Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/ceea91-0a2a-4a4e-917b-c6161ce395af/1/FffZIBJYYaFWU5ZcNhhYnGkmmGg.roa
File:                     FffZIBJYYaFWU5ZcNhhYnGkmmGg.roa (raw, json)
Hash identifier:          iMXPpRQkEZs/s6tjnlBOJ1l7xL9QN/qI0FbaKJ0ndiM=
Subject key identifier:   15:F7:D9:20:12:58:61:A1:56:53:96:5C:36:18:58:9C:69:26:98:68
Certificate issuer:       /CN=85fb85add09f4876ea6aaa88d4d88c81ccb6b10a
Certificate serial:       018CC94DA67CD6A74C0EC371ABE670F8B2B2
Authority key identifier: 85:FB:85:AD:D0:9F:48:76:EA:6A:AA:88:D4:D8:8C:81:CC:B6:B1:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hfuFrdCfSHbqaqqI1NiMgcy2sQo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/ceea91-0a2a-4a4e-917b-c6161ce395af/1/FffZIBJYYaFWU5ZcNhhYnGkmmGg.roa
Signing time:             Tue 02 Jan 2024 08:32:38 +0000
ROA not before:           Tue 02 Jan 2024 08:32:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        83.143.16.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/ceea91-0a2a-4a4e-917b-c6161ce395af/1/hfuFrdCfSHbqaqqI1NiMgcy2sQo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/ceea91-0a2a-4a4e-917b-c6161ce395af/1/hfuFrdCfSHbqaqqI1NiMgcy2sQo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hfuFrdCfSHbqaqqI1NiMgcy2sQo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:a6:7c:d6:a7:4c:0e:c3:71:ab:e6:70:f8:b2:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85fb85add09f4876ea6aaa88d4d88c81ccb6b10a
        Validity
            Not Before: Jan  2 08:32:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15f7d920125861a15653965c3618589c69269868
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:48:47:b7:40:a7:6a:2d:1f:5c:29:c2:83:2b:
                    59:b0:17:34:63:5f:18:8f:96:d8:2f:03:e0:3c:14:
                    29:a2:47:f0:ff:41:37:f7:23:48:6a:37:60:ff:e3:
                    be:83:d0:f1:5c:b2:bf:2c:9d:94:b4:4f:4c:f3:30:
                    41:e1:10:bd:0c:ab:b2:12:08:0b:ed:7c:20:61:65:
                    48:a1:03:61:04:dd:2a:f2:af:db:26:33:d8:11:8c:
                    1a:c2:70:3b:fb:b8:e7:42:39:de:9a:ab:ed:7a:5f:
                    cc:61:d0:25:04:01:4d:34:cb:51:55:56:bd:30:d1:
                    07:4e:94:27:ac:62:33:5c:52:3f:e1:96:cd:2d:89:
                    48:ed:40:18:ba:fe:2e:df:fa:cd:ff:c3:33:d6:b2:
                    8b:33:d1:e1:0b:f5:c7:1a:5f:ed:f6:ff:a9:af:20:
                    4f:84:9e:4a:e2:82:4b:3e:98:80:c4:78:d8:42:31:
                    df:73:21:b0:bd:8b:32:3b:6a:f4:77:e8:59:4f:34:
                    94:08:c8:0a:27:6c:4c:73:1c:66:21:d6:0c:92:a0:
                    7e:35:5e:bc:57:9f:a7:24:5c:79:43:c7:99:19:e7:
                    40:0e:fc:0a:a5:d6:0f:1d:af:74:b7:6b:78:6d:ce:
                    b3:dd:55:ba:f8:47:82:a2:fe:7d:2b:cd:b3:d0:08:
                    bb:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:F7:D9:20:12:58:61:A1:56:53:96:5C:36:18:58:9C:69:26:98:68
            X509v3 Authority Key Identifier:
