Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/661b84-114d-4929-b684-cca0ad2685ca/1/f2OeFvQR7fI4t0DMh5eGZfrfYtU.roa
File:                     f2OeFvQR7fI4t0DMh5eGZfrfYtU.roa (raw, json)
Hash identifier:          eIRZ0/ncnntx8J1wwBMx9R6zuY49+RRqHCtVsrrvxqw=
Subject key identifier:   7F:63:9E:16:F4:11:ED:F2:38:B7:40:CC:87:97:86:65:FA:DF:62:D5
Certificate issuer:       /CN=d39123880f427446d5ff07cef9633e86dc49198d
Certificate serial:       018CC3B71B48EA10C86CD9751CF3A9DF5A6F
Authority key identifier: D3:91:23:88:0F:42:74:46:D5:FF:07:CE:F9:63:3E:86:DC:49:19:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/05EjiA9CdEbV_wfO-WM-htxJGY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/661b84-114d-4929-b684-cca0ad2685ca/1/f2OeFvQR7fI4t0DMh5eGZfrfYtU.roa
Signing time:             Mon 01 Jan 2024 06:30:06 +0000
ROA not before:           Mon 01 Jan 2024 06:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210792
IP address blocks:        45.153.76.0/22 maxlen: 22
                          158.255.79.0/24 maxlen: 24
                          2a11:ba80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/661b84-114d-4929-b684-cca0ad2685ca/1/05EjiA9CdEbV_wfO-WM-htxJGY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/661b84-114d-4929-b684-cca0ad2685ca/1/05EjiA9CdEbV_wfO-WM-htxJGY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/05EjiA9CdEbV_wfO-WM-htxJGY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1b:48:ea:10:c8:6c:d9:75:1c:f3:a9:df:5a:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d39123880f427446d5ff07cef9633e86dc49198d
        Validity
            Not Before: Jan  1 06:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f639e16f411edf238b740cc87978665fadf62d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:66:20:e2:28:4d:8a:ff:3f:05:0f:f1:f5:4d:
                    3f:38:04:9e:b8:04:90:b8:b8:6a:a0:22:1a:cc:73:
                    8d:2c:49:4a:d5:82:34:f3:38:db:e3:be:25:5e:c0:
                    93:16:69:42:27:43:b2:3e:08:23:13:8e:db:51:be:
                    9e:cb:0e:cc:10:cc:ca:16:18:f6:36:fc:30:20:8e:
                    64:31:08:c0:d0:c9:5b:d2:8c:37:a5:f9:da:55:5c:
                    ad:f4:ed:10:81:54:ac:8e:88:60:4d:ee:36:65:59:
                    35:b4:50:9a:30:03:4a:34:e8:48:f0:15:da:06:c0:
                    c9:92:0c:1f:d5:c9:59:a6:ba:01:da:eb:63:a4:09:
                    56:25:d0:6c:c7:b1:2d:d7:f8:34:5e:f7:5d:8b:62:
                    88:04:1c:cc:2c:47:e8:d9:20:b4:d6:d0:9d:59:df:
                    06:35:cc:97:89:fb:c3:fe:62:a2:56:9b:c2:05:35:
                    fe:7e:a3:fd:ce:3d:b4:ae:3a:d5:2a:49:9f:61:06:
                    16:e0:82:15:d2:de:30:85:12:84:f3:c7:62:2c:b2:
                    6a:97:45:39:e1:41:c5:cd:ad:69:8f:b8:c0:dd:b1:
                    07:74:0b:b7:20:ab:0f:bb:4a:11:f2:d1:94:43:53:
                    8d:4e:21:b8:e7:ce:88:9c:6a:7f:10:16:26:29:df:
                    75:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:63:9E:16:F4:11:ED:F2:38:B7:40:CC:87:97:86:65:FA:DF:62:D5
            X509v3 Authority Key Identifier:
