Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/F5nKpdjQkNoowT9cg_cTgl8iwnA.roa
File:                     F5nKpdjQkNoowT9cg_cTgl8iwnA.roa (raw, json)
Hash identifier:          V2k5zZbKNTN9k5AZh/dDnt6TD60Rl0glp6xOGSwobmk=
Subject key identifier:   17:99:CA:A5:D8:D0:90:DA:28:C1:3F:5C:83:F7:13:82:5F:22:C2:70
Certificate issuer:       /CN=d48b291b16f6d96c80ad7d31292f560d4faaebf0
Certificate serial:       018CCA2959D763E4666C9ADAEC9E31334247
Authority key identifier: D4:8B:29:1B:16:F6:D9:6C:80:AD:7D:31:29:2F:56:0D:4F:AA:EB:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1IspGxb22WyArX0xKS9WDU-q6_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/F5nKpdjQkNoowT9cg_cTgl8iwnA.roa
Signing time:             Tue 02 Jan 2024 12:32:36 +0000
ROA not before:           Tue 02 Jan 2024 12:32:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51327
IP address blocks:        193.104.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/1IspGxb22WyArX0xKS9WDU-q6_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/1IspGxb22WyArX0xKS9WDU-q6_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1IspGxb22WyArX0xKS9WDU-q6_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:59:d7:63:e4:66:6c:9a:da:ec:9e:31:33:42:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48b291b16f6d96c80ad7d31292f560d4faaebf0
        Validity
            Not Before: Jan  2 12:32:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1799caa5d8d090da28c13f5c83f713825f22c270
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:aa:5b:53:7d:c0:d6:33:50:2f:49:7e:77:6d:
                    eb:36:15:5d:fa:b3:5c:73:2a:43:b9:92:dd:f9:7c:
                    0b:1f:31:78:b7:9a:01:c7:12:02:af:64:9f:0e:61:
                    d1:97:a0:92:c7:05:4d:e6:89:46:36:b8:eb:89:57:
                    b2:bf:6f:d7:df:39:5e:fa:0e:3f:a3:8e:0b:4b:73:
                    2f:c3:88:d3:a1:81:0d:1c:ca:b5:dc:01:e4:29:62:
                    9c:79:b8:c3:0a:53:d0:1b:02:ae:6c:5c:6e:68:94:
                    ba:ca:fc:dc:fc:64:86:33:2a:06:07:d4:55:da:b4:
                    e7:20:19:a4:d1:9a:85:44:a0:a0:5b:1e:e0:27:52:
                    4f:68:29:ed:f7:d9:c3:93:76:c6:33:e8:69:36:29:
                    59:25:ac:1e:0a:18:13:0d:79:7f:81:92:e7:e6:8b:
                    ce:96:a2:f0:27:98:99:81:c4:d0:cc:8c:8d:40:ed:
                    fd:7c:cd:fa:65:5c:5d:0f:3f:87:5a:04:ea:ae:d4:
                    94:9f:6a:a7:02:37:0a:03:86:80:fd:73:08:a5:1a:
                    ed:37:cf:a9:e9:c7:1d:14:b4:c3:b6:88:3e:2e:88:
                    95:4e:e7:a7:15:98:52:09:97:88:de:39:a2:a9:f3:
                    e5:1d:a7:73:71:d8:20:c6:71:08:d4:22:36:b5:f3:
                    66:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:99:CA:A5:D8:D0:90:DA:28:C1:3F:5C:83:F7:13:82:5F:22:C2:70
            X509v3 Authority Key Identifier:
                keyid:D4:8B:29:1B:16:F6:D9:6C:80:AD:7D:31:29:2F:56:0D:4F:AA:EB:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1IspGxb22WyArX0xKS9WDU-q6_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/F5nKpdjQkNoowT9cg_cTgl8iwnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/1IspGxb22WyArX0xKS9WDU-q6_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:56:2d:49:86:4a:c9:7e:44:2e:4c:90:bf:40:bb:cb:0b:12:
         89:40:33:d4:78:ca:ad:c1:87:f9:8e:d1:9a:a5:95:12:16:3d:
         b0:60:7f:71:26:cc:02:cd:1d:cb:7c:76:6c:2b:86:a2:ed:38:
         ff:42:68:70:43:0b:0a:80:3a:c2:89:7f:4e:1f:f0:df:17:59:
         d4:85:e6:f3:77:cf:86:4c:c7:b8:ac:ed:0f:7c:2b:50:dc:0a:
         09:3a:26:dd:c1:fe:b7:2b:89:58:39:e7:d0:62:34:a2:4b:93:
         09:d8:44:24:93:8a:2a:fe:49:af:be:fc:6d:3a:0a:84:53:7a:
         b0:2f:db:ad:fa:f9:d8:84:95:bb:73:cf:ba:aa:7d:8b:0a:d0:
         46:5c:3e:16:3e:58:c9:b2:6d:03:96:08:1f:68:98:10:31:cd:
         df:2e:b7:58:eb:4e:74:a7:30:5e:61:5d:53:0f:e0:1b:db:6d:
         da:b5:a8:42:d1:d1:c2:80:48:34:8e:6c:bd:e2:36:6a:66:8c:
         e6:d6:e9:42:f6:03:cf:d1:20:4b:75:90:78:5f:ba:56:e2:1a:
         a2:68:64:f3:1f:45:c6:00:21:3e:c6:ab:fa:4b:37:85:75:47:
         3b:1b:eb:a8:25:b3:8d:1e:7b:41:fd:f3:78:79:e0:a4:14:0b:
         fc:f9:12:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKVnXY+RmbJra7J4xM0JHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGIyOTFiMTZmNmQ5NmM4MGFkN2QzMTI5MmY1NjBkNGZh
YWViZjAwHhcNMjQwMTAyMTIzMjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzk5Y2FhNWQ4ZDA5MGRhMjhjMTNmNWM4M2Y3MTM4MjVmMjJjMjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqpbU33A1jNQL0l+d23rNhVd+rNc
cypDuZLd+XwLHzF4t5oBxxICr2SfDmHRl6CSxwVN5olGNrjriVeyv2/X3zle+g4/
o44LS3Mvw4jToYENHMq13AHkKWKcebjDClPQGwKubFxuaJS6yvzc/GSGMyoGB9RV
2rTnIBmk0ZqFRKCgWx7gJ1JPaCnt99nDk3bGM+hpNilZJaweChgTDXl/gZLn5ovO
lqLwJ5iZgcTQzIyNQO39fM36ZVxdDz+HWgTqrtSUn2qnAjcKA4aA/XMIpRrtN8+p
6ccdFLTDtog+LoiVTuenFZhSCZeI3jmiqfPlHadzcdggxnEI1CI2tfNmcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBeZyqXY0JDaKME/XIP3E4JfIsJwMB8GA1UdIwQY
MBaAFNSLKRsW9tlsgK19MSkvVg1PquvwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlzcEd4YjIyV3lBclgweEtTOVdEVS1xNl9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8xMDgzZTktYjlkZC00YzgyLTk4Nzgt
N2Y4YmZhYzczOTc3LzEvRjVuS3BkalFrTm9vd1Q5Y2dfY1RnbDhpd25BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8xMDgzZTktYjlkZC00YzgyLTk4NzgtN2Y4YmZhYzczOTc3
LzEvMUlzcEd4YjIyV3lBclgweEtTOVdEVS1xNl9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWg4MA0G
CSqGSIb3DQEBCwUAA4IBAQBWVi1JhkrJfkQuTJC/QLvLCxKJQDPUeMqtwYf5jtGa
pZUSFj2wYH9xJswCzR3LfHZsK4ai7Tj/QmhwQwsKgDrCiX9OH/DfF1nUhebzd8+G
TMe4rO0PfCtQ3AoJOibdwf63K4lYOefQYjSiS5MJ2EQkk4oq/kmvvvxtOgqEU3qw
L9ut+vnYhJW7c8+6qn2LCtBGXD4WPljJsm0DlggfaJgQMc3fLrdY6050pzBeYV1T
D+Ab223atahC0dHCgEg0jmy94jZqZozm1ulC9gPP0SBLdZB4X7pW4hqiaGTzH0XG
ACE+xqv6SzeFdUc7G+uoJbONHntB/fN4eeCkFAv8+RLR
-----END CERTIFICATE-----