Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/556d3d-0422-4612-a217-18f4f66a50a0/1/fFgTCqz6k_pPedgclW0H26QsntQ.roa
File:                     fFgTCqz6k_pPedgclW0H26QsntQ.roa (raw, json)
Hash identifier:          m5ftur3PMecTbM2+LotPHfN+mkWPpEv3mqKNR3LNINE=
Subject key identifier:   7C:58:13:0A:AC:FA:93:FA:4F:79:D8:1C:95:6D:07:DB:A4:2C:9E:D4
Certificate issuer:       /CN=0c477abf0a27ede886fbc42413d7a89c226b11fa
Certificate serial:       018CC86FFBEE743085FFA9D385CFE0D72E19
Authority key identifier: 0C:47:7A:BF:0A:27:ED:E8:86:FB:C4:24:13:D7:A8:9C:22:6B:11:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DEd6vwon7eiG-8QkE9eonCJrEfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/556d3d-0422-4612-a217-18f4f66a50a0/1/fFgTCqz6k_pPedgclW0H26QsntQ.roa
Signing time:             Tue 02 Jan 2024 04:30:31 +0000
ROA not before:           Tue 02 Jan 2024 04:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60241
IP address blocks:        45.87.208.0/22 maxlen: 22
                          2a06:bc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/556d3d-0422-4612-a217-18f4f66a50a0/1/DEd6vwon7eiG-8QkE9eonCJrEfo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/556d3d-0422-4612-a217-18f4f66a50a0/1/DEd6vwon7eiG-8QkE9eonCJrEfo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DEd6vwon7eiG-8QkE9eonCJrEfo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:03:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:fb:ee:74:30:85:ff:a9:d3:85:cf:e0:d7:2e:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c477abf0a27ede886fbc42413d7a89c226b11fa
        Validity
            Not Before: Jan  2 04:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c58130aacfa93fa4f79d81c956d07dba42c9ed4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:80:16:d2:e0:62:66:8b:10:b4:16:7f:51:3e:
                    a2:17:f2:d2:bd:be:e2:e0:18:46:42:89:aa:44:a1:
                    7b:53:19:86:98:00:85:3a:b4:74:02:46:69:5c:0a:
                    d4:f2:09:21:9a:90:65:fe:53:9b:52:16:44:9d:29:
                    23:1d:19:2f:67:d9:c9:e3:8f:a1:d4:f0:51:a0:f2:
                    68:bb:32:96:09:df:a9:97:fa:a2:f6:3f:60:bb:1a:
                    c6:82:ea:05:6f:2b:d1:f2:c3:5f:d9:ff:24:4a:ab:
                    a1:8d:4b:fd:47:b4:b6:a5:99:aa:6c:16:48:a4:a4:
                    99:9b:6b:1b:78:d1:74:44:f6:bd:f4:a0:5e:6c:d6:
                    7d:cf:2c:c8:97:22:ce:63:a2:84:c5:ca:da:c1:4b:
                    ce:28:47:f8:e2:5f:1f:42:1b:2c:76:c6:fe:8e:79:
                    ae:0f:eb:22:ec:6c:f1:0e:68:a5:e7:02:92:c3:3f:
                    3f:1c:fb:20:a4:cd:cc:d5:a2:d1:5f:73:60:33:8e:
                    e0:b6:6b:88:85:74:3b:6f:dd:3e:99:25:60:d9:59:
                    35:85:4b:64:98:ca:5f:39:90:1a:f5:ac:a1:58:a8:
                    be:43:e3:7b:b4:7a:ae:4c:2d:8f:0c:a0:be:55:b5:
                    a1:47:95:72:fc:fb:a0:3f:7b:4a:0f:45:29:df:62:
                    0a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:58:13:0A:AC:FA:93:FA:4F:79:D8:1C:95:6D:07:DB:A4:2C:9E:D4
            X509v3 Authority Key Identifier:
