Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/5f5589-4c32-493f-924e-bae7aa0a18a0/1/F1rvLzKeDSBXys_Gs2aIr-ZvLr8.roa
File:                     F1rvLzKeDSBXys_Gs2aIr-ZvLr8.roa (raw, json)
Hash identifier:          TzjIJ/UkXckvLpAJGCGOzuibO/RDLi5GqootPOEELjQ=
Subject key identifier:   17:5A:EF:2F:32:9E:0D:20:57:CA:CF:C6:B3:66:88:AF:E6:6F:2E:BF
Certificate issuer:       /CN=1716ebd40a744a0c84f2535457047808ad2f17c4
Certificate serial:       018CC5012A6621510659CD50C72A12A301DD
Authority key identifier: 17:16:EB:D4:0A:74:4A:0C:84:F2:53:54:57:04:78:08:AD:2F:17:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fxbr1Ap0SgyE8lNUVwR4CK0vF8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/5f5589-4c32-493f-924e-bae7aa0a18a0/1/F1rvLzKeDSBXys_Gs2aIr-ZvLr8.roa
Signing time:             Mon 01 Jan 2024 12:30:37 +0000
ROA not before:           Mon 01 Jan 2024 12:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63023
IP address blocks:        193.108.118.0/24 maxlen: 24
                          193.108.117.0/24 maxlen: 24
                          193.108.116.0/24 maxlen: 24
                          193.108.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/5f5589-4c32-493f-924e-bae7aa0a18a0/1/Fxbr1Ap0SgyE8lNUVwR4CK0vF8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/5f5589-4c32-493f-924e-bae7aa0a18a0/1/Fxbr1Ap0SgyE8lNUVwR4CK0vF8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fxbr1Ap0SgyE8lNUVwR4CK0vF8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2a:66:21:51:06:59:cd:50:c7:2a:12:a3:01:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1716ebd40a744a0c84f2535457047808ad2f17c4
        Validity
            Not Before: Jan  1 12:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=175aef2f329e0d2057cacfc6b36688afe66f2ebf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:dd:85:ae:7c:1a:e2:61:9f:75:ea:ba:a8:c0:
                    a8:2d:55:a9:ee:58:4b:a7:50:53:19:31:c9:70:4b:
                    7f:35:60:89:48:91:3a:1e:85:e5:d7:13:14:45:84:
                    07:fb:65:70:a4:25:55:97:59:8f:0b:19:ce:a8:5c:
                    18:a7:8b:45:55:da:81:17:10:53:c1:fe:7c:c9:8c:
                    1e:d8:95:86:dc:a4:d8:3e:a2:18:c1:3f:8f:14:56:
                    1c:f8:87:be:13:79:46:33:73:5d:91:88:c7:f2:dd:
                    c1:93:b4:ae:cc:e5:84:7a:83:81:db:2e:49:6d:f0:
                    d6:24:34:4f:1b:61:37:78:46:52:dd:0c:f4:3c:fa:
                    96:f6:e2:25:45:2b:3e:38:27:4b:e6:6c:d4:de:ab:
                    8c:90:c4:6a:91:97:6c:61:94:a7:3b:3d:22:d3:e9:
                    a2:47:57:58:d5:53:3b:50:1d:92:de:86:e7:56:6b:
                    d5:36:3b:0f:ee:96:2b:0e:3e:6f:08:d7:23:ee:e5:
                    1b:4c:a1:a7:99:43:05:5d:12:be:47:ec:74:f5:e2:
                    f7:3b:97:17:fa:2f:88:2e:fe:40:eb:7e:2e:31:d3:
                    d1:46:c0:74:ed:8c:08:1d:3c:3b:2b:59:29:1d:e4:
                    c7:79:79:5b:17:da:9b:4e:1c:16:8c:27:da:48:7f:
                    30:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:5A:EF:2F:32:9E:0D:20:57:CA:CF:C6:B3:66:88:AF:E6:6F:2E:BF
