Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/FWK6GacTYWZAAypx3VLHoOT4SrU.roa
File:                     FWK6GacTYWZAAypx3VLHoOT4SrU.roa (raw, json)
Hash identifier:          Rw8/APAHfJW04tiDKNKlJC3jGvuHtJ1BJG8n3Lsx0Fc=
Subject key identifier:   15:62:BA:19:A7:13:61:66:40:03:2A:71:DD:52:C7:A0:E4:F8:4A:B5
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       018E5FF1C96CD79B38D9F0E797418FEB200E
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/FWK6GacTYWZAAypx3VLHoOT4SrU.roa
Signing time:             Thu 21 Mar 2024 07:37:45 +0000
ROA not before:           Thu 21 Mar 2024 07:37:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        194.4.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5f:f1:c9:6c:d7:9b:38:d9:f0:e7:97:41:8f:eb:20:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: Mar 21 07:37:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1562ba19a713616640032a71dd52c7a0e4f84ab5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:de:09:36:e0:05:e9:1d:b3:d0:85:54:ce:c4:
                    0b:b8:0a:54:bc:83:f6:70:64:50:d8:35:5f:05:c5:
                    d0:1f:e8:87:09:cf:30:f1:b2:63:81:4d:e5:60:43:
                    78:09:f8:80:68:14:e1:11:8a:21:2b:db:6f:2a:9c:
                    68:ac:26:0c:66:21:20:b4:86:c5:3f:d4:4e:e9:62:
                    d6:88:ef:3d:37:b3:2e:72:0f:b9:74:d5:7d:f7:5c:
                    ae:35:ca:a1:80:fb:6e:8f:72:f9:77:f2:93:73:34:
                    6a:98:e6:64:53:94:92:e9:55:a6:27:f7:6c:f2:3d:
                    83:82:f7:ad:b0:85:53:cb:a4:9f:a7:ec:ce:e4:e5:
                    56:84:95:e3:2f:83:3a:6a:08:2c:5d:67:cc:81:84:
                    07:19:3e:f9:61:a8:be:eb:73:18:60:be:06:af:07:
                    d1:db:b3:e1:7b:9c:4a:45:0e:99:2d:6a:18:b7:60:
                    e4:d0:01:97:a4:ec:d8:42:8e:42:76:a6:f1:2f:1c:
                    9e:e3:7b:c8:4a:87:d3:c2:d9:1e:45:f0:73:df:43:
                    b3:09:eb:50:34:e3:1e:d2:fa:d7:89:06:c1:84:95:
                    79:5a:96:7f:c1:2a:de:ff:7f:87:3f:77:68:c9:2e:
                    37:91:09:85:25:a1:5c:84:95:e3:95:07:e9:fb:35:
                    4e:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:62:BA:19:A7:13:61:66:40:03:2A:71:DD:52:C7:A0:E4:F8:4A:B5
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/FWK6GacTYWZAAypx3VLHoOT4SrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.4.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:ab:b8:b6:06:09:72:fe:ac:bd:f1:54:6b:54:bf:a5:09:e7:
         00:1a:51:6f:78:a6:00:e0:ab:20:52:31:11:dc:02:95:ed:8e:
         e1:91:6b:ee:49:40:22:58:03:2c:61:67:16:5d:bb:b4:7e:7f:
         b4:5f:2c:d9:d2:f1:37:4b:47:31:35:76:8d:66:81:f7:f6:ce:
         9a:13:c8:76:6f:e9:fe:c6:f3:10:81:3f:28:24:17:0f:fc:93:
         0a:11:73:0b:04:32:fd:2d:94:ed:17:e3:13:13:fd:6b:3b:b4:
         84:24:21:d0:b1:9d:51:82:1d:72:2b:f8:a0:68:21:5b:24:5d:
         67:ba:6e:0b:5f:84:03:64:ad:d7:ef:b3:77:8c:e5:24:a2:08:
         4d:41:54:6a:bc:28:b8:a9:88:02:3b:1d:7a:8c:44:ea:80:bd:
         ba:72:29:47:d3:67:f1:44:0e:35:48:b2:df:1a:24:62:aa:3e:
         5e:0c:fe:57:f4:0c:b7:c3:53:ff:8b:d4:fb:d1:ba:7d:83:23:
         7f:60:6c:97:56:53:05:de:3b:1f:30:e7:8f:3b:95:b3:9e:7d:
         d8:72:aa:21:8f:af:23:62:b8:b2:db:53:b1:39:f6:cb:a5:97:
         7e:65:52:b2:2a:31:50:dc:20:32:55:a8:e3:b0:d3:90:41:e6:
         1b:1e:14:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5f8cls15s42fDnl0GP6yAOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjQwMzIxMDczNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTYyYmExOWE3MTM2MTY2NDAwMzJhNzFkZDUyYzdhMGU0Zjg0YWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgd4JNuAF6R2z0IVUzsQLuApUvIP2
cGRQ2DVfBcXQH+iHCc8w8bJjgU3lYEN4CfiAaBThEYohK9tvKpxorCYMZiEgtIbF
P9RO6WLWiO89N7Mucg+5dNV991yuNcqhgPtuj3L5d/KTczRqmOZkU5SS6VWmJ/ds
8j2DgvetsIVTy6Sfp+zO5OVWhJXjL4M6aggsXWfMgYQHGT75Yai+63MYYL4GrwfR
27Phe5xKRQ6ZLWoYt2Dk0AGXpOzYQo5CdqbxLxye43vISofTwtkeRfBz30OzCetQ
NOMe0vrXiQbBhJV5WpZ/wSre/3+HP3doyS43kQmFJaFchJXjlQfp+zVOCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBViuhmnE2FmQAMqcd1Sx6Dk+Eq1MB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEvRldLNkdhY1RZV1pBQXlweDNWTEhvT1Q0U3JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2QtOTcyNDNlMzE2Mjcy
LzEvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgQ0MA0G
CSqGSIb3DQEBCwUAA4IBAQBMq7i2Bgly/qy98VRrVL+lCecAGlFveKYA4KsgUjER
3AKV7Y7hkWvuSUAiWAMsYWcWXbu0fn+0XyzZ0vE3S0cxNXaNZoH39s6aE8h2b+n+
xvMQgT8oJBcP/JMKEXMLBDL9LZTtF+MTE/1rO7SEJCHQsZ1Rgh1yK/igaCFbJF1n
um4LX4QDZK3X77N3jOUkoghNQVRqvCi4qYgCOx16jETqgL26cilH02fxRA41SLLf
GiRiqj5eDP5X9Ay3w1P/i9T70bp9gyN/YGyXVlMF3jsfMOePO5Wznn3Ycqohj68j
Yriy21OxOfbLpZd+ZVKyKjFQ3CAyVajjsNOQQeYbHhRK
-----END CERTIFICATE-----