Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/7b8513-f189-4330-b6f0-d0d258e4b435/1/fuN1qLInw_1_e_QquRSHZ0ascOA.roa
File:                     fuN1qLInw_1_e_QquRSHZ0ascOA.roa (raw, json)
Hash identifier:          3VvaTGpjXtArfpuF9qgxbTjol7ZOwY9TjQMif+aULNU=
Subject key identifier:   7E:E3:75:A8:B2:27:C3:FD:7F:7B:F4:2A:B9:14:87:67:46:AC:70:E0
Certificate issuer:       /CN=4bf3fb8ff8ddafda89db39705f78f6418efd1fed
Certificate serial:       018CC26D066661F2A8CDB8010C10E78AAB96
Authority key identifier: 4B:F3:FB:8F:F8:DD:AF:DA:89:DB:39:70:5F:78:F6:41:8E:FD:1F:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S_P7j_jdr9qJ2zlwX3j2QY79H-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/7b8513-f189-4330-b6f0-d0d258e4b435/1/fuN1qLInw_1_e_QquRSHZ0ascOA.roa
Signing time:             Mon 01 Jan 2024 00:29:34 +0000
ROA not before:           Mon 01 Jan 2024 00:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55497
IP address blocks:        5.42.160.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/7b8513-f189-4330-b6f0-d0d258e4b435/1/S_P7j_jdr9qJ2zlwX3j2QY79H-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/7b8513-f189-4330-b6f0-d0d258e4b435/1/S_P7j_jdr9qJ2zlwX3j2QY79H-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S_P7j_jdr9qJ2zlwX3j2QY79H-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:06:66:61:f2:a8:cd:b8:01:0c:10:e7:8a:ab:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4bf3fb8ff8ddafda89db39705f78f6418efd1fed
        Validity
            Not Before: Jan  1 00:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ee375a8b227c3fd7f7bf42ab914876746ac70e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:77:4f:6d:25:87:45:5e:f1:71:82:10:33:ae:
                    a8:df:a6:91:72:f0:cb:7d:0c:cd:52:1c:b7:10:c5:
                    2c:94:52:3f:6f:03:20:89:f9:7b:24:b3:c3:68:b3:
                    02:af:55:87:5d:dd:27:06:76:b1:92:45:c8:84:3f:
                    17:b8:3a:af:6c:48:99:db:8b:6c:9c:7b:2b:f0:55:
                    53:4e:7c:a0:68:bb:c2:c7:65:83:55:31:4c:9e:78:
                    06:86:7a:81:69:2b:96:46:2c:e8:4f:ba:f3:77:38:
                    52:e5:1a:a6:c9:1f:a2:cc:6b:14:c4:dc:9b:e7:7e:
                    96:64:c8:9b:81:49:74:7e:d6:bd:b8:73:99:fa:f3:
                    d4:07:fc:09:9d:2f:11:7e:84:69:86:fd:7a:e2:5f:
                    97:b5:08:5b:df:86:30:cb:a4:89:7c:24:86:f6:5b:
                    17:a4:25:97:a6:8a:8d:23:ef:4f:34:c0:1d:3d:30:
                    71:42:45:1f:f4:8b:26:2f:56:8c:e6:df:dd:49:57:
                    86:bf:24:61:b7:ce:a6:b1:f8:4b:3a:21:f3:48:b5:
                    a5:e1:9b:84:4b:f5:87:cb:86:da:61:51:99:05:a8:
                    41:4b:ae:cb:9c:5f:d4:7e:88:63:85:58:3e:69:e7:
                    20:c5:3a:9b:3d:f2:5c:7e:95:84:2a:44:a9:b6:36:
                    30:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:E3:75:A8:B2:27:C3:FD:7F:7B:F4:2A:B9:14:87:67:46:AC:70:E0
            X509v3 Authority Key Identifier:
