Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/f87422-3c8e-4b51-bab8-2e3ed5a17098/1/FA5RgHMNamE49j04V6O0EPW3QcU.roa
File:                     FA5RgHMNamE49j04V6O0EPW3QcU.roa (raw, json)
Hash identifier:          86xe5l0Yar8aPgAKA8G+uyKEfpprEfVQuLKEHaUafLQ=
Subject key identifier:   14:0E:51:80:73:0D:6A:61:38:F6:3D:38:57:A3:B4:10:F5:B7:41:C5
Certificate issuer:       /CN=78878edda6ae4a0147db70b66105cfd17f2066a3
Certificate serial:       018CC8714F006C540C5BD8D9F24C72E73C55
Authority key identifier: 78:87:8E:DD:A6:AE:4A:01:47:DB:70:B6:61:05:CF:D1:7F:20:66:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eIeO3aauSgFH23C2YQXP0X8gZqM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/f87422-3c8e-4b51-bab8-2e3ed5a17098/1/FA5RgHMNamE49j04V6O0EPW3QcU.roa
Signing time:             Tue 02 Jan 2024 04:31:58 +0000
ROA not before:           Tue 02 Jan 2024 04:31:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        149.205.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/f87422-3c8e-4b51-bab8-2e3ed5a17098/1/eIeO3aauSgFH23C2YQXP0X8gZqM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/f87422-3c8e-4b51-bab8-2e3ed5a17098/1/eIeO3aauSgFH23C2YQXP0X8gZqM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eIeO3aauSgFH23C2YQXP0X8gZqM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:4f:00:6c:54:0c:5b:d8:d9:f2:4c:72:e7:3c:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78878edda6ae4a0147db70b66105cfd17f2066a3
        Validity
            Not Before: Jan  2 04:31:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=140e5180730d6a6138f63d3857a3b410f5b741c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:75:f5:52:f2:7c:a6:be:5c:2a:2c:c7:62:49:
                    c6:df:74:c7:e2:6b:9e:bd:5a:6b:be:20:7a:c8:71:
                    ee:f3:6c:81:54:4c:d1:ba:c4:1d:f8:03:8a:2c:fc:
                    34:e8:6e:92:ac:11:f9:c4:95:9f:c2:ad:ef:d8:16:
                    1d:7c:c8:12:d9:c9:01:b3:7a:21:25:19:b3:a1:1c:
                    d3:2b:66:ab:c1:2f:63:13:3d:0b:39:0d:11:95:c9:
                    b7:c9:7e:8c:23:6b:93:07:cc:8d:2a:df:b3:4f:27:
                    30:f1:a5:f3:e8:55:46:cb:fc:93:7d:7f:29:71:11:
                    2a:25:42:c1:5d:0a:f0:70:a3:7c:54:f7:ba:66:95:
                    34:19:1c:f0:95:23:c4:9d:be:a1:42:ef:b3:bb:a1:
                    17:ad:8d:12:78:11:ce:e2:ba:c3:31:fa:c6:c0:45:
                    2e:93:45:95:2a:4c:63:93:78:bf:32:8a:46:4f:36:
                    52:05:4e:86:cf:78:64:0a:94:02:56:c9:5f:43:17:
                    12:ea:cb:5c:f9:91:ae:9e:b9:33:ca:65:57:ab:55:
                    1e:c4:76:15:36:b6:24:4a:ea:bc:11:8a:c6:84:d8:
                    0f:91:7b:a2:f1:a8:87:0a:35:27:81:9f:59:ef:73:
                    cf:1d:a8:2c:b3:7b:08:6d:46:cb:27:1f:da:d1:23:
                    eb:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:0E:51:80:73:0D:6A:61:38:F6:3D:38:57:A3:B4:10:F5:B7:41:C5
            X509v3 Authority Key Identifier:
