Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/fRNZC7ARb_PgeCsUoAINa7JAkWk.roa
File:                     fRNZC7ARb_PgeCsUoAINa7JAkWk.roa (raw, json)
Hash identifier:          1HPva9kmIETuDb8zq5yVPOELqlR1rW1gscD59V1GkuA=
Subject key identifier:   7D:13:59:0B:B0:11:6F:F3:E0:78:2B:14:A0:02:0D:6B:B2:40:91:69
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018F116A478804A0EE64753EE819BC692957
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/fRNZC7ARb_PgeCsUoAINa7JAkWk.roa
Signing time:             Wed 24 Apr 2024 18:42:08 +0000
ROA not before:           Wed 24 Apr 2024 18:42:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57304
IP address blocks:        45.135.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 14:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:11:6a:47:88:04:a0:ee:64:75:3e:e8:19:bc:69:29:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Apr 24 18:42:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d13590bb0116ff3e0782b14a0020d6bb2409169
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:30:58:63:c2:84:64:07:4a:a7:57:47:86:b5:
                    62:fb:e6:37:75:7a:65:db:48:de:11:c5:c3:16:31:
                    7e:18:b3:a5:96:5b:19:01:89:34:1b:38:86:65:cb:
                    b9:7e:aa:32:34:8a:9b:73:b9:b7:7b:1f:33:74:60:
                    6b:12:26:c3:a1:b0:28:ca:b8:b8:9b:95:82:7a:7d:
                    56:91:c3:9d:7b:96:d0:21:60:92:c6:6b:0d:41:25:
                    6d:cc:b2:04:2a:46:4c:ce:14:fa:2d:ce:b5:62:2c:
                    38:41:50:1b:1f:f7:bc:23:e7:0b:ef:cc:1d:57:7c:
                    15:eb:4e:f5:6a:80:d4:2a:d0:d1:a8:54:d0:82:62:
                    05:b7:2f:df:b1:a2:d8:5a:14:61:50:5d:dc:72:8d:
                    3e:19:8c:cd:77:7b:bf:e3:87:56:7e:0d:2a:f7:30:
                    68:5f:41:2c:e3:b8:74:9c:a7:ee:69:75:87:e5:5c:
                    07:26:32:15:74:2e:ea:ad:b3:f8:56:a3:48:fd:62:
                    ef:4c:0a:39:48:d2:49:c8:8e:92:ad:3c:fa:ae:5e:
                    46:af:9e:a0:3d:ff:c8:7a:31:4e:13:8c:d8:e4:0a:
                    f0:7f:59:43:28:4f:4d:1d:38:71:d2:60:8c:c7:b8:
                    28:b8:22:27:0d:ca:2b:b8:dc:20:16:78:22:ae:b1:
                    b7:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:13:59:0B:B0:11:6F:F3:E0:78:2B:14:A0:02:0D:6B:B2:40:91:69
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/fRNZC7ARb_PgeCsUoAINa7JAkWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:8e:a8:0c:94:2c:bf:f6:04:c6:40:84:b2:a1:c2:94:b2:19:
         a3:a1:0b:ad:92:d1:34:c9:f4:98:76:78:0d:ce:29:cd:89:6e:
         e7:bb:79:3a:15:c5:29:f8:f8:34:5e:b1:88:49:7a:b7:10:1a:
         c4:e1:70:8b:57:72:f2:e5:48:7d:91:2f:83:05:6a:a6:4f:f4:
         71:ac:78:c8:20:f8:9e:a2:1b:0b:d4:7d:27:9c:e3:2c:e6:9e:
         64:d6:c1:c1:b8:3b:7e:36:a7:53:fd:e2:9a:82:87:7f:b4:45:
         3c:5e:d0:5c:ef:7b:eb:37:0d:c2:5b:e9:3f:b5:ed:1c:db:de:
         09:aa:b8:f9:d5:e8:9c:ed:8d:87:06:91:42:11:21:1b:10:7d:
         39:7b:12:8b:0e:91:2b:7d:17:37:16:c3:97:0a:e8:4a:5e:ac:
         6f:04:32:0b:71:ae:9e:8f:46:bc:f0:97:52:67:3a:32:c5:c0:
         58:27:b4:1d:1f:5f:2c:f7:12:9b:41:11:d9:c6:9c:1a:5f:ab:
         2a:2c:c8:3e:9d:07:fc:7c:d5:75:f5:94:95:4b:c1:5f:02:96:
         40:c9:7e:16:95:eb:4d:88:5e:d9:98:45:8a:0d:f9:7b:3c:3f:
         44:ac:7e:15:56:97:b7:f6:38:ca:f0:99:0b:07:2b:0d:ee:e9:
         d8:7b:68:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8RakeIBKDuZHU+6Bm8aSlXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwNDI0MTg0MjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDEzNTkwYmIwMTE2ZmYzZTA3ODJiMTRhMDAyMGQ2YmIyNDA5MTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTBYY8KEZAdKp1dHhrVi++Y3dXpl
20jeEcXDFjF+GLOlllsZAYk0GziGZcu5fqoyNIqbc7m3ex8zdGBrEibDobAoyri4
m5WCen1WkcOde5bQIWCSxmsNQSVtzLIEKkZMzhT6Lc61Yiw4QVAbH/e8I+cL78wd
V3wV6071aoDUKtDRqFTQgmIFty/fsaLYWhRhUF3cco0+GYzNd3u/44dWfg0q9zBo
X0Es47h0nKfuaXWH5VwHJjIVdC7qrbP4VqNI/WLvTAo5SNJJyI6SrTz6rl5Gr56g
Pf/IejFOE4zY5Arwf1lDKE9NHThx0mCMx7gouCInDcoruNwgFngirrG3zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0TWQuwEW/z4HgrFKACDWuyQJFpMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvZlJOWkM3QVJiX1BnZUNzVW9BSU5hN0pBa1drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYenMA0G
CSqGSIb3DQEBCwUAA4IBAQAVjqgMlCy/9gTGQISyocKUshmjoQutktE0yfSYdngN
zinNiW7nu3k6FcUp+Pg0XrGISXq3EBrE4XCLV3Ly5Uh9kS+DBWqmT/RxrHjIIPie
ohsL1H0nnOMs5p5k1sHBuDt+NqdT/eKagod/tEU8XtBc73vrNw3CW+k/te0c294J
qrj51eic7Y2HBpFCESEbEH05exKLDpErfRc3FsOXCuhKXqxvBDILca6ej0a88JdS
ZzoyxcBYJ7QdH18s9xKbQRHZxpwaX6sqLMg+nQf8fNV19ZSVS8FfApZAyX4WletN
iF7ZmEWKDfl7PD9ErH4VVpe39jjK8JkLBysN7unYe2jr
-----END CERTIFICATE-----