Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/f92a0d-f74a-4768-96c5-4dc2e9361ff1/1/FTocBAKR9rZ8eGvJRXnUQniKyzg.roa
File:                     FTocBAKR9rZ8eGvJRXnUQniKyzg.roa (raw, json)
Hash identifier:          4YM4aETz9NdlD+M0h7DzkMhTN0X7MVJY7wPySoWXxRA=
Subject key identifier:   15:3A:1C:04:02:91:F6:B6:7C:78:6B:C9:45:79:D4:42:78:8A:CB:38
Certificate issuer:       /CN=46ffa79440c517eddbaced3aa60e5fbcbdc6502e
Certificate serial:       018CC4937166D742F1D796A8F4E3658AD00E
Authority key identifier: 46:FF:A7:94:40:C5:17:ED:DB:AC:ED:3A:A6:0E:5F:BC:BD:C6:50:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rv-nlEDFF-3brO06pg5fvL3GUC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/f92a0d-f74a-4768-96c5-4dc2e9361ff1/1/FTocBAKR9rZ8eGvJRXnUQniKyzg.roa
Signing time:             Mon 01 Jan 2024 10:30:46 +0000
ROA not before:           Mon 01 Jan 2024 10:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62248
IP address blocks:        185.73.132.0/23 maxlen: 24
                          185.73.135.0/24 maxlen: 24
                          185.73.134.0/24 maxlen: 24
                          2a05:4280::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/f92a0d-f74a-4768-96c5-4dc2e9361ff1/1/Rv-nlEDFF-3brO06pg5fvL3GUC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/f92a0d-f74a-4768-96c5-4dc2e9361ff1/1/Rv-nlEDFF-3brO06pg5fvL3GUC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rv-nlEDFF-3brO06pg5fvL3GUC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:71:66:d7:42:f1:d7:96:a8:f4:e3:65:8a:d0:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46ffa79440c517eddbaced3aa60e5fbcbdc6502e
        Validity
            Not Before: Jan  1 10:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=153a1c040291f6b67c786bc94579d442788acb38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:eb:19:8f:ec:6e:f5:46:22:5a:f9:b3:c6:dd:
                    8b:16:19:25:1c:24:43:fb:b5:03:33:39:fd:0e:73:
                    a9:f5:bf:fa:31:bd:1b:77:61:07:9b:20:07:34:c8:
                    e0:ac:c7:f9:8f:49:c9:eb:8b:52:e7:aa:b5:c0:36:
                    6f:66:28:3a:b9:6c:6a:e3:ae:40:74:56:53:cf:00:
                    79:12:66:a2:bc:de:fd:96:54:8a:bc:66:68:ec:8b:
                    4d:80:67:a7:36:9e:db:73:7d:48:2e:08:85:89:87:
                    32:86:3b:c6:13:b6:35:79:26:52:25:a6:08:79:99:
                    92:c2:08:93:da:9a:b3:ab:82:9e:44:31:07:d9:e2:
                    aa:58:34:e0:42:8b:54:3c:26:8f:e4:96:d2:c1:77:
                    c5:5e:92:76:f2:72:19:3a:ae:66:e1:7f:1c:c8:56:
                    dc:e9:5a:79:51:24:0a:53:58:c7:bc:42:f8:b1:fd:
                    7a:f7:fa:fe:a8:e3:de:da:3d:a8:23:20:8a:7a:88:
                    45:ad:05:88:9a:86:14:c3:51:41:34:08:91:cf:a8:
                    05:61:4c:ab:e0:c0:89:bb:03:05:92:c3:f9:5c:d9:
                    46:29:5c:63:fa:4a:52:dd:c4:de:74:a2:b1:86:2a:
                    df:21:f6:ee:e2:86:72:5a:90:b7:18:c9:a8:93:79:
                    73:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:3A:1C:04:02:91:F6:B6:7C:78:6B:C9:45:79:D4:42:78:8A:CB:38
            X509v3 Authority Key Identifier:
