Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/FN9DCAJoPvjoqEggWi_3GH0axSk.roa
File:                     FN9DCAJoPvjoqEggWi_3GH0axSk.roa (raw, json)
Hash identifier:          yhxA9PjBmJl6nUJb8aNyLGm7ItEVhwXjyHzrHTwkAGg=
Subject key identifier:   14:DF:43:08:02:68:3E:F8:E8:A8:48:20:5A:2F:F7:18:7D:1A:C5:29
Certificate issuer:       /CN=d8284f18cd44604bdd6d08f4d878dc61456c40fd
Certificate serial:       018CC9BBEA67758BD1DECF02A19C61361F90
Authority key identifier: D8:28:4F:18:CD:44:60:4B:DD:6D:08:F4:D8:78:DC:61:45:6C:40:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ChPGM1EYEvdbQj02HjcYUVsQP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/FN9DCAJoPvjoqEggWi_3GH0axSk.roa
Signing time:             Tue 02 Jan 2024 10:33:04 +0000
ROA not before:           Tue 02 Jan 2024 10:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212804
IP address blocks:        46.252.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/2ChPGM1EYEvdbQj02HjcYUVsQP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/2ChPGM1EYEvdbQj02HjcYUVsQP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ChPGM1EYEvdbQj02HjcYUVsQP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:ea:67:75:8b:d1:de:cf:02:a1:9c:61:36:1f:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8284f18cd44604bdd6d08f4d878dc61456c40fd
        Validity
            Not Before: Jan  2 10:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14df430802683ef8e8a848205a2ff7187d1ac529
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:61:5c:1a:a5:4d:88:65:bd:c3:bb:0d:be:47:
                    4c:ba:1f:02:72:f9:9c:c7:e3:f1:67:72:42:dc:af:
                    c6:92:5f:34:a1:bd:ae:be:de:f8:b5:82:d1:6f:07:
                    1b:b3:d3:dc:e4:a6:27:2f:25:9d:65:6e:bb:b6:12:
                    f2:e9:a6:6c:ab:cc:da:44:72:63:81:b4:2d:17:8b:
                    87:65:0c:a8:ac:b2:a1:6e:54:59:c5:af:aa:65:dc:
                    cb:ca:1c:54:89:37:91:75:25:d8:36:33:36:57:ec:
                    65:4d:05:a6:99:70:91:7a:ba:18:c8:4a:89:9c:1d:
                    48:23:ed:82:d1:7b:0a:94:3e:c5:1f:c6:59:c0:4d:
                    6b:36:d1:20:0a:5e:92:78:bb:c4:95:4d:9f:ec:68:
                    08:56:ee:d2:6d:8c:3c:35:0b:6e:87:f4:b2:22:31:
                    a2:6e:df:1b:a2:59:db:6c:53:1b:85:60:e9:c3:a8:
                    86:71:ff:ed:6f:6e:c5:7d:00:b0:41:aa:fc:a7:6a:
                    19:70:6e:ed:0f:0f:83:45:74:71:2d:13:da:42:a3:
                    a8:d3:10:15:93:cd:d1:d1:1e:df:b4:02:44:69:33:
                    9e:37:3e:6c:f9:7b:0a:4e:ce:71:3a:53:b4:06:6c:
                    5c:07:c8:90:5f:5b:5b:a0:56:f7:f1:ca:57:ae:a7:
                    ea:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:DF:43:08:02:68:3E:F8:E8:A8:48:20:5A:2F:F7:18:7D:1A:C5:29
            X509v3 Authority Key Identifier:
                keyid:D8:28:4F:18:CD:44:60:4B:DD:6D:08:F4:D8:78:DC:61:45:6C:40:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ChPGM1EYEvdbQj02HjcYUVsQP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/FN9DCAJoPvjoqEggWi_3GH0axSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/2ChPGM1EYEvdbQj02HjcYUVsQP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.252.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:eb:ee:82:da:23:f0:78:9f:ff:bc:10:50:6d:da:de:33:1d:
         1b:dc:38:12:76:f2:8c:d2:f5:38:60:9c:6a:32:e9:b0:66:32:
         9f:73:c1:7e:cc:a0:44:8d:65:27:41:59:44:64:73:d0:e4:2a:
         04:22:12:27:6a:9b:14:a6:73:43:18:1a:34:ac:ea:97:1b:7b:
         6b:a8:e1:02:c3:23:60:4c:31:06:c7:ac:ca:0a:fa:eb:b2:2f:
         0a:f5:24:d5:89:e3:60:ab:1a:af:df:54:04:f6:7d:cd:7e:00:
         b8:25:9e:05:1d:d0:57:7d:1b:98:2c:62:e2:1e:ed:c4:59:dc:
         a8:88:46:0a:28:ca:35:b4:e7:78:86:f5:b3:44:c6:eb:a1:cc:
         cc:50:40:96:0c:e7:2c:75:94:61:45:6b:4b:19:53:d2:19:81:
         52:31:92:0f:e3:3b:af:00:6b:15:8e:27:71:fc:90:25:37:d6:
         8b:f7:42:fb:65:8d:7c:51:38:f3:c1:af:5d:ba:d3:e9:fc:84:
         dc:cf:b2:51:f0:f1:89:25:4a:bb:ed:e8:90:8c:2a:b6:e8:e6:
         30:66:c9:48:c1:7b:a1:4a:89:e6:29:06:f0:6a:e8:c8:0a:0b:
         60:e7:63:28:91:b1:e9:95:7c:11:a5:b3:ae:d0:d0:0b:d8:df:
         b1:0e:86:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu+pndYvR3s8CoZxhNh+QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4Mjg0ZjE4Y2Q0NDYwNGJkZDZkMDhmNGQ4NzhkYzYxNDU2
YzQwZmQwHhcNMjQwMTAyMTAzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGRmNDMwODAyNjgzZWY4ZThhODQ4MjA1YTJmZjcxODdkMWFjNTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWFcGqVNiGW9w7sNvkdMuh8Ccvmc
x+PxZ3JC3K/Gkl80ob2uvt74tYLRbwcbs9Pc5KYnLyWdZW67thLy6aZsq8zaRHJj
gbQtF4uHZQyorLKhblRZxa+qZdzLyhxUiTeRdSXYNjM2V+xlTQWmmXCReroYyEqJ
nB1II+2C0XsKlD7FH8ZZwE1rNtEgCl6SeLvElU2f7GgIVu7SbYw8NQtuh/SyIjGi
bt8bolnbbFMbhWDpw6iGcf/tb27FfQCwQar8p2oZcG7tDw+DRXRxLRPaQqOo0xAV
k83R0R7ftAJEaTOeNz5s+XsKTs5xOlO0BmxcB8iQX1tboFb38cpXrqfqtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBTfQwgCaD746KhIIFov9xh9GsUpMB8GA1UdIwQY
MBaAFNgoTxjNRGBL3W0I9Nh43GFFbED9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkNoUEdNMUVZRXZkYlFqMDJIamNZVVZzUVAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8yNjUyY2QtN2VjZi00OWU4LWE0Zjgt
Yzc4NjkxMjg1ODJjLzEvRk45RENBSm9QdmpvcUVnZ1dpXzNHSDBheFNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8yNjUyY2QtN2VjZi00OWU4LWE0ZjgtYzc4NjkxMjg1ODJj
LzEvMkNoUEdNMUVZRXZkYlFqMDJIamNZVVZzUVAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvwAMA0G
CSqGSIb3DQEBCwUAA4IBAQCB6+6C2iPweJ//vBBQbdreMx0b3DgSdvKM0vU4YJxq
MumwZjKfc8F+zKBEjWUnQVlEZHPQ5CoEIhInapsUpnNDGBo0rOqXG3trqOECwyNg
TDEGx6zKCvrrsi8K9STVieNgqxqv31QE9n3NfgC4JZ4FHdBXfRuYLGLiHu3EWdyo
iEYKKMo1tOd4hvWzRMbroczMUECWDOcsdZRhRWtLGVPSGYFSMZIP4zuvAGsVjidx
/JAlN9aL90L7ZY18UTjzwa9dutPp/ITcz7JR8PGJJUq77eiQjCq26OYwZslIwXuh
SonmKQbwaujICgtg52MokbHplXwRpbOu0NAL2N+xDob+
-----END CERTIFICATE-----