Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Fjk81T57G-ww0FsWYON5MwE-8Wo.roa
File:                     Fjk81T57G-ww0FsWYON5MwE-8Wo.roa (raw, json)
Hash identifier:          yNUze4tYcRwAhbcLMbeWD0qnMhc52kbvUJ6J5C6acf8=
Subject key identifier:   16:39:3C:D5:3E:7B:1B:EC:30:D0:5B:16:60:E3:79:33:01:3E:F1:6A
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       0191A3BBD99B2703EBFF1C9F77DE6E67DABD
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Fjk81T57G-ww0FsWYON5MwE-8Wo.roa
Signing time:             Fri 30 Aug 2024 14:41:22 +0000
ROA not before:           Fri 30 Aug 2024 14:41:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     11426
IP address blocks:        62.72.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a3:bb:d9:9b:27:03:eb:ff:1c:9f:77:de:6e:67:da:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Aug 30 14:41:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16393cd53e7b1bec30d05b1660e37933013ef16a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:c8:78:8a:38:ba:c7:5a:ae:ae:9a:6d:d1:32:
                    c3:fb:3d:15:94:0e:b3:89:3b:44:51:36:10:f0:36:
                    da:e5:ab:f4:c8:4f:86:e5:9a:05:dd:08:5d:68:35:
                    58:08:bb:7e:60:b6:df:8b:0a:6d:42:57:f0:4b:e2:
                    da:20:bc:ff:65:14:00:87:96:8f:19:1b:15:66:20:
                    d6:f4:43:7b:c3:2a:82:e9:25:c1:78:8a:5a:e0:95:
                    fd:7f:66:5c:9d:37:28:c6:3b:59:62:49:b3:ff:3e:
                    de:7f:0e:9c:0b:5d:e4:f9:d8:e5:90:5b:60:0e:bc:
                    5c:56:5c:ac:11:66:fd:35:46:6e:5b:c4:66:bf:6d:
                    77:7a:b1:81:e2:2d:1b:ac:95:df:4d:fc:f0:c3:b3:
                    9e:41:1d:2b:32:9c:c8:9e:2e:a3:ae:f9:37:5e:6a:
                    12:26:81:f0:c1:07:b9:c1:24:a7:f3:00:d0:72:6b:
                    2e:36:56:5e:8f:c4:96:40:03:b2:6e:77:03:19:81:
                    b2:86:51:62:c0:9e:d4:4e:05:10:d8:40:2c:74:68:
                    2c:23:9a:b8:14:73:3c:31:31:aa:d6:2e:b0:2e:80:
                    2b:2a:16:f9:06:64:09:2c:c4:a6:d1:5c:df:40:c1:
                    c4:d1:8c:9b:13:56:63:26:1e:83:40:74:1c:ac:d9:
                    31:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:39:3C:D5:3E:7B:1B:EC:30:D0:5B:16:60:E3:79:33:01:3E:F1:6A
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Fjk81T57G-ww0FsWYON5MwE-8Wo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:07:ce:af:b1:07:96:8f:4b:30:1a:4e:23:23:b1:87:54:40:
         f0:47:65:91:57:ce:9f:04:43:75:dc:b0:f9:1d:c2:96:7f:3e:
         0e:b1:4c:21:47:59:5f:ca:c2:c5:f3:2e:50:12:fc:20:17:2b:
         54:3b:d2:b4:1d:b0:95:ac:eb:a6:78:77:63:13:32:b3:50:87:
         a9:f5:6a:b8:5d:57:02:34:a7:34:3e:5b:0e:39:3d:09:43:00:
         94:c2:5e:ae:a4:69:21:78:bc:ae:1b:b1:95:f5:aa:1c:a3:27:
         b0:1b:f6:2b:5f:68:a7:ae:76:21:62:ef:1c:c5:a3:9d:25:c9:
         a1:49:b3:c9:6a:2a:04:c9:59:9b:b5:9a:54:17:09:0e:98:55:
         c9:c2:fe:27:a8:de:b8:84:18:bb:41:45:b6:e7:cb:2d:88:52:
         7d:b4:71:01:f0:81:5c:ef:c6:77:d9:29:81:f2:f3:62:54:91:
         c0:fb:50:30:bb:3f:d1:7c:eb:a0:f7:fa:b8:5f:99:cb:cc:61:
         02:23:76:5c:93:be:5f:26:62:fd:90:0e:85:7f:11:e3:51:2f:
         11:f1:bb:90:d4:62:24:b1:b1:de:89:34:92:9e:99:63:e0:95:
         7f:df:53:9d:59:92:d0:a9:97:f7:5d:99:20:86:b1:63:ae:e4:
         ab:88:8e:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGju9mbJwPr/xyfd95uZ9q9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwODMwMTQ0MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjM5M2NkNTNlN2IxYmVjMzBkMDViMTY2MGUzNzkzMzAxM2VmMTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhch4iji6x1qurppt0TLD+z0VlA6z
iTtEUTYQ8Dba5av0yE+G5ZoF3QhdaDVYCLt+YLbfiwptQlfwS+LaILz/ZRQAh5aP
GRsVZiDW9EN7wyqC6SXBeIpa4JX9f2ZcnTcoxjtZYkmz/z7efw6cC13k+djlkFtg
DrxcVlysEWb9NUZuW8Rmv213erGB4i0brJXfTfzww7OeQR0rMpzIni6jrvk3XmoS
JoHwwQe5wSSn8wDQcmsuNlZej8SWQAOybncDGYGyhlFiwJ7UTgUQ2EAsdGgsI5q4
FHM8MTGq1i6wLoArKhb5BmQJLMSm0VzfQMHE0YybE1ZjJh6DQHQcrNkxOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBY5PNU+exvsMNBbFmDjeTMBPvFqMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvRmprODFUNTdHLXd3MEZzV1lPTjVNd0UtOFdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkikMA0G
CSqGSIb3DQEBCwUAA4IBAQCEB86vsQeWj0swGk4jI7GHVEDwR2WRV86fBEN13LD5
HcKWfz4OsUwhR1lfysLF8y5QEvwgFytUO9K0HbCVrOumeHdjEzKzUIep9Wq4XVcC
NKc0PlsOOT0JQwCUwl6upGkheLyuG7GV9aocoyewG/YrX2inrnYhYu8cxaOdJcmh
SbPJaioEyVmbtZpUFwkOmFXJwv4nqN64hBi7QUW258stiFJ9tHEB8IFc78Z32SmB
8vNiVJHA+1Awuz/RfOug9/q4X5nLzGECI3Zck75fJmL9kA6FfxHjUS8R8buQ1GIk
sbHeiTSSnplj4JV/31OdWZLQqZf3XZkghrFjruSriI5u
-----END CERTIFICATE-----