Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fmiMFdQqln3ndSCgFQOBwFW5dlM.roa
File:                     fmiMFdQqln3ndSCgFQOBwFW5dlM.roa (raw, json)
Hash identifier:          BxcV36dPDxm95B29tfjkVI5/vemfk75YO6jeuW6kUjc=
Subject key identifier:   7E:68:8C:15:D4:2A:96:7D:E7:75:20:A0:15:03:81:C0:55:B9:76:53
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0192BE5951976FA32957DA55D3009C62766E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fmiMFdQqln3ndSCgFQOBwFW5dlM.roa
Signing time:             Thu 24 Oct 2024 11:46:17 +0000
ROA not before:           Thu 24 Oct 2024 11:46:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     394711
IP address blocks:        45.66.231.0/24 maxlen: 24
                          45.89.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:be:59:51:97:6f:a3:29:57:da:55:d3:00:9c:62:76:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct 24 11:46:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e688c15d42a967de77520a0150381c055b97653
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d5:82:3b:94:8b:e1:40:42:56:13:7d:82:63:
                    4d:b7:69:1f:f4:b1:4d:4b:13:14:46:39:75:63:4f:
                    d0:0d:35:f4:2e:21:96:74:61:07:d4:c4:ca:0e:4d:
                    62:d9:1a:4d:57:89:c3:88:b8:47:81:58:a0:1c:e7:
                    f8:40:7e:09:e0:ec:86:5b:ee:20:37:3b:e5:90:4e:
                    4d:0f:99:dc:93:80:dc:55:50:76:46:d6:b1:0f:c7:
                    dc:38:2c:1c:bd:14:37:e5:f8:64:32:86:0b:a7:62:
                    b2:31:79:ea:32:44:a4:b2:d3:ef:6c:da:29:6f:ae:
                    a4:3c:8a:a7:66:69:40:96:89:2e:7a:6d:57:53:f1:
                    57:b1:06:2e:2c:83:ce:8f:c5:53:a8:ab:4e:c6:2c:
                    39:ac:c1:98:15:8c:4d:e5:3d:3c:ed:9e:5a:e2:cf:
                    0a:9a:34:0c:f6:ae:e0:b9:b5:6e:c4:2a:ed:97:b3:
                    74:b4:f6:b3:af:10:ce:ec:fc:63:95:cf:a5:b2:f1:
                    cc:6e:16:34:42:66:a8:40:ac:8f:f1:ff:54:70:01:
                    a8:d2:a9:e6:16:66:c7:9e:40:8c:b0:7f:d8:45:2c:
                    e6:79:82:62:1f:f9:95:26:95:4f:3c:eb:19:94:63:
                    e6:15:93:d2:69:36:57:9d:18:d0:81:ed:2a:f4:da:
                    b5:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:68:8C:15:D4:2A:96:7D:E7:75:20:A0:15:03:81:C0:55:B9:76:53
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fmiMFdQqln3ndSCgFQOBwFW5dlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.231.0/24
                  45.89.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:e5:96:84:30:cd:c6:e2:ab:a2:6c:7a:72:fe:c6:58:28:06:
         d2:f6:b7:2b:83:4b:e5:e5:77:69:c3:bc:ea:a2:f8:79:dc:11:
         fd:57:d2:f8:2f:bb:17:5c:40:a3:c7:6e:32:3a:46:d6:28:54:
         cb:4c:7f:b3:74:d1:97:ab:c9:ef:b4:02:f5:1a:20:02:e7:d5:
         fe:3e:42:ff:05:fa:f2:cb:be:3f:39:e8:91:9f:42:b9:f9:68:
         17:4f:56:8c:23:dc:8e:7f:fd:27:f4:b3:08:ab:10:50:f3:7b:
         f7:84:1b:cd:a0:27:0a:07:d7:21:cb:92:c9:30:43:fa:2e:c5:
         3b:e0:01:a3:41:36:ab:19:24:74:b4:52:31:75:e3:29:d8:c7:
         29:9e:bd:08:43:22:19:d0:78:94:b4:30:4d:c6:f0:71:52:af:
         9a:81:48:24:0a:46:63:26:e9:ee:91:96:57:ca:f1:fc:64:31:
         f1:f0:87:2a:41:a4:26:df:29:2e:f1:a3:4d:47:cb:27:92:ec:
         66:63:e9:20:7b:b3:8d:63:b9:94:b8:b9:a2:6e:9f:be:67:21:
         91:16:f3:59:c5:0a:1c:60:48:e7:03:0d:c1:ff:2b:cf:33:4f:
         1a:7f:95:ba:b3:49:d4:3f:9e:c3:6f:a8:c7:88:e0:d7:ed:19:
         29:a7:75:46
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZK+WVGXb6MpV9pV0wCcYnZuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMDI0MTE0NjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTY4OGMxNWQ0MmE5NjdkZTc3NTIwYTAxNTAzODFjMDU1Yjk3NjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytWCO5SL4UBCVhN9gmNNt2kf9LFN
SxMURjl1Y0/QDTX0LiGWdGEH1MTKDk1i2RpNV4nDiLhHgVigHOf4QH4J4OyGW+4g
NzvlkE5ND5nck4DcVVB2RtaxD8fcOCwcvRQ35fhkMoYLp2KyMXnqMkSkstPvbNop
b66kPIqnZmlAlokuem1XU/FXsQYuLIPOj8VTqKtOxiw5rMGYFYxN5T087Z5a4s8K
mjQM9q7gubVuxCrtl7N0tPazrxDO7Pxjlc+lsvHMbhY0QmaoQKyP8f9UcAGo0qnm
FmbHnkCMsH/YRSzmeYJiH/mVJpVPPOsZlGPmFZPSaTZXnRjQge0q9Nq16wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH5ojBXUKpZ953UgoBUDgcBVuXZTMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZm1pTUZkUXFsbjNuZFNDZ0ZRT0J3Rlc1ZGxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALULnAwQA
LVn3MA0GCSqGSIb3DQEBCwUAA4IBAQA05ZaEMM3G4quibHpy/sZYKAbS9rcrg0vl
5Xdpw7zqovh53BH9V9L4L7sXXECjx24yOkbWKFTLTH+zdNGXq8nvtAL1GiAC59X+
PkL/Bfryy74/OeiRn0K5+WgXT1aMI9yOf/0n9LMIqxBQ83v3hBvNoCcKB9chy5LJ
MEP6LsU74AGjQTarGSR0tFIxdeMp2Mcpnr0IQyIZ0HiUtDBNxvBxUq+agUgkCkZj
JunukZZXyvH8ZDHx8IcqQaQm3yku8aNNR8snkuxmY+kge7ONY7mUuLmibp++ZyGR
FvNZxQocYEjnAw3B/yvPM08af5W6s0nUP57Db6jHiODX7Rkpp3VG
-----END CERTIFICATE-----