Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/375ebc-bafb-4e0b-b549-77635a22eb96/1/L71QgugQMvf85kaVtGQuyJPoJRc.roa
File:                     L71QgugQMvf85kaVtGQuyJPoJRc.roa (raw, json)
Hash identifier:          ceoFbPknh7QvCYKH40qZCPs0N9mGu2K2EqLi1eFBSIE=
Subject key identifier:   2F:BD:50:82:E8:10:32:F7:FC:E6:46:95:B4:64:2E:C8:93:E8:25:17
Certificate issuer:       /CN=b7c40a747e3ac1acc611a4c403b6007398e7d79f
Certificate serial:       018CC56E2E53B2C8E2C47AC93CA3F1D37F08
Authority key identifier: B7:C4:0A:74:7E:3A:C1:AC:C6:11:A4:C4:03:B6:00:73:98:E7:D7:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t8QKdH46wazGEaTEA7YAc5jn158.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/375ebc-bafb-4e0b-b549-77635a22eb96/1/L71QgugQMvf85kaVtGQuyJPoJRc.roa
Signing time:             Mon 01 Jan 2024 14:29:41 +0000
ROA not before:           Mon 01 Jan 2024 14:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216395
IP address blocks:        45.67.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/375ebc-bafb-4e0b-b549-77635a22eb96/1/t8QKdH46wazGEaTEA7YAc5jn158.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/375ebc-bafb-4e0b-b549-77635a22eb96/1/t8QKdH46wazGEaTEA7YAc5jn158.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t8QKdH46wazGEaTEA7YAc5jn158.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:2e:53:b2:c8:e2:c4:7a:c9:3c:a3:f1:d3:7f:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7c40a747e3ac1acc611a4c403b6007398e7d79f
        Validity
            Not Before: Jan  1 14:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fbd5082e81032f7fce64695b4642ec893e82517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ed:23:6d:4f:04:e8:78:d6:2c:bc:0f:f5:94:
                    99:ef:60:f6:51:fb:ee:a0:81:94:7c:75:92:fd:56:
                    87:02:f3:6c:80:88:11:70:33:1c:c1:ae:19:9a:c0:
                    ae:e8:15:a0:c7:d0:71:eb:fa:db:1e:7c:69:bc:b4:
                    24:79:b4:8b:7a:89:92:f5:02:8c:70:e4:20:42:2f:
                    5c:16:f7:a9:5b:e1:bf:39:ca:07:f0:6c:e7:79:b5:
                    93:de:bd:b6:a2:ad:60:4b:c0:d0:30:4a:b9:c3:51:
                    07:a7:ff:9a:fc:0a:65:b2:9a:2f:27:c2:96:17:f4:
                    21:78:f7:89:f3:5c:8b:e6:64:0f:44:72:10:ff:ce:
                    64:26:52:8c:c9:23:7e:01:98:48:61:40:a3:aa:97:
                    79:63:65:1c:5b:c6:d8:4a:87:ed:0c:39:50:97:22:
                    ee:bf:ec:09:fa:86:e6:36:14:22:98:98:cc:96:d9:
                    3b:fd:b8:35:7f:a7:9b:cf:e6:fc:31:12:90:49:24:
                    ce:ce:f4:86:5e:8f:eb:e0:23:2b:1c:65:cd:89:bd:
                    74:73:1d:b5:16:4f:8e:5d:6b:b8:b7:d9:0b:d4:4f:
                    d7:dc:9e:91:fd:00:e6:b4:23:98:5e:a9:76:fd:2b:
                    b4:97:b5:e4:27:e6:e3:15:9e:79:fa:11:9c:7e:11:
                    17:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:BD:50:82:E8:10:32:F7:FC:E6:46:95:B4:64:2E:C8:93:E8:25:17
            X509v3 Authority Key Identifier:
