Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/9e024e-c6e5-4977-b369-1ff9ff192cd7/1/FW1H-EYQ44ZlJVssvXOkwIOu7VQ.roa
File:                     FW1H-EYQ44ZlJVssvXOkwIOu7VQ.roa (raw, json)
Hash identifier:          YJqGExpLY493/Jj+mEIUQ4HWnPQ9/q8ZdmN+RFXv2Jo=
Subject key identifier:   15:6D:47:F8:46:10:E3:86:65:25:5B:2C:BD:73:A4:C0:83:AE:ED:54
Certificate issuer:       /CN=4aae738ee1782735939a4fb0d672a6317b7f5243
Certificate serial:       018CC8DCD124A30593FF325F1187F1452FB2
Authority key identifier: 4A:AE:73:8E:E1:78:27:35:93:9A:4F:B0:D6:72:A6:31:7B:7F:52:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sq5zjuF4JzWTmk-w1nKmMXt_UkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/9e024e-c6e5-4977-b369-1ff9ff192cd7/1/FW1H-EYQ44ZlJVssvXOkwIOu7VQ.roa
Signing time:             Tue 02 Jan 2024 06:29:23 +0000
ROA not before:           Tue 02 Jan 2024 06:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        192.53.103.0/24 maxlen: 24
                          141.25.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/9e024e-c6e5-4977-b369-1ff9ff192cd7/1/Sq5zjuF4JzWTmk-w1nKmMXt_UkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/9e024e-c6e5-4977-b369-1ff9ff192cd7/1/Sq5zjuF4JzWTmk-w1nKmMXt_UkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sq5zjuF4JzWTmk-w1nKmMXt_UkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d1:24:a3:05:93:ff:32:5f:11:87:f1:45:2f:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4aae738ee1782735939a4fb0d672a6317b7f5243
        Validity
            Not Before: Jan  2 06:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=156d47f84610e38665255b2cbd73a4c083aeed54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:7d:a5:af:ba:00:04:04:b5:f1:8d:a1:60:a3:
                    13:cd:eb:81:ac:02:49:9d:1e:d6:df:4f:e6:98:d2:
                    db:57:ba:d2:02:91:25:65:2d:a0:11:fb:32:59:ce:
                    1f:62:c9:31:89:4c:3b:d6:cf:9a:7a:7d:cd:ee:41:
                    55:c6:c9:81:3b:1a:af:70:39:fb:01:e2:eb:39:95:
                    60:9d:fa:49:f0:d1:bb:94:22:67:89:9a:a1:62:6c:
                    d1:23:0f:ee:f4:18:df:53:57:99:2f:13:fa:60:ae:
                    75:29:0c:a2:1b:1f:45:e1:10:c8:7c:40:aa:6e:9c:
                    d2:e4:da:16:f1:a9:fe:4f:6a:2e:aa:b3:20:28:6d:
                    36:60:df:a3:2a:34:29:8c:72:a5:18:54:88:d2:04:
                    d0:da:eb:fc:7a:4b:6d:bb:4f:f6:a0:1f:5e:bb:10:
                    de:17:38:e1:e5:14:b1:70:62:29:c9:a4:a6:27:92:
                    b8:1d:66:86:ab:db:3a:8e:b0:01:cf:d6:77:09:94:
                    9b:1d:fe:da:ae:dc:5b:bd:ce:5c:ab:03:a6:48:7f:
                    e2:7b:00:d3:af:5e:db:75:ab:73:24:2d:61:c8:c7:
                    3a:c9:15:18:02:6c:16:09:25:be:d4:f2:00:65:38:
                    df:27:63:23:09:fc:a2:35:91:92:7d:83:b8:6b:06:
                    21:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:6D:47:F8:46:10:E3:86:65:25:5B:2C:BD:73:A4:C0:83:AE:ED:54
            X509v3 Authority Key Identifier:
                keyid:4A:AE:73:8E:E1:78:27:35:93:9A:4F:B0:D6:72:A6:31:7B:7F:52:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sq5zjuF4JzWTmk-w1nKmMXt_UkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9e024e-c6e5-4977-b369-1ff9ff192cd7/1/FW1H-EYQ44ZlJVssvXOkwIOu7VQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9e024e-c6e5-4977-b369-1ff9ff192cd7/1/Sq5zjuF4JzWTmk-w1nKmMXt_UkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.25.0.0/16
                  192.53.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:d3:88:73:2e:e1:0c:7b:cd:81:87:5e:cc:4c:46:77:cb:09:
         57:04:22:bc:73:30:67:d9:dc:14:17:f0:f1:58:53:97:ee:70:
         b8:66:48:f5:a7:18:da:f6:70:6c:3d:71:8b:5a:96:a4:c6:49:
         67:9b:19:55:73:d0:57:5a:4c:64:04:6c:48:2f:62:47:0e:e6:
         a0:48:77:a9:2f:26:0e:a0:bc:1b:72:9f:93:bb:06:20:12:2d:
         21:d7:a8:0d:31:ca:e1:e8:bd:10:a7:b0:fa:14:b8:43:39:82:
         1b:c1:5b:c6:ea:92:66:3e:99:04:a1:78:44:0b:7a:5a:5a:cb:
         d7:32:09:1b:96:3d:fd:a6:ec:2a:cb:9f:28:43:6f:b2:0e:38:
         5d:f4:2b:a5:9d:1b:69:8d:d0:c9:00:aa:c0:92:7e:4d:a4:d8:
         ba:1d:de:e9:47:97:89:7c:2a:bf:c2:4f:76:9d:bc:d0:de:c2:
         cb:83:90:60:60:b0:73:bb:09:cd:8b:ee:fb:43:b9:f4:4d:09:
         e3:c6:cc:0f:50:ee:ad:de:df:7f:e4:90:7a:dd:df:f2:48:3f:
         22:49:b6:d3:99:73:f6:af:a9:bd:cd:74:e5:e3:f0:16:ca:9b:
         da:08:de:24:85:5a:c7:b2:40:65:51:22:6c:21:8b:ce:64:2b:
         44:0b:07:2d
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzI3NEkowWT/zJfEYfxRS+yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhYWU3MzhlZTE3ODI3MzU5MzlhNGZiMGQ2NzJhNjMxN2I3
ZjUyNDMwHhcNMjQwMTAyMDYyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTZkNDdmODQ2MTBlMzg2NjUyNTViMmNiZDczYTRjMDgzYWVlZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsH2lr7oABAS18Y2hYKMTzeuBrAJJ
nR7W30/mmNLbV7rSApElZS2gEfsyWc4fYskxiUw71s+aen3N7kFVxsmBOxqvcDn7
AeLrOZVgnfpJ8NG7lCJniZqhYmzRIw/u9BjfU1eZLxP6YK51KQyiGx9F4RDIfECq
bpzS5NoW8an+T2ouqrMgKG02YN+jKjQpjHKlGFSI0gTQ2uv8ekttu0/2oB9euxDe
Fzjh5RSxcGIpyaSmJ5K4HWaGq9s6jrABz9Z3CZSbHf7artxbvc5cqwOmSH/iewDT
r17bdatzJC1hyMc6yRUYAmwWCSW+1PIAZTjfJ2MjCfyiNZGSfYO4awYhbwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFBVtR/hGEOOGZSVbLL1zpMCDru1UMB8GA1UdIwQY
MBaAFEquc47heCc1k5pPsNZypjF7f1JDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3E1emp1RjRKeldUbWstdzFuS21NWHRfVWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85ZTAyNGUtYzZlNS00OTc3LWIzNjkt
MWZmOWZmMTkyY2Q3LzEvRlcxSC1FWVE0NFpsSlZzc3ZYT2t3SU91N1ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85ZTAyNGUtYzZlNS00OTc3LWIzNjktMWZmOWZmMTkyY2Q3
LzEvU3E1emp1RjRKeldUbWstdzFuS21NWHRfVWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAjRkDBADA
NWcwDQYJKoZIhvcNAQELBQADggEBAITTiHMu4Qx7zYGHXsxMRnfLCVcEIrxzMGfZ
3BQX8PFYU5fucLhmSPWnGNr2cGw9cYtalqTGSWebGVVz0FdaTGQEbEgvYkcO5qBI
d6kvJg6gvBtyn5O7BiASLSHXqA0xyuHovRCnsPoUuEM5ghvBW8bqkmY+mQSheEQL
elpay9cyCRuWPf2m7CrLnyhDb7IOOF30K6WdG2mN0MkAqsCSfk2k2Lod3ulHl4l8
Kr/CT3advNDewsuDkGBgsHO7Cc2L7vtDufRNCePGzA9Q7q3e33/kkHrd3/JIPyJJ
ttOZc/avqb3NdOXj8BbKm9oI3iSFWseyQGVRImwhi85kK0QLBy0=
-----END CERTIFICATE-----