Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/2992da-60d9-442f-9331-7f1da6827447/1/fkb-wFSujNU3L7Tz3O_wi7H2n-Q.roa
File:                     fkb-wFSujNU3L7Tz3O_wi7H2n-Q.roa (raw, json)
Hash identifier:          +8vx8PaGwLUDNlX/mFuxb2e4aksK7V2DgTYg0GqQxFk=
Subject key identifier:   7E:46:FE:C0:54:AE:8C:D5:37:2F:B4:F3:DC:EF:F0:8B:B1:F6:9F:E4
Certificate issuer:       /CN=e39b1000e786b4fd6d61737790e4f3429892650e
Certificate serial:       018CC2DB273566EAFE91EFAFA755BAF0B88C
Authority key identifier: E3:9B:10:00:E7:86:B4:FD:6D:61:73:77:90:E4:F3:42:98:92:65:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/45sQAOeGtP1tYXN3kOTzQpiSZQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/2992da-60d9-442f-9331-7f1da6827447/1/fkb-wFSujNU3L7Tz3O_wi7H2n-Q.roa
Signing time:             Mon 01 Jan 2024 02:29:51 +0000
ROA not before:           Mon 01 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207728
IP address blocks:        62.204.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/2992da-60d9-442f-9331-7f1da6827447/1/45sQAOeGtP1tYXN3kOTzQpiSZQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/2992da-60d9-442f-9331-7f1da6827447/1/45sQAOeGtP1tYXN3kOTzQpiSZQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/45sQAOeGtP1tYXN3kOTzQpiSZQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:27:35:66:ea:fe:91:ef:af:a7:55:ba:f0:b8:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e39b1000e786b4fd6d61737790e4f3429892650e
        Validity
            Not Before: Jan  1 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e46fec054ae8cd5372fb4f3dceff08bb1f69fe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:9b:fe:61:b2:a8:a6:21:3b:49:84:e6:f7:b0:
                    fb:4e:f4:1f:b7:2c:d4:81:b0:f2:29:cc:38:ca:a0:
                    55:2e:c0:ea:b6:79:3f:4d:01:c6:ac:01:5c:ec:2e:
                    2a:7a:5e:29:45:28:4d:72:76:cf:86:08:0d:5d:7f:
                    71:e1:26:88:1a:13:95:8b:a7:eb:fd:54:8f:e2:0c:
                    4e:88:70:4c:27:1d:49:d2:ac:51:f0:ac:fa:59:01:
                    0b:8b:0a:08:39:e8:07:38:b9:77:37:12:28:4f:42:
                    81:d3:7c:53:a4:da:87:9f:cf:61:b3:c1:ac:16:26:
                    9e:e9:57:ec:12:92:7b:2a:68:01:c3:30:5e:b4:9e:
                    f5:54:49:b6:1e:bb:04:57:2b:ac:93:9b:28:09:56:
                    76:15:1a:87:a0:95:e9:5e:ee:4b:67:e6:bf:27:4f:
                    c2:12:6d:ae:19:fd:e4:ce:e6:ea:86:71:52:b0:b8:
                    6e:ac:b1:c2:6c:05:af:d3:b2:0a:50:86:ff:e3:45:
                    8d:fa:56:a9:b1:7f:71:b2:93:d2:b1:dd:d7:5a:7d:
                    b4:0c:9c:93:91:a4:f0:d0:28:d5:d2:b7:ef:13:29:
                    c1:f2:63:c8:ae:5e:63:52:39:ed:0f:be:13:4a:69:
                    a2:47:f6:fb:11:12:e5:f9:83:b3:75:aa:a1:6c:59:
                    39:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:46:FE:C0:54:AE:8C:D5:37:2F:B4:F3:DC:EF:F0:8B:B1:F6:9F:E4
            X509v3 Authority Key Identifier:
                keyid:E3:9B:10:00:E7:86:B4:FD:6D:61:73:77:90:E4:F3:42:98:92:65:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/45sQAOeGtP1tYXN3kOTzQpiSZQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/2992da-60d9-442f-9331-7f1da6827447/1/fkb-wFSujNU3L7Tz3O_wi7H2n-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/2992da-60d9-442f-9331-7f1da6827447/1/45sQAOeGtP1tYXN3kOTzQpiSZQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.204.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:df:ec:9c:c4:49:69:18:9e:08:e1:13:1d:97:43:6c:88:6f:
         5e:28:b4:65:4e:17:12:22:19:d4:93:3f:57:93:c9:85:3d:fa:
         7a:61:47:e2:1b:4a:0c:7a:1e:0e:70:08:17:a1:0b:3f:d0:4a:
         21:11:13:99:57:81:9a:aa:15:c8:ff:15:d4:ba:9e:1a:9a:24:
         5f:6f:a8:36:a5:28:c5:58:3f:f1:03:e2:89:bf:8c:3b:ba:0b:
         32:c3:d4:26:d7:b8:ae:d1:91:10:f9:6d:7a:7e:aa:5c:e3:f4:
         7d:82:b6:d9:92:0c:30:9f:7c:0a:29:3b:85:f6:72:db:18:4d:
         eb:36:90:2f:99:2b:a0:94:b3:f4:1a:f7:c5:1d:de:fa:8b:72:
         18:4d:fd:83:a9:bf:5c:2f:de:ce:d9:fe:ff:25:3a:a0:2b:f2:
         7e:7e:6c:73:b9:e6:73:09:00:0d:ae:86:7b:db:53:fc:f6:91:
         fc:15:12:f3:e3:51:c8:59:83:98:c3:59:32:42:6d:b1:94:d9:
         bc:0f:4d:04:37:19:af:40:2e:8d:61:84:5b:24:86:7c:f5:da:
         51:7e:65:54:b5:14:13:a2:6e:28:96:99:67:bf:ed:b1:b9:18:
         1a:3b:5c:4e:01:2c:df:dd:df:76:c5:8b:06:2a:d4:d5:3b:73:
         41:39:9e:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yc1Zur+ke+vp1W68LiMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzOWIxMDAwZTc4NmI0ZmQ2ZDYxNzM3NzkwZTRmMzQyOTg5
MjY1MGUwHhcNMjQwMTAxMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTQ2ZmVjMDU0YWU4Y2Q1MzcyZmI0ZjNkY2VmZjA4YmIxZjY5ZmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5v+YbKopiE7SYTm97D7TvQftyzU
gbDyKcw4yqBVLsDqtnk/TQHGrAFc7C4qel4pRShNcnbPhggNXX9x4SaIGhOVi6fr
/VSP4gxOiHBMJx1J0qxR8Kz6WQELiwoIOegHOLl3NxIoT0KB03xTpNqHn89hs8Gs
Fiae6VfsEpJ7KmgBwzBetJ71VEm2HrsEVyusk5soCVZ2FRqHoJXpXu5LZ+a/J0/C
Em2uGf3kzubqhnFSsLhurLHCbAWv07IKUIb/40WN+lapsX9xspPSsd3XWn20DJyT
kaTw0CjV0rfvEynB8mPIrl5jUjntD74TSmmiR/b7ERLl+YOzdaqhbFk5+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH5G/sBUrozVNy+089zv8Iux9p/kMB8GA1UdIwQY
MBaAFOObEADnhrT9bWFzd5Dk80KYkmUOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDVzUUFPZUd0UDF0WVhOM2tPVHpRcGlTWlE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8yOTkyZGEtNjBkOS00NDJmLTkzMzEt
N2YxZGE2ODI3NDQ3LzEvZmtiLXdGU3VqTlUzTDdUejNPX3dpN0gybi1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8yOTkyZGEtNjBkOS00NDJmLTkzMzEtN2YxZGE2ODI3NDQ3
LzEvNDVzUUFPZUd0UDF0WVhOM2tPVHpRcGlTWlE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPswqMA0G
CSqGSIb3DQEBCwUAA4IBAQCs3+ycxElpGJ4I4RMdl0NsiG9eKLRlThcSIhnUkz9X
k8mFPfp6YUfiG0oMeh4OcAgXoQs/0EohEROZV4GaqhXI/xXUup4amiRfb6g2pSjF
WD/xA+KJv4w7ugsyw9Qm17iu0ZEQ+W16fqpc4/R9grbZkgwwn3wKKTuF9nLbGE3r
NpAvmSuglLP0GvfFHd76i3IYTf2Dqb9cL97O2f7/JTqgK/J+fmxzueZzCQANroZ7
21P89pH8FRLz41HIWYOYw1kyQm2xlNm8D00ENxmvQC6NYYRbJIZ89dpRfmVUtRQT
om4olplnv+2xuRgaO1xOASzf3d92xYsGKtTVO3NBOZ7A
-----END CERTIFICATE-----