Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6dbdaf-5495-4cc5-b770-73590aa290f1/1/FaeR-Hv2Y_5UdbAqRqFB0nLvClI.roa
File:                     FaeR-Hv2Y_5UdbAqRqFB0nLvClI.roa (raw, json)
Hash identifier:          KHv5liwt3bRMj3psjQsQ9zefHK59bNWALUAT3jZ4AuA=
Subject key identifier:   15:A7:91:F8:7B:F6:63:FE:54:75:B0:2A:46:A1:41:D2:72:EF:0A:52
Certificate issuer:       /CN=e371ce2086805f912f8512b79c5e66a9c9f4d4d2
Certificate serial:       018D64E528C69CFA17FDD149AEEE5000133E
Authority key identifier: E3:71:CE:20:86:80:5F:91:2F:85:12:B7:9C:5E:66:A9:C9:F4:D4:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/43HOIIaAX5EvhRK3nF5mqcn01NI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6dbdaf-5495-4cc5-b770-73590aa290f1/1/FaeR-Hv2Y_5UdbAqRqFB0nLvClI.roa
Signing time:             Thu 01 Feb 2024 13:39:16 +0000
ROA not before:           Thu 01 Feb 2024 13:39:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201121
IP address blocks:        5.63.16.0/24 maxlen: 24
                          2a13:4440::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6dbdaf-5495-4cc5-b770-73590aa290f1/1/43HOIIaAX5EvhRK3nF5mqcn01NI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6dbdaf-5495-4cc5-b770-73590aa290f1/1/43HOIIaAX5EvhRK3nF5mqcn01NI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/43HOIIaAX5EvhRK3nF5mqcn01NI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:64:e5:28:c6:9c:fa:17:fd:d1:49:ae:ee:50:00:13:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e371ce2086805f912f8512b79c5e66a9c9f4d4d2
        Validity
            Not Before: Feb  1 13:39:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15a791f87bf663fe5475b02a46a141d272ef0a52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:1a:9d:23:89:b1:a3:44:f3:91:17:26:21:8b:
                    9a:42:82:8d:f1:4e:c9:46:18:c5:13:d9:b4:38:d0:
                    94:48:2e:dd:80:19:34:d9:50:9c:58:b4:d9:bd:98:
                    41:0f:6c:a3:0e:96:89:02:e9:37:c5:13:43:37:10:
                    a4:41:d4:a1:73:f1:87:17:43:5b:fb:c6:2c:07:72:
                    38:b2:57:4a:e8:28:32:a1:12:ad:85:f8:06:0e:e9:
                    f3:a2:0f:5c:56:09:9e:39:ab:9e:fb:6b:b5:c5:65:
                    2e:c8:fe:5b:7e:72:d0:c9:58:2e:c8:9a:6c:bf:e3:
                    e9:fc:b8:09:d0:05:e6:1b:91:74:4a:db:30:a6:0d:
                    f8:dd:6d:50:9c:31:29:a5:e7:4d:21:e9:30:5d:d9:
                    69:ba:33:8b:81:f4:53:85:27:6c:46:5f:40:fc:af:
                    54:22:c4:04:76:c4:84:85:26:15:81:df:91:c7:18:
                    20:f6:67:64:5d:5d:f5:2f:49:59:97:c6:82:ea:06:
                    d6:7b:b9:90:44:00:70:a2:3c:47:3b:69:61:eb:bd:
                    b0:c8:ba:21:4a:8c:a6:d2:6f:ee:0e:55:a0:5c:f7:
                    c8:ef:56:a3:f4:bb:a6:d9:26:08:db:68:5e:3d:da:
                    8a:c1:87:8e:47:b3:c2:e2:54:07:55:c9:ed:61:00:
                    86:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:A7:91:F8:7B:F6:63:FE:54:75:B0:2A:46:A1:41:D2:72:EF:0A:52
            X509v3 Authority Key Identifier:
                keyid:E3:71:CE:20:86:80:5F:91:2F:85:12:B7:9C:5E:66:A9:C9:F4:D4:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/43HOIIaAX5EvhRK3nF5mqcn01NI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6dbdaf-5495-4cc5-b770-73590aa290f1/1/FaeR-Hv2Y_5UdbAqRqFB0nLvClI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6dbdaf-5495-4cc5-b770-73590aa290f1/1/43HOIIaAX5EvhRK3nF5mqcn01NI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.16.0/24
                IPv6:
                  2a13:4440::/29

    Signature Algorithm: sha256WithRSAEncryption
         10:ad:1b:05:0d:b4:31:c2:19:43:48:83:c6:b3:c7:e8:76:97:
         78:84:10:93:7f:4a:de:ad:72:8e:d9:1b:4f:31:e7:a7:25:f1:
         7d:04:2d:25:40:1e:92:b6:30:19:05:d7:8a:95:aa:1d:2d:b7:
         58:d1:b2:13:d1:17:c2:01:c5:8c:c8:86:71:09:d3:39:fa:ba:
         d8:13:a6:2b:39:68:00:88:fb:5b:ab:dc:8b:30:8e:56:34:78:
         f5:ce:ad:86:16:1f:3d:92:65:95:aa:3b:9c:94:90:e2:4a:d0:
         a6:16:3e:8d:b0:db:41:ef:88:83:d5:2c:f2:eb:de:6c:1e:72:
         06:66:50:92:4e:ae:61:9d:24:62:73:81:9b:d2:12:0d:ff:30:
         ca:84:05:cb:fe:46:20:4e:26:e5:78:07:21:a2:d6:ca:3e:0e:
         ef:93:ec:14:5d:22:fe:17:38:a7:b7:d8:75:53:19:c1:7f:2d:
         ac:39:7d:b3:c2:6c:83:06:77:60:1b:86:83:38:dd:83:fd:25:
         4e:c0:0f:05:77:ff:33:28:33:8b:63:74:56:e7:08:df:c6:47:
         10:55:fa:3c:b7:41:fb:65:27:43:91:9e:e1:7c:79:d2:46:f8:
         b8:c9:10:77:ee:43:5f:6d:8c:48:07:7a:d9:4c:f0:82:c0:a9:
         93:9c:fd:12
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY1k5SjGnPoX/dFJru5QABM+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzNzFjZTIwODY4MDVmOTEyZjg1MTJiNzljNWU2NmE5Yzlm
NGQ0ZDIwHhcNMjQwMjAxMTMzOTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWE3OTFmODdiZjY2M2ZlNTQ3NWIwMmE0NmExNDFkMjcyZWYwYTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4hqdI4mxo0TzkRcmIYuaQoKN8U7J
RhjFE9m0ONCUSC7dgBk02VCcWLTZvZhBD2yjDpaJAuk3xRNDNxCkQdShc/GHF0Nb
+8YsB3I4sldK6CgyoRKthfgGDunzog9cVgmeOaue+2u1xWUuyP5bfnLQyVguyJps
v+Pp/LgJ0AXmG5F0Stswpg343W1QnDEppedNIekwXdlpujOLgfRThSdsRl9A/K9U
IsQEdsSEhSYVgd+Rxxgg9mdkXV31L0lZl8aC6gbWe7mQRABwojxHO2lh672wyLoh
Soym0m/uDlWgXPfI71aj9Lum2SYI22hePdqKwYeOR7PC4lQHVcntYQCGBQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBWnkfh79mP+VHWwKkahQdJy7wpSMB8GA1UdIwQY
MBaAFONxziCGgF+RL4USt5xeZqnJ9NTSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDNIT0lJYUFYNUV2aFJLM25GNW1xY24wMU5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82ZGJkYWYtNTQ5NS00Y2M1LWI3NzAt
NzM1OTBhYTI5MGYxLzEvRmFlUi1IdjJZXzVVZGJBcVJxRkIwbkx2Q2xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82ZGJkYWYtNTQ5NS00Y2M1LWI3NzAtNzM1OTBhYTI5MGYx
LzEvNDNIT0lJYUFYNUV2aFJLM25GNW1xY24wMU5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQABT8QMA0E
AgACMAcDBQMqE0RAMA0GCSqGSIb3DQEBCwUAA4IBAQAQrRsFDbQxwhlDSIPGs8fo
dpd4hBCTf0rerXKO2RtPMeenJfF9BC0lQB6StjAZBdeKlaodLbdY0bIT0RfCAcWM
yIZxCdM5+rrYE6YrOWgAiPtbq9yLMI5WNHj1zq2GFh89kmWVqjuclJDiStCmFj6N
sNtB74iD1Szy695sHnIGZlCSTq5hnSRic4Gb0hIN/zDKhAXL/kYgTibleAchotbK
Pg7vk+wUXSL+Fzint9h1UxnBfy2sOX2zwmyDBndgG4aDON2D/SVOwA8Fd/8zKDOL
Y3RW5wjfxkcQVfo8t0H7ZSdDkZ7hfHnSRvi4yRB37kNfbYxIB3rZTPCCwKmTnP0S
-----END CERTIFICATE-----