Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/fDMD6FQr0xZLWH7J861_InkMwZY.roa
File:                     fDMD6FQr0xZLWH7J861_InkMwZY.roa (raw, json)
Hash identifier:          ov5HzwQZqF5XAu1IHd+wHwrrTV0DHpB7avZVbnSizng=
Subject key identifier:   7C:33:03:E8:54:2B:D3:16:4B:58:7E:C9:F3:AD:7F:22:79:0C:C1:96
Certificate issuer:       /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial:       018DC0222D48164EB6CD074A39FD35267D53
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/fDMD6FQr0xZLWH7J861_InkMwZY.roa
Signing time:             Mon 19 Feb 2024 06:51:21 +0000
ROA not before:           Mon 19 Feb 2024 06:51:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24875
IP address blocks:        45.142.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c0:22:2d:48:16:4e:b6:cd:07:4a:39:fd:35:26:7d:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
        Validity
            Not Before: Feb 19 06:51:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c3303e8542bd3164b587ec9f3ad7f22790cc196
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:ee:38:da:04:6f:a6:bb:29:b9:0d:c1:f6:9f:
                    66:11:b9:09:ca:8d:71:2a:53:69:5b:fd:9d:ae:eb:
                    1b:64:b1:03:4b:d9:d7:e7:5f:49:62:04:28:73:fc:
                    8e:b0:79:86:7b:4f:03:04:71:3b:c6:ff:14:d2:f7:
                    d2:9e:cc:69:fb:b6:39:c2:1b:76:76:48:03:a2:18:
                    62:23:d8:df:d2:da:ed:43:c7:97:2c:e1:34:8a:69:
                    fb:17:74:57:fc:fb:c8:94:35:bb:3f:ca:d1:76:f8:
                    0b:fa:a6:7b:65:e1:2f:c0:a6:a1:f9:a2:c3:b1:cc:
                    63:b1:b4:80:4e:3b:45:6a:f9:d4:d9:47:60:6e:6f:
                    9c:06:f4:34:cd:f1:db:b2:42:64:30:8d:4b:c6:31:
                    c8:60:38:6c:7a:b9:9f:94:99:01:48:5c:db:ba:8d:
                    20:01:11:70:d1:b1:c2:1c:d9:71:92:68:5d:66:09:
                    82:d0:14:d4:13:eb:24:8c:6f:15:52:64:a6:2a:fa:
                    7a:cc:44:d8:0b:12:a7:23:e7:da:d6:68:04:99:57:
                    2e:9e:59:43:6c:50:42:99:59:80:cc:ac:2c:1d:e6:
                    5c:62:23:2c:f7:82:b6:06:55:0d:e0:f8:71:ed:c8:
                    ee:7f:f8:7f:6f:e2:70:4e:6f:92:31:95:ec:b5:ea:
                    83:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:33:03:E8:54:2B:D3:16:4B:58:7E:C9:F3:AD:7F:22:79:0C:C1:96
            X509v3 Authority Key Identifier:
                keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/fDMD6FQr0xZLWH7J861_InkMwZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:21:8c:8b:28:b7:b0:fa:f0:11:51:b5:33:f4:88:83:f7:da:
         29:79:50:5f:67:2e:13:54:8d:11:7c:f3:aa:23:0a:f6:50:ab:
         f7:f7:37:47:74:f0:c3:2d:9f:16:ff:db:fb:ea:11:03:a9:80:
         61:3f:aa:7e:fb:ad:ae:16:e4:19:d1:2b:3a:ba:36:51:50:c2:
         d6:a6:5d:b9:8b:9b:42:e3:f4:99:e9:15:93:e4:bc:00:92:76:
         10:b0:6d:29:2a:8d:49:e9:60:f6:d9:dd:7c:da:c6:fd:8b:1c:
         35:c8:f1:c1:27:0e:8d:5c:50:fb:2e:5c:ff:d1:e9:8b:8c:9b:
         de:47:b8:7d:09:eb:12:a1:17:57:81:4b:8d:40:31:fa:6e:53:
         dd:a2:c3:e5:12:8d:6e:19:38:94:71:ce:79:24:42:c0:be:9f:
         91:53:a3:a7:a9:80:a9:02:b2:a3:3f:ab:03:89:82:a8:8b:3a:
         52:1f:94:96:12:7f:01:78:d8:fd:4b:b7:58:19:10:ac:b2:7c:
         c1:19:7e:88:d2:07:a5:ca:35:4d:a1:81:df:0d:99:81:ab:26:
         53:3c:51:a6:08:a3:2c:06:62:4a:4b:44:58:d3:f3:8f:c5:aa:
         9b:1b:fb:79:56:15:85:a3:e6:c6:a8:ee:74:23:22:63:7c:8d:
         5e:38:ac:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3AIi1IFk62zQdKOf01Jn1TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTA4YzIyNWYyNDc4Y2Q0MjMwMTc5ODkwZDA3Mjg0YmUx
NjM2Y2QwHhcNMjQwMjE5MDY1MTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzMzMDNlODU0MmJkMzE2NGI1ODdlYzlmM2FkN2YyMjc5MGNjMTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4O442gRvprspuQ3B9p9mEbkJyo1x
KlNpW/2drusbZLEDS9nX519JYgQoc/yOsHmGe08DBHE7xv8U0vfSnsxp+7Y5wht2
dkgDohhiI9jf0trtQ8eXLOE0imn7F3RX/PvIlDW7P8rRdvgL+qZ7ZeEvwKah+aLD
scxjsbSATjtFavnU2Udgbm+cBvQ0zfHbskJkMI1LxjHIYDhsermflJkBSFzbuo0g
ARFw0bHCHNlxkmhdZgmC0BTUE+skjG8VUmSmKvp6zETYCxKnI+fa1mgEmVcunllD
bFBCmVmAzKwsHeZcYiMs94K2BlUN4Phx7cjuf/h/b+JwTm+SMZXsteqDzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHwzA+hUK9MWS1h+yfOtfyJ5DMGWMB8GA1UdIwQY
MBaAFM0QjCJfJHjNQjAXmJDQcoS+FjbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQt
YWU1MDI3MzY4MWE3LzEvZkRNRDZGUXIweFpMV0g3Sjg2MV9JbmtNd1pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQtYWU1MDI3MzY4MWE3
LzEvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY6aMA0G
CSqGSIb3DQEBCwUAA4IBAQAWIYyLKLew+vARUbUz9IiD99opeVBfZy4TVI0RfPOq
Iwr2UKv39zdHdPDDLZ8W/9v76hEDqYBhP6p++62uFuQZ0Ss6ujZRUMLWpl25i5tC
4/SZ6RWT5LwAknYQsG0pKo1J6WD22d182sb9ixw1yPHBJw6NXFD7Llz/0emLjJve
R7h9CesSoRdXgUuNQDH6blPdosPlEo1uGTiUcc55JELAvp+RU6OnqYCpArKjP6sD
iYKoizpSH5SWEn8BeNj9S7dYGRCssnzBGX6I0gelyjVNoYHfDZmBqyZTPFGmCKMs
BmJKS0RY0/OPxaqbG/t5VhWFo+bGqO50IyJjfI1eOKzn
-----END CERTIFICATE-----