Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/FwU2VF8hh8pBlDStZ_qFKJ_Sprg.roa
File:                     FwU2VF8hh8pBlDStZ_qFKJ_Sprg.roa (raw, json)
Hash identifier:          ZT8MaK1EFvfyOxDxQV/mARjvwT96Jqce3wWON3xKTlQ=
Subject key identifier:   17:05:36:54:5F:21:87:CA:41:94:34:AD:67:FA:85:28:9F:D2:A6:B8
Certificate issuer:       /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial:       019114217CE77740B83A1D63EB0D2864A0DE
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/FwU2VF8hh8pBlDStZ_qFKJ_Sprg.roa
Signing time:             Fri 02 Aug 2024 17:27:04 +0000
ROA not before:           Fri 02 Aug 2024 17:27:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        87.246.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:14:21:7c:e7:77:40:b8:3a:1d:63:eb:0d:28:64:a0:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
        Validity
            Not Before: Aug  2 17:27:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=170536545f2187ca419434ad67fa85289fd2a6b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:03:fb:c7:f1:39:04:bd:72:2b:23:88:3e:63:
                    30:64:fc:15:0e:bc:e0:df:23:26:4f:ee:60:16:ae:
                    17:60:d8:57:d0:65:45:a0:25:bc:dc:3a:00:39:83:
                    3d:11:93:61:49:9c:50:4d:c9:a7:51:f4:92:7b:e5:
                    09:2d:7c:59:a7:ba:46:69:a6:fd:ef:c2:76:30:bc:
                    aa:48:6c:fc:6b:1c:14:fb:e3:06:05:e8:b7:80:5b:
                    8f:cc:4f:18:6e:6d:e7:9f:1f:b8:c2:33:58:e9:a2:
                    e9:66:14:63:e8:57:c9:a0:e1:06:ea:e6:5a:72:65:
                    49:e9:de:68:3f:86:c0:dd:ba:13:22:59:bd:30:34:
                    c8:f6:47:16:a0:06:8b:9e:11:c6:f2:94:16:b3:f6:
                    ce:1a:ef:5c:4c:0d:1b:c5:1c:84:5b:c8:fb:c0:61:
                    fc:54:d9:06:09:92:ab:d4:de:11:4a:ca:65:b9:5f:
                    23:0b:94:ab:d4:b4:3e:a1:da:06:a4:5a:2a:12:e7:
                    b5:3b:82:39:8c:de:e6:dc:cd:4d:6a:e7:9d:57:ec:
                    3f:a1:6f:22:a6:ad:06:d5:31:ac:9e:48:f1:05:95:
                    bc:d3:56:75:49:8b:31:5d:7c:eb:28:a5:9a:3e:23:
                    82:79:96:e0:b1:c9:d6:7c:4c:9d:5e:b1:45:a6:78:
                    23:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:05:36:54:5F:21:87:CA:41:94:34:AD:67:FA:85:28:9F:D2:A6:B8
            X509v3 Authority Key Identifier:
                keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/FwU2VF8hh8pBlDStZ_qFKJ_Sprg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.246.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:f4:74:fc:3f:18:dc:62:03:f9:84:0a:96:ad:fa:73:20:21:
         ea:cc:cb:76:77:7f:73:e5:b8:81:73:2a:44:ee:f4:33:92:8b:
         9c:95:a6:e8:1d:48:24:6e:51:99:7b:cd:23:cd:d2:a6:30:fe:
         36:8e:4e:df:95:95:87:42:ab:a9:72:60:8e:13:60:41:66:49:
         0a:d8:7a:04:e7:3f:71:66:00:78:36:e2:74:ed:f1:99:7f:5e:
         89:c2:e5:68:e1:37:f0:d4:1d:23:71:29:82:ed:67:5e:0d:84:
         73:b0:6a:f0:f1:8f:b5:4d:c4:ba:d0:04:14:f7:94:1d:42:72:
         2d:51:c6:ab:1a:9b:23:7d:3f:29:cc:79:82:12:31:35:a3:cb:
         ea:b3:ee:b0:01:86:7d:d1:bf:47:51:b0:19:00:0b:e0:c3:17:
         5c:e7:89:52:73:b4:31:47:28:14:7b:8a:20:d9:9d:27:36:5f:
         65:df:c7:3c:d3:8d:16:18:c9:2a:ff:39:b2:d1:7d:71:00:c0:
         15:3d:11:87:8a:54:09:95:b7:d2:f2:59:fb:d2:4d:3d:2a:69:
         5e:b7:c2:e9:63:b0:6b:6e:5f:97:da:9b:6d:1c:13:74:7e:ac:
         f4:69:4b:be:37:e1:79:83:99:8a:df:c0:c3:c9:d0:b8:87:ee:
         bd:04:c7:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEUIXznd0C4Oh1j6w0oZKDeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjQwODAyMTcyNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzA1MzY1NDVmMjE4N2NhNDE5NDM0YWQ2N2ZhODUyODlmZDJhNmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowP7x/E5BL1yKyOIPmMwZPwVDrzg
3yMmT+5gFq4XYNhX0GVFoCW83DoAOYM9EZNhSZxQTcmnUfSSe+UJLXxZp7pGaab9
78J2MLyqSGz8axwU++MGBei3gFuPzE8Ybm3nnx+4wjNY6aLpZhRj6FfJoOEG6uZa
cmVJ6d5oP4bA3boTIlm9MDTI9kcWoAaLnhHG8pQWs/bOGu9cTA0bxRyEW8j7wGH8
VNkGCZKr1N4RSspluV8jC5Sr1LQ+odoGpFoqEue1O4I5jN7m3M1NauedV+w/oW8i
pq0G1TGsnkjxBZW801Z1SYsxXXzrKKWaPiOCeZbgscnWfEydXrFFpngj1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcFNlRfIYfKQZQ0rWf6hSif0qa4MB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvRndVMlZGOGhoOHBCbERTdFpfcUZLSl9TcHJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/YPMA0G
CSqGSIb3DQEBCwUAA4IBAQCm9HT8PxjcYgP5hAqWrfpzICHqzMt2d39z5biBcypE
7vQzkouclaboHUgkblGZe80jzdKmMP42jk7flZWHQqupcmCOE2BBZkkK2HoE5z9x
ZgB4NuJ07fGZf16JwuVo4Tfw1B0jcSmC7WdeDYRzsGrw8Y+1TcS60AQU95QdQnIt
UcarGpsjfT8pzHmCEjE1o8vqs+6wAYZ90b9HUbAZAAvgwxdc54lSc7QxRygUe4og
2Z0nNl9l38c8040WGMkq/zmy0X1xAMAVPRGHilQJlbfS8ln70k09Kmlet8LpY7Br
bl+X2pttHBN0fqz0aUu+N+F5g5mK38DDydC4h+69BMdj
-----END CERTIFICATE-----