Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/fyYUCKFhWkzkmfFiTToEQE6pmcw.roa
File:                     fyYUCKFhWkzkmfFiTToEQE6pmcw.roa (raw, json)
Hash identifier:          lhzpHQr0WBkPp+50S9sJgTn/M0FBDcBMbqlQf/PBjj0=
Subject key identifier:   7F:26:14:08:A1:61:5A:4C:E4:99:F1:62:4D:3A:04:40:4E:A9:99:CC
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018F8D2023B7B138A2AE2BF9C64A35ACB14B
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/fyYUCKFhWkzkmfFiTToEQE6pmcw.roa
Signing time:             Sat 18 May 2024 19:14:04 +0000
ROA not before:           Sat 18 May 2024 19:14:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41925
IP address blocks:        147.45.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:8d:20:23:b7:b1:38:a2:ae:2b:f9:c6:4a:35:ac:b1:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: May 18 19:14:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f261408a1615a4ce499f1624d3a04404ea999cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:99:33:62:9e:35:c7:07:19:84:9b:73:ed:9d:
                    12:84:0e:8b:91:46:bc:3f:79:3f:bd:57:3d:ed:3e:
                    b6:d3:01:83:cd:14:ad:ce:5e:2e:6f:89:23:31:a3:
                    5a:c9:b8:6a:bd:41:33:98:47:8e:84:47:32:72:20:
                    64:d4:2d:b3:4c:80:2a:fe:d3:66:32:17:90:fb:3b:
                    7d:26:01:4a:07:71:d6:4d:ab:1c:02:4b:58:1d:cb:
                    7d:f5:e7:cb:34:e9:16:f2:d9:fb:8d:1c:ce:cb:63:
                    9a:ad:d3:97:8f:14:4a:e4:ba:8e:16:16:fe:9d:aa:
                    d7:8f:ed:29:eb:bf:1a:78:ee:19:a9:13:46:1d:0b:
                    ce:e7:4b:d1:54:2a:bc:1d:95:f4:38:70:5a:ca:12:
                    29:c5:c8:b7:6a:72:d0:2e:67:0d:b0:d0:e2:16:ef:
                    66:60:09:f6:e5:4e:ec:c6:02:b2:4f:c1:f4:99:a6:
                    a7:ba:ee:74:df:01:a2:5b:14:25:94:eb:53:44:f1:
                    67:98:7a:56:ad:7e:a7:28:94:bf:04:8e:9e:d4:ec:
                    c0:83:04:4c:f4:ef:c6:f0:26:34:02:bf:ff:bb:c2:
                    b8:43:4d:82:f0:4f:99:73:0e:7d:60:8a:5b:e2:32:
                    8f:01:2e:00:86:b4:60:43:f8:98:4a:21:e3:80:f8:
                    c1:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:26:14:08:A1:61:5A:4C:E4:99:F1:62:4D:3A:04:40:4E:A9:99:CC
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/fyYUCKFhWkzkmfFiTToEQE6pmcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:09:9f:ac:eb:b4:bc:28:38:d6:2d:7c:d4:20:df:ed:a4:47:
         41:33:e2:03:e5:45:1c:fb:89:57:96:ee:92:cd:bc:4d:1c:7e:
         d2:ec:ff:4c:b7:fa:c3:92:22:51:39:99:3a:a2:c2:8a:df:09:
         b8:73:eb:10:59:b2:98:b6:ed:d2:56:dc:78:d3:ac:8a:4f:58:
         8b:0f:dd:ad:6a:4c:48:9e:24:45:ff:e1:7c:92:83:13:d2:ae:
         5f:ac:cd:1e:d5:4f:9b:37:6e:39:8c:57:70:f1:32:b4:bc:68:
         df:35:ae:f2:7e:a5:72:cf:09:33:8a:c7:68:3f:7a:83:8e:93:
         4f:1c:2d:af:be:22:a2:b1:54:89:f4:79:f4:1a:a6:d1:78:9d:
         66:fc:00:9f:c9:d8:99:ab:30:6d:4e:3b:c9:88:dc:76:fe:06:
         3d:b7:1b:d1:30:da:4a:5d:d6:da:e6:a0:87:4d:b4:7b:a0:f3:
         b6:32:a5:54:1b:0c:ed:85:41:53:78:c8:c4:65:bd:5f:19:79:
         83:9b:de:44:20:b5:ce:3f:0a:bb:7a:3e:0b:fe:d1:d9:7e:34:
         86:57:e7:14:08:2e:bb:49:fe:9f:91:89:39:55:4a:f1:99:de:
         cc:70:f5:2e:7d:96:d2:4d:5a:55:38:13:05:dd:e1:0d:4a:32:
         68:ad:f3:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+NICO3sTiiriv5xko1rLFLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwNTE4MTkxNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjI2MTQwOGExNjE1YTRjZTQ5OWYxNjI0ZDNhMDQ0MDRlYTk5OWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJkzYp41xwcZhJtz7Z0ShA6LkUa8
P3k/vVc97T620wGDzRStzl4ub4kjMaNaybhqvUEzmEeOhEcyciBk1C2zTIAq/tNm
MheQ+zt9JgFKB3HWTascAktYHct99efLNOkW8tn7jRzOy2OardOXjxRK5LqOFhb+
narXj+0p678aeO4ZqRNGHQvO50vRVCq8HZX0OHBayhIpxci3anLQLmcNsNDiFu9m
YAn25U7sxgKyT8H0maanuu503wGiWxQllOtTRPFnmHpWrX6nKJS/BI6e1OzAgwRM
9O/G8CY0Ar//u8K4Q02C8E+Zcw59YIpb4jKPAS4AhrRgQ/iYSiHjgPjBCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8mFAihYVpM5JnxYk06BEBOqZnMMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvZnlZVUNLRmhXa3prbWZGaVRUb0VRRTZwbWN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAky1xMA0G
CSqGSIb3DQEBCwUAA4IBAQBHCZ+s67S8KDjWLXzUIN/tpEdBM+ID5UUc+4lXlu6S
zbxNHH7S7P9Mt/rDkiJROZk6osKK3wm4c+sQWbKYtu3SVtx406yKT1iLD92takxI
niRF/+F8koMT0q5frM0e1U+bN245jFdw8TK0vGjfNa7yfqVyzwkzisdoP3qDjpNP
HC2vviKisVSJ9Hn0GqbReJ1m/ACfydiZqzBtTjvJiNx2/gY9txvRMNpKXdba5qCH
TbR7oPO2MqVUGwzthUFTeMjEZb1fGXmDm95EILXOPwq7ej4L/tHZfjSGV+cUCC67
Sf6fkYk5VUrxmd7McPUufZbSTVpVOBMF3eENSjJorfPn
-----END CERTIFICATE-----