                keyid:78:87:8E:DD:A6:AE:4A:01:47:DB:70:B6:61:05:CF:D1:7F:20:66:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eIeO3aauSgFH23C2YQXP0X8gZqM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/f87422-3c8e-4b51-bab8-2e3ed5a17098/1/FA5RgHMNamE49j04V6O0EPW3QcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/f87422-3c8e-4b51-bab8-2e3ed5a17098/1/eIeO3aauSgFH23C2YQXP0X8gZqM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.205.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         75:2d:9d:06:27:0b:45:ef:42:ca:87:ba:88:ad:61:32:a1:66:
         15:0b:e2:1c:ed:66:5e:e5:6b:c7:7b:bc:4d:2d:0a:26:92:bf:
         9b:21:9a:fe:33:fc:00:44:fe:97:35:75:5e:dd:9a:72:06:97:
         ea:e9:3c:ca:ca:a0:0d:68:98:9b:10:f8:a7:b3:3e:2a:ee:90:
         50:a0:75:fb:91:cb:df:29:47:16:45:da:42:a3:8a:db:81:1e:
         1b:52:1b:46:b2:4e:5c:dc:b4:b0:32:b0:96:d7:44:c3:e8:84:
         39:67:a1:cf:dc:fb:a2:b5:a7:2c:3e:53:4a:89:ea:5e:ad:86:
         af:13:41:ff:d9:4e:b6:95:69:8a:c0:4f:08:74:01:7b:f8:72:
         c7:4d:a3:b9:e2:2d:d3:d6:d1:60:4b:bf:f2:16:c7:33:1e:7a:
         48:c0:4a:49:04:e2:51:01:7a:e7:46:32:72:47:12:d8:43:8c:
         c3:44:85:0b:06:88:62:b8:eb:25:84:f9:02:96:62:c9:dc:08:
         57:cd:75:eb:97:7f:14:bc:7c:90:3b:98:1a:a2:c3:d4:cd:6d:
         73:6f:46:83:8c:4a:ed:40:aa:69:b0:b5:52:54:60:9a:ce:9d:
         55:77:bb:5b:32:9a:44:63:f6:1b:34:35:17:e9:e4:f2:ef:58:
         3a:83:df:c2
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzIcU8AbFQMW9jZ8kxy5zxVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ODc4ZWRkYTZhZTRhMDE0N2RiNzBiNjYxMDVjZmQxN2Yy
MDY2YTMwHhcNMjQwMTAyMDQzMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDBlNTE4MDczMGQ2YTYxMzhmNjNkMzg1N2EzYjQxMGY1Yjc0MWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXX1UvJ8pr5cKizHYknG33TH4mue
vVprviB6yHHu82yBVEzRusQd+AOKLPw06G6SrBH5xJWfwq3v2BYdfMgS2ckBs3oh
JRmzoRzTK2arwS9jEz0LOQ0Rlcm3yX6MI2uTB8yNKt+zTycw8aXz6FVGy/yTfX8p
cREqJULBXQrwcKN8VPe6ZpU0GRzwlSPEnb6hQu+zu6EXrY0SeBHO4rrDMfrGwEUu
k0WVKkxjk3i/MopGTzZSBU6Gz3hkCpQCVslfQxcS6stc+ZGunrkzymVXq1UexHYV
NrYkSuq8EYrGhNgPkXui8aiHCjUngZ9Z73PPHagss3sIbUbLJx/a0SPrCwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFBQOUYBzDWphOPY9OFejtBD1t0HFMB8GA1UdIwQY
MBaAFHiHjt2mrkoBR9twtmEFz9F/IGajMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUllTzNhYXVTZ0ZIMjNDMllRWFAwWDhnWnFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9mODc0MjItM2M4ZS00YjUxLWJhYjgt
MmUzZWQ1YTE3MDk4LzEvRkE1UmdITU5hbUU0OWowNFY2TzBFUFczUWNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9mODc0MjItM2M4ZS00YjUxLWJhYjgtMmUzZWQ1YTE3MDk4
LzEvZUllTzNhYXVTZ0ZIMjNDMllRWFAwWDhnWnFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAlc0wDQYJ
KoZIhvcNAQELBQADggEBAHUtnQYnC0XvQsqHuoitYTKhZhUL4hztZl7la8d7vE0t
CiaSv5shmv4z/ABE/pc1dV7dmnIGl+rpPMrKoA1omJsQ+KezPirukFCgdfuRy98p
RxZF2kKjituBHhtSG0ayTlzctLAysJbXRMPohDlnoc/c+6K1pyw+U0qJ6l6thq8T
Qf/ZTraVaYrATwh0AXv4csdNo7niLdPW0WBLv/IWxzMeekjASkkE4lEBeudGMnJH
EthDjMNEhQsGiGK46yWE+QKWYsncCFfNdeuXfxS8fJA7mBqiw9TNbXNvRoOMSu1A
qmmwtVJUYJrOnVV3u1symkRj9hs0NRfp5PLvWDqD38I=
-----END CERTIFICATE-----