Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/288628-2039-4085-a006-060cd9c92f26/1/Ff1G9MilPj8ozY9WJHDbOtrVVI4.roa
File:                     Ff1G9MilPj8ozY9WJHDbOtrVVI4.roa (raw, json)
Hash identifier:          w1ZP2h7qMTEGF7kMnSSpSQKltF7Ag0yH3ScrJID/PoE=
Subject key identifier:   15:FD:46:F4:C8:A5:3E:3F:28:CD:8F:56:24:70:DB:3A:DA:D5:54:8E
Certificate issuer:       /CN=fecf282821da575f68917647cf3e1898f9d0a62a
Certificate serial:       018CC26CFCB8E503E190B28FDABDC03644AA
Authority key identifier: FE:CF:28:28:21:DA:57:5F:68:91:76:47:CF:3E:18:98:F9:D0:A6:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_s8oKCHaV19okXZHzz4YmPnQpio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/288628-2039-4085-a006-060cd9c92f26/1/Ff1G9MilPj8ozY9WJHDbOtrVVI4.roa
Signing time:             Mon 01 Jan 2024 00:29:31 +0000
ROA not before:           Mon 01 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59560
IP address blocks:        176.116.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/288628-2039-4085-a006-060cd9c92f26/1/_s8oKCHaV19okXZHzz4YmPnQpio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/288628-2039-4085-a006-060cd9c92f26/1/_s8oKCHaV19okXZHzz4YmPnQpio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_s8oKCHaV19okXZHzz4YmPnQpio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:fc:b8:e5:03:e1:90:b2:8f:da:bd:c0:36:44:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fecf282821da575f68917647cf3e1898f9d0a62a
        Validity
            Not Before: Jan  1 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15fd46f4c8a53e3f28cd8f562470db3adad5548e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a6:c2:39:2b:de:ff:af:3b:c6:ca:48:0a:4e:
                    f6:6f:43:54:8c:66:8b:41:25:bb:45:de:3f:e3:35:
                    81:20:5c:72:53:20:14:83:d7:81:4f:6e:66:c3:3c:
                    52:45:ad:fc:98:10:53:76:24:a9:3b:5c:1b:3e:48:
                    52:43:a6:75:81:5c:04:a1:b5:1a:9a:84:ee:f9:25:
                    e5:38:a7:2f:a0:3c:83:fa:41:de:a5:bd:b0:ca:0e:
                    0f:47:81:91:ff:ce:56:87:d2:ba:1a:9a:21:6e:47:
                    4b:9e:c0:c0:84:58:88:3d:9d:ff:e6:e5:68:72:29:
                    ca:fa:97:50:9a:81:ec:21:d8:9a:62:23:cd:dd:2d:
                    85:a1:4c:df:af:ac:2a:89:99:81:15:f7:50:95:1f:
                    93:38:3a:d8:77:0c:39:c1:70:ac:8d:ad:2a:92:c4:
                    a3:92:d1:27:ac:1b:16:9d:14:50:d1:68:90:77:85:
                    49:65:c1:a4:4b:01:5b:e6:4f:6b:8d:6d:c1:47:4f:
                    5d:f3:0c:6a:12:15:30:50:af:a8:7b:e9:75:b8:b6:
                    14:79:9a:41:6d:85:70:43:f2:6f:7e:20:fa:8f:1a:
                    1d:9a:c0:1e:6b:07:19:d5:5b:fc:cc:d3:91:3e:69:
                    be:1b:b7:58:0e:5e:db:a5:64:4c:38:0d:d1:48:20:
                    45:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:FD:46:F4:C8:A5:3E:3F:28:CD:8F:56:24:70:DB:3A:DA:D5:54:8E
            X509v3 Authority Key Identifier:
