Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/FXXE0QNZu0t4w6Wv81dhYXQe_Z8.roa
File:                     FXXE0QNZu0t4w6Wv81dhYXQe_Z8.roa (raw, json)
Hash identifier:          2V+tsj2+MiG4k3UCPdeA/fqZSErWOJEiy2VyVndFnGE=
Subject key identifier:   15:75:C4:D1:03:59:BB:4B:78:C3:A5:AF:F3:57:61:61:74:1E:FD:9F
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       018CCA28710FAF56EFB651D96DAF86B59B97
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/FXXE0QNZu0t4w6Wv81dhYXQe_Z8.roa
Signing time:             Tue 02 Jan 2024 12:31:37 +0000
ROA not before:           Tue 02 Jan 2024 12:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39650
IP address blocks:        178.239.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 14:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:71:0f:af:56:ef:b6:51:d9:6d:af:86:b5:9b:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jan  2 12:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1575c4d10359bb4b78c3a5aff3576161741efd9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:a7:9f:d7:a1:d4:63:49:b8:68:1b:17:b8:1b:
                    a5:3d:4b:f9:ce:a1:39:ee:bc:c8:3d:97:81:1e:a7:
                    ce:e9:1f:da:63:cd:87:a0:33:b9:16:41:e1:60:c4:
                    b5:9e:48:ac:f1:82:10:0b:cc:02:df:80:1c:b8:81:
                    e5:74:42:01:8c:21:fa:38:33:ab:29:64:b3:5b:53:
                    de:0a:3a:a4:5f:3c:3d:c5:c9:3c:21:fe:41:b0:86:
                    ff:d3:ee:f4:0f:3d:19:b7:ce:67:c2:bf:89:ee:3c:
                    43:4b:2c:f6:3d:41:9f:76:24:b7:aa:a2:b5:71:b9:
                    0f:e0:ab:92:ff:88:59:aa:44:0f:3e:69:9d:10:b3:
                    da:a6:e7:8b:a0:f7:fe:b8:9b:08:c9:30:10:5d:21:
                    79:4d:fb:80:3a:e4:b0:53:33:e1:19:f3:f2:06:7a:
                    09:23:6a:ff:03:fa:ce:b7:01:1d:a0:c5:bd:25:7d:
                    5c:04:b2:c8:7a:6c:29:ba:af:dc:c2:51:bd:ee:d7:
                    0e:c6:e6:56:b6:69:c4:9d:81:70:88:bc:0c:f4:05:
                    3c:12:8a:2f:35:19:c7:78:63:28:e4:bd:9a:5a:28:
                    5a:c5:66:cb:ea:61:31:59:48:79:3d:a1:06:a9:60:
                    fa:e8:62:16:69:86:4b:d5:dd:d7:61:4a:14:65:34:
                    b4:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:75:C4:D1:03:59:BB:4B:78:C3:A5:AF:F3:57:61:61:74:1E:FD:9F
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/FXXE0QNZu0t4w6Wv81dhYXQe_Z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:e1:43:c3:3e:8c:88:47:33:ef:8e:e1:e2:9e:2a:91:d4:60:
         84:50:5b:04:45:e0:b8:ae:9c:75:79:f3:12:ee:53:31:5c:26:
         56:69:8a:4f:2e:e3:09:23:fe:b2:51:1a:6c:e5:81:09:73:00:
         ad:22:dd:f4:0e:b3:b4:62:c1:57:77:7d:d3:70:24:dd:bb:06:
         a2:9c:88:58:00:0d:2b:0e:10:d4:6a:66:ca:5e:0f:ca:d0:e5:
         f4:c1:bb:66:88:59:d6:75:9f:33:49:92:4f:95:80:89:0a:1b:
         c0:bf:41:33:4c:fc:52:ac:dc:06:5e:01:6a:d5:83:b9:a5:30:
         94:dc:2e:48:87:11:87:6e:97:39:ec:ca:f0:c6:eb:84:02:0b:
         61:dd:6c:2c:97:6b:8a:18:62:53:b4:16:02:92:71:45:43:88:
         51:7f:0c:85:2e:c4:b2:f8:a5:26:44:3a:e0:c5:af:92:40:e2:
         01:ef:bc:72:b1:81:58:dd:9b:d7:e7:ff:11:e9:62:b3:3c:e2:
         41:06:b1:68:d0:b5:08:c7:70:58:4e:ad:8c:70:39:c9:00:8b:
         26:ad:8f:16:ce:e9:e5:57:99:77:4c:e5:b8:0a:6b:56:ac:ef:
         10:e2:78:10:0e:13:f2:00:7d:7d:64:8a:a2:12:07:4c:d2:c9:
         34:1c:6b:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKHEPr1bvtlHZba+GtZuXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjQwMTAyMTIzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTc1YzRkMTAzNTliYjRiNzhjM2E1YWZmMzU3NjE2MTc0MWVmZDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiKef16HUY0m4aBsXuBulPUv5zqE5
7rzIPZeBHqfO6R/aY82HoDO5FkHhYMS1nkis8YIQC8wC34AcuIHldEIBjCH6ODOr
KWSzW1PeCjqkXzw9xck8If5BsIb/0+70Dz0Zt85nwr+J7jxDSyz2PUGfdiS3qqK1
cbkP4KuS/4hZqkQPPmmdELPapueLoPf+uJsIyTAQXSF5TfuAOuSwUzPhGfPyBnoJ
I2r/A/rOtwEdoMW9JX1cBLLIemwpuq/cwlG97tcOxuZWtmnEnYFwiLwM9AU8Eoov
NRnHeGMo5L2aWihaxWbL6mExWUh5PaEGqWD66GIWaYZL1d3XYUoUZTS0SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBV1xNEDWbtLeMOlr/NXYWF0Hv2fMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvRlhYRTBRTlp1MHQ0dzZXdjgxZGhZWFFlX1o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu+ZMA0G
CSqGSIb3DQEBCwUAA4IBAQBS4UPDPoyIRzPvjuHiniqR1GCEUFsEReC4rpx1efMS
7lMxXCZWaYpPLuMJI/6yURps5YEJcwCtIt30DrO0YsFXd33TcCTduwainIhYAA0r
DhDUambKXg/K0OX0wbtmiFnWdZ8zSZJPlYCJChvAv0EzTPxSrNwGXgFq1YO5pTCU
3C5IhxGHbpc57MrwxuuEAgth3Wwsl2uKGGJTtBYCknFFQ4hRfwyFLsSy+KUmRDrg
xa+SQOIB77xysYFY3ZvX5/8R6WKzPOJBBrFo0LUIx3BYTq2McDnJAIsmrY8Wzunl
V5l3TOW4CmtWrO8Q4ngQDhPyAH19ZIqiEgdM0sk0HGtb
-----END CERTIFICATE-----