Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/16460f-e498-4f7b-9b90-7a5043c918f9/1/FigY7gd6_RTp1q6UeeNqRXQ9TZE.roa
File:                     FigY7gd6_RTp1q6UeeNqRXQ9TZE.roa (raw, json)
Hash identifier:          yNDbDal9Baf1OtW6+1k9c6V0pg1RBMqDD0X/bAko3qk=
Subject key identifier:   16:28:18:EE:07:7A:FD:14:E9:D6:AE:94:79:E3:6A:45:74:3D:4D:91
Certificate issuer:       /CN=49f39d6c8b23fcdc20e53174e92fb3f56caa8b61
Certificate serial:       018CC5DBE1FE95DBAB50E304128F90798891
Authority key identifier: 49:F3:9D:6C:8B:23:FC:DC:20:E5:31:74:E9:2F:B3:F5:6C:AA:8B:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SfOdbIsj_Nwg5TF06S-z9Wyqi2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/16460f-e498-4f7b-9b90-7a5043c918f9/1/FigY7gd6_RTp1q6UeeNqRXQ9TZE.roa
Signing time:             Mon 01 Jan 2024 16:29:30 +0000
ROA not before:           Mon 01 Jan 2024 16:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208789
IP address blocks:        45.85.52.0/22 maxlen: 24
                          2a0e:b880::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/16460f-e498-4f7b-9b90-7a5043c918f9/1/SfOdbIsj_Nwg5TF06S-z9Wyqi2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/16460f-e498-4f7b-9b90-7a5043c918f9/1/SfOdbIsj_Nwg5TF06S-z9Wyqi2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SfOdbIsj_Nwg5TF06S-z9Wyqi2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e1:fe:95:db:ab:50:e3:04:12:8f:90:79:88:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49f39d6c8b23fcdc20e53174e92fb3f56caa8b61
        Validity
            Not Before: Jan  1 16:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=162818ee077afd14e9d6ae9479e36a45743d4d91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c9:0d:1e:30:08:87:17:53:26:08:34:0d:a3:
                    80:63:79:7e:4e:ef:5f:0a:f0:6a:46:bd:67:db:d9:
                    58:29:a2:3d:53:c8:d5:bc:ed:83:30:d6:8c:87:0e:
                    18:e6:03:33:9a:bd:da:18:c2:66:f1:7a:20:a6:45:
                    98:51:99:ec:88:33:61:7a:8d:1e:5e:4f:cd:e3:02:
                    a0:b7:86:17:95:50:44:b5:a6:6c:c6:56:f9:a7:42:
                    95:e4:82:40:56:63:d4:8b:00:d9:af:99:49:c4:39:
                    73:a3:5a:a1:47:7f:17:dc:17:08:b5:0e:d6:b1:e8:
                    27:f5:de:1e:0e:23:bf:0e:d6:03:f4:b4:ba:f7:ad:
                    ad:18:22:03:97:40:11:96:64:72:e9:dd:e9:c8:f3:
                    c3:0b:79:a8:fe:5b:05:a9:e8:5f:52:91:28:b1:18:
                    66:03:0f:fe:56:03:07:c7:35:09:49:d0:04:08:34:
                    dc:ff:89:e8:36:7c:3b:d3:21:fb:c6:66:c2:a9:fa:
                    9b:89:c9:05:c4:92:30:ce:0c:0e:dd:62:e4:4b:59:
                    26:b6:b1:b9:39:f3:9d:49:f1:11:19:33:1d:fb:98:
                    cf:dd:24:bf:58:91:7c:e0:3b:8a:3f:62:6e:ad:dc:
                    06:b7:7a:0e:0f:01:33:73:05:95:43:32:da:d6:8c:
                    6e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:28:18:EE:07:7A:FD:14:E9:D6:AE:94:79:E3:6A:45:74:3D:4D:91
            X509v3 Authority Key Identifier:
                keyid:49:F3:9D:6C:8B:23:FC:DC:20:E5:31:74:E9:2F:B3:F5:6C:AA:8B:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SfOdbIsj_Nwg5TF06S-z9Wyqi2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/16460f-e498-4f7b-9b90-7a5043c918f9/1/FigY7gd6_RTp1q6UeeNqRXQ9TZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/16460f-e498-4f7b-9b90-7a5043c918f9/1/SfOdbIsj_Nwg5TF06S-z9Wyqi2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.52.0/22
                IPv6:
                  2a0e:b880::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:98:73:b3:fb:3b:76:b6:46:3c:17:68:26:56:73:18:ba:7f:
         ed:ad:a8:65:54:92:bb:dc:ec:d6:01:78:cc:8e:0f:c5:f5:f5:
         cf:76:88:51:55:d5:81:90:de:b1:87:53:af:1b:0d:1a:9e:07:
         5a:e7:0f:07:85:ba:04:a6:7c:cd:eb:a4:3f:06:c9:c1:6f:8e:
         72:95:ad:96:34:8e:97:6c:34:e9:b7:af:a9:51:bd:8f:f8:65:
         b8:ce:df:59:93:41:01:4c:93:70:18:09:79:e0:b7:67:8e:fd:
         74:0a:8f:09:47:b9:75:b0:b6:17:16:04:76:d3:de:d7:6b:83:
         57:f0:d6:5f:10:7a:7f:f9:6e:63:04:f5:7e:6c:93:fb:a5:3b:
         10:80:32:cf:b3:a4:21:e7:39:93:5d:38:bf:1c:1d:42:27:26:
         6e:37:1b:6e:8a:37:d3:16:68:61:59:27:e1:b7:c7:18:8e:e5:
         93:ed:aa:55:04:40:a9:07:b2:8a:4c:31:0f:14:5c:b1:8b:6c:
         ee:ca:a5:47:79:d3:4c:5c:5f:5f:43:a5:54:3a:55:b0:05:ca:
         db:00:dd:7f:e0:87:ce:63:c6:31:63:ed:df:31:25:55:7f:05:
         ec:5c:6e:2d:d2:ef:72:78:d0:6e:ee:ef:b6:95:b5:f9:6b:46:
         b3:15:90:25
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF2+H+ldurUOMEEo+QeYiRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZjM5ZDZjOGIyM2ZjZGMyMGU1MzE3NGU5MmZiM2Y1NmNh
YThiNjEwHhcNMjQwMTAxMTYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjI4MThlZTA3N2FmZDE0ZTlkNmFlOTQ3OWUzNmE0NTc0M2Q0ZDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMkNHjAIhxdTJgg0DaOAY3l+Tu9f
CvBqRr1n29lYKaI9U8jVvO2DMNaMhw4Y5gMzmr3aGMJm8XogpkWYUZnsiDNheo0e
Xk/N4wKgt4YXlVBEtaZsxlb5p0KV5IJAVmPUiwDZr5lJxDlzo1qhR38X3BcItQ7W
segn9d4eDiO/DtYD9LS6962tGCIDl0ARlmRy6d3pyPPDC3mo/lsFqehfUpEosRhm
Aw/+VgMHxzUJSdAECDTc/4noNnw70yH7xmbCqfqbickFxJIwzgwO3WLkS1kmtrG5
OfOdSfERGTMd+5jP3SS/WJF84DuKP2JurdwGt3oODwEzcwWVQzLa1oxuqQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBYoGO4Hev0U6daulHnjakV0PU2RMB8GA1UdIwQY
MBaAFEnznWyLI/zcIOUxdOkvs/VsqothMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2ZPZGJJc2pfTndnNVRGMDZTLXo5V3lxaTJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8xNjQ2MGYtZTQ5OC00ZjdiLTliOTAt
N2E1MDQzYzkxOGY5LzEvRmlnWTdnZDZfUlRwMXE2VWVlTnFSWFE5VFpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8xNjQ2MGYtZTQ5OC00ZjdiLTliOTAtN2E1MDQzYzkxOGY5
LzEvU2ZPZGJJc2pfTndnNVRGMDZTLXo5V3lxaTJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVU0MA0E
AgACMAcDBQMqDriAMA0GCSqGSIb3DQEBCwUAA4IBAQAUmHOz+zt2tkY8F2gmVnMY
un/trahlVJK73OzWAXjMjg/F9fXPdohRVdWBkN6xh1OvGw0angda5w8HhboEpnzN
66Q/BsnBb45yla2WNI6XbDTpt6+pUb2P+GW4zt9Zk0EBTJNwGAl54Ldnjv10Co8J
R7l1sLYXFgR2097Xa4NX8NZfEHp/+W5jBPV+bJP7pTsQgDLPs6Qh5zmTXTi/HB1C
JyZuNxtuijfTFmhhWSfht8cYjuWT7apVBECpB7KKTDEPFFyxi2zuyqVHedNMXF9f
Q6VUOlWwBcrbAN1/4IfOY8YxY+3fMSVVfwXsXG4t0u9yeNBu7u+2lbX5a0azFZAl
-----END CERTIFICATE-----