                keyid:D3:91:23:88:0F:42:74:46:D5:FF:07:CE:F9:63:3E:86:DC:49:19:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/05EjiA9CdEbV_wfO-WM-htxJGY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/661b84-114d-4929-b684-cca0ad2685ca/1/f2OeFvQR7fI4t0DMh5eGZfrfYtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/661b84-114d-4929-b684-cca0ad2685ca/1/05EjiA9CdEbV_wfO-WM-htxJGY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.76.0/22
                  158.255.79.0/24
                IPv6:
                  2a11:ba80::/29

    Signature Algorithm: sha256WithRSAEncryption
         2d:cf:37:02:f1:37:db:59:ec:fe:19:ba:47:11:a4:5e:fd:37:
         7a:00:e1:c0:0b:6b:77:6d:53:da:d2:5c:95:34:68:df:90:d5:
         83:90:e4:85:f7:28:ec:86:0b:8a:2f:ab:a7:e6:a4:26:b7:d5:
         75:b7:b8:c7:18:31:39:4b:aa:cf:db:e1:c8:be:a2:32:cb:81:
         c4:80:78:7b:29:bc:01:7d:41:e9:3c:23:f9:4d:40:a7:f0:02:
         a4:e4:43:4d:7b:0a:7d:39:81:7e:27:8d:77:d6:17:fd:b4:f2:
         0b:f4:5d:a4:46:3c:2c:39:a9:4d:d7:8c:25:5a:4f:c0:f7:a1:
         1c:fb:82:e1:25:42:98:e0:9d:43:9d:4e:eb:74:c2:ac:ba:27:
         ed:1b:13:de:91:2e:e6:52:4a:2c:dd:1a:f8:43:5c:fe:14:8d:
         78:6d:e4:49:cd:e5:18:ef:d4:28:d7:40:11:0a:29:32:2a:d9:
         fe:e8:78:84:24:4d:89:fa:c3:1a:a1:b8:5d:8a:89:44:6e:f7:
         a6:b3:21:09:87:09:62:9f:3a:02:24:c1:75:ce:ac:5d:8b:2a:
         37:50:bd:ce:d9:3a:6d:ed:bb:0a:62:8c:11:b6:da:96:30:11:
         cd:9b:49:13:71:64:cb:b3:73:fc:a6:99:75:31:4e:5d:b7:77:
         cf:7e:dc:6f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDtxtI6hDIbNl1HPOp31pvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzOTEyMzg4MGY0Mjc0NDZkNWZmMDdjZWY5NjMzZTg2ZGM0
OTE5OGQwHhcNMjQwMTAxMDYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjYzOWUxNmY0MTFlZGYyMzhiNzQwY2M4Nzk3ODY2NWZhZGY2MmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmYg4ihNiv8/BQ/x9U0/OASeuASQ
uLhqoCIazHONLElK1YI08zjb474lXsCTFmlCJ0OyPggjE47bUb6eyw7MEMzKFhj2
NvwwII5kMQjA0Mlb0ow3pfnaVVyt9O0QgVSsjohgTe42ZVk1tFCaMANKNOhI8BXa
BsDJkgwf1clZproB2utjpAlWJdBsx7Et1/g0Xvddi2KIBBzMLEfo2SC01tCdWd8G
NcyXifvD/mKiVpvCBTX+fqP9zj20rjrVKkmfYQYW4IIV0t4whRKE88diLLJql0U5
4UHFza1pj7jA3bEHdAu3IKsPu0oR8tGUQ1ONTiG4586InGp/EBYmKd91CwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFH9jnhb0Ee3yOLdAzIeXhmX632LVMB8GA1UdIwQY
MBaAFNORI4gPQnRG1f8HzvljPobcSRmNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDVFamlBOUNkRWJWX3dmTy1XTS1odHhKR1kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS82NjFiODQtMTE0ZC00OTI5LWI2ODQt
Y2NhMGFkMjY4NWNhLzEvZjJPZUZ2UVI3Zkk0dDBETWg1ZUdaZnJmWXRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS82NjFiODQtMTE0ZC00OTI5LWI2ODQtY2NhMGFkMjY4NWNh
LzEvMDVFamlBOUNkRWJWX3dmTy1XTS1odHhKR1kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLZlMAwQA
nv9PMA0EAgACMAcDBQMqEbqAMA0GCSqGSIb3DQEBCwUAA4IBAQAtzzcC8TfbWez+
GbpHEaRe/Td6AOHAC2t3bVPa0lyVNGjfkNWDkOSF9yjshguKL6un5qQmt9V1t7jH
GDE5S6rP2+HIvqIyy4HEgHh7KbwBfUHpPCP5TUCn8AKk5ENNewp9OYF+J4131hf9
tPIL9F2kRjwsOalN14wlWk/A96Ec+4LhJUKY4J1DnU7rdMKsuiftGxPekS7mUkos
3Rr4Q1z+FI14beRJzeUY79Qo10ARCikyKtn+6HiEJE2J+sMaobhdiolEbvemsyEJ
hwlinzoCJMF1zqxdiyo3UL3O2Tpt7bsKYowRttqWMBHNm0kTcWTLs3P8ppl1MU5d
t3fPftxv
-----END CERTIFICATE-----