Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/CFz2Wk2b0mhBpexEd43LdPyh-pY.roa
File:                     CFz2Wk2b0mhBpexEd43LdPyh-pY.roa (raw, json)
Hash identifier:          kDFXisowkfq8D2XsEouvlxIV+qNAOy4KjwoUTm24Aiw=
Subject key identifier:   08:5C:F6:5A:4D:9B:D2:68:41:A5:EC:44:77:8D:CB:74:FC:A1:FA:96
Certificate issuer:       /CN=7ca643bb399c6d87adc4c7cba5d2b72fbd00d046
Certificate serial:       018E60E37CD268ECB5B0F973F96B6AA449DC
Authority key identifier: 7C:A6:43:BB:39:9C:6D:87:AD:C4:C7:CB:A5:D2:B7:2F:BD:00:D0:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fKZDuzmcbYetxMfLpdK3L70A0EY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/CFz2Wk2b0mhBpexEd43LdPyh-pY.roa
Signing time:             Thu 21 Mar 2024 12:01:45 +0000
ROA not before:           Thu 21 Mar 2024 12:01:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28753
IP address blocks:        45.81.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/fKZDuzmcbYetxMfLpdK3L70A0EY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/fKZDuzmcbYetxMfLpdK3L70A0EY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fKZDuzmcbYetxMfLpdK3L70A0EY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:60:e3:7c:d2:68:ec:b5:b0:f9:73:f9:6b:6a:a4:49:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ca643bb399c6d87adc4c7cba5d2b72fbd00d046
        Validity
            Not Before: Mar 21 12:01:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=085cf65a4d9bd26841a5ec44778dcb74fca1fa96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:6e:27:21:c7:fb:58:49:a4:da:fe:e5:fe:21:
                    19:29:cb:fb:b5:39:cb:cb:13:39:02:91:b1:91:6b:
                    51:a7:84:7c:d1:07:49:7a:d9:3a:c5:8a:a0:59:2a:
                    5e:64:2b:93:ba:ad:fd:42:dd:92:09:af:9b:09:ca:
                    1f:e2:b1:10:30:af:79:3c:0b:26:7b:e3:53:d4:0d:
                    5c:c9:d3:7f:29:8f:d5:e4:ac:16:59:91:1e:4e:90:
                    2e:40:28:a6:56:78:3c:ff:ca:67:58:84:37:5f:62:
                    9a:dd:9f:91:e2:8b:e2:8e:c9:39:00:08:fb:84:c3:
                    26:85:2f:0c:0f:e9:ae:d9:f1:44:96:dc:91:37:2e:
                    dd:8b:17:7d:3c:f9:ef:66:3a:7e:aa:05:74:6f:ff:
                    fa:45:c4:e3:44:07:6b:c4:51:3b:84:be:af:1f:9f:
                    82:c0:04:72:1c:65:df:bc:de:61:44:67:12:22:c7:
                    98:45:e1:66:1f:4a:06:04:33:b1:68:26:ed:d7:47:
                    89:5a:61:71:3b:b7:26:69:4e:e4:2b:7b:cf:c2:49:
                    d2:65:58:ba:93:44:49:5c:e8:78:fe:c0:c7:e3:30:
                    c6:f9:58:e6:ce:52:0b:b9:e4:f6:74:b7:52:19:33:
                    21:9f:7a:7a:76:e1:56:6d:14:b4:1c:52:6c:b1:24:
                    ab:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:5C:F6:5A:4D:9B:D2:68:41:A5:EC:44:77:8D:CB:74:FC:A1:FA:96
            X509v3 Authority Key Identifier:
                keyid:7C:A6:43:BB:39:9C:6D:87:AD:C4:C7:CB:A5:D2:B7:2F:BD:00:D0:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fKZDuzmcbYetxMfLpdK3L70A0EY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/CFz2Wk2b0mhBpexEd43LdPyh-pY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/fKZDuzmcbYetxMfLpdK3L70A0EY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:1c:fd:b4:4e:bb:d3:ea:49:33:3a:3f:25:a2:e3:05:c0:a5:
         a0:47:12:d7:ef:ab:53:23:d6:bb:78:13:2b:2e:b3:c3:16:ba:
         74:1c:91:6e:48:30:bc:38:05:75:b6:2a:69:3c:23:b3:f0:0a:
         17:03:da:a7:b0:0c:c9:fb:1c:8c:78:e0:76:33:f5:16:6b:83:
         c1:02:68:eb:0f:11:2c:7b:07:99:05:30:53:2d:f1:66:96:5c:
         5d:d3:1d:65:38:a9:0f:e2:43:b8:51:b1:c9:9a:41:e5:ea:e4:
         f8:bd:7b:f6:18:38:7f:46:e8:1a:86:45:a9:62:29:76:6a:d2:
         a2:82:9e:eb:06:dc:e2:d0:04:15:9d:a7:2c:90:3c:40:7f:dc:
         3f:35:52:ce:77:b2:7d:aa:c4:6c:b0:8b:42:69:8e:10:d2:f3:
         11:4c:e6:4a:e2:96:a3:5a:8a:1b:75:d1:5f:da:da:5e:c4:f3:
         71:fb:88:e6:1f:57:a1:21:89:d6:28:d5:2f:7e:56:f6:25:9d:
         a9:25:a8:43:d8:f2:9c:7b:56:61:45:d8:fc:6f:66:75:fc:d4:
         fa:04:4c:fc:2c:55:b9:9a:70:e6:3b:81:e2:72:cf:36:3c:1b:
         e0:ce:55:5a:ed:41:89:6f:96:5d:58:98:fa:25:f9:07:cb:8e:
         c5:0c:32:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5g43zSaOy1sPlz+WtqpEncMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjYTY0M2JiMzk5YzZkODdhZGM0YzdjYmE1ZDJiNzJmYmQw
MGQwNDYwHhcNMjQwMzIxMTIwMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODVjZjY1YTRkOWJkMjY4NDFhNWVjNDQ3NzhkY2I3NGZjYTFmYTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsm4nIcf7WEmk2v7l/iEZKcv7tTnL
yxM5ApGxkWtRp4R80QdJetk6xYqgWSpeZCuTuq39Qt2SCa+bCcof4rEQMK95PAsm
e+NT1A1cydN/KY/V5KwWWZEeTpAuQCimVng8/8pnWIQ3X2Ka3Z+R4ovijsk5AAj7
hMMmhS8MD+mu2fFEltyRNy7dixd9PPnvZjp+qgV0b//6RcTjRAdrxFE7hL6vH5+C
wARyHGXfvN5hRGcSIseYReFmH0oGBDOxaCbt10eJWmFxO7cmaU7kK3vPwknSZVi6
k0RJXOh4/sDH4zDG+VjmzlILueT2dLdSGTMhn3p6duFWbRS0HFJssSSriQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAhc9lpNm9JoQaXsRHeNy3T8ofqWMB8GA1UdIwQY
MBaAFHymQ7s5nG2HrcTHy6XSty+9ANBGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZktaRHV6bWNiWWV0eE1mTHBkSzNMNzBBMEVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9jMDMwMWQtNTgwMS00YWM2LWI1MDMt
NDRlYTY0NzIxYzllLzEvQ0Z6MldrMmIwbWhCcGV4RWQ0M0xkUHloLXBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9jMDMwMWQtNTgwMS00YWM2LWI1MDMtNDRlYTY0NzIxYzll
LzEvZktaRHV6bWNiWWV0eE1mTHBkSzNMNzBBMEVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVEYMA0G
CSqGSIb3DQEBCwUAA4IBAQBdHP20TrvT6kkzOj8louMFwKWgRxLX76tTI9a7eBMr
LrPDFrp0HJFuSDC8OAV1tippPCOz8AoXA9qnsAzJ+xyMeOB2M/UWa4PBAmjrDxEs
eweZBTBTLfFmllxd0x1lOKkP4kO4UbHJmkHl6uT4vXv2GDh/RugahkWpYil2atKi
gp7rBtzi0AQVnacskDxAf9w/NVLOd7J9qsRssItCaY4Q0vMRTOZK4pajWoobddFf
2tpexPNx+4jmH1ehIYnWKNUvflb2JZ2pJahD2PKce1ZhRdj8b2Z1/NT6BEz8LFW5
mnDmO4Hics82PBvgzlVa7UGJb5ZdWJj6JfkHy47FDDJ6
-----END CERTIFICATE-----