Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/p_FSDbyP7te2uIDUVFP0JLOhITI.roa
File:                     p_FSDbyP7te2uIDUVFP0JLOhITI.roa (raw, json)
Hash identifier:          mWDAGzOiyKSl1SxGhTM16r75qjzfrJ4XuJbr6euxipU=
Subject key identifier:   A7:F1:52:0D:BC:8F:EE:D7:B6:B8:80:D4:54:53:F4:24:B3:A1:21:32
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018EE02A86103C86090028E786D427702627
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/p_FSDbyP7te2uIDUVFP0JLOhITI.roa
Signing time:             Mon 15 Apr 2024 05:11:06 +0000
ROA not before:           Mon 15 Apr 2024 05:11:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216445
IP address blocks:        85.208.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e0:2a:86:10:3c:86:09:00:28:e7:86:d4:27:70:26:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Apr 15 05:11:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7f1520dbc8feed7b6b880d45453f424b3a12132
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b7:7e:4b:c7:24:e3:54:ad:5a:2b:be:9e:cd:
                    93:94:76:68:6d:1f:31:33:f7:76:79:c6:4c:53:5c:
                    30:11:62:8d:26:8b:45:42:74:cc:28:d2:3d:fc:d4:
                    b8:72:02:1f:f9:72:b9:7c:c1:89:e5:5b:8d:19:44:
                    1a:8d:0c:9a:9f:f3:a6:e1:c7:82:92:5d:23:fe:79:
                    52:74:69:cf:89:3b:49:73:6a:ee:4a:b0:4e:67:27:
                    12:46:c0:ee:8e:c6:d5:13:7b:f1:c2:1e:84:77:65:
                    e3:d7:66:d3:a9:54:3e:9b:9d:0d:59:3e:32:90:8d:
                    a3:ee:19:cb:be:1f:b8:e3:61:01:e5:69:79:e4:7e:
                    07:99:75:2e:1b:d5:cb:30:cb:8c:21:af:9e:48:71:
                    02:53:01:ab:d2:5b:74:4a:ce:fe:42:d3:e3:cd:2e:
                    5a:6e:42:3d:81:c9:33:6d:ab:65:bc:07:40:49:3e:
                    9b:e3:ff:a4:44:2d:ae:1c:e3:85:9a:6f:2f:ba:92:
                    64:10:2c:4f:6c:71:b7:a6:d6:72:5f:ea:43:f9:71:
                    04:cc:90:dd:8c:21:0f:47:32:c6:53:b4:e6:7c:a8:
                    6b:99:dd:66:9d:a0:d2:e5:fc:35:fc:4c:f6:8c:08:
                    d2:8a:41:62:b1:c3:87:2d:1d:62:30:18:29:a5:d8:
                    67:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:F1:52:0D:BC:8F:EE:D7:B6:B8:80:D4:54:53:F4:24:B3:A1:21:32
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/p_FSDbyP7te2uIDUVFP0JLOhITI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:2b:e6:7f:be:af:9e:ea:49:4d:51:3f:9c:b1:1d:75:21:44:
         3e:93:37:72:03:98:35:c1:00:c7:39:b2:1a:c1:8a:01:46:5c:
         f4:99:75:57:26:24:3f:88:49:76:6f:da:d1:f8:11:90:d9:14:
         6e:6d:7e:7b:ca:31:40:0f:ed:33:3c:14:fa:ca:48:09:4e:45:
         5c:14:58:36:d1:6c:5a:e5:ee:1f:e9:fb:4b:d1:bb:d3:ed:75:
         5f:51:38:9f:b5:ae:cb:56:e6:22:ec:a7:da:4f:ba:64:06:2f:
         b4:fb:cc:28:9d:e0:37:23:e8:97:39:56:cf:47:95:83:c3:34:
         4d:b5:ff:fc:49:a5:05:38:e3:0d:64:1d:9d:d6:7f:b5:14:da:
         16:f9:85:af:d7:61:0f:79:46:3a:6d:68:34:09:9e:9a:0c:eb:
         81:56:06:95:ad:f7:a3:53:e3:b1:03:7b:19:ad:fc:28:09:38:
         a2:7f:f4:93:74:af:50:79:96:15:1b:0f:3d:8a:ee:9e:06:0a:
         33:32:58:16:0b:1d:d3:b5:a9:21:e6:d8:69:3a:bb:3f:2f:cc:
         2c:90:5a:1d:65:53:5f:d8:34:17:09:d9:b4:da:d1:3f:2a:9c:
         60:b3:f7:9a:bb:de:55:3f:ba:94:ce:dc:5d:c7:a1:fd:ca:27:
         fc:8f:65:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7gKoYQPIYJACjnhtQncCYnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwNDE1MDUxMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2YxNTIwZGJjOGZlZWQ3YjZiODgwZDQ1NDUzZjQyNGIzYTEyMTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubd+S8ck41StWiu+ns2TlHZobR8x
M/d2ecZMU1wwEWKNJotFQnTMKNI9/NS4cgIf+XK5fMGJ5VuNGUQajQyan/Om4ceC
kl0j/nlSdGnPiTtJc2ruSrBOZycSRsDujsbVE3vxwh6Ed2Xj12bTqVQ+m50NWT4y
kI2j7hnLvh+442EB5Wl55H4HmXUuG9XLMMuMIa+eSHECUwGr0lt0Ss7+QtPjzS5a
bkI9gckzbatlvAdAST6b4/+kRC2uHOOFmm8vupJkECxPbHG3ptZyX+pD+XEEzJDd
jCEPRzLGU7TmfKhrmd1mnaDS5fw1/Ez2jAjSikFiscOHLR1iMBgppdhn4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKfxUg28j+7XtriA1FRT9CSzoSEyMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvcF9GU0RieVA3dGUydUlEVVZGUDBKTE9oSVRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdBqMA0G
CSqGSIb3DQEBCwUAA4IBAQB4K+Z/vq+e6klNUT+csR11IUQ+kzdyA5g1wQDHObIa
wYoBRlz0mXVXJiQ/iEl2b9rR+BGQ2RRubX57yjFAD+0zPBT6ykgJTkVcFFg20Wxa
5e4f6ftL0bvT7XVfUTifta7LVuYi7KfaT7pkBi+0+8woneA3I+iXOVbPR5WDwzRN
tf/8SaUFOOMNZB2d1n+1FNoW+YWv12EPeUY6bWg0CZ6aDOuBVgaVrfejU+OxA3sZ
rfwoCTiif/STdK9QeZYVGw89iu6eBgozMlgWCx3Ttakh5thpOrs/L8wskFodZVNf
2DQXCdm02tE/Kpxgs/eau95VP7qUztxdx6H9yif8j2V6
-----END CERTIFICATE-----