                keyid:0C:47:7A:BF:0A:27:ED:E8:86:FB:C4:24:13:D7:A8:9C:22:6B:11:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DEd6vwon7eiG-8QkE9eonCJrEfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/556d3d-0422-4612-a217-18f4f66a50a0/1/fFgTCqz6k_pPedgclW0H26QsntQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/556d3d-0422-4612-a217-18f4f66a50a0/1/DEd6vwon7eiG-8QkE9eonCJrEfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.208.0/22
                IPv6:
                  2a06:bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a0:d5:60:75:e8:c4:fa:ca:46:1f:80:c9:fd:a0:a5:be:11:b4:
         9d:37:2e:47:50:9b:f4:f6:85:71:d7:05:5e:9d:0c:25:c4:ac:
         92:5a:b2:20:2c:b5:00:5f:b5:12:b0:07:10:9f:13:d8:78:09:
         0a:5a:48:96:04:e3:22:3d:59:23:64:b3:5d:fa:d2:6f:9d:52:
         99:bd:55:98:07:c0:b7:3e:6f:08:49:fb:97:24:c2:79:66:5e:
         4f:86:93:c1:87:10:8d:a0:a7:5e:4b:3b:d6:c3:b9:97:18:9a:
         86:62:de:1b:b9:52:73:9f:6b:b7:1e:e4:6e:e8:4f:1b:0e:61:
         77:8e:e4:74:a6:9f:e6:a1:fe:4f:b7:e3:30:ae:42:cd:d8:57:
         5d:3c:8f:ae:8b:07:07:f8:e5:7a:5d:ce:17:77:d1:e0:4a:55:
         69:0c:b1:76:45:5f:7e:1a:f6:4f:b8:e0:80:8b:6f:84:dd:f4:
         23:cb:85:58:05:76:64:e8:59:f5:a2:4b:e1:96:22:e9:04:e5:
         10:7e:cc:71:9f:d5:6b:47:cd:5f:ee:1a:14:cb:c6:58:4a:b2:
         92:34:69:04:c3:54:d5:36:59:87:4a:d2:a1:4d:ab:f6:85:2c:
         80:0b:18:ae:cb:40:41:0e:31:77:26:be:82:2e:26:04:f0:2a:
         c0:ae:f0:32
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb/vudDCF/6nThc/g1y4ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNDc3YWJmMGEyN2VkZTg4NmZiYzQyNDEzZDdhODljMjI2
YjExZmEwHhcNMjQwMTAyMDQzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzU4MTMwYWFjZmE5M2ZhNGY3OWQ4MWM5NTZkMDdkYmE0MmM5ZWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIAW0uBiZosQtBZ/UT6iF/LSvb7i
4BhGQomqRKF7UxmGmACFOrR0AkZpXArU8gkhmpBl/lObUhZEnSkjHRkvZ9nJ44+h
1PBRoPJouzKWCd+pl/qi9j9guxrGguoFbyvR8sNf2f8kSquhjUv9R7S2pZmqbBZI
pKSZm2sbeNF0RPa99KBebNZ9zyzIlyLOY6KExcrawUvOKEf44l8fQhssdsb+jnmu
D+si7GzxDmil5wKSwz8/HPsgpM3M1aLRX3NgM47gtmuIhXQ7b90+mSVg2Vk1hUtk
mMpfOZAa9ayhWKi+Q+N7tHquTC2PDKC+VbWhR5Vy/PugP3tKD0Up32IKCQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHxYEwqs+pP6T3nYHJVtB9ukLJ7UMB8GA1UdIwQY
MBaAFAxHer8KJ+3ohvvEJBPXqJwiaxH6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREVkNnZ3b243ZWlHLThRa0U5ZW9uQ0pyRWZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC81NTZkM2QtMDQyMi00NjEyLWEyMTct
MThmNGY2NmE1MGEwLzEvZkZnVENxejZrX3BQZWRnY2xXMEgyNlFzbnRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC81NTZkM2QtMDQyMi00NjEyLWEyMTctMThmNGY2NmE1MGEw
LzEvREVkNnZ3b243ZWlHLThRa0U5ZW9uQ0pyRWZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVfQMA0E
AgACMAcDBQMqBgvAMA0GCSqGSIb3DQEBCwUAA4IBAQCg1WB16MT6ykYfgMn9oKW+
EbSdNy5HUJv09oVx1wVenQwlxKySWrIgLLUAX7USsAcQnxPYeAkKWkiWBOMiPVkj
ZLNd+tJvnVKZvVWYB8C3Pm8ISfuXJMJ5Zl5PhpPBhxCNoKdeSzvWw7mXGJqGYt4b
uVJzn2u3HuRu6E8bDmF3juR0pp/mof5Pt+MwrkLN2FddPI+uiwcH+OV6Xc4Xd9Hg
SlVpDLF2RV9+GvZPuOCAi2+E3fQjy4VYBXZk6Fn1okvhliLpBOUQfsxxn9VrR81f
7hoUy8ZYSrKSNGkEw1TVNlmHStKhTav2hSyACxiuy0BBDjF3Jr6CLiYE8CrArvAy
-----END CERTIFICATE-----