Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/MFRcFvhMposZqHWMt4lsFYFFZz4.roa
File:                     MFRcFvhMposZqHWMt4lsFYFFZz4.roa (raw, json)
Hash identifier:          PUlSdynjA6lIzAozzLnq/sY+umpxfm+lHlHC+TOUzy0=
Subject key identifier:   30:54:5C:16:F8:4C:A6:8B:19:A8:75:8C:B7:89:6C:15:81:45:67:3E
Certificate issuer:       /CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
Certificate serial:       018CCC05C0BE4B5F4236BE789F6B3EA652DE
Authority key identifier: 1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/MFRcFvhMposZqHWMt4lsFYFFZz4.roa
Signing time:             Tue 02 Jan 2024 21:12:58 +0000
ROA not before:           Tue 02 Jan 2024 21:12:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        45.95.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:cc:05:c0:be:4b:5f:42:36:be:78:9f:6b:3e:a6:52:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
        Validity
            Not Before: Jan  2 21:12:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30545c16f84ca68b19a8758cb7896c158145673e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f7:d5:35:42:94:cb:27:a9:e4:a1:8e:ab:ac:
                    32:8d:f9:83:f4:50:c2:df:31:10:50:f2:57:7b:84:
                    af:6c:d6:87:7d:fe:e3:e3:22:0f:81:e8:4a:c6:ca:
                    d5:13:93:6e:cc:3b:d0:af:af:6c:b0:0f:ed:f8:ef:
                    d6:da:e1:9d:9b:7c:c9:ca:bf:a8:1f:7d:42:b1:52:
                    2b:66:2c:ac:8e:5b:e7:ad:df:f3:e1:5e:11:cd:57:
                    b7:01:62:ec:35:f2:8a:eb:f3:3b:a0:b3:7b:e1:61:
                    1d:a8:2f:71:95:ac:15:f8:93:cb:47:d2:82:40:07:
                    eb:42:32:ac:8a:88:74:16:8c:93:7d:1a:53:48:28:
                    dc:c7:c7:0c:cf:52:58:bc:8c:1a:12:78:88:c1:d2:
                    cc:5e:f3:3b:9f:19:28:43:3a:31:c6:1b:25:ac:50:
                    30:83:e7:15:3d:37:61:72:12:fc:37:b0:22:dc:7f:
                    ac:14:4e:f9:65:d0:cd:36:5a:ae:ef:75:af:74:f1:
                    bb:6d:94:28:df:15:09:3d:58:7a:07:f3:15:fd:19:
                    71:a4:d4:e2:10:97:2c:66:8e:ef:1e:6e:59:61:79:
                    ad:24:2b:3e:07:df:a8:83:af:2a:7e:16:2e:59:c1:
                    d1:d9:d9:e0:0a:ec:6e:de:fa:d8:10:a6:fa:a3:20:
                    69:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:54:5C:16:F8:4C:A6:8B:19:A8:75:8C:B7:89:6C:15:81:45:67:3E
            X509v3 Authority Key Identifier:
                keyid:1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/MFRcFvhMposZqHWMt4lsFYFFZz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:ce:d1:e5:34:91:6d:fd:8c:fc:f4:7f:76:af:53:a7:d1:d6:
         a0:66:30:5f:51:28:1f:24:79:71:f0:40:31:18:54:02:9f:39:
         7b:3c:78:68:b3:f9:c1:96:a9:12:a3:3b:4e:ee:ac:29:09:e0:
         f6:3d:d2:cd:86:86:5e:29:32:8d:cf:a3:8c:4c:66:02:b9:5e:
         21:4c:43:6b:73:45:a0:80:30:15:70:71:30:16:a5:f8:ef:5e:
         89:59:1e:76:64:a9:74:7b:18:3b:d7:02:93:e1:fd:49:53:ea:
         9b:ed:23:ac:89:a5:6f:52:53:30:79:8b:0d:01:bb:9b:5c:36:
         a1:84:73:06:51:5a:fb:c5:97:4c:bc:92:96:a5:38:88:0e:e4:
         ee:f5:fa:ef:03:c4:06:bb:a1:ed:de:b7:1e:b7:15:a0:fb:e6:
         f1:4a:02:8d:5a:81:48:d7:06:85:a1:34:56:15:de:8e:84:d9:
         86:61:f4:8b:8c:6f:89:89:12:34:f2:cd:85:46:cb:0d:0e:b9:
         88:57:6c:0c:ae:71:69:d8:95:58:d0:ea:0c:f0:da:a4:28:c2:
         36:0f:fb:bf:63:ac:9c:43:fc:f0:a1:24:99:fb:46:49:ba:ed:
         18:87:5a:a9:d3:c9:e9:f7:3a:57:8c:58:3f:fe:63:b2:32:cf:
         c9:aa:e5:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzMBcC+S19CNr54n2s+plLeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjFhYTVkMWJlZmQ3YTBmZTNlNGRmZTNhYThkYTczZWZj
ZmJhMzQwHhcNMjQwMTAyMjExMjU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDU0NWMxNmY4NGNhNjhiMTlhODc1OGNiNzg5NmMxNTgxNDU2NzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/fVNUKUyyep5KGOq6wyjfmD9FDC
3zEQUPJXe4SvbNaHff7j4yIPgehKxsrVE5NuzDvQr69ssA/t+O/W2uGdm3zJyr+o
H31CsVIrZiysjlvnrd/z4V4RzVe3AWLsNfKK6/M7oLN74WEdqC9xlawV+JPLR9KC
QAfrQjKsioh0FoyTfRpTSCjcx8cMz1JYvIwaEniIwdLMXvM7nxkoQzoxxhslrFAw
g+cVPTdhchL8N7Ai3H+sFE75ZdDNNlqu73WvdPG7bZQo3xUJPVh6B/MV/RlxpNTi
EJcsZo7vHm5ZYXmtJCs+B9+og68qfhYuWcHR2dngCuxu3vrYEKb6oyBphQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDBUXBb4TKaLGah1jLeJbBWBRWc+MB8GA1UdIwQY
MBaAFB9hql0b79eg/j5N/jqo2nPvz7o0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUt
YzYyMWU4ZGY5NWZmLzEvTUZSY0Z2aE1wb3NacUhXTXQ0bHNGWUZGWno0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUtYzYyMWU4ZGY5NWZm
LzEvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV/PMA0G
CSqGSIb3DQEBCwUAA4IBAQBpztHlNJFt/Yz89H92r1On0dagZjBfUSgfJHlx8EAx
GFQCnzl7PHhos/nBlqkSoztO7qwpCeD2PdLNhoZeKTKNz6OMTGYCuV4hTENrc0Wg
gDAVcHEwFqX4716JWR52ZKl0exg71wKT4f1JU+qb7SOsiaVvUlMweYsNAbubXDah
hHMGUVr7xZdMvJKWpTiIDuTu9frvA8QGu6Ht3rcetxWg++bxSgKNWoFI1waFoTRW
Fd6OhNmGYfSLjG+JiRI08s2FRssNDrmIV2wMrnFp2JVY0OoM8NqkKMI2D/u/Y6yc
Q/zwoSSZ+0ZJuu0Yh1qp08np9zpXjFg//mOyMs/JquVO
-----END CERTIFICATE-----