            X509v3 Authority Key Identifier:
                keyid:17:16:EB:D4:0A:74:4A:0C:84:F2:53:54:57:04:78:08:AD:2F:17:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fxbr1Ap0SgyE8lNUVwR4CK0vF8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/5f5589-4c32-493f-924e-bae7aa0a18a0/1/F1rvLzKeDSBXys_Gs2aIr-ZvLr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/5f5589-4c32-493f-924e-bae7aa0a18a0/1/Fxbr1Ap0SgyE8lNUVwR4CK0vF8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:c4:0e:8a:6e:e6:16:db:13:4a:23:e2:a6:03:e6:72:04:87:
         c1:5c:7b:d0:59:a0:d3:24:ed:aa:60:81:c7:a5:f6:30:79:56:
         16:8a:1e:1e:44:6b:dc:02:a7:29:2f:32:a5:cd:20:81:c6:89:
         c8:5b:05:ea:32:30:88:a4:db:9f:a7:a4:37:07:2b:dc:a7:4e:
         84:0f:7f:17:dc:31:66:2d:e8:54:cc:57:f1:f9:b8:dc:91:6f:
         1f:10:69:b3:10:cc:d5:7e:a6:6f:85:52:99:2d:d8:7b:76:f5:
         a9:a4:91:76:08:eb:20:e2:0f:d2:fd:3d:e1:1c:78:ae:30:7b:
         f2:2e:ae:0c:c8:99:c8:2d:29:bc:fe:a1:94:e0:30:02:96:c6:
         d7:6d:92:dc:ba:3a:ee:3b:8b:80:73:be:68:8e:16:41:ca:ca:
         fb:42:43:70:68:fe:7f:24:ac:22:78:98:ed:17:f9:a8:cd:d6:
         dd:06:82:5e:b7:96:f1:e0:e2:82:e2:93:cd:84:f9:fa:cb:cd:
         3b:f4:a8:27:03:13:f0:b2:ea:10:ee:30:20:1e:db:1f:95:8d:
         5c:a3:f5:91:1d:93:15:b5:9a:65:06:61:bb:1e:24:af:62:57:
         88:87:20:6f:f9:7f:ec:72:a3:1c:2d:6e:c3:e8:9f:a3:1f:72:
         12:4e:c6:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASpmIVEGWc1QxyoSowHdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MTZlYmQ0MGE3NDRhMGM4NGYyNTM1NDU3MDQ3ODA4YWQy
ZjE3YzQwHhcNMjQwMTAxMTIzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzVhZWYyZjMyOWUwZDIwNTdjYWNmYzZiMzY2ODhhZmU2NmYyZWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlt2Frnwa4mGfdeq6qMCoLVWp7lhL
p1BTGTHJcEt/NWCJSJE6HoXl1xMURYQH+2VwpCVVl1mPCxnOqFwYp4tFVdqBFxBT
wf58yYwe2JWG3KTYPqIYwT+PFFYc+Ie+E3lGM3NdkYjH8t3Bk7SuzOWEeoOB2y5J
bfDWJDRPG2E3eEZS3Qz0PPqW9uIlRSs+OCdL5mzU3quMkMRqkZdsYZSnOz0i0+mi
R1dY1VM7UB2S3obnVmvVNjsP7pYrDj5vCNcj7uUbTKGnmUMFXRK+R+x09eL3O5cX
+i+ILv5A634uMdPRRsB07YwIHTw7K1kpHeTHeXlbF9qbThwWjCfaSH8wEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBda7y8yng0gV8rPxrNmiK/mby6/MB8GA1UdIwQY
MBaAFBcW69QKdEoMhPJTVFcEeAitLxfEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnhicjFBcDBTZ3lFOGxOVVZ3UjRDSzB2RjhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS81ZjU1ODktNGMzMi00OTNmLTkyNGUt
YmFlN2FhMGExOGEwLzEvRjFydkx6S2VEU0JYeXNfR3MyYUlyLVp2THI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS81ZjU1ODktNGMzMi00OTNmLTkyNGUtYmFlN2FhMGExOGEw
LzEvRnhicjFBcDBTZ3lFOGxOVVZ3UjRDSzB2RjhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwWx0MA0G
CSqGSIb3DQEBCwUAA4IBAQBsxA6KbuYW2xNKI+KmA+ZyBIfBXHvQWaDTJO2qYIHH
pfYweVYWih4eRGvcAqcpLzKlzSCBxonIWwXqMjCIpNufp6Q3Byvcp06ED38X3DFm
LehUzFfx+bjckW8fEGmzEMzVfqZvhVKZLdh7dvWppJF2COsg4g/S/T3hHHiuMHvy
Lq4MyJnILSm8/qGU4DAClsbXbZLcujruO4uAc75ojhZBysr7QkNwaP5/JKwieJjt
F/mozdbdBoJet5bx4OKC4pPNhPn6y8079KgnAxPwsuoQ7jAgHtsflY1co/WRHZMV
tZplBmG7HiSvYleIhyBv+X/scqMcLW7D6J+jH3ISTsYB
-----END CERTIFICATE-----