                keyid:B7:C4:0A:74:7E:3A:C1:AC:C6:11:A4:C4:03:B6:00:73:98:E7:D7:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t8QKdH46wazGEaTEA7YAc5jn158.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/375ebc-bafb-4e0b-b549-77635a22eb96/1/L71QgugQMvf85kaVtGQuyJPoJRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/375ebc-bafb-4e0b-b549-77635a22eb96/1/t8QKdH46wazGEaTEA7YAc5jn158.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:ad:17:a3:46:32:41:7a:84:36:3b:79:ad:f4:f9:2f:4b:c3:
         b3:b8:ad:22:20:9c:7a:57:01:6f:95:82:aa:56:38:5b:dc:9e:
         09:a6:2b:a3:98:94:55:61:56:51:8d:44:d3:b8:30:14:64:57:
         dc:03:68:96:55:42:bf:fe:e9:ea:f8:0d:39:6c:e6:66:ab:92:
         33:5d:45:fc:fb:30:cf:cc:09:31:41:d9:18:f4:51:62:41:b0:
         8a:5a:fe:28:09:16:fd:bf:13:fb:79:9a:1f:8e:ef:da:61:bd:
         cd:8d:ee:92:24:5a:83:ae:55:64:e2:ed:33:ea:90:29:4d:c7:
         3d:60:05:a4:44:99:0e:a4:bd:12:15:2d:b0:30:a2:ff:98:60:
         52:76:36:7d:3c:bf:11:f8:24:80:63:d4:2a:96:fd:0d:c3:61:
         da:ca:13:d0:0b:67:cc:67:e7:bf:c1:31:22:ce:57:21:02:96:
         d8:67:71:38:93:f3:5c:0f:10:db:8e:53:6e:fa:83:d1:be:f6:
         5a:7f:ad:de:fe:74:dd:96:c8:e8:81:3a:cd:ea:6c:e6:d2:02:
         24:c9:cb:13:e1:7b:66:fa:12:66:2e:56:cc:9e:2a:ef:ec:f4:
         b8:d4:ec:fc:0f:d7:8a:84:2c:33:21:98:ef:e0:66:cc:16:54:
         30:ae:0f:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbi5TssjixHrJPKPx038IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3YzQwYTc0N2UzYWMxYWNjNjExYTRjNDAzYjYwMDczOThl
N2Q3OWYwHhcNMjQwMTAxMTQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmJkNTA4MmU4MTAzMmY3ZmNlNjQ2OTViNDY0MmVjODkzZTgyNTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAye0jbU8E6HjWLLwP9ZSZ72D2Ufvu
oIGUfHWS/VaHAvNsgIgRcDMcwa4ZmsCu6BWgx9Bx6/rbHnxpvLQkebSLeomS9QKM
cOQgQi9cFvepW+G/OcoH8GznebWT3r22oq1gS8DQMEq5w1EHp/+a/AplspovJ8KW
F/QhePeJ81yL5mQPRHIQ/85kJlKMySN+AZhIYUCjqpd5Y2UcW8bYSoftDDlQlyLu
v+wJ+obmNhQimJjMltk7/bg1f6ebz+b8MRKQSSTOzvSGXo/r4CMrHGXNib10cx21
Fk+OXWu4t9kL1E/X3J6R/QDmtCOYXql2/Su0l7XkJ+bjFZ55+hGcfhEXwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC+9UILoEDL3/OZGlbRkLsiT6CUXMB8GA1UdIwQY
MBaAFLfECnR+OsGsxhGkxAO2AHOY59efMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDhRS2RINDZ3YXpHRWFURUE3WUFjNWpuMTU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zNzVlYmMtYmFmYi00ZTBiLWI1NDkt
Nzc2MzVhMjJlYjk2LzEvTDcxUWd1Z1FNdmY4NWthVnRHUXV5SlBvSlJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zNzVlYmMtYmFmYi00ZTBiLWI1NDktNzc2MzVhMjJlYjk2
LzEvdDhRS2RINDZ3YXpHRWFURUE3WUFjNWpuMTU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUMOMA0G
CSqGSIb3DQEBCwUAA4IBAQBVrRejRjJBeoQ2O3mt9PkvS8OzuK0iIJx6VwFvlYKq
Vjhb3J4JpiujmJRVYVZRjUTTuDAUZFfcA2iWVUK//unq+A05bOZmq5IzXUX8+zDP
zAkxQdkY9FFiQbCKWv4oCRb9vxP7eZofju/aYb3Nje6SJFqDrlVk4u0z6pApTcc9
YAWkRJkOpL0SFS2wMKL/mGBSdjZ9PL8R+CSAY9Qqlv0Nw2HayhPQC2fMZ+e/wTEi
zlchApbYZ3E4k/NcDxDbjlNu+oPRvvZaf63e/nTdlsjogTrN6mzm0gIkycsT4Xtm
+hJmLlbMnirv7PS41Oz8D9eKhCwzIZjv4GbMFlQwrg/E
-----END CERTIFICATE-----