Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/7fafdb-f74a-4ba1-9702-0fd02c44253b/1/Fb1_2J_PP8F-EuZrs1l7M5rEixk.roa
File:                     Fb1_2J_PP8F-EuZrs1l7M5rEixk.roa (raw, json)
Hash identifier:          3nXZbULoHRx+TrovrtZAVZukJHnysc5z+EWQpKrFlws=
Subject key identifier:   15:BD:7F:D8:9F:CF:3F:C1:7E:12:E6:6B:B3:59:7B:33:9A:C4:8B:19
Certificate issuer:       /CN=aa57e0eb4a4506a19ab2eff989a67d559b98cc1a
Certificate serial:       018CC492B411C95BA012C87667691BAB02C0
Authority key identifier: AA:57:E0:EB:4A:45:06:A1:9A:B2:EF:F9:89:A6:7D:55:9B:98:CC:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qlfg60pFBqGasu_5iaZ9VZuYzBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/7fafdb-f74a-4ba1-9702-0fd02c44253b/1/Fb1_2J_PP8F-EuZrs1l7M5rEixk.roa
Signing time:             Mon 01 Jan 2024 10:29:57 +0000
ROA not before:           Mon 01 Jan 2024 10:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2852
IP address blocks:        147.230.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/7fafdb-f74a-4ba1-9702-0fd02c44253b/1/qlfg60pFBqGasu_5iaZ9VZuYzBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/7fafdb-f74a-4ba1-9702-0fd02c44253b/1/qlfg60pFBqGasu_5iaZ9VZuYzBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qlfg60pFBqGasu_5iaZ9VZuYzBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:b4:11:c9:5b:a0:12:c8:76:67:69:1b:ab:02:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa57e0eb4a4506a19ab2eff989a67d559b98cc1a
        Validity
            Not Before: Jan  1 10:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15bd7fd89fcf3fc17e12e66bb3597b339ac48b19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:60:8b:fc:ec:a9:f6:6e:7a:a3:24:bc:d6:70:
                    9d:3d:5b:ea:16:4d:7e:78:22:14:3f:f0:81:4c:e1:
                    9f:ae:6c:9b:ae:ee:36:15:f5:26:4f:48:94:41:4d:
                    73:37:38:e5:0b:c0:58:46:bf:d3:7c:10:69:d1:84:
                    2f:2b:66:77:3b:43:03:4a:18:f4:30:d3:c9:5f:ee:
                    a2:de:19:a8:25:33:8c:0c:d3:a8:2a:d0:19:0a:8a:
                    13:04:a6:b9:9d:d9:37:be:fa:41:4b:db:90:c0:f9:
                    64:42:d4:1f:e8:1a:4e:b5:98:82:07:f1:f4:1d:60:
                    07:1f:41:08:4a:51:69:8a:8e:8e:42:4f:73:bf:21:
                    e0:4d:e2:00:6f:63:39:48:b9:8a:a0:c2:55:39:03:
                    c3:33:46:c2:50:e0:89:3a:f9:54:01:27:f2:16:c4:
                    28:f5:1f:52:c9:b5:51:54:71:7f:93:dc:3d:d1:e1:
                    d7:bc:a7:5c:24:46:dc:7b:36:56:2f:3c:85:b2:7d:
                    87:35:4e:b5:1c:2a:53:2e:6d:a3:80:88:22:79:be:
                    ea:17:55:3c:db:b3:67:fe:3b:bc:bc:50:d1:29:16:
                    71:db:a7:67:98:e3:6e:be:4c:8b:8f:e5:08:47:11:
                    9a:3d:94:d0:99:60:7f:7b:ea:51:2b:3f:d5:ac:61:
                    ba:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:BD:7F:D8:9F:CF:3F:C1:7E:12:E6:6B:B3:59:7B:33:9A:C4:8B:19
            X509v3 Authority Key Identifier:
                keyid:AA:57:E0:EB:4A:45:06:A1:9A:B2:EF:F9:89:A6:7D:55:9B:98:CC:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qlfg60pFBqGasu_5iaZ9VZuYzBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/7fafdb-f74a-4ba1-9702-0fd02c44253b/1/Fb1_2J_PP8F-EuZrs1l7M5rEixk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/7fafdb-f74a-4ba1-9702-0fd02c44253b/1/qlfg60pFBqGasu_5iaZ9VZuYzBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.230.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         36:5f:8f:76:05:b1:5b:60:37:15:78:82:9c:30:df:0b:55:90:
         ba:42:fd:88:b6:d8:6f:cc:dc:7f:f4:34:56:9c:a8:7a:b8:ca:
         bc:e0:c6:1a:52:58:24:fe:ed:6d:fc:6d:f5:4c:5c:49:32:4e:
         2b:79:71:49:9d:97:ac:83:79:a8:4b:28:86:10:08:71:7e:74:
         f2:19:52:04:af:3e:26:92:fe:87:e4:bc:94:5a:ef:78:34:db:
         0e:b9:ec:0c:d6:ca:b0:9f:07:bd:99:38:33:20:e1:67:db:77:
         57:6f:67:76:8e:aa:88:1b:95:38:3f:28:81:87:d7:cd:6b:ae:
         11:45:cd:c7:73:2a:7e:7b:20:4f:64:79:65:80:d3:94:fa:55:
         44:ff:a1:f2:a5:b6:3d:7a:ff:55:49:16:af:77:c3:85:26:89:
         d4:d8:38:cf:f8:0c:0c:b2:21:cb:11:7b:76:0a:99:05:60:f8:
         ca:77:6f:15:17:d4:8e:c0:4d:38:75:e3:3b:01:cc:33:01:c8:
         bc:81:b4:4e:34:1a:e7:61:a6:9e:3b:03:80:39:84:c4:2e:cb:
         4b:81:1f:8a:ba:c9:0f:66:f9:a8:22:e5:86:2a:0d:a5:68:19:
         01:15:71:41:2a:d4:a8:d8:f2:5e:02:9e:5c:73:e8:af:e2:35:
         5a:95:31:df
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzEkrQRyVugEsh2Z2kbqwLAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNTdlMGViNGE0NTA2YTE5YWIyZWZmOTg5YTY3ZDU1OWI5
OGNjMWEwHhcNMjQwMTAxMTAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWJkN2ZkODlmY2YzZmMxN2UxMmU2NmJiMzU5N2IzMzlhYzQ4YjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgGCL/Oyp9m56oyS81nCdPVvqFk1+
eCIUP/CBTOGfrmybru42FfUmT0iUQU1zNzjlC8BYRr/TfBBp0YQvK2Z3O0MDShj0
MNPJX+6i3hmoJTOMDNOoKtAZCooTBKa5ndk3vvpBS9uQwPlkQtQf6BpOtZiCB/H0
HWAHH0EISlFpio6OQk9zvyHgTeIAb2M5SLmKoMJVOQPDM0bCUOCJOvlUASfyFsQo
9R9SybVRVHF/k9w90eHXvKdcJEbcezZWLzyFsn2HNU61HCpTLm2jgIgieb7qF1U8
27Nn/ju8vFDRKRZx26dnmONuvkyLj+UIRxGaPZTQmWB/e+pRKz/VrGG67wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFBW9f9ifzz/BfhLma7NZezOaxIsZMB8GA1UdIwQY
MBaAFKpX4OtKRQahmrLv+YmmfVWbmMwaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWxmZzYwcEZCcUdhc3VfNWlhWjlWWnVZekJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS83ZmFmZGItZjc0YS00YmExLTk3MDIt
MGZkMDJjNDQyNTNiLzEvRmIxXzJKX1BQOEYtRXVacnMxbDdNNXJFaXhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS83ZmFmZGItZjc0YS00YmExLTk3MDItMGZkMDJjNDQyNTNi
LzEvcWxmZzYwcEZCcUdhc3VfNWlhWjlWWnVZekJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAk+YwDQYJ
KoZIhvcNAQELBQADggEBADZfj3YFsVtgNxV4gpww3wtVkLpC/Yi22G/M3H/0NFac
qHq4yrzgxhpSWCT+7W38bfVMXEkyTit5cUmdl6yDeahLKIYQCHF+dPIZUgSvPiaS
/ofkvJRa73g02w657AzWyrCfB72ZODMg4Wfbd1dvZ3aOqogblTg/KIGH181rrhFF
zcdzKn57IE9keWWA05T6VUT/ofKltj16/1VJFq93w4UmidTYOM/4DAyyIcsRe3YK
mQVg+Mp3bxUX1I7ATTh14zsBzDMByLyBtE40Gudhpp47A4A5hMQuy0uBH4q6yQ9m
+agi5YYqDaVoGQEVcUEq1KjY8l4Cnlxz6K/iNVqVMd8=
-----END CERTIFICATE-----