Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/qEFvKzZJCypm7NC5Vo_LAy8mx2c.roa
File:                     qEFvKzZJCypm7NC5Vo_LAy8mx2c.roa (raw, json)
Hash identifier:          9dstzrm78Ae8lqi1Mcu/meG+MXzKmephC2JxMMYAhMk=
Subject key identifier:   A8:41:6F:2B:36:49:0B:2A:66:EC:D0:B9:56:8F:CB:03:2F:26:C7:67
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       018F76E9384AA8694B7DBE37FA52B0D93DCC
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/qEFvKzZJCypm7NC5Vo_LAy8mx2c.roa
Signing time:             Tue 14 May 2024 11:42:26 +0000
ROA not before:           Tue 14 May 2024 11:42:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211421
IP address blocks:        45.159.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:e9:38:4a:a8:69:4b:7d:be:37:fa:52:b0:d9:3d:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: May 14 11:42:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8416f2b36490b2a66ecd0b9568fcb032f26c767
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ff:5f:78:d2:c2:92:96:c7:e4:5b:ff:47:2d:
                    87:94:6b:d3:db:4e:f0:e7:a9:66:87:46:1b:72:e1:
                    30:26:d9:23:ac:86:6b:82:9c:18:d9:7e:3f:5d:16:
                    24:f0:cd:5e:50:1b:ca:94:97:ed:51:7e:a4:c5:3c:
                    8b:9b:9d:92:4c:a1:12:82:f2:20:b0:88:a8:72:24:
                    03:37:70:f1:00:f1:b7:85:98:33:4d:49:96:a2:9e:
                    af:a2:45:d4:14:f8:b8:6b:df:b7:1e:d1:91:c9:41:
                    e8:7c:92:0d:20:ed:43:13:e8:b0:42:d5:26:63:63:
                    ef:c9:c0:96:df:28:68:6f:bb:4b:14:26:da:cd:7c:
                    49:ca:f8:88:c3:f9:56:ad:5a:b0:ad:03:c0:e3:12:
                    8f:64:55:8f:f2:83:75:1e:64:c4:ff:00:da:52:2a:
                    fb:e4:67:18:67:24:f4:e3:7d:1a:a1:da:b8:4b:df:
                    ed:14:e0:4e:0f:b7:2c:8d:48:10:94:5a:ef:c4:b3:
                    a3:99:00:7b:4d:e1:34:01:b2:d5:c9:47:3b:b4:2c:
                    e6:26:83:84:cf:2e:61:0e:7d:f7:5b:7c:a8:c2:21:
                    de:c2:cf:f2:db:a8:fc:15:22:63:2e:31:56:42:8c:
                    04:52:a4:3d:fc:91:1b:9d:b4:b7:8f:66:cb:a8:e6:
                    c6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:41:6F:2B:36:49:0B:2A:66:EC:D0:B9:56:8F:CB:03:2F:26:C7:67
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/qEFvKzZJCypm7NC5Vo_LAy8mx2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:e6:fa:a1:52:0c:15:94:3d:02:e2:99:b2:ba:ff:fb:77:1b:
         c7:dc:2e:9d:bb:21:4f:11:58:34:f4:7c:ef:86:74:0d:16:9e:
         17:35:86:a8:0f:ea:60:db:50:2e:30:cb:90:7c:19:f2:15:fa:
         73:0d:df:c7:df:7e:64:ce:2f:46:e8:ee:e8:26:bc:b9:d5:37:
         7e:e0:2d:8a:86:d1:ce:b8:b5:13:6c:de:1e:17:9e:10:16:4f:
         d7:6e:79:ba:c8:a2:15:55:cc:a7:41:13:8d:df:ce:7b:ca:da:
         2b:1b:95:62:4f:11:5a:1a:f4:f6:a8:30:de:50:00:fe:dc:b3:
         ac:40:70:b7:7e:ac:8e:e1:17:a1:f9:88:b0:27:e9:01:b8:f7:
         f7:da:7f:eb:98:b7:c5:d9:e5:c3:b9:b6:5f:4e:4c:09:f4:8c:
         05:d4:32:c7:0f:a6:4f:3a:0c:1c:58:8b:bf:7d:76:62:46:b2:
         7e:a4:32:75:4b:17:f5:1f:f4:69:a6:6d:f4:b6:c1:90:b5:6b:
         19:72:99:8d:0f:23:c6:7e:0b:66:85:75:c1:04:30:45:64:86:
         b0:a1:94:d1:a0:49:b2:5f:04:aa:e0:d7:44:b3:49:5c:1a:b9:
         96:ea:02:bb:c9:8e:f4:76:8a:4a:7f:0c:c9:cf:f9:01:7e:d1:
         8c:1a:ff:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY926ThKqGlLfb43+lKw2T3MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjQwNTE0MTE0MjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODQxNmYyYjM2NDkwYjJhNjZlY2QwYjk1NjhmY2IwMzJmMjZjNzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApv9feNLCkpbH5Fv/Ry2HlGvT207w
56lmh0YbcuEwJtkjrIZrgpwY2X4/XRYk8M1eUBvKlJftUX6kxTyLm52STKESgvIg
sIiociQDN3DxAPG3hZgzTUmWop6vokXUFPi4a9+3HtGRyUHofJINIO1DE+iwQtUm
Y2PvycCW3yhob7tLFCbazXxJyviIw/lWrVqwrQPA4xKPZFWP8oN1HmTE/wDaUir7
5GcYZyT0430aodq4S9/tFOBOD7csjUgQlFrvxLOjmQB7TeE0AbLVyUc7tCzmJoOE
zy5hDn33W3yowiHews/y26j8FSJjLjFWQowEUqQ9/JEbnbS3j2bLqObG4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKhBbys2SQsqZuzQuVaPywMvJsdnMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvcUVGdkt6WkpDeXBtN05DNVZvX0xBeThteDJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ+UMA0G
CSqGSIb3DQEBCwUAA4IBAQAS5vqhUgwVlD0C4pmyuv/7dxvH3C6duyFPEVg09Hzv
hnQNFp4XNYaoD+pg21AuMMuQfBnyFfpzDd/H335kzi9G6O7oJry51Td+4C2KhtHO
uLUTbN4eF54QFk/Xbnm6yKIVVcynQRON3857ytorG5ViTxFaGvT2qDDeUAD+3LOs
QHC3fqyO4Reh+YiwJ+kBuPf32n/rmLfF2eXDubZfTkwJ9IwF1DLHD6ZPOgwcWIu/
fXZiRrJ+pDJ1Sxf1H/Rppm30tsGQtWsZcpmNDyPGfgtmhXXBBDBFZIawoZTRoEmy
XwSq4NdEs0lcGrmW6gK7yY70dopKfwzJz/kBftGMGv9k
-----END CERTIFICATE-----