Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/14e091-979a-4ed5-9d5e-4954270e2507/1/1-fOtLCEip_cQmd0fYXtz6ZS5KC4.roa
File:                     1-fOtLCEip_cQmd0fYXtz6ZS5KC4.roa (raw, json)
Hash identifier:          fII76EazRJLSng2UTYKDT3nLIKk/Wv/XQiwGHdZ74mc=
Subject key identifier:   F9:F3:AD:2C:21:22:A7:F7:10:99:DD:1F:61:7B:73:E9:94:B9:28:2E
Certificate issuer:       /CN=43a8e2899693fca00bd8041ba8801f2d88869108
Certificate serial:       018CC6B8620285BE52F8F2BD10D62D0EA8B4
Authority key identifier: 43:A8:E2:89:96:93:FC:A0:0B:D8:04:1B:A8:80:1F:2D:88:86:91:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q6jiiZaT_KAL2AQbqIAfLYiGkQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/14e091-979a-4ed5-9d5e-4954270e2507/1/1-fOtLCEip_cQmd0fYXtz6ZS5KC4.roa
Signing time:             Mon 01 Jan 2024 20:30:21 +0000
ROA not before:           Mon 01 Jan 2024 20:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42487
IP address blocks:        45.81.172.0/22 maxlen: 22
                          2a0e:5b80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/14e091-979a-4ed5-9d5e-4954270e2507/1/Q6jiiZaT_KAL2AQbqIAfLYiGkQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/14e091-979a-4ed5-9d5e-4954270e2507/1/Q6jiiZaT_KAL2AQbqIAfLYiGkQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q6jiiZaT_KAL2AQbqIAfLYiGkQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:62:02:85:be:52:f8:f2:bd:10:d6:2d:0e:a8:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43a8e2899693fca00bd8041ba8801f2d88869108
        Validity
            Not Before: Jan  1 20:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9f3ad2c2122a7f71099dd1f617b73e994b9282e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:22:0a:0c:4e:4d:7d:8f:69:67:3f:bd:54:49:
                    ac:50:7f:1e:f5:0f:21:39:65:11:78:4c:be:71:12:
                    22:19:fd:6c:5b:42:bf:a2:6c:d1:4a:f2:b2:8b:09:
                    81:70:da:3c:8c:4d:2d:30:ad:4d:0d:89:8d:e5:fb:
                    37:6e:9d:95:61:0a:c1:11:89:bd:73:5a:05:92:e6:
                    d6:b5:6f:8c:0f:a8:24:98:61:16:a2:1a:6d:41:a9:
                    ca:ca:ac:70:0f:ab:1d:3b:25:e6:6a:17:ba:6f:df:
                    cc:cb:66:5f:ad:b6:4d:8a:9f:cd:9d:14:bd:b6:b1:
                    0d:64:ae:46:0b:de:b4:2d:8d:18:3b:e1:2b:4b:00:
                    8f:42:79:9c:6c:15:45:9e:43:00:ce:53:c2:83:68:
                    d6:b9:41:af:00:e8:8f:14:a5:eb:e1:4b:92:4b:e2:
                    4c:8e:ab:a4:ad:28:bc:51:b4:bf:b2:6c:95:63:01:
                    a6:77:6d:6a:04:a2:96:5c:2a:8f:96:4b:1d:fb:d6:
                    52:a8:c3:20:2a:dd:de:b8:7c:88:e9:96:64:ff:7d:
                    68:a9:1c:b2:c9:2a:af:c9:d5:c8:f2:84:8a:5a:a6:
                    d7:e5:bb:49:7f:20:8a:d6:f1:66:4e:6a:33:94:71:
                    5f:1d:3e:15:5f:55:0d:4f:85:08:23:c1:1c:2a:91:
                    dd:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:F3:AD:2C:21:22:A7:F7:10:99:DD:1F:61:7B:73:E9:94:B9:28:2E
            X509v3 Authority Key Identifier:
                keyid:43:A8:E2:89:96:93:FC:A0:0B:D8:04:1B:A8:80:1F:2D:88:86:91:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q6jiiZaT_KAL2AQbqIAfLYiGkQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/14e091-979a-4ed5-9d5e-4954270e2507/1/1-fOtLCEip_cQmd0fYXtz6ZS5KC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/14e091-979a-4ed5-9d5e-4954270e2507/1/Q6jiiZaT_KAL2AQbqIAfLYiGkQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.172.0/22
                IPv6:
                  2a0e:5b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:32:b6:72:51:b8:6e:50:29:f6:f7:23:60:0e:20:6c:d0:65:
         54:5c:79:13:9a:60:ae:78:29:f8:8b:ce:a9:4b:34:3f:09:c0:
         14:f6:48:0a:4c:a6:c2:eb:66:f6:f4:df:80:48:5b:8d:07:03:
         4c:c2:60:2c:f8:d5:e2:81:1b:a0:dd:f4:8e:78:10:2e:5e:b0:
         86:95:b3:90:a8:c9:6a:fc:20:17:3a:c9:ba:34:68:ae:c4:c3:
         23:53:6a:bc:0a:92:cd:a7:22:e3:0a:f8:a3:7a:89:19:77:bf:
         4a:6b:44:9d:cc:51:d8:6c:f3:21:a9:fa:50:12:f4:08:b2:72:
         7d:79:91:11:9b:a2:6a:26:a3:96:97:5c:c3:d1:de:aa:23:e5:
         2d:b6:53:10:80:4d:52:3b:23:a3:84:6b:54:6f:62:79:cf:88:
         f1:15:2d:a6:b6:af:91:9d:d0:4f:75:0f:bb:ba:29:e0:2d:a4:
         e1:9c:39:f3:e1:be:cb:44:8d:57:0e:4f:f1:55:fc:40:79:a8:
         72:1d:cc:7c:85:1e:eb:01:87:7b:c6:fd:a1:b6:98:cb:d0:7b:
         96:00:63:10:c2:0d:2a:46:98:41:0e:f0:16:45:ea:31:b6:de:
         2b:b3:0d:a4:c9:9a:2f:6b:08:c2:39:4e:a7:ce:c7:b3:b8:98:
         a0:f5:bc:f2
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzGuGIChb5S+PK9ENYtDqi0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYThlMjg5OTY5M2ZjYTAwYmQ4MDQxYmE4ODAxZjJkODg4
NjkxMDgwHhcNMjQwMTAxMjAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWYzYWQyYzIxMjJhN2Y3MTA5OWRkMWY2MTdiNzNlOTk0YjkyODJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSIKDE5NfY9pZz+9VEmsUH8e9Q8h
OWUReEy+cRIiGf1sW0K/omzRSvKyiwmBcNo8jE0tMK1NDYmN5fs3bp2VYQrBEYm9
c1oFkubWtW+MD6gkmGEWohptQanKyqxwD6sdOyXmahe6b9/My2ZfrbZNip/NnRS9
trENZK5GC960LY0YO+ErSwCPQnmcbBVFnkMAzlPCg2jWuUGvAOiPFKXr4UuSS+JM
jqukrSi8UbS/smyVYwGmd21qBKKWXCqPlksd+9ZSqMMgKt3euHyI6ZZk/31oqRyy
ySqvydXI8oSKWqbX5btJfyCK1vFmTmozlHFfHT4VX1UNT4UII8EcKpHdywIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPnzrSwhIqf3EJndH2F7c+mUuSguMB8GA1UdIwQY
MBaAFEOo4omWk/ygC9gEG6iAHy2IhpEIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTZqaWlaYVRfS0FMMkFRYnFJQWZMWWlHa1FnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xNGUwOTEtOTc5YS00ZWQ1LTlkNWUt
NDk1NDI3MGUyNTA3LzEvMS1mT3RMQ0VpcF9jUW1kMGZZWHR6NlpTNUtDNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTQvMTRlMDkxLTk3OWEtNGVkNS05ZDVlLTQ5NTQyNzBlMjUw
Ny8xL1E2amlpWmFUX0tBTDJBUWJxSUFmTFlpR2tRZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAi1RrDAN
BAIAAjAHAwUDKg5bgDANBgkqhkiG9w0BAQsFAAOCAQEAZTK2clG4blAp9vcjYA4g
bNBlVFx5E5pgrngp+IvOqUs0PwnAFPZICkymwutm9vTfgEhbjQcDTMJgLPjV4oEb
oN30jngQLl6whpWzkKjJavwgFzrJujRorsTDI1NqvAqSzaci4wr4o3qJGXe/SmtE
ncxR2GzzIan6UBL0CLJyfXmREZuiaiajlpdcw9HeqiPlLbZTEIBNUjsjo4RrVG9i
ec+I8RUtpravkZ3QT3UPu7op4C2k4Zw58+G+y0SNVw5P8VX8QHmoch3MfIUe6wGH
e8b9obaYy9B7lgBjEMINKkaYQQ7wFkXqMbbeK7MNpMmaL2sIwjlOp87Hs7iYoPW8
8g==
-----END CERTIFICATE-----