Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/6cb72d-45a7-4490-9c59-93ead35a12ca/1/FytgZNHgIe5Sn4mouiTljRaRkL4.roa
File:                     FytgZNHgIe5Sn4mouiTljRaRkL4.roa (raw, json)
Hash identifier:          RJs5OnL/jNPgR2Go8TN3VXrA37lm+aCeMKoCHKSKED0=
Subject key identifier:   17:2B:60:64:D1:E0:21:EE:52:9F:89:A8:BA:24:E5:8D:16:91:90:BE
Certificate issuer:       /CN=478d24898d1cf52d23f9561dc6ac0f1363e6c760
Certificate serial:       018CC2DAC3FB9E401A5D6F42F2E0B147CF4A
Authority key identifier: 47:8D:24:89:8D:1C:F5:2D:23:F9:56:1D:C6:AC:0F:13:63:E6:C7:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R40kiY0c9S0j-VYdxqwPE2Pmx2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/6cb72d-45a7-4490-9c59-93ead35a12ca/1/FytgZNHgIe5Sn4mouiTljRaRkL4.roa
Signing time:             Mon 01 Jan 2024 02:29:26 +0000
ROA not before:           Mon 01 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42718
IP address blocks:        176.117.62.0/24 maxlen: 24
                          2001:678:3e0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/6cb72d-45a7-4490-9c59-93ead35a12ca/1/R40kiY0c9S0j-VYdxqwPE2Pmx2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/6cb72d-45a7-4490-9c59-93ead35a12ca/1/R40kiY0c9S0j-VYdxqwPE2Pmx2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R40kiY0c9S0j-VYdxqwPE2Pmx2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c3:fb:9e:40:1a:5d:6f:42:f2:e0:b1:47:cf:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=478d24898d1cf52d23f9561dc6ac0f1363e6c760
        Validity
            Not Before: Jan  1 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=172b6064d1e021ee529f89a8ba24e58d169190be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:0d:25:db:d5:60:9a:34:fc:97:3b:b4:51:a1:
                    7e:58:7e:fa:7d:5d:38:9d:9b:f7:49:0d:bf:8d:d2:
                    6f:29:41:9a:0b:03:c7:35:79:90:ed:59:22:5c:b9:
                    f9:f1:f8:3c:73:98:aa:96:71:ff:da:bc:a0:db:56:
                    85:cf:c6:bf:fe:06:85:81:86:3d:b6:b7:59:8d:23:
                    df:4f:b4:23:73:1e:a3:84:62:5f:a3:57:e1:70:e3:
                    0b:ca:8f:96:4d:b2:5c:99:70:20:32:12:ef:5a:ac:
                    f3:c5:cc:0a:a8:62:70:6b:8a:42:8e:df:97:2e:4b:
                    a1:c1:5f:f1:f5:4e:6f:7c:85:28:4d:ef:b7:93:ac:
                    72:b4:c0:e3:20:1f:be:56:e6:86:ec:2a:86:59:b0:
                    15:83:e5:f9:f2:e8:1d:25:1c:ff:d9:11:ea:c3:bd:
                    67:56:9a:a4:26:d0:5e:7a:7e:db:24:bf:e9:1f:87:
                    a5:62:f4:df:07:f1:ee:45:c3:bb:3b:fb:25:4e:0b:
                    24:30:d7:30:14:31:ef:9d:2e:75:a7:60:ac:9f:f4:
                    fa:19:2e:29:43:ae:7d:45:f4:ac:84:f8:4b:63:bc:
                    c4:6e:d7:69:d7:d0:a7:98:10:16:b8:9e:20:9f:1b:
                    bd:b6:81:4a:ee:fb:f3:3c:86:50:36:0a:38:0d:dc:
                    ad:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:2B:60:64:D1:E0:21:EE:52:9F:89:A8:BA:24:E5:8D:16:91:90:BE
            X509v3 Authority Key Identifier:
                keyid:47:8D:24:89:8D:1C:F5:2D:23:F9:56:1D:C6:AC:0F:13:63:E6:C7:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R40kiY0c9S0j-VYdxqwPE2Pmx2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/6cb72d-45a7-4490-9c59-93ead35a12ca/1/FytgZNHgIe5Sn4mouiTljRaRkL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/6cb72d-45a7-4490-9c59-93ead35a12ca/1/R40kiY0c9S0j-VYdxqwPE2Pmx2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.62.0/24
                IPv6:
                  2001:678:3e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:86:cb:8c:11:34:92:f3:b2:63:6a:57:13:35:d0:ff:97:f2:
         39:64:04:5f:a0:2e:18:b0:80:84:f2:e2:55:5a:cb:9f:5b:b2:
         0e:dd:5b:52:df:91:2f:fd:68:01:12:35:82:f2:c1:4c:62:9e:
         b0:6a:83:e1:0c:e8:c1:5e:eb:44:87:68:36:a7:f0:5b:78:02:
         1d:37:14:f0:f6:3e:51:b9:5e:77:86:f4:22:c2:5b:ff:7a:6e:
         8a:e3:66:b3:88:ca:3c:ab:2f:32:61:b5:57:b8:b7:1b:28:4d:
         af:9b:37:8c:3d:5c:09:53:11:7a:a3:9d:66:46:ee:30:b0:59:
         5e:16:12:3f:b7:88:a4:d5:ce:0c:a8:0f:02:e7:6f:36:59:cd:
         46:a1:30:bb:5e:3c:2d:a4:d2:f0:35:64:37:72:e3:4b:37:7d:
         5d:b3:0f:68:96:7f:bd:41:c8:c6:3e:3d:28:89:ca:ef:62:09:
         d2:6d:97:fb:7a:0d:cd:f6:7a:9b:78:bd:8b:e9:e8:5c:c4:a8:
         41:ca:78:5c:ab:1c:89:1a:98:d3:df:39:7a:af:b7:0f:69:cd:
         00:6e:82:72:cc:97:8d:b1:56:d6:ae:72:6e:99:ac:01:07:6a:
         db:cc:9b:8f:5f:ab:2f:2b:7e:74:18:90:09:be:d5:85:2c:a0:
         ad:ec:72:f3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzC2sP7nkAaXW9C8uCxR89KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3OGQyNDg5OGQxY2Y1MmQyM2Y5NTYxZGM2YWMwZjEzNjNl
NmM3NjAwHhcNMjQwMTAxMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzJiNjA2NGQxZTAyMWVlNTI5Zjg5YThiYTI0ZTU4ZDE2OTE5MGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjw0l29VgmjT8lzu0UaF+WH76fV04
nZv3SQ2/jdJvKUGaCwPHNXmQ7VkiXLn58fg8c5iqlnH/2ryg21aFz8a//gaFgYY9
trdZjSPfT7Qjcx6jhGJfo1fhcOMLyo+WTbJcmXAgMhLvWqzzxcwKqGJwa4pCjt+X
LkuhwV/x9U5vfIUoTe+3k6xytMDjIB++VuaG7CqGWbAVg+X58ugdJRz/2RHqw71n
VpqkJtBeen7bJL/pH4elYvTfB/HuRcO7O/slTgskMNcwFDHvnS51p2Csn/T6GS4p
Q659RfSshPhLY7zEbtdp19CnmBAWuJ4gnxu9toFK7vvzPIZQNgo4Ddyt1wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBcrYGTR4CHuUp+JqLok5Y0WkZC+MB8GA1UdIwQY
MBaAFEeNJImNHPUtI/lWHcasDxNj5sdgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjQwa2lZMGM5UzBqLVZZZHhxd1BFMlBteDJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy82Y2I3MmQtNDVhNy00NDkwLTljNTkt
OTNlYWQzNWExMmNhLzEvRnl0Z1pOSGdJZTVTbjRtb3VpVGxqUmFSa0w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy82Y2I3MmQtNDVhNy00NDkwLTljNTktOTNlYWQzNWExMmNh
LzEvUjQwa2lZMGM5UzBqLVZZZHhxd1BFMlBteDJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAsHU+MA8E
AgACMAkDBwAgAQZ4A+AwDQYJKoZIhvcNAQELBQADggEBAKWGy4wRNJLzsmNqVxM1
0P+X8jlkBF+gLhiwgITy4lVay59bsg7dW1LfkS/9aAESNYLywUxinrBqg+EM6MFe
60SHaDan8Ft4Ah03FPD2PlG5XneG9CLCW/96borjZrOIyjyrLzJhtVe4txsoTa+b
N4w9XAlTEXqjnWZG7jCwWV4WEj+3iKTVzgyoDwLnbzZZzUahMLtePC2k0vA1ZDdy
40s3fV2zD2iWf71ByMY+PSiJyu9iCdJtl/t6Dc32ept4vYvp6FzEqEHKeFyrHIka
mNPfOXqvtw9pzQBugnLMl42xVtaucm6ZrAEHatvMm49fqy8rfnQYkAm+1YUsoK3s
cvM=
-----END CERTIFICATE-----