Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/4707b4-0032-4ac7-bcc7-40c1a72702ef/1/tHfSbUnrvO7apuW0o5hM5SWtjnw.roa
File:                     tHfSbUnrvO7apuW0o5hM5SWtjnw.roa (raw, json)
Hash identifier:          Lt4qoY6xMXeq934i9dt10HBwbrM3rV+wmcpwkYb0+5g=
Subject key identifier:   B4:77:D2:6D:49:EB:BC:EE:DA:A6:E5:B4:A3:98:4C:E5:25:AD:8E:7C
Certificate issuer:       /CN=fa1e9b4e8dc49be3aba597425aefd8b3a5362ffc
Certificate serial:       018CC8DEFC752BA3428744F54688FAC0CF8C
Authority key identifier: FA:1E:9B:4E:8D:C4:9B:E3:AB:A5:97:42:5A:EF:D8:B3:A5:36:2F:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-h6bTo3Em-OrpZdCWu_Ys6U2L_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/4707b4-0032-4ac7-bcc7-40c1a72702ef/1/tHfSbUnrvO7apuW0o5hM5SWtjnw.roa
Signing time:             Tue 02 Jan 2024 06:31:45 +0000
ROA not before:           Tue 02 Jan 2024 06:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42923
IP address blocks:        217.79.144.0/23 maxlen: 23
                          217.79.146.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/4707b4-0032-4ac7-bcc7-40c1a72702ef/1/1-h6bTo3Em-OrpZdCWu_Ys6U2L_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/4707b4-0032-4ac7-bcc7-40c1a72702ef/1/1-h6bTo3Em-OrpZdCWu_Ys6U2L_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-h6bTo3Em-OrpZdCWu_Ys6U2L_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:fc:75:2b:a3:42:87:44:f5:46:88:fa:c0:cf:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa1e9b4e8dc49be3aba597425aefd8b3a5362ffc
        Validity
            Not Before: Jan  2 06:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b477d26d49ebbceedaa6e5b4a3984ce525ad8e7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:5b:7e:26:8c:68:a9:df:7d:c3:77:46:35:c1:
                    03:3a:80:3d:4c:06:b2:81:d7:ea:50:e5:b5:dd:29:
                    bd:fe:a4:49:aa:30:8d:16:f2:53:dc:35:5a:82:fe:
                    01:e3:60:f7:5c:f9:9f:a1:72:00:36:b9:5c:4c:e5:
                    8d:8b:da:23:fd:18:1b:96:c1:6f:62:ce:68:80:db:
                    ce:11:32:ad:f0:73:db:f3:02:f9:57:82:47:af:27:
                    37:61:21:2a:b8:12:27:0f:d8:6f:36:1c:c3:cc:59:
                    b5:09:b4:2e:2c:76:10:88:2f:e1:ae:6c:48:14:55:
                    4a:25:6f:d3:a0:26:f7:e9:f0:f5:ca:5e:84:13:2e:
                    dc:1f:65:40:86:b6:f0:49:90:b4:69:44:f2:93:10:
                    f2:e7:96:c2:8c:b2:8f:20:3c:25:1d:1d:14:54:bd:
                    06:ca:70:44:18:6a:42:c0:86:80:56:20:2c:ac:9a:
                    32:53:f6:f5:a8:9b:57:18:d4:0a:09:1e:ed:97:cc:
                    40:34:0a:23:85:d5:51:75:bf:be:41:1e:a8:5d:a3:
                    ca:a4:68:2b:19:4e:0f:7b:cc:46:af:df:98:ea:82:
                    de:0c:1b:3e:1f:37:1f:66:2e:fa:a1:c6:62:d9:0e:
                    64:0c:68:75:42:03:c9:d6:b0:ee:bb:09:92:95:b6:
                    2f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:77:D2:6D:49:EB:BC:EE:DA:A6:E5:B4:A3:98:4C:E5:25:AD:8E:7C
            X509v3 Authority Key Identifier:
                keyid:FA:1E:9B:4E:8D:C4:9B:E3:AB:A5:97:42:5A:EF:D8:B3:A5:36:2F:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-h6bTo3Em-OrpZdCWu_Ys6U2L_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4707b4-0032-4ac7-bcc7-40c1a72702ef/1/tHfSbUnrvO7apuW0o5hM5SWtjnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4707b4-0032-4ac7-bcc7-40c1a72702ef/1/1-h6bTo3Em-OrpZdCWu_Ys6U2L_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.79.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:10:2c:eb:79:e1:65:57:cd:8f:21:1c:97:4e:38:72:3d:67:
         f2:a3:ee:e3:d0:81:3c:2c:e5:d6:bb:8f:7c:68:8a:39:99:b9:
         0a:58:71:0e:37:dc:95:60:1d:14:f7:bc:72:e1:aa:42:45:f6:
         40:08:84:86:c6:13:06:0b:e8:e0:a2:59:54:7d:89:ca:f4:b9:
         3b:e0:45:e6:2f:ae:d9:9c:fb:da:c9:33:b9:fe:f6:3a:95:97:
         5d:31:6f:4e:43:b7:dd:36:be:1f:75:ab:fe:d4:b7:88:40:34:
         b0:da:e1:1e:f7:d9:3b:35:02:61:9d:30:45:c3:88:84:16:c5:
         09:8b:0f:91:04:04:44:eb:c9:9c:a5:b6:c1:42:4e:19:8b:6d:
         de:18:4a:c0:d8:2c:70:16:0c:e2:45:f8:35:d8:6f:c3:88:dc:
         f5:a8:92:96:f5:73:12:de:d4:00:40:34:6b:d7:c0:fa:d9:1c:
         a7:8d:d3:4d:a5:f9:2a:b7:38:ac:53:f8:31:e5:63:b8:4d:17:
         fd:b1:8e:84:61:ac:e9:4a:3a:3d:1c:cb:c3:36:b1:67:c1:29:
         82:33:04:f8:13:8f:ee:a1:89:82:f6:10:2a:c4:18:f3:64:d4:
         ee:ee:9f:6b:1b:2c:a6:96:ef:7d:4d:8a:de:9b:a4:cc:86:02:
         9d:62:ae:10
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzI3vx1K6NCh0T1Roj6wM+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMWU5YjRlOGRjNDliZTNhYmE1OTc0MjVhZWZkOGIzYTUz
NjJmZmMwHhcNMjQwMTAyMDYzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDc3ZDI2ZDQ5ZWJiY2VlZGFhNmU1YjRhMzk4NGNlNTI1YWQ4ZTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Ft+Joxoqd99w3dGNcEDOoA9TAay
gdfqUOW13Sm9/qRJqjCNFvJT3DVagv4B42D3XPmfoXIANrlcTOWNi9oj/RgblsFv
Ys5ogNvOETKt8HPb8wL5V4JHryc3YSEquBInD9hvNhzDzFm1CbQuLHYQiC/hrmxI
FFVKJW/ToCb36fD1yl6EEy7cH2VAhrbwSZC0aUTykxDy55bCjLKPIDwlHR0UVL0G
ynBEGGpCwIaAViAsrJoyU/b1qJtXGNQKCR7tl8xANAojhdVRdb++QR6oXaPKpGgr
GU4Pe8xGr9+Y6oLeDBs+HzcfZi76ocZi2Q5kDGh1QgPJ1rDuuwmSlbYvmQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLR30m1J67zu2qbltKOYTOUlrY58MB8GA1UdIwQY
MBaAFPoem06NxJvjq6WXQlrv2LOlNi/8MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1oNmJUbzNFbS1PcnBaZENXdV9ZczZVMkxfdy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUvNDcwN2I0LTAwMzItNGFjNy1iY2M3
LTQwYzFhNzI3MDJlZi8xL3RIZlNiVW5ydk83YXB1VzBvNWhNNVNXdGpudy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzUvNDcwN2I0LTAwMzItNGFjNy1iY2M3LTQwYzFhNzI3MDJl
Zi8xLzEtaDZiVG8zRW0tT3JwWmRDV3VfWXM2VTJMX3cuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALZT5Aw
DQYJKoZIhvcNAQELBQADggEBALIQLOt54WVXzY8hHJdOOHI9Z/Kj7uPQgTws5da7
j3xoijmZuQpYcQ433JVgHRT3vHLhqkJF9kAIhIbGEwYL6OCiWVR9icr0uTvgReYv
rtmc+9rJM7n+9jqVl10xb05Dt902vh91q/7Ut4hANLDa4R732Ts1AmGdMEXDiIQW
xQmLD5EEBETryZyltsFCThmLbd4YSsDYLHAWDOJF+DXYb8OI3PWokpb1cxLe1ABA
NGvXwPrZHKeN002l+Sq3OKxT+DHlY7hNF/2xjoRhrOlKOj0cy8M2sWfBKYIzBPgT
j+6hiYL2ECrEGPNk1O7un2sbLKaW731Nit6bpMyGAp1irhA=
-----END CERTIFICATE-----