Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/FpafnhVqfvUHpjb3G82JoOWgeH0.roa
File:                     FpafnhVqfvUHpjb3G82JoOWgeH0.roa (raw, json)
Hash identifier:          J+5uACDnYGJoGNrT+WCB8lDJRchXg8nU7XTfP5cRUxc=
Subject key identifier:   16:96:9F:9E:15:6A:7E:F5:07:A6:36:F7:1B:CD:89:A0:E5:A0:78:7D
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       018CC56EFDD5580C35CF642B28EC5DF1921B
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/FpafnhVqfvUHpjb3G82JoOWgeH0.roa
Signing time:             Mon 01 Jan 2024 14:30:34 +0000
ROA not before:           Mon 01 Jan 2024 14:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35014
IP address blocks:        89.252.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:fd:d5:58:0c:35:cf:64:2b:28:ec:5d:f1:92:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  1 14:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16969f9e156a7ef507a636f71bcd89a0e5a0787d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:f5:4d:a0:9a:6e:f1:b2:f0:a2:84:35:b1:a4:
                    84:2d:99:a5:c1:68:26:53:f2:cd:79:39:89:b2:89:
                    9e:fa:c9:20:5a:03:d6:05:74:68:29:e0:63:70:e0:
                    8f:19:32:24:e9:ce:73:69:07:6f:5b:54:49:d4:92:
                    af:8d:e6:ed:9f:11:f8:15:f9:dd:6d:6d:55:f6:1f:
                    60:86:fe:5b:45:a2:d9:dd:10:9b:b5:a0:15:9b:92:
                    90:78:97:e8:b7:0f:63:4a:d2:d6:9e:d2:ff:22:64:
                    98:3d:64:5e:db:6e:cc:96:8d:74:e2:2b:b9:68:c8:
                    e2:29:90:47:80:76:38:cd:b8:bd:8d:9c:9e:7d:98:
                    e5:22:0f:95:c0:a2:d7:40:91:3f:83:83:12:a8:6b:
                    6c:1b:d0:09:2b:7d:89:28:3c:95:a4:72:ef:06:82:
                    a6:17:33:51:76:a3:1f:2e:46:da:e4:98:b2:7d:ba:
                    7a:f2:37:0f:1d:ac:81:60:7a:12:3c:71:0d:49:a3:
                    b5:f8:fb:f1:b3:ef:a2:a0:04:59:0e:a6:6a:a5:de:
                    5c:75:bb:53:92:6f:0f:76:75:f1:63:d5:23:69:df:
                    35:91:f9:10:4c:60:ce:21:36:c8:41:84:49:85:40:
                    0a:25:20:62:e5:60:59:d9:22:9f:c8:b8:55:c4:13:
                    c7:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:96:9F:9E:15:6A:7E:F5:07:A6:36:F7:1B:CD:89:A0:E5:A0:78:7D
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/FpafnhVqfvUHpjb3G82JoOWgeH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.252.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:06:3d:83:cc:0a:9b:e5:55:6a:d1:d3:bb:8a:22:4d:b7:fe:
         2c:48:56:5d:55:79:e4:ea:37:67:ee:70:be:d3:bf:22:28:48:
         db:1e:22:a1:6c:c3:8c:fa:d5:0e:b8:72:de:d0:4f:c0:b1:74:
         0a:ed:b5:08:4b:a9:27:1b:82:2f:39:c9:3e:f3:bc:fa:9f:24:
         52:b4:7c:cc:10:73:b2:91:ef:d1:81:7e:08:e5:ae:02:78:a2:
         f8:8b:c0:7a:cb:d3:dc:ab:ed:16:12:bc:33:b9:f0:0f:4b:39:
         3d:d2:8d:65:90:af:6b:8a:5e:a6:6c:0e:c8:b3:59:8b:88:6d:
         af:25:96:8f:32:10:44:99:14:d0:5b:38:79:ac:41:83:10:cd:
         94:9d:d2:0f:1e:52:7b:c2:1c:19:fe:83:bc:17:b7:0a:54:72:
         0f:4f:6d:52:28:82:4e:9f:bd:6d:74:23:ca:ad:76:88:82:81:
         8a:96:03:18:da:4b:51:1b:b6:0b:eb:c9:1c:2d:a0:37:49:ba:
         77:fc:a1:01:29:48:32:8b:d5:34:61:09:cf:5b:21:3d:2a:68:
         d8:fa:b9:70:35:91:85:a5:33:a1:d4:d1:f0:2d:2a:c0:b3:a9:
         33:d9:53:33:7a:78:2c:b4:67:65:3e:11:0e:29:94:9e:4c:02:
         c9:b5:fb:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbv3VWAw1z2QrKOxd8ZIbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjQwMTAxMTQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjk2OWY5ZTE1NmE3ZWY1MDdhNjM2ZjcxYmNkODlhMGU1YTA3ODdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgvVNoJpu8bLwooQ1saSELZmlwWgm
U/LNeTmJsome+skgWgPWBXRoKeBjcOCPGTIk6c5zaQdvW1RJ1JKvjebtnxH4Ffnd
bW1V9h9ghv5bRaLZ3RCbtaAVm5KQeJfotw9jStLWntL/ImSYPWRe227Mlo104iu5
aMjiKZBHgHY4zbi9jZyefZjlIg+VwKLXQJE/g4MSqGtsG9AJK32JKDyVpHLvBoKm
FzNRdqMfLkba5Jiyfbp68jcPHayBYHoSPHENSaO1+Pvxs++ioARZDqZqpd5cdbtT
km8PdnXxY9Ujad81kfkQTGDOITbIQYRJhUAKJSBi5WBZ2SKfyLhVxBPHlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBaWn54Van71B6Y29xvNiaDloHh9MB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvRnBhZm5oVnFmdlVIcGpiM0c4MkpvT1dnZUgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfzFMA0G
CSqGSIb3DQEBCwUAA4IBAQDLBj2DzAqb5VVq0dO7iiJNt/4sSFZdVXnk6jdn7nC+
078iKEjbHiKhbMOM+tUOuHLe0E/AsXQK7bUIS6knG4IvOck+87z6nyRStHzMEHOy
ke/RgX4I5a4CeKL4i8B6y9Pcq+0WErwzufAPSzk90o1lkK9ril6mbA7Is1mLiG2v
JZaPMhBEmRTQWzh5rEGDEM2UndIPHlJ7whwZ/oO8F7cKVHIPT21SKIJOn71tdCPK
rXaIgoGKlgMY2ktRG7YL68kcLaA3Sbp3/KEBKUgyi9U0YQnPWyE9KmjY+rlwNZGF
pTOh1NHwLSrAs6kz2VMzengstGdlPhEOKZSeTALJtfuJ
-----END CERTIFICATE-----