Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/a092dd-590b-4fbe-89b7-e48c933c16ce/1/FJN88pnkOXVKZjQP-U2z72QEUAU.roa
File:                     FJN88pnkOXVKZjQP-U2z72QEUAU.roa (raw, json)
Hash identifier:          ynnhgR/QmJMH/sCeGEqC3pHJRYdeTZ1Sl7CyZS8p5aM=
Subject key identifier:   14:93:7C:F2:99:E4:39:75:4A:66:34:0F:F9:4D:B3:EF:64:04:50:05
Certificate issuer:       /CN=1c6208ce6d91d6b8dade58e5291bb1929d5e3933
Certificate serial:       01905F762C6F57C18EF34F35574ED1252FE3
Authority key identifier: 1C:62:08:CE:6D:91:D6:B8:DA:DE:58:E5:29:1B:B1:92:9D:5E:39:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HGIIzm2R1rja3ljlKRuxkp1eOTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/a092dd-590b-4fbe-89b7-e48c933c16ce/1/FJN88pnkOXVKZjQP-U2z72QEUAU.roa
Signing time:             Fri 28 Jun 2024 15:28:18 +0000
ROA not before:           Fri 28 Jun 2024 15:28:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197722
IP address blocks:        46.234.128.0/19 maxlen: 24
                          46.234.144.0/23 maxlen: 23
                          46.234.146.0/24 maxlen: 24
                          46.234.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/a092dd-590b-4fbe-89b7-e48c933c16ce/1/HGIIzm2R1rja3ljlKRuxkp1eOTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/a092dd-590b-4fbe-89b7-e48c933c16ce/1/HGIIzm2R1rja3ljlKRuxkp1eOTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HGIIzm2R1rja3ljlKRuxkp1eOTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 18:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5f:76:2c:6f:57:c1:8e:f3:4f:35:57:4e:d1:25:2f:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c6208ce6d91d6b8dade58e5291bb1929d5e3933
        Validity
            Not Before: Jun 28 15:28:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14937cf299e439754a66340ff94db3ef64045005
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:12:51:5b:5c:e2:e1:28:2e:e4:f8:0e:10:d8:
                    9f:48:29:19:ad:06:f7:91:b2:8d:df:06:71:1c:c6:
                    82:69:3d:24:3b:6f:c4:9c:d8:6b:94:e1:2f:f5:5e:
                    93:fc:3c:af:87:0e:00:16:0b:fd:cc:91:69:81:73:
                    1a:1e:65:a4:54:77:02:52:ee:4f:10:30:2a:bd:fd:
                    1d:87:c4:56:7d:0f:e0:dd:e0:a7:06:d9:77:12:92:
                    f5:a4:16:b0:fb:08:d1:9b:be:45:c3:ce:2b:5b:a7:
                    cc:e6:d1:40:07:76:3a:ba:60:77:b8:a9:a8:f5:77:
                    c6:3b:9d:8e:58:d5:f4:96:14:ec:06:b4:4d:fa:05:
                    b1:81:a6:39:a9:1d:c8:26:ff:c4:a4:76:c5:92:f2:
                    bf:09:fb:03:a1:7c:dd:3a:63:cf:6a:cd:12:d8:f6:
                    5a:da:f0:e8:99:b2:df:5f:58:f2:cd:27:54:6c:b8:
                    02:10:f1:63:70:0c:9d:8c:ec:57:07:4c:00:64:2d:
                    c9:78:72:43:ff:8a:06:1a:1b:1b:b5:26:f4:9a:d3:
                    3a:ca:f1:ea:29:cf:0a:a9:59:c0:2f:63:5b:78:18:
                    a8:2a:00:39:12:dd:2c:50:25:ae:f2:18:cd:ba:f5:
                    2a:3a:33:e8:05:f3:ab:77:cf:45:ba:12:2f:76:40:
                    0c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:93:7C:F2:99:E4:39:75:4A:66:34:0F:F9:4D:B3:EF:64:04:50:05
