Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/ff4W5r1pqdBY4QJs1ZD8e_xNf6s.roa
File:                     ff4W5r1pqdBY4QJs1ZD8e_xNf6s.roa (raw, json)
Hash identifier:          Um35aQn44tE9TDyRGRfmMfE7JkCOismfbuWEzvOdVTE=
Subject key identifier:   7D:FE:16:E6:BD:69:A9:D0:58:E1:02:6C:D5:90:FC:7B:FC:4D:7F:AB
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       0190E032B9B98FA76A1221C08CEE8CAB6E6C
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/ff4W5r1pqdBY4QJs1ZD8e_xNf6s.roa
Signing time:             Tue 23 Jul 2024 15:25:39 +0000
ROA not before:           Tue 23 Jul 2024 15:25:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30937
IP address blocks:        45.157.200.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e0:32:b9:b9:8f:a7:6a:12:21:c0:8c:ee:8c:ab:6e:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jul 23 15:25:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7dfe16e6bd69a9d058e1026cd590fc7bfc4d7fab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:dd:78:07:b2:69:4a:37:3d:99:62:aa:88:05:
                    a6:0c:42:33:50:ab:6d:f4:3a:c8:96:00:65:36:3d:
                    b3:c3:66:dd:bc:29:5c:b0:82:f9:69:1c:fc:a5:74:
                    81:fa:c0:a2:06:66:b9:4a:fc:f7:30:a1:07:22:10:
                    50:53:a6:ed:da:4e:ca:4c:44:7d:3c:17:f8:fa:d5:
                    74:0a:dc:b2:fc:9a:9e:9e:be:8a:1c:7f:f9:dc:eb:
                    56:92:bd:21:82:de:1f:7a:e5:46:28:91:da:b7:96:
                    c4:a8:60:72:16:16:3d:56:da:21:6b:0f:08:64:73:
                    4d:c7:d4:1e:33:bc:77:4f:04:18:d2:18:98:de:40:
                    8f:0f:2a:65:6d:99:45:32:ea:36:b4:9e:ae:96:f2:
                    c8:96:7d:d8:35:f8:4c:6f:e4:f0:fb:92:34:6c:c7:
                    c4:d7:f0:15:a8:e9:1c:a9:c4:58:06:6f:c4:84:e1:
                    75:bd:8b:c5:22:ab:4b:77:19:a4:e8:4c:a2:c0:db:
                    ae:05:19:36:3b:1c:9b:4b:48:c3:58:ca:bb:e8:9f:
                    4a:10:45:5d:da:16:14:c1:07:38:10:ef:3f:60:49:
                    a3:c1:3e:2b:77:19:71:9f:81:70:5d:ff:dc:34:4c:
                    69:d4:56:f3:d1:fb:64:de:82:a1:ef:ff:7b:bd:02:
                    b8:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:FE:16:E6:BD:69:A9:D0:58:E1:02:6C:D5:90:FC:7B:FC:4D:7F:AB
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/ff4W5r1pqdBY4QJs1ZD8e_xNf6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b0:05:54:85:41:e6:4e:83:5d:47:99:1a:00:d8:d3:c2:b8:1e:
         51:7d:e5:d6:94:dc:fd:ec:3f:11:91:87:e7:21:23:82:e3:36:
         93:00:9f:00:40:1f:e6:4b:f8:bb:f8:34:27:1c:1c:01:78:ed:
         1e:f7:31:65:6a:7c:b8:b7:e4:c6:c5:7b:c4:83:68:23:83:25:
         25:5d:ed:ac:a2:48:e1:13:99:af:20:ad:84:f3:93:5d:e0:5c:
         e2:5f:de:e9:e1:a3:e7:64:cb:ed:f1:ad:e4:ac:56:7d:c5:80:
         cd:b1:b2:86:6f:fd:f0:79:34:d9:e8:97:32:ae:54:a8:dd:f1:
         17:7b:dd:65:f6:2c:dd:40:00:5d:2e:b0:90:48:35:41:e3:bb:
         b9:03:97:53:6a:e2:ce:88:b0:b8:ae:5e:e0:5a:86:c1:fa:be:
         92:29:f2:5c:68:f3:de:77:6f:6c:ac:4d:ea:5f:b3:59:c9:95:
         00:4b:22:13:0d:b1:55:29:8a:b5:c6:f2:5f:c8:d4:29:f1:44:
         32:95:9b:95:68:1b:bf:3b:4d:44:95:de:c8:8b:9d:65:c4:bc:
         3d:9c:ca:4d:f6:e0:36:39:63:00:c2:05:fd:43:32:b5:e7:65:
         ac:58:7c:e7:10:ff:4e:d3:51:bf:1e:3d:75:6a:24:e5:cc:40:
         72:76:95:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDgMrm5j6dqEiHAjO6Mq25sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwNzIzMTUyNTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGZlMTZlNmJkNjlhOWQwNThlMTAyNmNkNTkwZmM3YmZjNGQ3ZmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiN14B7JpSjc9mWKqiAWmDEIzUKtt
9DrIlgBlNj2zw2bdvClcsIL5aRz8pXSB+sCiBma5Svz3MKEHIhBQU6bt2k7KTER9
PBf4+tV0Ctyy/Jqenr6KHH/53OtWkr0hgt4feuVGKJHat5bEqGByFhY9Vtohaw8I
ZHNNx9QeM7x3TwQY0hiY3kCPDyplbZlFMuo2tJ6ulvLIln3YNfhMb+Tw+5I0bMfE
1/AVqOkcqcRYBm/EhOF1vYvFIqtLdxmk6EyiwNuuBRk2OxybS0jDWMq76J9KEEVd
2hYUwQc4EO8/YEmjwT4rdxlxn4FwXf/cNExp1Fbz0ftk3oKh7/97vQK43wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3+Fua9aanQWOECbNWQ/Hv8TX+rMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvZmY0VzVyMXBxZEJZNFFKczFaRDhlX3hOZjZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZ3IMA0G
CSqGSIb3DQEBCwUAA4IBAQCwBVSFQeZOg11HmRoA2NPCuB5RfeXWlNz97D8RkYfn
ISOC4zaTAJ8AQB/mS/i7+DQnHBwBeO0e9zFlany4t+TGxXvEg2gjgyUlXe2sokjh
E5mvIK2E85Nd4FziX97p4aPnZMvt8a3krFZ9xYDNsbKGb/3weTTZ6JcyrlSo3fEX
e91l9izdQABdLrCQSDVB47u5A5dTauLOiLC4rl7gWobB+r6SKfJcaPPed29srE3q
X7NZyZUASyITDbFVKYq1xvJfyNQp8UQylZuVaBu/O01Eld7Ii51lxLw9nMpN9uA2
OWMAwgX9QzK152WsWHznEP9O01G/Hj11aiTlzEBydpU7
-----END CERTIFICATE-----