                keyid:4B:F3:FB:8F:F8:DD:AF:DA:89:DB:39:70:5F:78:F6:41:8E:FD:1F:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S_P7j_jdr9qJ2zlwX3j2QY79H-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/7b8513-f189-4330-b6f0-d0d258e4b435/1/fuN1qLInw_1_e_QquRSHZ0ascOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/7b8513-f189-4330-b6f0-d0d258e4b435/1/S_P7j_jdr9qJ2zlwX3j2QY79H-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         30:dd:9c:9d:c4:f5:ef:fa:8b:5d:f0:35:45:67:81:ef:69:eb:
         99:d0:ff:ab:09:57:b7:a5:32:ca:9a:89:a2:b4:6e:80:91:65:
         4a:1c:43:a2:15:29:2a:9f:78:45:72:d8:5d:ba:40:09:1b:0f:
         41:cb:b1:f5:3f:3a:2b:01:8f:03:2e:55:72:d1:ce:72:a2:08:
         1d:b1:dd:0b:86:7a:1a:02:db:15:f8:a3:37:9c:c7:14:5a:11:
         46:ae:df:da:e9:96:93:5c:86:3e:5d:8c:3d:44:60:2f:7b:61:
         95:2b:3a:23:2b:42:61:4e:cb:e8:18:a9:5f:bb:fd:6c:4d:16:
         f6:c8:d4:62:fd:93:ba:aa:90:54:0e:db:b3:4c:69:1a:f7:44:
         05:f3:25:b6:29:c2:74:ea:80:60:1a:96:b9:9b:99:92:5f:89:
         18:cd:f3:f3:83:7d:34:c6:2c:93:c1:ef:55:2c:d1:f0:69:be:
         7d:a0:73:bb:58:1c:3f:a5:c5:20:cb:f2:77:5d:0a:e7:4b:ee:
         63:8a:6e:e9:16:57:46:96:7e:6b:19:5d:e2:1f:1f:32:64:36:
         a2:6f:25:a0:87:31:e1:e1:d9:f5:d8:19:15:60:1d:1e:b0:79:
         d3:53:2b:a2:b8:1b:a3:f3:1c:79:f5:c7:d2:10:29:29:0f:86:
         aa:0a:2c:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQZmYfKozbgBDBDniquWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZjNmYjhmZjhkZGFmZGE4OWRiMzk3MDVmNzhmNjQxOGVm
ZDFmZWQwHhcNMjQwMTAxMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWUzNzVhOGIyMjdjM2ZkN2Y3YmY0MmFiOTE0ODc2NzQ2YWM3MGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXdPbSWHRV7xcYIQM66o36aRcvDL
fQzNUhy3EMUslFI/bwMgifl7JLPDaLMCr1WHXd0nBnaxkkXIhD8XuDqvbEiZ24ts
nHsr8FVTTnygaLvCx2WDVTFMnngGhnqBaSuWRizoT7rzdzhS5RqmyR+izGsUxNyb
536WZMibgUl0fta9uHOZ+vPUB/wJnS8RfoRphv164l+XtQhb34Ywy6SJfCSG9lsX
pCWXpoqNI+9PNMAdPTBxQkUf9IsmL1aM5t/dSVeGvyRht86msfhLOiHzSLWl4ZuE
S/WHy4baYVGZBahBS67LnF/UfohjhVg+aecgxTqbPfJcfpWEKkSptjYwXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7jdaiyJ8P9f3v0KrkUh2dGrHDgMB8GA1UdIwQY
MBaAFEvz+4/43a/aids5cF949kGO/R/tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU19QN2pfamRyOXFKMnpsd1gzajJRWTc5SC0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS83Yjg1MTMtZjE4OS00MzMwLWI2ZjAt
ZDBkMjU4ZTRiNDM1LzEvZnVOMXFMSW53XzFfZV9RcXVSU0haMGFzY09BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS83Yjg1MTMtZjE4OS00MzMwLWI2ZjAtZDBkMjU4ZTRiNDM1
LzEvU19QN2pfamRyOXFKMnpsd1gzajJRWTc5SC0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBSqgMA0G
CSqGSIb3DQEBCwUAA4IBAQAw3ZydxPXv+otd8DVFZ4HvaeuZ0P+rCVe3pTLKmomi
tG6AkWVKHEOiFSkqn3hFcthdukAJGw9By7H1PzorAY8DLlVy0c5yoggdsd0Lhnoa
AtsV+KM3nMcUWhFGrt/a6ZaTXIY+XYw9RGAve2GVKzojK0JhTsvoGKlfu/1sTRb2
yNRi/ZO6qpBUDtuzTGka90QF8yW2KcJ06oBgGpa5m5mSX4kYzfPzg300xiyTwe9V
LNHwab59oHO7WBw/pcUgy/J3XQrnS+5jim7pFldGln5rGV3iHx8yZDaibyWghzHh
4dn12BkVYB0esHnTUyuiuBuj8xx59cfSECkpD4aqCiwO
-----END CERTIFICATE-----