                keyid:FE:CF:28:28:21:DA:57:5F:68:91:76:47:CF:3E:18:98:F9:D0:A6:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_s8oKCHaV19okXZHzz4YmPnQpio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/288628-2039-4085-a006-060cd9c92f26/1/Ff1G9MilPj8ozY9WJHDbOtrVVI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/288628-2039-4085-a006-060cd9c92f26/1/_s8oKCHaV19okXZHzz4YmPnQpio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:4c:0b:18:76:ef:39:84:b4:f4:eb:ce:3f:29:e3:19:40:03:
         91:14:0a:b9:c9:bc:f1:83:d6:91:0d:d7:9d:c4:d1:dd:4d:0f:
         43:50:76:e4:4d:a2:3a:cc:3b:c5:74:a5:2a:9b:5a:bb:b2:d5:
         7a:6f:96:91:6d:b6:a2:2b:6e:9a:a6:8b:0e:c8:40:88:03:7e:
         c8:3d:86:ab:53:6e:90:e2:c9:10:10:5f:c6:fa:ba:ad:9c:2f:
         08:09:7c:38:ee:8d:29:94:72:94:15:2b:4e:31:81:ac:93:ab:
         f7:8a:b4:52:33:77:48:71:a4:89:57:60:6a:d1:c1:f2:14:c3:
         ab:b1:e3:9b:f1:80:7a:80:89:cf:ca:1d:14:50:b7:4d:90:9e:
         5b:c2:af:0f:6a:4a:91:81:9f:eb:22:b2:ff:7f:37:f2:38:0b:
         47:cc:c7:b9:9b:56:fd:99:d7:37:53:fe:b1:75:f5:0b:4d:78:
         62:b0:a3:58:98:ef:fc:67:db:05:0b:69:f1:2b:3b:f1:48:b8:
         d7:67:03:a9:37:de:09:c1:45:43:4b:2e:04:55:af:40:ef:bb:
         0c:c9:a4:48:ef:fb:6b:24:5b:93:d6:a2:1d:67:66:b6:23:1d:
         57:66:25:7e:77:d2:6b:ab:48:9b:32:8f:57:c4:5a:a5:a6:be:
         9e:e1:64:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPy45QPhkLKP2r3ANkSqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlY2YyODI4MjFkYTU3NWY2ODkxNzY0N2NmM2UxODk4Zjlk
MGE2MmEwHhcNMjQwMTAxMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWZkNDZmNGM4YTUzZTNmMjhjZDhmNTYyNDcwZGIzYWRhZDU1NDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqbCOSve/687xspICk72b0NUjGaL
QSW7Rd4/4zWBIFxyUyAUg9eBT25mwzxSRa38mBBTdiSpO1wbPkhSQ6Z1gVwEobUa
moTu+SXlOKcvoDyD+kHepb2wyg4PR4GR/85Wh9K6GpohbkdLnsDAhFiIPZ3/5uVo
cinK+pdQmoHsIdiaYiPN3S2FoUzfr6wqiZmBFfdQlR+TODrYdww5wXCsja0qksSj
ktEnrBsWnRRQ0WiQd4VJZcGkSwFb5k9rjW3BR09d8wxqEhUwUK+oe+l1uLYUeZpB
bYVwQ/JvfiD6jxodmsAeawcZ1Vv8zNORPmm+G7dYDl7bpWRMOA3RSCBFOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBX9RvTIpT4/KM2PViRw2zra1VSOMB8GA1UdIwQY
MBaAFP7PKCgh2ldfaJF2R88+GJj50KYqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3M4b0tDSGFWMTlva1haSHp6NFltUG5RcGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8yODg2MjgtMjAzOS00MDg1LWEwMDYt
MDYwY2Q5YzkyZjI2LzEvRmYxRzlNaWxQajhvelk5V0pIRGJPdHJWVkk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8yODg2MjgtMjAzOS00MDg1LWEwMDYtMDYwY2Q5YzkyZjI2
LzEvX3M4b0tDSGFWMTlva1haSHp6NFltUG5RcGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHSRMA0G
CSqGSIb3DQEBCwUAA4IBAQCrTAsYdu85hLT0684/KeMZQAORFAq5ybzxg9aRDded
xNHdTQ9DUHbkTaI6zDvFdKUqm1q7stV6b5aRbbaiK26aposOyECIA37IPYarU26Q
4skQEF/G+rqtnC8ICXw47o0plHKUFStOMYGsk6v3irRSM3dIcaSJV2Bq0cHyFMOr
seOb8YB6gInPyh0UULdNkJ5bwq8PakqRgZ/rIrL/fzfyOAtHzMe5m1b9mdc3U/6x
dfULTXhisKNYmO/8Z9sFC2nxKzvxSLjXZwOpN94JwUVDSy4EVa9A77sMyaRI7/tr
JFuT1qIdZ2a2Ix1XZiV+d9Jrq0ibMo9XxFqlpr6e4WTX
-----END CERTIFICATE-----