Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/FnAZPlBcfCllxzbWPCjEGoiJ6XA.roa
File:                     FnAZPlBcfCllxzbWPCjEGoiJ6XA.roa (raw, json)
Hash identifier:          VoR8OHT4XU6XT4/f+CStw2lXB7vRqdQUZn88p/ZzWKY=
Subject key identifier:   16:70:19:3E:50:5C:7C:29:65:C7:36:D6:3C:28:C4:1A:88:89:E9:70
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       0190BBED611592721DF18F57E668C48A9439
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/FnAZPlBcfCllxzbWPCjEGoiJ6XA.roa
Signing time:             Tue 16 Jul 2024 14:23:34 +0000
ROA not before:           Tue 16 Jul 2024 14:23:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138997
IP address blocks:        45.8.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bb:ed:61:15:92:72:1d:f1:8f:57:e6:68:c4:8a:94:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jul 16 14:23:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1670193e505c7c2965c736d63c28c41a8889e970
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:67:90:7b:64:bb:3f:91:22:a7:2c:24:d2:dc:
                    70:77:98:33:d8:b8:b2:9d:5e:54:61:81:71:c9:fd:
                    22:92:d4:74:1a:f2:2f:20:d9:89:0d:f0:5a:90:5c:
                    30:e8:c1:f5:67:e3:ac:86:61:f0:9d:25:0b:11:00:
                    f5:0b:fe:9b:94:b9:80:69:ba:a0:bc:4d:1a:4a:ba:
                    ed:69:13:64:dc:b5:fd:af:6a:64:4b:21:e3:c4:5a:
                    c7:62:88:a9:56:2a:ac:07:e2:4a:0b:e6:7e:75:0c:
                    9c:8c:fc:77:e7:e2:83:96:01:61:bf:4a:1f:a8:de:
                    be:26:87:d1:d0:b1:a2:94:72:bc:dc:40:17:01:59:
                    18:af:7e:f9:2b:d8:0c:5f:bc:f5:55:d4:7b:82:ae:
                    a9:9c:52:21:bb:57:9d:26:c8:c2:02:b0:a7:8a:5d:
                    7b:27:5f:f8:1d:f9:16:b0:8f:4f:25:02:e3:8b:5c:
                    43:42:7c:92:26:ce:68:25:88:f1:ea:64:14:a9:13:
                    f8:f3:56:7a:2a:66:e0:1e:70:67:16:ba:f9:2a:32:
                    bf:f5:08:16:66:b5:31:50:33:90:e3:f4:ae:40:23:
                    ef:d5:e9:25:66:28:ff:db:71:c8:79:56:ce:27:39:
                    8d:ed:c7:a9:ed:c8:7c:1e:31:9d:90:69:6e:52:af:
                    79:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:70:19:3E:50:5C:7C:29:65:C7:36:D6:3C:28:C4:1A:88:89:E9:70
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/FnAZPlBcfCllxzbWPCjEGoiJ6XA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:1f:e2:72:8d:93:ca:81:84:b6:80:e1:ee:67:0c:02:89:c4:
         a8:d5:ac:f0:08:09:ca:71:69:98:8c:e9:7d:55:c0:c4:b6:a2:
         cb:24:4f:1e:62:1b:5d:5e:20:5d:c3:a3:d8:28:57:25:3e:a1:
         35:77:a3:3f:37:5d:83:95:5c:99:c3:3c:6f:44:23:db:0f:50:
         a8:38:09:37:a1:ed:08:70:f3:26:4a:e7:54:73:79:16:04:63:
         7c:a8:2f:f4:27:25:24:49:75:8a:f5:cd:95:5b:11:b8:f5:30:
         a2:36:4e:a2:c1:42:c5:7d:31:7a:3e:53:19:12:e1:1a:8a:17:
         b0:b5:84:64:10:79:e4:a8:22:9b:cf:5b:16:65:37:e8:2b:b4:
         f3:77:de:2b:68:76:55:87:ad:3d:8c:cc:03:a2:f1:43:d8:0c:
         3f:cb:a8:04:72:7f:6a:f9:c8:5d:98:3b:bc:17:92:39:a0:34:
         a8:37:55:d5:c3:aa:b9:d4:35:32:dd:41:d1:4f:b2:ea:74:b8:
         4b:56:cf:b6:e7:6b:87:87:b9:56:dd:9c:fc:d3:67:c6:f7:27:
         fe:5a:24:11:3d:18:13:66:a3:42:68:d1:94:f6:95:fe:17:e2:
         5d:72:b3:29:6d:40:88:3f:b9:f0:c4:40:7a:42:f3:bc:75:74:
         b0:1e:89:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZC77WEVknId8Y9X5mjEipQ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwNzE2MTQyMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjcwMTkzZTUwNWM3YzI5NjVjNzM2ZDYzYzI4YzQxYTg4ODllOTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6meQe2S7P5Eipywk0txwd5gz2Liy
nV5UYYFxyf0iktR0GvIvINmJDfBakFww6MH1Z+OshmHwnSULEQD1C/6blLmAabqg
vE0aSrrtaRNk3LX9r2pkSyHjxFrHYoipViqsB+JKC+Z+dQycjPx35+KDlgFhv0of
qN6+JofR0LGilHK83EAXAVkYr375K9gMX7z1VdR7gq6pnFIhu1edJsjCArCnil17
J1/4HfkWsI9PJQLji1xDQnySJs5oJYjx6mQUqRP481Z6KmbgHnBnFrr5KjK/9QgW
ZrUxUDOQ4/SuQCPv1eklZij/23HIeVbOJzmN7cep7ch8HjGdkGluUq95SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZwGT5QXHwpZcc21jwoxBqIielwMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvRm5BWlBsQmNmQ2xseHpiV1BDakVHb2lKNlhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQi/MA0G
CSqGSIb3DQEBCwUAA4IBAQCLH+JyjZPKgYS2gOHuZwwCicSo1azwCAnKcWmYjOl9
VcDEtqLLJE8eYhtdXiBdw6PYKFclPqE1d6M/N12DlVyZwzxvRCPbD1CoOAk3oe0I
cPMmSudUc3kWBGN8qC/0JyUkSXWK9c2VWxG49TCiNk6iwULFfTF6PlMZEuEaihew
tYRkEHnkqCKbz1sWZTfoK7Tzd94raHZVh609jMwDovFD2Aw/y6gEcn9q+chdmDu8
F5I5oDSoN1XVw6q51DUy3UHRT7LqdLhLVs+252uHh7lW3Zz802fG9yf+WiQRPRgT
ZqNCaNGU9pX+F+JdcrMpbUCIP7nwxEB6QvO8dXSwHokX
-----END CERTIFICATE-----