Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/fZBFVqW_nRux7cZL6Jktr81P4JA.roa
File:                     fZBFVqW_nRux7cZL6Jktr81P4JA.roa (raw, json)
Hash identifier:          dqUnnKsByE1P7uoOI+bArHClSpiYxYH8/qC8kmA8UPA=
Subject key identifier:   7D:90:45:56:A5:BF:9D:1B:B1:ED:C6:4B:E8:99:2D:AF:CD:4F:E0:90
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018F2AF2709AAE34309A2BDBA3E125D1861E
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/fZBFVqW_nRux7cZL6Jktr81P4JA.roa
Signing time:             Mon 29 Apr 2024 17:41:22 +0000
ROA not before:           Mon 29 Apr 2024 17:41:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134526
IP address blocks:        45.138.109.0/24 maxlen: 32
                          185.236.80.0/24 maxlen: 32
                          194.49.108.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 06:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2a:f2:70:9a:ae:34:30:9a:2b:db:a3:e1:25:d1:86:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Apr 29 17:41:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d904556a5bf9d1bb1edc64be8992dafcd4fe090
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7b:57:77:5d:f4:54:34:87:75:25:2c:69:cf:
                    5c:53:74:d9:7e:83:ba:2c:5e:1f:24:db:29:9a:32:
                    e6:d7:06:0c:77:cb:65:b8:6a:af:8c:8d:6b:40:53:
                    7f:a3:e7:76:d3:95:5a:1b:d8:f5:90:fc:f0:3f:1d:
                    c8:92:53:96:ab:ea:e2:4f:32:b1:2b:55:72:12:1e:
                    b4:1f:9f:c3:fe:ea:20:cc:d7:c8:ba:4f:dd:a4:b2:
                    13:61:e4:3b:d5:d9:2b:81:f1:ca:47:98:b2:7c:ef:
                    f2:ca:f5:f3:ab:20:18:8c:6a:6a:3d:0a:93:c3:8a:
                    14:93:8a:01:5e:15:df:5a:82:45:fd:72:99:98:e3:
                    25:b5:26:f0:9f:29:d8:f4:68:d3:9c:81:0f:93:eb:
                    e4:7c:57:0e:59:d4:19:72:66:41:3c:49:59:93:c4:
                    da:29:52:e5:f3:53:f2:d3:81:97:8d:da:9d:75:bb:
                    72:41:25:15:f8:22:28:ab:18:65:4e:e2:07:d1:17:
                    1d:46:36:19:53:13:97:70:52:9c:dc:4c:5e:94:29:
                    b7:47:e6:49:79:18:22:58:75:33:86:49:d4:69:53:
                    f7:27:06:1e:75:a2:f7:23:c0:ba:cc:26:2b:17:02:
                    5f:7e:22:b7:6d:45:fa:17:9c:30:ba:6f:15:08:98:
                    1b:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:90:45:56:A5:BF:9D:1B:B1:ED:C6:4B:E8:99:2D:AF:CD:4F:E0:90
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/fZBFVqW_nRux7cZL6Jktr81P4JA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.109.0/24
                  185.236.80.0/24
                  194.49.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:94:8c:7c:82:f9:ae:6e:81:d0:dc:bf:e3:3b:79:f8:cb:b9:
         6d:b1:b7:4a:99:71:0d:f2:41:be:fa:00:8d:a4:f6:6b:83:f5:
         16:bb:85:9c:1a:11:6f:45:75:01:29:f2:bc:a3:30:dd:1d:e3:
         88:6c:73:bc:0c:38:64:59:f1:0b:68:0a:18:0f:bd:34:38:19:
         46:b9:dc:71:79:19:39:7d:96:0d:8e:81:da:9d:c4:34:6d:2a:
         6b:4d:80:11:f0:5b:bc:80:82:3c:14:18:e0:78:79:97:d9:70:
         24:3d:8f:03:40:35:59:41:c5:c1:dc:4a:21:54:6f:3a:11:64:
         fe:4c:10:33:34:c5:2e:57:38:30:a7:9e:d5:9a:52:2b:e7:41:
         9e:5a:81:6e:a3:9d:9d:e5:58:cc:f3:3e:7c:38:c1:bd:83:f0:
         ae:67:ab:27:b7:6c:a7:8d:97:5d:9b:75:cc:cb:17:44:25:82:
         d9:2e:13:3d:05:a3:3b:be:eb:c3:fc:55:7b:50:6d:bf:99:06:
         43:ff:c8:2a:f7:0a:85:20:5b:50:74:a0:02:b7:c3:1a:73:b7:
         91:ba:b9:1d:f7:72:b9:02:9e:e3:44:a7:b0:ad:ce:f6:8f:17:
         51:47:4d:c1:b0:4c:fb:17:64:6a:02:83:cd:ba:2a:e8:58:c9:
         62:7e:16:1e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8q8nCarjQwmivbo+El0YYeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwNDI5MTc0MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDkwNDU1NmE1YmY5ZDFiYjFlZGM2NGJlODk5MmRhZmNkNGZlMDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApntXd130VDSHdSUsac9cU3TZfoO6
LF4fJNspmjLm1wYMd8tluGqvjI1rQFN/o+d205VaG9j1kPzwPx3IklOWq+riTzKx
K1VyEh60H5/D/uogzNfIuk/dpLITYeQ71dkrgfHKR5iyfO/yyvXzqyAYjGpqPQqT
w4oUk4oBXhXfWoJF/XKZmOMltSbwnynY9GjTnIEPk+vkfFcOWdQZcmZBPElZk8Ta
KVLl81Py04GXjdqddbtyQSUV+CIoqxhlTuIH0RcdRjYZUxOXcFKc3ExelCm3R+ZJ
eRgiWHUzhknUaVP3JwYedaL3I8C6zCYrFwJffiK3bUX6F5wwum8VCJgbGQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFH2QRValv50bse3GS+iZLa/NT+CQMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvZlpCRlZxV19uUnV4N2NaTDZKa3RyODFQNEpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALYptAwQA
uexQAwQAwjFsMA0GCSqGSIb3DQEBCwUAA4IBAQCglIx8gvmuboHQ3L/jO3n4y7lt
sbdKmXEN8kG++gCNpPZrg/UWu4WcGhFvRXUBKfK8ozDdHeOIbHO8DDhkWfELaAoY
D700OBlGudxxeRk5fZYNjoHancQ0bSprTYAR8Fu8gII8FBjgeHmX2XAkPY8DQDVZ
QcXB3EohVG86EWT+TBAzNMUuVzgwp57VmlIr50GeWoFuo52d5VjM8z58OMG9g/Cu
Z6snt2ynjZddm3XMyxdEJYLZLhM9BaM7vuvD/FV7UG2/mQZD/8gq9wqFIFtQdKAC
t8Mac7eRurkd93K5Ap7jRKewrc72jxdRR03BsEz7F2RqAoPNuiroWMlifhYe
-----END CERTIFICATE-----