                keyid:85:FB:85:AD:D0:9F:48:76:EA:6A:AA:88:D4:D8:8C:81:CC:B6:B1:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hfuFrdCfSHbqaqqI1NiMgcy2sQo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/ceea91-0a2a-4a4e-917b-c6161ce395af/1/FffZIBJYYaFWU5ZcNhhYnGkmmGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/ceea91-0a2a-4a4e-917b-c6161ce395af/1/hfuFrdCfSHbqaqqI1NiMgcy2sQo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.143.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         42:d6:66:4b:1b:06:f9:b6:61:9c:ff:0b:92:e1:8c:89:96:bb:
         df:24:e0:d8:e4:9f:a4:6a:f2:95:8f:e6:26:d0:45:2d:aa:cc:
         90:33:c2:f2:8d:9f:b4:64:eb:93:2f:32:90:77:19:7c:89:97:
         25:61:d4:b1:0e:ee:70:50:7f:28:f6:c6:4e:15:c7:d5:b2:75:
         ff:6c:f1:2b:ad:ca:64:9a:b5:7c:f9:cc:d9:e4:a1:21:1d:f1:
         fe:e3:5b:a6:af:91:52:63:10:7e:90:3a:86:e8:a6:5b:6c:ec:
         0c:99:e5:9c:78:64:54:31:73:9a:ed:87:4b:9c:f7:b3:27:7e:
         99:e0:e5:76:8e:0a:70:3b:b2:21:e4:0e:eb:b1:10:4f:e2:ae:
         bd:38:38:5a:33:92:f7:d8:c5:6c:89:1f:b5:3c:35:55:81:90:
         39:cb:7b:97:f7:23:db:2f:be:03:73:da:20:bb:66:71:d7:4d:
         bf:fa:04:d1:56:81:2c:57:87:b9:a6:96:9d:9b:70:ad:d5:93:
         c9:55:ca:87:1f:e9:df:1d:39:62:78:44:84:90:b2:1a:fb:b1:
         af:a5:e2:b7:40:32:64:d3:ae:c5:50:49:6f:73:19:19:c1:a5:
         80:6c:ef:3f:06:e6:28:6e:b7:26:26:fa:b2:b7:98:41:6a:b0:
         35:b4:24:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTaZ81qdMDsNxq+Zw+LKyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZmI4NWFkZDA5ZjQ4NzZlYTZhYWE4OGQ0ZDg4YzgxY2Ni
NmIxMGEwHhcNMjQwMTAyMDgzMjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWY3ZDkyMDEyNTg2MWExNTY1Mzk2NWMzNjE4NTg5YzY5MjY5ODY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUhHt0Cnai0fXCnCgytZsBc0Y18Y
j5bYLwPgPBQpokfw/0E39yNIajdg/+O+g9DxXLK/LJ2UtE9M8zBB4RC9DKuyEggL
7XwgYWVIoQNhBN0q8q/bJjPYEYwawnA7+7jnQjnemqvtel/MYdAlBAFNNMtRVVa9
MNEHTpQnrGIzXFI/4ZbNLYlI7UAYuv4u3/rN/8Mz1rKLM9HhC/XHGl/t9v+pryBP
hJ5K4oJLPpiAxHjYQjHfcyGwvYsyO2r0d+hZTzSUCMgKJ2xMcxxmIdYMkqB+NV68
V5+nJFx5Q8eZGedADvwKpdYPHa90t2t4bc6z3VW6+EeCov59K82z0Ai7HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBX32SASWGGhVlOWXDYYWJxpJphoMB8GA1UdIwQY
MBaAFIX7ha3Qn0h26mqqiNTYjIHMtrEKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGZ1RnJkQ2ZTSGJxYXFxSTFOaU1nY3kyc1FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9jZWVhOTEtMGEyYS00YTRlLTkxN2It
YzYxNjFjZTM5NWFmLzEvRmZmWklCSllZYUZXVTVaY05oaFluR2ttbUdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9jZWVhOTEtMGEyYS00YTRlLTkxN2ItYzYxNjFjZTM5NWFm
LzEvaGZ1RnJkQ2ZTSGJxYXFxSTFOaU1nY3kyc1FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDU48QMA0G
CSqGSIb3DQEBCwUAA4IBAQBC1mZLGwb5tmGc/wuS4YyJlrvfJODY5J+kavKVj+Ym
0EUtqsyQM8LyjZ+0ZOuTLzKQdxl8iZclYdSxDu5wUH8o9sZOFcfVsnX/bPErrcpk
mrV8+czZ5KEhHfH+41umr5FSYxB+kDqG6KZbbOwMmeWceGRUMXOa7YdLnPezJ36Z
4OV2jgpwO7Ih5A7rsRBP4q69ODhaM5L32MVsiR+1PDVVgZA5y3uX9yPbL74Dc9og
u2Zx102/+gTRVoEsV4e5ppadm3Ct1ZPJVcqHH+nfHTlieESEkLIa+7GvpeK3QDJk
067FUElvcxkZwaWAbO8/BuYobrcmJvqyt5hBarA1tCSP
-----END CERTIFICATE-----