.34.248.0/24 maxlen: 24
                          185.102.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/RS59h5IhKd-QxIcNoqdzhARySFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/RS59h5IhKd-QxIcNoqdzhARySFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RS59h5IhKd-QxIcNoqdzhARySFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 17:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5f:46:91:79:03:92:a1:1c:eb:22:8e:98:81:72:83:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=452e7d87922129df90c4870da2a7738404724858
        Validity
            Not Before: Jun 28 14:36:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=164a6de68ae77b78b5f2003fd5e3adbaaa5d20ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e9:4b:ac:22:32:07:e1:be:7c:5b:08:82:71:
                    7e:7a:8b:62:a9:f0:b9:bc:4a:c0:97:32:01:b2:d6:
                    b7:3e:97:79:8a:17:2d:e5:a9:42:7c:90:02:73:76:
                    bf:c0:a2:b8:a1:4b:a1:13:aa:ca:7e:23:dc:40:f4:
                    3e:f7:b8:7d:b3:c0:84:23:4b:96:13:4f:9c:5d:61:
                    c8:36:ce:e5:e7:3d:89:90:0f:2b:db:e0:16:0e:da:
                    b7:41:7b:c6:72:20:7e:fd:83:6c:a8:f7:96:a3:3f:
                    e4:4e:92:42:51:3c:02:f5:cb:0d:91:ef:f9:6a:0a:
                    80:51:4e:74:eb:b6:b3:27:eb:6f:7d:32:24:7a:8b:
                    78:ab:26:30:36:86:b9:ba:4e:7a:93:c4:e2:da:93:
                    99:91:8b:b9:d0:45:03:27:c4:8a:3b:18:18:a1:c3:
                    8b:7c:aa:62:d1:5a:a4:d6:10:30:60:46:30:29:2f:
                    b2:c1:f8:98:70:53:b0:63:72:77:4d:bf:91:98:4a:
                    42:a4:4f:63:9e:04:ad:17:f9:5d:f0:e5:1e:2d:2f:
                    ac:60:6f:a8:33:31:eb:47:71:05:3a:17:74:5e:65:
                    f1:af:2b:e4:b5:1b:70:c9:d9:bc:1d:20:c2:76:7e:
                    3b:7c:c1:f1:7f:03:ca:fb:3f:bf:e0:dc:c6:76:75:
                    b5:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:4A:6D:E6:8A:E7:7B:78:B5:F2:00:3F:D5:E3:AD:BA:AA:5D:20:AC
            X509v3 Authority Key Identifier:
                keyid:45:2E:7D:87:92:21:29:DF:90:C4:87:0D:A2:A7:73:84:04:72:48:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RS59h5IhKd-QxIcNoqdzhARySFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/Fkpt5orne3i18gA_1eOtuqpdIKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/RS59h5IhKd-QxIcNoqdzhARySFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.248.0/22
                  185.102.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:05:af:7d:50:9d:2f:cf:c6:a4:f3:01:91:1e:cf:ca:47:3d:
         42:da:f2:d5:d8:f8:30:2f:94:2b:ea:e5:2b:e1:83:e1:86:b9:
         6c:e7:11:03:ac:5a:03:35:cd:bc:3a:6f:b7:53:27:ad:5d:bd:
         61:63:8d:52:1c:3e:6e:9e:c5:50:74:e5:68:52:8a:50:0e:5a:
         54:04:14:b6:2a:5d:ec:d7:3a:43:31:1d:35:d0:40:c1:f2:11:
         93:e6:6a:2d:ed:9f:dc:ee:ca:2e:1e:f0:2c:b4:4e:3d:f4:67:
         e1:a4:6b:57:b8:98:d1:9d:a5:90:13:16:df:66:b8:b1:2d:38:
         67:29:ae:5f:e6:fe:e2:62:30:88:38:ca:f1:b7:2d:9b:67:71:
         cf:14:c2:49:a4:b2:50:e2:b6:4a:c7:df:d3:13:d8:87:2e:55:
         85:0e:01:e4:0c:73:f3:9a:05:26:ae:5d:42:27:22:fc:e2:63:
         8b:9e:22:39:68:79:7c:0f:0b:c7:88:0c:44:d8:89:27:52:af:
         ac:6e:56:2c:fc:0b:b5:2c:0f:5c:21:de:30:28:aa:b6:d7:0a:
         55:0e:b4:94:21:09:3e:c7:bd:ad:11:3b:24:b4:7b:f5:3d:cb:
         fb:7f:c2:17:dc:0e:7c:eb:8d:be:5d:89:68:f8:86:82:e6:36:
         dc:ab:83:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBfRpF5A5KhHOsijpiBcoPrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1MmU3ZDg3OTIyMTI5ZGY5MGM0ODcwZGEyYTc3Mzg0MDQ3
MjQ4NTgwHhcNMjQwNjI4MTQzNjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjRhNmRlNjhhZTc3Yjc4YjVmMjAwM2ZkNWUzYWRiYWFhNWQyMGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOlLrCIyB+G+fFsIgnF+eotiqfC5
vErAlzIBsta3Ppd5ihct5alCfJACc3a/wKK4oUuhE6rKfiPcQPQ+97h9s8CEI0uW
E0+cXWHINs7l5z2JkA8r2+AWDtq3QXvGciB+/YNsqPeWoz/kTpJCUTwC9csNke/5
agqAUU5067azJ+tvfTIkeot4qyYwNoa5uk56k8Ti2pOZkYu50EUDJ8SKOxgYocOL
fKpi0Vqk1hAwYEYwKS+ywfiYcFOwY3J3Tb+RmEpCpE9jngStF/ld8OUeLS+sYG+o
MzHrR3EFOhd0XmXxryvktRtwydm8HSDCdn47fMHxfwPK+z+/4NzGdnW1AQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBZKbeaK53t4tfIAP9XjrbqqXSCsMB8GA1UdIwQY
MBaAFEUufYeSISnfkMSHDaKnc4QEckhYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlM1OWg1SWhLZC1ReEljTm9xZHpoQVJ5U0ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC80ODc5NjItODU4OC00ZjBhLWJiN2Qt
YWFhOGQzYTk0MGFjLzEvRmtwdDVvcm5lM2kxOGdBXzFlT3R1cXBkSUt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC80ODc5NjItODU4OC00ZjBhLWJiN2QtYWFhOGQzYTk0MGFj
LzEvUlM1OWg1SWhLZC1ReEljTm9xZHpoQVJ5U0ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuSL4AwQA
uWYpMA0GCSqGSIb3DQEBCwUAA4IBAQA8Ba99UJ0vz8ak8wGRHs/KRz1C2vLV2Pgw
L5Qr6uUr4YPhhrls5xEDrFoDNc28Om+3UyetXb1hY41SHD5unsVQdOVoUopQDlpU
BBS2Kl3s1zpDMR010EDB8hGT5mot7Z/c7souHvAstE499GfhpGtXuJjRnaWQExbf
ZrixLThnKa5f5v7iYjCIOMrxty2bZ3HPFMJJpLJQ4rZKx9/TE9iHLlWFDgHkDHPz
mgUmrl1CJyL84mOLniI5aHl8DwvHiAxE2IknUq+sblYs/Au1LA9cId4wKKq21wpV
DrSUIQk+x72tETsktHv1Pcv7f8IX3A58642+XYlo+IaC5jbcq4No
-----END CERTIFICATE-----