Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/fFFC8cRknkJUC56HLGf2z-pyfW0.roa
File:                     fFFC8cRknkJUC56HLGf2z-pyfW0.roa (raw, json)
Hash identifier:          s6kYLIeqllsN/+Aru8xIOem/jnpHKw/06ZqDZTTOrnU=
Subject key identifier:   7C:51:42:F1:C4:64:9E:42:54:0B:9E:87:2C:67:F6:CF:EA:72:7D:6D
Certificate issuer:       /CN=166afc51c922fd842fec5b0cbbd26ebdbd1a161e
Certificate serial:       018EAD5F190E9C5EB33CCA54136A316C095A
Authority key identifier: 16:6A:FC:51:C9:22:FD:84:2F:EC:5B:0C:BB:D2:6E:BD:BD:1A:16:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/fFFC8cRknkJUC56HLGf2z-pyfW0.roa
Signing time:             Fri 05 Apr 2024 08:27:54 +0000
ROA not before:           Fri 05 Apr 2024 08:27:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        62.112.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 07:02:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ad:5f:19:0e:9c:5e:b3:3c:ca:54:13:6a:31:6c:09:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=166afc51c922fd842fec5b0cbbd26ebdbd1a161e
        Validity
            Not Before: Apr  5 08:27:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c5142f1c4649e42540b9e872c67f6cfea727d6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:83:74:20:79:85:6b:d7:26:17:6a:34:f4:df:
                    7f:ef:8c:7b:ad:1d:3a:f0:97:dd:dc:a1:2b:71:86:
                    d7:3e:c0:f8:4b:02:db:e6:ad:5e:61:b9:4f:7f:6f:
                    8d:be:ae:64:1d:2c:c8:0b:87:c5:a9:9c:3e:bf:a7:
                    3d:30:f6:22:24:76:6f:b2:4f:96:d9:e1:3f:3a:0a:
                    99:ca:a8:dc:15:bd:93:1e:ac:46:86:88:4d:80:88:
                    bc:44:21:39:6a:e1:28:f2:78:14:70:50:7b:88:d8:
                    fb:d4:ef:56:08:12:51:fa:e4:37:e4:b7:45:92:1f:
                    81:27:6e:6d:a2:98:d3:7c:cf:ab:5c:da:a8:c2:71:
                    38:a4:dc:fe:72:b6:b5:f5:e4:5a:76:7b:78:77:05:
                    2d:93:2d:d3:4a:c8:26:a1:4c:5a:f7:c1:1d:10:31:
                    23:91:8c:2c:bd:dc:53:ea:8b:b4:e0:d8:4e:d7:6d:
                    d4:f5:85:0a:48:5f:0d:a7:67:c4:ee:a6:cd:ad:98:
                    44:75:d5:8d:f2:0a:bd:44:29:25:31:c7:a4:01:a1:
                    89:ac:7f:27:03:56:d0:7b:a0:c3:06:2c:65:1d:13:
                    e3:30:43:f0:5f:bc:4d:69:b9:20:2c:bc:27:4e:5b:
                    8b:64:af:a1:79:e8:e0:6f:5b:bb:21:f4:d1:e8:47:
                    d1:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:51:42:F1:C4:64:9E:42:54:0B:9E:87:2C:67:F6:CF:EA:72:7D:6D
            X509v3 Authority Key Identifier:
                keyid:16:6A:FC:51:C9:22:FD:84:2F:EC:5B:0C:BB:D2:6E:BD:BD:1A:16:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/fFFC8cRknkJUC56HLGf2z-pyfW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:05:c9:14:28:05:e4:f9:65:15:47:38:83:16:05:6c:2d:5f:
         5f:64:1b:9e:e4:14:d0:db:1d:b3:77:71:f4:75:de:00:6e:f9:
         3a:6b:4f:35:c2:de:e4:83:27:91:25:87:d1:d2:0d:b2:52:8e:
         32:4a:18:00:0e:9f:90:ec:51:a9:c6:e0:03:c9:43:4c:90:19:
         6c:0f:4b:75:d8:04:a7:37:b2:22:6a:b7:82:ff:16:35:54:d6:
         11:24:86:10:a3:e5:89:1a:84:46:44:7d:04:15:e3:63:c9:6d:
         9d:e5:0f:b6:e7:e8:b0:69:71:34:0e:0d:19:95:3f:17:36:09:
         5b:63:82:65:dd:0e:f7:d1:1c:a5:f6:d3:7e:69:06:70:63:6c:
         e7:1c:9c:71:e6:66:5d:c2:9b:72:84:73:3f:4d:5e:8c:87:0b:
         8d:21:59:9d:f8:16:5c:af:00:a7:5c:46:41:32:6a:e4:34:38:
         f6:b6:b9:89:42:ab:a1:e7:d6:56:0a:8b:6a:a1:6f:f8:8b:fe:
         91:42:80:16:c4:ea:d2:8d:f4:45:34:49:bb:98:ca:98:08:de:
         ef:0c:f6:d5:7a:2a:d2:44:26:71:3b:17:9b:36:95:44:6d:60:
         76:59:f8:08:a5:e6:59:44:b0:75:43:98:23:f6:58:a4:06:ce:
         0b:5e:6f:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6tXxkOnF6zPMpUE2oxbAlaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NmFmYzUxYzkyMmZkODQyZmVjNWIwY2JiZDI2ZWJkYmQx
YTE2MWUwHhcNMjQwNDA1MDgyNzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzUxNDJmMWM0NjQ5ZTQyNTQwYjllODcyYzY3ZjZjZmVhNzI3ZDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4N0IHmFa9cmF2o09N9/74x7rR06
8Jfd3KErcYbXPsD4SwLb5q1eYblPf2+Nvq5kHSzIC4fFqZw+v6c9MPYiJHZvsk+W
2eE/OgqZyqjcFb2THqxGhohNgIi8RCE5auEo8ngUcFB7iNj71O9WCBJR+uQ35LdF
kh+BJ25topjTfM+rXNqownE4pNz+cra19eRadnt4dwUtky3TSsgmoUxa98EdEDEj
kYwsvdxT6ou04NhO123U9YUKSF8Np2fE7qbNrZhEddWN8gq9RCklMcekAaGJrH8n
A1bQe6DDBixlHRPjMEPwX7xNabkgLLwnTluLZK+heejgb1u7IfTR6EfRwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHxRQvHEZJ5CVAuehyxn9s/qcn1tMB8GA1UdIwQY
MBaAFBZq/FHJIv2EL+xbDLvSbr29GhYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm1yOFVja2lfWVF2N0ZzTXU5SnV2YjBhRmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy84OGM0NTQtY2JhYS00M2ZkLWIzYzEt
MTNiOTExMGNlMjBjLzEvZkZGQzhjUmtua0pVQzU2SExHZjJ6LXB5ZlcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy84OGM0NTQtY2JhYS00M2ZkLWIzYzEtMTNiOTExMGNlMjBj
LzEvRm1yOFVja2lfWVF2N0ZzTXU5SnV2YjBhRmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPnDNMA0G
CSqGSIb3DQEBCwUAA4IBAQDQBckUKAXk+WUVRziDFgVsLV9fZBue5BTQ2x2zd3H0
dd4Abvk6a081wt7kgyeRJYfR0g2yUo4yShgADp+Q7FGpxuADyUNMkBlsD0t12ASn
N7IiareC/xY1VNYRJIYQo+WJGoRGRH0EFeNjyW2d5Q+25+iwaXE0Dg0ZlT8XNglb
Y4Jl3Q730Ryl9tN+aQZwY2znHJxx5mZdwptyhHM/TV6MhwuNIVmd+BZcrwCnXEZB
MmrkNDj2trmJQquh59ZWCotqoW/4i/6RQoAWxOrSjfRFNEm7mMqYCN7vDPbVeirS
RCZxOxebNpVEbWB2WfgIpeZZRLB1Q5gj9likBs4LXm+/
-----END CERTIFICATE-----