Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/363586-9b80-457b-bdf0-6ca52e029cbe/1/fp1f-QPm-T_kZ0qE-U33nQt5c_4.roa
File:                     fp1f-QPm-T_kZ0qE-U33nQt5c_4.roa (raw, json)
Hash identifier:          l8oY36E1AmelTiL8XS5swsd5f74Oiyd5moO16Q1jw+k=
Subject key identifier:   7E:9D:5F:F9:03:E6:F9:3F:E4:67:4A:84:F9:4D:F7:9D:0B:79:73:FE
Certificate issuer:       /CN=776405e0283743cf52180d5b13812dfba3ded7fc
Certificate serial:       018CC349427A3BF947C513924CA7B20D39D8
Authority key identifier: 77:64:05:E0:28:37:43:CF:52:18:0D:5B:13:81:2D:FB:A3:DE:D7:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d2QF4Cg3Q89SGA1bE4Et-6Pe1_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/363586-9b80-457b-bdf0-6ca52e029cbe/1/fp1f-QPm-T_kZ0qE-U33nQt5c_4.roa
Signing time:             Mon 01 Jan 2024 04:30:07 +0000
ROA not before:           Mon 01 Jan 2024 04:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57127
IP address blocks:        146.247.24.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/363586-9b80-457b-bdf0-6ca52e029cbe/1/d2QF4Cg3Q89SGA1bE4Et-6Pe1_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/363586-9b80-457b-bdf0-6ca52e029cbe/1/d2QF4Cg3Q89SGA1bE4Et-6Pe1_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d2QF4Cg3Q89SGA1bE4Et-6Pe1_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:42:7a:3b:f9:47:c5:13:92:4c:a7:b2:0d:39:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=776405e0283743cf52180d5b13812dfba3ded7fc
        Validity
            Not Before: Jan  1 04:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e9d5ff903e6f93fe4674a84f94df79d0b7973fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:04:85:65:17:c2:01:4a:db:37:02:d3:ce:82:
                    78:b1:d7:8b:a7:a1:21:43:f2:6c:a2:47:e4:14:80:
                    9a:68:b7:b2:f7:4b:32:cd:93:7f:2d:79:88:17:de:
                    cf:52:3c:fd:a6:61:4b:00:b8:a7:4f:d8:77:82:42:
                    0a:c8:ec:6e:37:9f:b1:d6:e0:38:34:87:99:28:cc:
                    b1:71:6e:44:2f:7f:6d:1d:45:aa:1d:31:16:6a:16:
                    a6:da:04:6a:e3:e4:d0:26:4c:df:b2:f9:b8:95:84:
                    28:60:59:b7:af:77:96:c2:1a:11:bb:2a:96:1a:38:
                    28:e6:bc:fb:3d:f5:20:4b:32:21:5b:18:21:ae:64:
                    99:33:76:65:fd:15:61:ae:ed:6b:71:37:9b:16:14:
                    01:13:ad:3e:85:03:51:f6:93:bf:18:4e:b8:5b:dd:
                    13:0b:9a:6e:de:52:98:49:e1:07:8f:e9:2f:f9:e6:
                    45:0e:26:4c:13:7a:48:0c:67:4d:55:d5:bf:8a:2f:
                    c8:97:5f:11:ab:da:cc:16:2a:7d:cd:0a:df:68:84:
                    4a:4a:8d:c1:1e:af:87:37:f0:a4:43:ff:7a:2c:9b:
                    bf:78:af:bf:f4:3a:c9:56:98:f0:6a:db:04:d1:26:
                    dd:ef:9f:6b:51:1d:c6:8c:d3:d1:e7:1f:48:9d:97:
                    bf:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:9D:5F:F9:03:E6:F9:3F:E4:67:4A:84:F9:4D:F7:9D:0B:79:73:FE
            X509v3 Authority Key Identifier:
                keyid:77:64:05:E0:28:37:43:CF:52:18:0D:5B:13:81:2D:FB:A3:DE:D7:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2QF4Cg3Q89SGA1bE4Et-6Pe1_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/363586-9b80-457b-bdf0-6ca52e029cbe/1/fp1f-QPm-T_kZ0qE-U33nQt5c_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/363586-9b80-457b-bdf0-6ca52e029cbe/1/d2QF4Cg3Q89SGA1bE4Et-6Pe1_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:0a:98:2d:b3:3f:af:bc:f4:9f:0b:e3:6a:a8:48:a3:ba:b7:
         fd:bb:93:eb:6f:0a:13:21:3c:8e:04:bc:36:1a:06:df:d6:f9:
         df:70:e2:6b:2a:bd:53:68:61:2a:e4:fe:8d:8a:5b:a2:4f:b3:
         99:8e:6c:2e:2d:61:22:ba:86:c5:8a:df:80:0c:ab:56:3c:6d:
         70:19:a8:da:59:25:43:c6:6a:aa:5c:89:6f:20:2f:f1:03:0d:
         8e:0d:47:f1:b8:77:9a:0d:59:7b:a2:5a:66:7f:b5:41:e6:6a:
         fd:c8:21:2f:11:b0:fa:46:a5:9c:90:0b:76:a5:c7:8f:2e:b2:
         0a:40:04:aa:6e:ad:d0:69:8f:2f:9e:7d:3f:4d:62:7e:0b:ab:
         17:63:d3:d6:37:9a:a1:ac:38:20:e9:52:1d:6f:66:86:6e:5d:
         a8:99:52:5b:78:ee:08:0c:75:d7:29:76:72:23:29:50:dc:72:
         9d:f8:ad:e9:59:a8:95:72:f9:59:b4:b8:de:ac:3e:cf:39:31:
         3a:6d:12:9f:58:50:c1:4a:46:1d:f3:43:40:09:b9:a4:3f:7f:
         2d:eb:d1:f1:00:79:48:f2:6f:2d:e7:e7:3d:71:01:2a:56:7d:
         cc:6f:b4:7c:da:6d:eb:16:42:5f:93:62:ab:ad:76:9e:5c:7c:
         d1:34:86:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSUJ6O/lHxROSTKeyDTnYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3NjQwNWUwMjgzNzQzY2Y1MjE4MGQ1YjEzODEyZGZiYTNk
ZWQ3ZmMwHhcNMjQwMTAxMDQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTlkNWZmOTAzZTZmOTNmZTQ2NzRhODRmOTRkZjc5ZDBiNzk3M2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgSFZRfCAUrbNwLTzoJ4sdeLp6Eh
Q/JsokfkFICaaLey90syzZN/LXmIF97PUjz9pmFLALinT9h3gkIKyOxuN5+x1uA4
NIeZKMyxcW5EL39tHUWqHTEWaham2gRq4+TQJkzfsvm4lYQoYFm3r3eWwhoRuyqW
Gjgo5rz7PfUgSzIhWxghrmSZM3Zl/RVhru1rcTebFhQBE60+hQNR9pO/GE64W90T
C5pu3lKYSeEHj+kv+eZFDiZME3pIDGdNVdW/ii/Il18Rq9rMFip9zQrfaIRKSo3B
Hq+HN/CkQ/96LJu/eK+/9DrJVpjwatsE0Sbd759rUR3GjNPR5x9InZe/JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH6dX/kD5vk/5GdKhPlN950LeXP+MB8GA1UdIwQY
MBaAFHdkBeAoN0PPUhgNWxOBLfuj3tf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDJRRjRDZzNRODlTR0ExYkU0RXQtNlBlMV93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8zNjM1ODYtOWI4MC00NTdiLWJkZjAt
NmNhNTJlMDI5Y2JlLzEvZnAxZi1RUG0tVF9rWjBxRS1VMzNuUXQ1Y180LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8zNjM1ODYtOWI4MC00NTdiLWJkZjAtNmNhNTJlMDI5Y2Jl
LzEvZDJRRjRDZzNRODlTR0ExYkU0RXQtNlBlMV93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkvcYMA0G
CSqGSIb3DQEBCwUAA4IBAQA9Cpgtsz+vvPSfC+NqqEijurf9u5PrbwoTITyOBLw2
Ggbf1vnfcOJrKr1TaGEq5P6NiluiT7OZjmwuLWEiuobFit+ADKtWPG1wGajaWSVD
xmqqXIlvIC/xAw2ODUfxuHeaDVl7olpmf7VB5mr9yCEvEbD6RqWckAt2pcePLrIK
QASqbq3QaY8vnn0/TWJ+C6sXY9PWN5qhrDgg6VIdb2aGbl2omVJbeO4IDHXXKXZy
IylQ3HKd+K3pWaiVcvlZtLjerD7POTE6bRKfWFDBSkYd80NACbmkP38t69HxAHlI
8m8t5+c9cQEqVn3Mb7R82m3rFkJfk2KrrXaeXHzRNIZT
-----END CERTIFICATE-----