Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/aba868-afd9-41e4-95ab-b97ba8b679ba/1/FivPzJ_LezQ9mR_n-tWwzgLehYU.roa
File:                     FivPzJ_LezQ9mR_n-tWwzgLehYU.roa (raw, json)
Hash identifier:          mR51GU/M0b0pv1vt/LawMhzOejOkRzT0VfNi+vZFNUw=
Subject key identifier:   16:2B:CF:CC:9F:CB:7B:34:3D:99:1F:E7:FA:D5:B0:CE:02:DE:85:85
Certificate issuer:       /CN=fc9462fef495248fdbd973421fdebe21625cdf1e
Certificate serial:       018CC64B6B62F5E09CB99F3B96831867D0D3
Authority key identifier: FC:94:62:FE:F4:95:24:8F:DB:D9:73:42:1F:DE:BE:21:62:5C:DF:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_JRi_vSVJI_b2XNCH96-IWJc3x4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/aba868-afd9-41e4-95ab-b97ba8b679ba/1/FivPzJ_LezQ9mR_n-tWwzgLehYU.roa
Signing time:             Mon 01 Jan 2024 18:31:20 +0000
ROA not before:           Mon 01 Jan 2024 18:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197015
IP address blocks:        83.242.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/aba868-afd9-41e4-95ab-b97ba8b679ba/1/_JRi_vSVJI_b2XNCH96-IWJc3x4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/aba868-afd9-41e4-95ab-b97ba8b679ba/1/_JRi_vSVJI_b2XNCH96-IWJc3x4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_JRi_vSVJI_b2XNCH96-IWJc3x4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:6b:62:f5:e0:9c:b9:9f:3b:96:83:18:67:d0:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc9462fef495248fdbd973421fdebe21625cdf1e
        Validity
            Not Before: Jan  1 18:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=162bcfcc9fcb7b343d991fe7fad5b0ce02de8585
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e5:96:04:30:6b:d6:1d:7b:68:af:e4:f5:b6:
                    b2:77:9c:0f:e8:de:a0:9c:08:8b:e9:b2:7d:1d:8c:
                    7e:c6:89:59:4b:44:94:24:d9:94:75:78:fe:9d:1a:
                    5c:c6:33:c3:cf:67:03:6b:5f:ab:8d:1f:26:c1:fd:
                    3c:f3:94:d0:a6:b6:4e:17:60:39:0a:b7:65:c6:af:
                    4b:89:94:5d:57:24:f3:cf:f1:34:10:bd:64:75:a0:
                    c5:56:6f:52:34:9f:c8:ca:65:7f:a1:9e:3a:79:7c:
                    25:e9:c0:3e:4e:a7:ef:93:68:ca:ec:c7:5b:df:bb:
                    eb:a6:a3:90:51:d7:08:33:d2:70:d3:17:4c:e4:c2:
                    86:6f:28:64:45:2a:57:fd:88:01:3d:31:1f:88:86:
                    b0:4a:07:bf:e7:a4:7d:b8:08:f6:c0:c7:cf:5e:c7:
                    f8:a9:fe:c7:b6:6e:4b:2f:b6:f3:51:d1:57:ad:6d:
                    00:3e:62:24:29:b5:3e:0c:30:96:9b:55:6b:8f:f6:
                    1b:7f:fd:c6:44:ac:85:f8:35:e4:cd:04:04:5f:0d:
                    11:07:1c:6b:ec:8c:b6:d7:1b:21:4b:1a:a9:37:3e:
                    f4:ca:0b:50:86:70:3c:46:e2:42:28:ab:43:43:7e:
                    42:a5:cf:a5:2d:78:3c:f2:2f:16:65:82:9c:12:26:
                    72:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:2B:CF:CC:9F:CB:7B:34:3D:99:1F:E7:FA:D5:B0:CE:02:DE:85:85
            X509v3 Authority Key Identifier:
                keyid:FC:94:62:FE:F4:95:24:8F:DB:D9:73:42:1F:DE:BE:21:62:5C:DF:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_JRi_vSVJI_b2XNCH96-IWJc3x4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/aba868-afd9-41e4-95ab-b97ba8b679ba/1/FivPzJ_LezQ9mR_n-tWwzgLehYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/aba868-afd9-41e4-95ab-b97ba8b679ba/1/_JRi_vSVJI_b2XNCH96-IWJc3x4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.242.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:b2:a4:e6:c9:ad:07:eb:bc:4c:7c:45:81:04:0d:44:ee:3f:
         66:ce:17:eb:fd:f6:8b:dc:38:9c:c4:96:4f:a9:3e:12:84:e5:
         ff:5c:86:29:a3:c3:fb:83:fb:ab:1e:ad:59:c7:45:46:34:f2:
         03:5f:ff:c0:cc:fb:ea:e5:9c:bf:79:29:26:ee:fb:de:03:df:
         8f:7c:70:fd:92:c0:49:69:e4:6e:1c:bb:b5:af:1f:f0:5f:9a:
         73:c5:9a:36:48:2e:18:5d:ce:1d:ec:95:7d:45:ab:17:8f:aa:
         2a:ed:3a:96:33:35:f1:90:79:cd:65:c3:f5:48:f4:86:d1:0a:
         c0:f4:59:3b:47:74:7e:33:92:c0:13:ea:0c:a9:0a:c4:7f:3c:
         82:f1:99:97:5b:fa:2d:c5:3c:aa:9d:3b:41:b4:6c:9b:ce:fd:
         b6:08:af:3b:b1:b4:18:e4:62:4e:9a:4a:db:5d:93:90:b9:a1:
         68:4c:77:68:05:49:9a:8e:5e:38:2d:27:96:6e:21:80:74:b6:
         9e:1b:3f:5c:4b:6d:27:b9:01:82:23:68:bb:23:26:fb:a8:72:
         c6:94:99:bf:2d:58:dc:79:cc:3f:de:95:d5:01:9e:cc:2d:99:
         17:eb:06:41:81:e3:52:58:0d:31:4a:df:b5:61:2e:ce:cd:12:
         c2:78:6d:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS2ti9eCcuZ87loMYZ9DTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjOTQ2MmZlZjQ5NTI0OGZkYmQ5NzM0MjFmZGViZTIxNjI1
Y2RmMWUwHhcNMjQwMTAxMTgzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjJiY2ZjYzlmY2I3YjM0M2Q5OTFmZTdmYWQ1YjBjZTAyZGU4NTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+WWBDBr1h17aK/k9bayd5wP6N6g
nAiL6bJ9HYx+xolZS0SUJNmUdXj+nRpcxjPDz2cDa1+rjR8mwf0885TQprZOF2A5
Crdlxq9LiZRdVyTzz/E0EL1kdaDFVm9SNJ/IymV/oZ46eXwl6cA+Tqfvk2jK7Mdb
37vrpqOQUdcIM9Jw0xdM5MKGbyhkRSpX/YgBPTEfiIawSge/56R9uAj2wMfPXsf4
qf7Htm5LL7bzUdFXrW0APmIkKbU+DDCWm1Vrj/Ybf/3GRKyF+DXkzQQEXw0RBxxr
7Iy21xshSxqpNz70ygtQhnA8RuJCKKtDQ35Cpc+lLXg88i8WZYKcEiZy5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYrz8yfy3s0PZkf5/rVsM4C3oWFMB8GA1UdIwQY
MBaAFPyUYv70lSSP29lzQh/eviFiXN8eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0pSaV92U1ZKSV9iMlhOQ0g5Ni1JV0pjM3g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9hYmE4NjgtYWZkOS00MWU0LTk1YWIt
Yjk3YmE4YjY3OWJhLzEvRml2UHpKX0xlelE5bVJfbi10V3d6Z0xlaFlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9hYmE4NjgtYWZkOS00MWU0LTk1YWItYjk3YmE4YjY3OWJh
LzEvX0pSaV92U1ZKSV9iMlhOQ0g5Ni1JV0pjM3g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU/JhMA0G
CSqGSIb3DQEBCwUAA4IBAQAgsqTmya0H67xMfEWBBA1E7j9mzhfr/faL3DicxJZP
qT4ShOX/XIYpo8P7g/urHq1Zx0VGNPIDX//AzPvq5Zy/eSkm7vveA9+PfHD9ksBJ
aeRuHLu1rx/wX5pzxZo2SC4YXc4d7JV9RasXj6oq7TqWMzXxkHnNZcP1SPSG0QrA
9Fk7R3R+M5LAE+oMqQrEfzyC8ZmXW/otxTyqnTtBtGybzv22CK87sbQY5GJOmkrb
XZOQuaFoTHdoBUmajl44LSeWbiGAdLaeGz9cS20nuQGCI2i7Iyb7qHLGlJm/LVjc
ecw/3pXVAZ7MLZkX6wZBgeNSWA0xSt+1YS7OzRLCeG0x
-----END CERTIFICATE-----