            X509v3 Authority Key Identifier:
                keyid:1C:62:08:CE:6D:91:D6:B8:DA:DE:58:E5:29:1B:B1:92:9D:5E:39:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HGIIzm2R1rja3ljlKRuxkp1eOTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/a092dd-590b-4fbe-89b7-e48c933c16ce/1/FJN88pnkOXVKZjQP-U2z72QEUAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/a092dd-590b-4fbe-89b7-e48c933c16ce/1/HGIIzm2R1rja3ljlKRuxkp1eOTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.234.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4e:2f:35:81:a4:e9:f8:34:5f:e0:ae:70:f2:3f:90:ec:24:25:
         b6:29:2f:15:95:f7:41:fb:a1:da:b8:0b:d1:3f:9b:e9:65:3e:
         c2:cc:27:48:d4:f9:62:3e:66:bb:e4:b7:f7:2f:f6:f1:ab:f2:
         c3:34:a2:d9:2b:f6:54:8d:61:cf:81:44:3c:75:f0:d5:54:15:
         5d:58:4c:c9:d4:a4:a0:45:e8:d5:b6:e4:bd:dd:8c:98:f7:6d:
         50:37:ed:d4:04:6d:31:79:f8:e9:97:78:cb:45:eb:b5:66:f9:
         07:68:2d:dc:ad:d1:9a:3d:dd:17:b1:a1:1f:bc:41:68:be:75:
         ee:45:55:ed:86:4c:3a:13:cd:02:1d:96:dd:d9:16:ff:ac:77:
         aa:69:1e:60:70:81:92:e3:c3:2e:db:25:8e:bd:bc:68:41:c1:
         40:95:bc:e5:39:3d:1f:d8:29:3d:58:f9:fd:25:b9:a3:6c:de:
         e2:9e:4b:94:b6:5d:b0:b5:fe:66:4b:0a:03:f4:e1:65:35:a6:
         23:9a:46:77:0a:69:32:bc:7a:1c:24:20:67:6f:d0:b6:b9:06:
         b7:e6:40:3c:2a:cb:cf:2b:95:d3:cc:9b:19:7c:95:f8:75:ea:
         7e:43:e2:04:75:65:76:f4:54:7d:ad:fa:f6:94:a6:b9:56:76:
         99:fb:59:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBfdixvV8GO8081V07RJS/jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNjIwOGNlNmQ5MWQ2YjhkYWRlNThlNTI5MWJiMTkyOWQ1
ZTM5MzMwHhcNMjQwNjI4MTUyODE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDkzN2NmMjk5ZTQzOTc1NGE2NjM0MGZmOTRkYjNlZjY0MDQ1MDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBJRW1zi4Sgu5PgOENifSCkZrQb3
kbKN3wZxHMaCaT0kO2/EnNhrlOEv9V6T/Dyvhw4AFgv9zJFpgXMaHmWkVHcCUu5P
EDAqvf0dh8RWfQ/g3eCnBtl3EpL1pBaw+wjRm75Fw84rW6fM5tFAB3Y6umB3uKmo
9XfGO52OWNX0lhTsBrRN+gWxgaY5qR3IJv/EpHbFkvK/CfsDoXzdOmPPas0S2PZa
2vDombLfX1jyzSdUbLgCEPFjcAydjOxXB0wAZC3JeHJD/4oGGhsbtSb0mtM6yvHq
Kc8KqVnAL2NbeBioKgA5Et0sUCWu8hjNuvUqOjPoBfOrd89FuhIvdkAM9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSTfPKZ5Dl1SmY0D/lNs+9kBFAFMB8GA1UdIwQY
MBaAFBxiCM5tkda42t5Y5SkbsZKdXjkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEdJSXptMlIxcmphM2xqbEtSdXhrcDFlT1RNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9hMDkyZGQtNTkwYi00ZmJlLTg5Yjct
ZTQ4YzkzM2MxNmNlLzEvRkpOODhwbmtPWFZLWmpRUC1VMno3MlFFVUFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9hMDkyZGQtNTkwYi00ZmJlLTg5YjctZTQ4YzkzM2MxNmNl
LzEvSEdJSXptMlIxcmphM2xqbEtSdXhrcDFlT1RNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFLuqAMA0G
CSqGSIb3DQEBCwUAA4IBAQBOLzWBpOn4NF/grnDyP5DsJCW2KS8VlfdB+6HauAvR
P5vpZT7CzCdI1PliPma75Lf3L/bxq/LDNKLZK/ZUjWHPgUQ8dfDVVBVdWEzJ1KSg
RejVtuS93YyY921QN+3UBG0xefjpl3jLReu1ZvkHaC3crdGaPd0XsaEfvEFovnXu
RVXthkw6E80CHZbd2Rb/rHeqaR5gcIGS48Mu2yWOvbxoQcFAlbzlOT0f2Ck9WPn9
JbmjbN7inkuUtl2wtf5mSwoD9OFlNaYjmkZ3CmkyvHocJCBnb9C2uQa35kA8KsvP
K5XTzJsZfJX4dep+Q+IEdWV29FR9rfr2lKa5VnaZ+1mI
-----END CERTIFICATE-----