Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/289e38-ac93-4e8b-a08b-f74baa12fdc9/1/FhogoCENu0T-5svsCluSq5_Mmhw.roa
File:                     FhogoCENu0T-5svsCluSq5_Mmhw.roa (raw, json)
Hash identifier:          Ek13DWQxesR3cOF2awdraqbrc37df7AfuosFB4F2rRQ=
Subject key identifier:   16:1A:20:A0:21:0D:BB:44:FE:E6:CB:EC:0A:5B:92:AB:9F:CC:9A:1C
Certificate issuer:       /CN=172289cbb8179fdf38e9f532c9cd7291b4f5c42d
Certificate serial:       01906E0BB1D95C515BBEBD6041F20231ADF6
Authority key identifier: 17:22:89:CB:B8:17:9F:DF:38:E9:F5:32:C9:CD:72:91:B4:F5:C4:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FyKJy7gXn9846fUyyc1ykbT1xC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/289e38-ac93-4e8b-a08b-f74baa12fdc9/1/FhogoCENu0T-5svsCluSq5_Mmhw.roa
Signing time:             Mon 01 Jul 2024 11:26:18 +0000
ROA not before:           Mon 01 Jul 2024 11:26:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        217.145.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/289e38-ac93-4e8b-a08b-f74baa12fdc9/1/FyKJy7gXn9846fUyyc1ykbT1xC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/289e38-ac93-4e8b-a08b-f74baa12fdc9/1/FyKJy7gXn9846fUyyc1ykbT1xC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FyKJy7gXn9846fUyyc1ykbT1xC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6e:0b:b1:d9:5c:51:5b:be:bd:60:41:f2:02:31:ad:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=172289cbb8179fdf38e9f532c9cd7291b4f5c42d
        Validity
            Not Before: Jul  1 11:26:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=161a20a0210dbb44fee6cbec0a5b92ab9fcc9a1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fc:bc:21:a7:27:2b:ea:56:c7:b8:fa:0b:21:
                    8d:af:58:db:58:ac:71:45:a8:e2:ec:98:b8:35:1f:
                    23:c8:dd:a2:24:f5:3e:cc:e4:3e:ac:5a:f4:95:61:
                    6b:f1:3c:e0:09:b2:c7:ab:5e:1c:b0:59:70:d0:9d:
                    b4:70:31:b3:fb:b5:ef:4c:fe:87:c7:3f:26:ce:ec:
                    84:da:91:4f:6b:33:45:26:e5:e3:4c:39:6f:b8:da:
                    0b:29:7b:ae:02:cd:16:c1:5e:eb:79:20:0a:eb:10:
                    b3:94:39:ae:63:30:5a:b4:3e:5f:a5:05:0c:9b:9f:
                    fb:f9:2e:bf:b3:41:49:4e:89:a5:50:1c:5f:e4:ad:
                    ee:50:58:4c:4b:18:7d:bd:9a:d1:14:d4:d5:8f:9f:
                    f0:7e:e3:69:86:45:c8:45:f5:9e:8e:d6:99:a9:25:
                    b0:df:bf:4c:9f:77:91:a2:73:86:9f:50:1e:07:66:
                    89:ef:d6:4c:b4:71:fe:b5:3f:59:06:6f:65:bb:83:
                    7b:66:f7:c5:aa:51:cf:c7:38:80:6f:db:ec:8e:01:
                    f1:b4:f9:10:64:3b:1f:f8:dd:ef:ff:1f:fe:cb:91:
                    e2:7c:2f:b0:86:28:97:d9:d8:89:67:db:04:c0:c6:
                    0f:d9:4d:da:d4:24:91:01:50:f1:09:c6:ce:03:74:
                    c8:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:1A:20:A0:21:0D:BB:44:FE:E6:CB:EC:0A:5B:92:AB:9F:CC:9A:1C
            X509v3 Authority Key Identifier:
                keyid:17:22:89:CB:B8:17:9F:DF:38:E9:F5:32:C9:CD:72:91:B4:F5:C4:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FyKJy7gXn9846fUyyc1ykbT1xC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/289e38-ac93-4e8b-a08b-f74baa12fdc9/1/FhogoCENu0T-5svsCluSq5_Mmhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/289e38-ac93-4e8b-a08b-f74baa12fdc9/1/FyKJy7gXn9846fUyyc1ykbT1xC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.145.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:da:e7:d5:e3:58:0f:23:0d:31:bd:49:94:69:b2:d5:29:90:
         37:ab:21:65:ab:89:01:6a:b8:1a:ec:45:50:9a:ee:ef:21:45:
         53:81:a5:40:b2:ea:b9:16:5d:37:79:8d:bb:85:f1:cf:d4:5d:
         05:71:2c:8f:e2:e2:2c:8f:b5:b3:3f:77:55:fc:2d:98:ea:dd:
         11:5c:f5:69:47:e1:95:bd:da:b7:67:92:da:30:c9:0d:06:32:
         9a:57:19:83:e2:bf:ca:ec:9a:51:44:22:ee:46:19:eb:63:18:
         84:17:de:13:4e:57:12:d6:e5:f5:48:b1:e8:44:1a:ba:a4:38:
         3f:ee:c2:26:f5:b0:d7:95:df:23:bd:da:92:fb:a8:ee:46:e9:
         4c:d2:12:2c:a2:69:a0:31:4f:9d:32:e9:d2:21:86:c2:a0:29:
         98:32:ab:1a:77:1d:22:f0:c6:3a:aa:aa:d6:31:75:60:af:5c:
         58:63:85:d8:a4:c8:fe:0b:9d:ae:c0:06:e8:76:12:fa:c3:88:
         a8:8b:52:28:21:97:ae:5f:b5:ac:82:e7:00:30:36:2f:32:39:
         7d:9b:87:e4:b4:39:ce:7e:6a:6f:08:9b:5a:b5:1f:c5:cb:bf:
         f9:65:e6:1e:98:31:30:07:f9:58:27:58:f4:c8:68:0c:7f:82:
         be:19:11:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBuC7HZXFFbvr1gQfICMa32MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MjI4OWNiYjgxNzlmZGYzOGU5ZjUzMmM5Y2Q3MjkxYjRm
NWM0MmQwHhcNMjQwNzAxMTEyNjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjFhMjBhMDIxMGRiYjQ0ZmVlNmNiZWMwYTViOTJhYjlmY2M5YTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/y8IacnK+pWx7j6CyGNr1jbWKxx
Raji7Ji4NR8jyN2iJPU+zOQ+rFr0lWFr8TzgCbLHq14csFlw0J20cDGz+7XvTP6H
xz8mzuyE2pFPazNFJuXjTDlvuNoLKXuuAs0WwV7reSAK6xCzlDmuYzBatD5fpQUM
m5/7+S6/s0FJTomlUBxf5K3uUFhMSxh9vZrRFNTVj5/wfuNphkXIRfWejtaZqSWw
379Mn3eRonOGn1AeB2aJ79ZMtHH+tT9ZBm9lu4N7ZvfFqlHPxziAb9vsjgHxtPkQ
ZDsf+N3v/x/+y5HifC+whiiX2diJZ9sEwMYP2U3a1CSRAVDxCcbOA3TIWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYaIKAhDbtE/ubL7ApbkqufzJocMB8GA1UdIwQY
MBaAFBciicu4F5/fOOn1MsnNcpG09cQtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnlLSnk3Z1huOTg0NmZVeXljMXlrYlQxeEMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8yODllMzgtYWM5My00ZThiLWEwOGIt
Zjc0YmFhMTJmZGM5LzEvRmhvZ29DRU51MFQtNXN2c0NsdVNxNV9NbWh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8yODllMzgtYWM5My00ZThiLWEwOGItZjc0YmFhMTJmZGM5
LzEvRnlLSnk3Z1huOTg0NmZVeXljMXlrYlQxeEMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZG4MA0G
CSqGSIb3DQEBCwUAA4IBAQAw2ufV41gPIw0xvUmUabLVKZA3qyFlq4kBarga7EVQ
mu7vIUVTgaVAsuq5Fl03eY27hfHP1F0FcSyP4uIsj7WzP3dV/C2Y6t0RXPVpR+GV
vdq3Z5LaMMkNBjKaVxmD4r/K7JpRRCLuRhnrYxiEF94TTlcS1uX1SLHoRBq6pDg/
7sIm9bDXld8jvdqS+6juRulM0hIsommgMU+dMunSIYbCoCmYMqsadx0i8MY6qqrW
MXVgr1xYY4XYpMj+C52uwAbodhL6w4ioi1IoIZeuX7WsgucAMDYvMjl9m4fktDnO
fmpvCJtatR/Fy7/5ZeYemDEwB/lYJ1j0yGgMf4K+GRGz
-----END CERTIFICATE-----