Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/aa8ac8-13b8-4197-be56-1e1de91a987c/1/FsAiJYb_c03rW4-BDQS3hXUk63o.roa
File:                     FsAiJYb_c03rW4-BDQS3hXUk63o.roa (raw, json)
Hash identifier:          gPuybp/Y5C46bN8/1x8+18Zg3+dmnWbWBgGhSjMQBk4=
Subject key identifier:   16:C0:22:25:86:FF:73:4D:EB:5B:8F:81:0D:04:B7:85:75:24:EB:7A
Certificate issuer:       /CN=5f5980132d193e270ed1efe0ad2849fe8ab0d76c
Certificate serial:       0192D1A83E9D9487D04B4C244E07BD8FF15E
Authority key identifier: 5F:59:80:13:2D:19:3E:27:0E:D1:EF:E0:AD:28:49:FE:8A:B0:D7:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X1mAEy0ZPicO0e_grShJ_oqw12w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/aa8ac8-13b8-4197-be56-1e1de91a987c/1/FsAiJYb_c03rW4-BDQS3hXUk63o.roa
Signing time:             Mon 28 Oct 2024 05:45:17 +0000
ROA not before:           Mon 28 Oct 2024 05:45:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197902
IP address blocks:        141.138.172.0/22 maxlen: 22
                          2a03:3c00:c000::/34 maxlen: 34

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/aa8ac8-13b8-4197-be56-1e1de91a987c/1/X1mAEy0ZPicO0e_grShJ_oqw12w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/aa8ac8-13b8-4197-be56-1e1de91a987c/1/X1mAEy0ZPicO0e_grShJ_oqw12w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X1mAEy0ZPicO0e_grShJ_oqw12w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 11:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d1:a8:3e:9d:94:87:d0:4b:4c:24:4e:07:bd:8f:f1:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f5980132d193e270ed1efe0ad2849fe8ab0d76c
        Validity
            Not Before: Oct 28 05:45:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16c0222586ff734deb5b8f810d04b7857524eb7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:fe:50:25:01:a0:8d:d1:22:1d:6e:5b:a0:29:
                    02:57:17:03:f5:1b:fa:ea:c2:c7:0b:de:50:5d:b7:
                    01:04:78:c8:11:51:90:15:7f:3e:c7:6b:27:ad:92:
                    1d:29:66:d9:09:b4:92:d0:1d:bc:5f:bf:e8:85:cf:
                    a0:24:90:b9:ae:55:b0:2f:5a:34:1a:b1:90:41:3f:
                    4d:3e:81:7b:e7:fd:14:70:c4:88:f1:b9:97:26:f2:
                    60:f4:01:51:ba:a2:88:81:1a:db:e7:fa:a3:b5:1a:
                    ba:76:de:bf:d6:d0:a2:b1:15:76:8a:19:66:d0:06:
                    4e:e9:ec:6b:7e:3c:30:b1:61:3d:81:23:68:82:ff:
                    c5:01:c1:00:08:27:fa:74:25:2f:11:5f:d0:ee:a5:
                    eb:8f:b3:d1:88:8f:99:48:9d:5f:eb:ee:69:9a:6d:
                    7d:c8:49:71:bb:34:54:6c:3d:a3:95:22:dc:f5:77:
                    13:f4:f9:b1:ae:01:7c:89:eb:5f:0a:b2:2b:a2:96:
                    c0:20:0f:a4:8b:ab:73:77:fe:0c:48:c9:86:5c:d7:
                    43:4a:83:9b:87:77:67:32:a4:0c:83:94:48:33:4d:
                    f8:ab:ed:12:a4:b6:ae:c7:7e:29:ba:ed:62:81:59:
                    06:26:8c:7f:c6:f1:1c:eb:1f:4e:6d:d1:c0:95:82:
                    46:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:C0:22:25:86:FF:73:4D:EB:5B:8F:81:0D:04:B7:85:75:24:EB:7A
            X509v3 Authority Key Identifier:
                keyid:5F:59:80:13:2D:19:3E:27:0E:D1:EF:E0:AD:28:49:FE:8A:B0:D7:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X1mAEy0ZPicO0e_grShJ_oqw12w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/aa8ac8-13b8-4197-be56-1e1de91a987c/1/FsAiJYb_c03rW4-BDQS3hXUk63o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/aa8ac8-13b8-4197-be56-1e1de91a987c/1/X1mAEy0ZPicO0e_grShJ_oqw12w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.138.172.0/22
                IPv6:
                  2a03:3c00:c000::/34

    Signature Algorithm: sha256WithRSAEncryption
         48:29:c4:25:17:5a:03:9f:ec:61:9a:2e:2c:2d:f3:80:ea:44:
         bf:59:3f:3e:f4:61:d2:a3:63:41:40:a4:a7:71:c2:e6:4c:ad:
         c9:9f:7b:25:40:9e:ab:45:24:5e:5e:f6:95:62:74:01:b6:07:
         c5:79:37:7f:08:05:5a:bf:85:9f:ab:fa:ca:39:26:c7:90:fc:
         a3:5a:ee:24:75:42:f4:02:d6:c3:b5:3e:46:e4:2c:d2:5a:85:
         38:e9:0a:8a:df:67:77:e0:13:ad:8f:59:14:af:82:52:5b:cf:
         c3:fb:d6:b1:85:b7:0e:b1:9e:ae:51:7b:98:cd:54:17:58:96:
         81:49:e2:8a:6b:47:3a:0d:53:44:a7:4f:e6:0b:94:cc:f8:79:
         79:66:44:6a:a0:76:89:0b:de:20:c5:70:21:be:f8:c2:e7:29:
         12:a9:2b:8a:32:e2:6d:48:4f:64:08:b1:48:4f:44:7c:74:90:
         7e:e7:21:40:0d:24:39:b4:ef:f7:69:53:c4:50:5f:b3:3f:ae:
         b3:3f:46:f9:c2:51:81:ff:86:ae:b3:ba:b3:a5:4f:e1:7f:5b:
         50:a5:9f:24:fd:c1:2e:c1:84:8d:35:c3:cd:50:26:f3:87:db:
         2c:4c:6b:8e:92:3a:b4:c2:56:e5:42:2e:32:b6:a2:02:2c:d7:
         87:ee:b8:e8
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZLRqD6dlIfQS0wkTge9j/FeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmNTk4MDEzMmQxOTNlMjcwZWQxZWZlMGFkMjg0OWZlOGFi
MGQ3NmMwHhcNMjQxMDI4MDU0NTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmMwMjIyNTg2ZmY3MzRkZWI1YjhmODEwZDA0Yjc4NTc1MjRlYjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsf5QJQGgjdEiHW5boCkCVxcD9Rv6
6sLHC95QXbcBBHjIEVGQFX8+x2snrZIdKWbZCbSS0B28X7/ohc+gJJC5rlWwL1o0
GrGQQT9NPoF75/0UcMSI8bmXJvJg9AFRuqKIgRrb5/qjtRq6dt6/1tCisRV2ihlm
0AZO6exrfjwwsWE9gSNogv/FAcEACCf6dCUvEV/Q7qXrj7PRiI+ZSJ1f6+5pmm19
yElxuzRUbD2jlSLc9XcT9PmxrgF8ietfCrIropbAIA+ki6tzd/4MSMmGXNdDSoOb
h3dnMqQMg5RIM034q+0SpLaux34puu1igVkGJox/xvEc6x9ObdHAlYJGpwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFBbAIiWG/3NN61uPgQ0Et4V1JOt6MB8GA1UdIwQY
MBaAFF9ZgBMtGT4nDtHv4K0oSf6KsNdsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDFtQUV5MFpQaWNPMGVfZ3JTaEpfb3F3MTJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9hYThhYzgtMTNiOC00MTk3LWJlNTYt
MWUxZGU5MWE5ODdjLzEvRnNBaUpZYl9jMDNyVzQtQkRRUzNoWFVrNjNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9hYThhYzgtMTNiOC00MTk3LWJlNTYtMWUxZGU5MWE5ODdj
LzEvWDFtQUV5MFpQaWNPMGVfZ3JTaEpfb3F3MTJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCjYqsMA4E
AgACMAgDBgYqAzwAwDANBgkqhkiG9w0BAQsFAAOCAQEASCnEJRdaA5/sYZouLC3z
gOpEv1k/PvRh0qNjQUCkp3HC5kytyZ97JUCeq0UkXl72lWJ0AbYHxXk3fwgFWr+F
n6v6yjkmx5D8o1ruJHVC9ALWw7U+RuQs0lqFOOkKit9nd+ATrY9ZFK+CUlvPw/vW
sYW3DrGerlF7mM1UF1iWgUniimtHOg1TRKdP5guUzPh5eWZEaqB2iQveIMVwIb74
wucpEqkrijLibUhPZAixSE9EfHSQfuchQA0kObTv92lTxFBfsz+usz9G+cJRgf+G
rrO6s6VP4X9bUKWfJP3BLsGEjTXDzVAm84fbLExrjpI6tMJW5UIuMraiAizXh+64
6A==
-----END CERTIFICATE-----