Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/FPEUJ4Xp10_2M2pN38tI-Gm6p4U.roa
File:                     FPEUJ4Xp10_2M2pN38tI-Gm6p4U.roa (raw, json)
Hash identifier:          6g98dSodFnb2M9rRdyhQ+HwfjRvC0dwrS/bv95B/354=
Subject key identifier:   14:F1:14:27:85:E9:D7:4F:F6:33:6A:4D:DF:CB:48:F8:69:BA:A7:85
Certificate issuer:       /CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
Certificate serial:       018CC492C3F007B443FFA11339350F136A5D
Authority key identifier: 55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/FPEUJ4Xp10_2M2pN38tI-Gm6p4U.roa
Signing time:             Mon 01 Jan 2024 10:30:01 +0000
ROA not before:           Mon 01 Jan 2024 10:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198228
IP address blocks:        46.253.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:c3:f0:07:b4:43:ff:a1:13:39:35:0f:13:6a:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
        Validity
            Not Before: Jan  1 10:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14f1142785e9d74ff6336a4ddfcb48f869baa785
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:33:c8:a5:a3:ec:aa:13:49:34:0b:95:92:f0:
                    6f:45:c5:32:3b:c4:27:4a:ad:35:3a:a8:26:06:2b:
                    07:2f:ce:8a:e5:30:ae:ab:cc:5f:43:78:3b:8b:a1:
                    24:02:e5:72:5b:a2:48:2f:f9:26:fb:6b:68:40:82:
                    89:56:a6:38:ef:19:10:b5:35:13:93:02:ac:56:07:
                    31:58:6e:f2:c0:8b:5f:ac:3d:b5:71:4f:58:bf:0e:
                    98:16:4c:1e:2e:87:e9:83:c3:19:51:e7:61:a2:19:
                    72:d2:e3:f8:f4:0b:ad:98:28:07:ba:57:25:cc:86:
                    6d:a6:3a:ba:7a:36:a9:55:8d:dd:fb:f0:6f:91:d6:
                    27:68:c2:d6:7d:69:c3:6b:c4:07:23:67:18:3f:d5:
                    1e:6b:52:a3:8a:36:c3:f3:2d:9c:7a:02:0e:f5:e0:
                    f7:6d:ad:9a:f8:d0:96:34:87:ad:35:da:db:1e:42:
                    9e:39:22:96:43:12:83:76:e8:4c:d8:b1:c1:c1:fa:
                    f2:65:12:9d:71:b4:04:12:5b:90:de:76:d3:11:e2:
                    0c:06:86:ad:85:78:76:b3:6e:01:10:fc:8c:ad:4a:
                    44:53:7a:1d:1f:ee:47:a5:67:ee:34:96:a8:6c:5e:
                    84:41:38:39:64:af:99:50:6f:a6:fb:50:81:00:59:
                    ae:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:F1:14:27:85:E9:D7:4F:F6:33:6A:4D:DF:CB:48:F8:69:BA:A7:85
            X509v3 Authority Key Identifier:
                keyid:55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/FPEUJ4Xp10_2M2pN38tI-Gm6p4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:a4:fe:5c:b1:a0:05:61:7d:49:6e:d5:96:5f:54:72:c4:06:
         b9:85:3b:21:67:53:3d:bc:84:8c:c0:7b:3f:69:f6:6c:70:2f:
         ef:eb:eb:c6:03:d8:21:93:7d:d4:1a:ac:39:ad:69:ee:a6:6e:
         28:72:5c:0a:3c:5f:26:97:88:34:29:74:10:60:24:ca:e2:6c:
         04:84:db:63:9f:06:90:39:10:a4:35:47:14:31:d8:53:5b:35:
         59:27:85:1a:45:b1:10:35:5a:94:1f:a0:22:50:82:6d:f8:fe:
         9d:0b:72:6f:95:8f:3e:9c:5f:42:a6:72:42:ec:7f:36:00:15:
         99:b9:cb:6b:0e:e8:4a:8d:84:ef:50:c3:9f:4c:e3:0a:ab:4e:
         00:4f:9e:33:80:76:cc:04:98:02:21:7b:36:85:0a:44:60:90:
         9f:92:54:14:41:dc:6b:43:ec:a8:e2:10:32:8a:de:6e:b0:ae:
         e8:5e:f9:0a:26:ba:65:de:91:d5:a5:ec:95:ce:c6:97:03:83:
         7f:ae:86:eb:c9:91:ee:10:c6:42:65:12:63:3d:1c:0e:08:05:
         9f:6f:5d:9a:93:c7:cc:43:f3:6b:22:77:b3:8f:95:21:a7:0b:
         4d:1e:9f:7d:6c:b5:a0:44:cf:4f:20:0b:fc:06:9c:be:ab:f2:
         d3:e2:5e:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEksPwB7RD/6ETOTUPE2pdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1N2IwYWMxMGI4NjQyYTI3ZGQzZDc0ZWQ2Y2I1ZWUwNDVl
NjdiOTcwHhcNMjQwMTAxMTAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGYxMTQyNzg1ZTlkNzRmZjYzMzZhNGRkZmNiNDhmODY5YmFhNzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDPIpaPsqhNJNAuVkvBvRcUyO8Qn
Sq01OqgmBisHL86K5TCuq8xfQ3g7i6EkAuVyW6JIL/km+2toQIKJVqY47xkQtTUT
kwKsVgcxWG7ywItfrD21cU9Yvw6YFkweLofpg8MZUedhohly0uP49AutmCgHulcl
zIZtpjq6ejapVY3d+/BvkdYnaMLWfWnDa8QHI2cYP9Uea1KjijbD8y2cegIO9eD3
ba2a+NCWNIetNdrbHkKeOSKWQxKDduhM2LHBwfryZRKdcbQEEluQ3nbTEeIMBoat
hXh2s24BEPyMrUpEU3odH+5HpWfuNJaobF6EQTg5ZK+ZUG+m+1CBAFmunwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBTxFCeF6ddP9jNqTd/LSPhpuqeFMB8GA1UdIwQY
MBaAFFV7CsELhkKifdPXTtbLXuBF5nuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYt
ZmJlMWEwZDBhYTk4LzEvRlBFVUo0WHAxMF8yTTJwTjM4dEktR202cDRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYtZmJlMWEwZDBhYTk4
LzEvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALv0JMA0G
CSqGSIb3DQEBCwUAA4IBAQBgpP5csaAFYX1JbtWWX1RyxAa5hTshZ1M9vISMwHs/
afZscC/v6+vGA9ghk33UGqw5rWnupm4oclwKPF8ml4g0KXQQYCTK4mwEhNtjnwaQ
ORCkNUcUMdhTWzVZJ4UaRbEQNVqUH6AiUIJt+P6dC3JvlY8+nF9CpnJC7H82ABWZ
uctrDuhKjYTvUMOfTOMKq04AT54zgHbMBJgCIXs2hQpEYJCfklQUQdxrQ+yo4hAy
it5usK7oXvkKJrpl3pHVpeyVzsaXA4N/robryZHuEMZCZRJjPRwOCAWfb12ak8fM
Q/NrInezj5UhpwtNHp99bLWgRM9PIAv8Bpy+q/LT4l5V
-----END CERTIFICATE-----