Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/FtiSi90aZYGVntvQxRcS5-xWS70.roa
File:                     FtiSi90aZYGVntvQxRcS5-xWS70.roa (raw, json)
Hash identifier:          2j+rFyjZENTv+0RadA9U4ynXOznAmp2l7c5kyK66Lwg=
Subject key identifier:   16:D8:92:8B:DD:1A:65:81:95:9E:DB:D0:C5:17:12:E7:EC:56:4B:BD
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018CC3B6BDE1022022F3629A161D136D14C2
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/FtiSi90aZYGVntvQxRcS5-xWS70.roa
Signing time:             Mon 01 Jan 2024 06:29:42 +0000
ROA not before:           Mon 01 Jan 2024 06:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197248
IP address blocks:        92.52.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:bd:e1:02:20:22:f3:62:9a:16:1d:13:6d:14:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 06:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16d8928bdd1a6581959edbd0c51712e7ec564bbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:e3:ae:ed:78:63:68:56:e8:b8:6c:79:6c:00:
                    da:8a:1a:da:e5:78:f4:9b:e0:67:6d:46:d2:ce:c8:
                    54:01:43:e1:ee:e4:ef:e8:39:88:e5:6a:d7:3c:3b:
                    8e:08:83:a6:a1:aa:15:f4:91:ea:9a:3e:71:0a:b6:
                    eb:23:e9:9e:4f:39:34:ac:7d:20:6b:79:87:20:cd:
                    d3:42:28:48:81:b6:72:42:19:b0:0e:ea:85:44:52:
                    3d:fb:07:b4:e2:5f:36:24:99:9a:ac:34:02:11:ee:
                    88:7f:6d:63:f9:b5:a8:63:df:44:b4:31:d9:ea:8b:
                    15:11:26:98:4e:8f:5b:f3:00:e2:0b:24:87:99:a5:
                    a7:dc:cb:a4:74:72:86:77:69:12:95:38:eb:5e:1b:
                    8e:7f:4e:7e:0c:01:9a:41:0c:24:e5:40:64:fd:0a:
                    73:c4:00:30:31:8a:1c:58:24:61:29:7c:64:ee:67:
                    48:18:c0:20:fb:a0:40:cb:bc:81:38:c5:5e:e7:ec:
                    5d:74:66:e1:b2:6b:a1:5c:97:63:79:42:b1:a3:50:
                    b3:5f:d9:69:9d:5b:60:c0:d9:e3:e8:42:43:62:23:
                    5f:bd:19:dc:2b:f4:52:2d:d7:8d:23:59:86:4b:bd:
                    1a:5b:40:b4:e9:cb:15:7f:c7:e4:64:0c:4f:bc:7a:
                    e1:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:D8:92:8B:DD:1A:65:81:95:9E:DB:D0:C5:17:12:E7:EC:56:4B:BD
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/FtiSi90aZYGVntvQxRcS5-xWS70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.52.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:6f:6f:b1:af:ab:07:48:a0:1d:32:f7:e4:fb:d8:b2:a6:ac:
         0a:dd:3d:8f:82:38:af:27:f8:fd:0b:74:28:58:04:d0:db:d5:
         83:16:6e:8a:c4:dd:85:9a:52:69:80:93:c2:9f:03:db:0f:dc:
         b6:2e:76:36:09:3a:b1:5e:89:7c:b8:3b:54:6a:60:6e:a3:92:
         5f:84:fb:a7:a4:2d:57:f5:2b:d4:e2:66:d2:68:b8:06:d6:a6:
         67:2f:17:a9:94:48:ee:ab:82:6d:f1:69:62:99:11:fd:2f:f7:
         59:eb:3a:f8:73:ca:ce:6d:84:79:a3:a3:1b:8b:61:2e:c4:f9:
         8c:6b:31:c5:f0:0f:02:da:1b:59:e4:40:62:5d:28:ae:b3:de:
         d0:88:03:40:c9:22:ec:54:93:c8:c1:1d:b9:52:27:f3:d9:cc:
         c8:2b:6f:5d:bf:7b:18:a7:f2:ad:ac:45:ad:2b:68:27:8d:5e:
         a2:2f:d5:b3:7f:fb:9e:1b:af:52:f3:79:7b:c3:08:cf:33:9c:
         7c:5b:f5:18:9c:90:de:29:85:e3:a8:55:ce:10:7a:59:84:4d:
         02:ea:da:08:85:52:97:da:a6:50:c7:00:b4:9c:09:e7:6f:87:
         72:2d:16:fd:a2:c5:88:45:7c:bd:23:6c:e6:83:8e:98:b4:ce:
         56:01:7e:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtr3hAiAi82KaFh0TbRTCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAxMDYyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmQ4OTI4YmRkMWE2NTgxOTU5ZWRiZDBjNTE3MTJlN2VjNTY0YmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjuOu7XhjaFbouGx5bADaihra5Xj0
m+BnbUbSzshUAUPh7uTv6DmI5WrXPDuOCIOmoaoV9JHqmj5xCrbrI+meTzk0rH0g
a3mHIM3TQihIgbZyQhmwDuqFRFI9+we04l82JJmarDQCEe6If21j+bWoY99EtDHZ
6osVESaYTo9b8wDiCySHmaWn3MukdHKGd2kSlTjrXhuOf05+DAGaQQwk5UBk/Qpz
xAAwMYocWCRhKXxk7mdIGMAg+6BAy7yBOMVe5+xddGbhsmuhXJdjeUKxo1CzX9lp
nVtgwNnj6EJDYiNfvRncK/RSLdeNI1mGS70aW0C06csVf8fkZAxPvHrhAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBbYkovdGmWBlZ7b0MUXEufsVku9MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvRnRpU2k5MGFaWUdWbnR2UXhSY1M1LXhXUzcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXDTfMA0G
CSqGSIb3DQEBCwUAA4IBAQCfb2+xr6sHSKAdMvfk+9iypqwK3T2PgjivJ/j9C3Qo
WATQ29WDFm6KxN2FmlJpgJPCnwPbD9y2LnY2CTqxXol8uDtUamBuo5JfhPunpC1X
9SvU4mbSaLgG1qZnLxeplEjuq4Jt8WlimRH9L/dZ6zr4c8rObYR5o6Mbi2EuxPmM
azHF8A8C2htZ5EBiXSius97QiANAySLsVJPIwR25Uifz2czIK29dv3sYp/KtrEWt
K2gnjV6iL9Wzf/ueG69S83l7wwjPM5x8W/UYnJDeKYXjqFXOEHpZhE0C6toIhVKX
2qZQxwC0nAnnb4dyLRb9osWIRXy9I2zmg46YtM5WAX6P
-----END CERTIFICATE-----