                keyid:46:FF:A7:94:40:C5:17:ED:DB:AC:ED:3A:A6:0E:5F:BC:BD:C6:50:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rv-nlEDFF-3brO06pg5fvL3GUC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f92a0d-f74a-4768-96c5-4dc2e9361ff1/1/FTocBAKR9rZ8eGvJRXnUQniKyzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f92a0d-f74a-4768-96c5-4dc2e9361ff1/1/Rv-nlEDFF-3brO06pg5fvL3GUC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.132.0/22
                IPv6:
                  2a05:4280::/29

    Signature Algorithm: sha256WithRSAEncryption
         95:00:0b:bf:59:0e:a7:80:1c:ff:e8:6c:d5:8d:bd:18:51:b4:
         e3:ad:a8:6f:f1:0f:8c:bb:68:a2:9d:e8:4e:79:d7:d7:f4:f9:
         cd:26:9b:78:1e:f3:96:52:78:ea:59:93:e2:35:30:d6:2d:f1:
         23:91:43:cc:bc:7d:32:b8:d4:53:48:7b:8d:a8:09:46:ae:dc:
         c6:75:d2:15:d4:a2:99:c4:02:c7:09:cf:68:1e:17:92:f3:23:
         be:fc:dc:94:82:f7:10:f0:4c:b3:4d:e6:84:60:4a:da:92:99:
         a5:b1:85:bf:24:7f:cb:51:9b:eb:3b:40:c2:49:b4:68:2a:87:
         4a:83:ba:bd:b7:96:5f:08:50:75:7c:53:05:9b:2c:c0:58:b9:
         93:c3:4e:10:a1:5f:a6:24:41:89:56:d7:b4:97:1a:a8:d1:e6:
         ef:d1:15:4c:46:ba:59:5a:5e:11:d8:56:c1:93:77:61:7b:5b:
         81:39:14:52:a5:c8:b7:a8:ae:50:66:4b:8d:b4:d3:7f:d7:15:
         b3:c7:8a:4c:1d:cb:9e:5c:d7:ea:c6:0b:18:f3:65:cf:fb:2b:
         c8:c8:6b:2b:b8:e3:16:28:e6:3a:87:35:b8:eb:70:59:26:1f:
         08:f5:23:96:12:0f:9a:cd:28:25:d6:e7:b8:d6:f1:a3:c7:0a:
         2b:c7:77:bb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk3Fm10Lx15ao9ONlitAOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZmZhNzk0NDBjNTE3ZWRkYmFjZWQzYWE2MGU1ZmJjYmRj
NjUwMmUwHhcNMjQwMTAxMTAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTNhMWMwNDAyOTFmNmI2N2M3ODZiYzk0NTc5ZDQ0Mjc4OGFjYjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtesZj+xu9UYiWvmzxt2LFhklHCRD
+7UDMzn9DnOp9b/6Mb0bd2EHmyAHNMjgrMf5j0nJ64tS56q1wDZvZig6uWxq465A
dFZTzwB5EmaivN79llSKvGZo7ItNgGenNp7bc31ILgiFiYcyhjvGE7Y1eSZSJaYI
eZmSwgiT2pqzq4KeRDEH2eKqWDTgQotUPCaP5JbSwXfFXpJ28nIZOq5m4X8cyFbc
6Vp5USQKU1jHvEL4sf169/r+qOPe2j2oIyCKeohFrQWImoYUw1FBNAiRz6gFYUyr
4MCJuwMFksP5XNlGKVxj+kpS3cTedKKxhirfIfbu4oZyWpC3GMmok3lz9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBU6HAQCkfa2fHhryUV51EJ4iss4MB8GA1UdIwQY
MBaAFEb/p5RAxRft26ztOqYOX7y9xlAuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnYtbmxFREZGLTNick8wNnBnNWZ2TDNHVUM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9mOTJhMGQtZjc0YS00NzY4LTk2YzUt
NGRjMmU5MzYxZmYxLzEvRlRvY0JBS1I5clo4ZUd2SlJYblVRbmlLeXpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9mOTJhMGQtZjc0YS00NzY4LTk2YzUtNGRjMmU5MzYxZmYx
LzEvUnYtbmxFREZGLTNick8wNnBnNWZ2TDNHVUM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUmEMA0E
AgACMAcDBQMqBUKAMA0GCSqGSIb3DQEBCwUAA4IBAQCVAAu/WQ6ngBz/6GzVjb0Y
UbTjrahv8Q+Mu2iinehOedfX9PnNJpt4HvOWUnjqWZPiNTDWLfEjkUPMvH0yuNRT
SHuNqAlGrtzGddIV1KKZxALHCc9oHheS8yO+/NyUgvcQ8EyzTeaEYErakpmlsYW/
JH/LUZvrO0DCSbRoKodKg7q9t5ZfCFB1fFMFmyzAWLmTw04QoV+mJEGJVte0lxqo
0ebv0RVMRrpZWl4R2FbBk3dhe1uBORRSpci3qK5QZkuNtNN/1xWzx4pMHcueXNfq
xgsY82XP+yvIyGsruOMWKOY6hzW463BZJh8I9SOWEg+azSgl1ue41vGjxworx3e7
-----END CERTIFICATE-----