Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/fIkseXS8ly6uCv_DCvB8DIt9-xo.roa
File:                     fIkseXS8ly6uCv_DCvB8DIt9-xo.roa (raw, json)
Hash identifier:          aw/pAEswxQGry7UWA0QcrnSbb5mAQag+AN6jiesjEek=
Subject key identifier:   7C:89:2C:79:74:BC:97:2E:AE:0A:FF:C3:0A:F0:7C:0C:8B:7D:FB:1A
Certificate issuer:       /CN=99fee7cbd8e78d1f14a453a04b916f7c1581d204
Certificate serial:       018D46431B88F3702B407F20B1795A10DC7B
Authority key identifier: 99:FE:E7:CB:D8:E7:8D:1F:14:A4:53:A0:4B:91:6F:7C:15:81:D2:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/fIkseXS8ly6uCv_DCvB8DIt9-xo.roa
Signing time:             Fri 26 Jan 2024 14:53:39 +0000
ROA not before:           Fri 26 Jan 2024 14:53:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207992
IP address blocks:        45.158.76.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:46:43:1b:88:f3:70:2b:40:7f:20:b1:79:5a:10:dc:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99fee7cbd8e78d1f14a453a04b916f7c1581d204
        Validity
            Not Before: Jan 26 14:53:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c892c7974bc972eae0affc30af07c0c8b7dfb1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:45:59:c4:8e:60:44:cd:80:2a:77:d1:dc:e5:
                    16:96:0c:87:51:96:b8:17:bf:0b:0d:54:d6:38:eb:
                    31:b8:8d:b0:82:2a:cf:6e:9a:33:bc:dd:7e:c2:7d:
                    f9:d2:9c:ea:ae:00:b0:fc:d9:2b:c7:8d:3b:e5:06:
                    70:5e:fb:2c:29:92:ca:2c:c8:50:1c:53:1b:af:4c:
                    78:b9:88:0b:ef:0c:72:77:5d:87:6b:dc:34:06:10:
                    d4:1b:ff:cd:12:22:e2:09:b3:8f:ec:e3:63:50:36:
                    b8:0c:25:e3:ab:7e:62:e8:58:36:16:09:e2:96:4e:
                    88:5b:2c:95:5f:6a:32:35:4b:e4:62:9e:d8:7d:2e:
                    c7:8b:d2:4e:cd:6e:a3:8e:13:11:70:89:4a:7a:fd:
                    4a:b9:62:2a:e3:e0:46:f8:a6:9b:e1:05:53:d4:29:
                    2a:38:75:1a:bc:e6:91:f0:34:e1:e4:4e:0c:85:ec:
                    bb:90:ef:1d:a3:a5:35:22:ff:5e:2a:79:92:bd:82:
                    4c:2e:04:2b:af:6f:25:8c:3c:dd:21:7e:2a:d8:7c:
                    27:bb:ca:8d:c0:f7:c6:9e:19:dd:9e:1c:37:6e:dd:
                    01:d0:c5:21:da:b9:de:c8:de:ee:e8:44:a7:36:c8:
                    c1:f0:c2:65:49:78:fe:e6:f3:20:26:36:2c:49:b5:
                    54:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:89:2C:79:74:BC:97:2E:AE:0A:FF:C3:0A:F0:7C:0C:8B:7D:FB:1A
            X509v3 Authority Key Identifier:
                keyid:99:FE:E7:CB:D8:E7:8D:1F:14:A4:53:A0:4B:91:6F:7C:15:81:D2:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/fIkseXS8ly6uCv_DCvB8DIt9-xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:eb:ba:87:b2:5d:48:e8:07:89:82:82:b3:3f:98:48:d3:c3:
         35:e5:2a:25:7e:42:22:e6:1e:6a:92:16:e4:6a:34:af:61:05:
         22:5a:67:4d:e5:a3:90:36:3f:ab:85:31:54:94:59:04:6c:9a:
         28:d8:8e:56:4e:d5:e1:87:32:5e:45:68:d8:e8:99:6e:e2:b2:
         71:c9:c3:cb:23:f1:73:56:a1:bd:fd:59:d9:13:0b:0e:76:f1:
         c5:13:26:63:18:3f:1f:00:46:f3:7c:92:ac:1c:6d:fd:c0:f9:
         e2:16:bf:31:df:a9:1c:2e:9d:1d:b8:63:9e:7c:0b:5b:d2:29:
         2d:50:9d:fe:2f:87:77:29:47:e6:50:68:3e:33:01:6b:b7:c8:
         4c:1c:55:76:79:70:61:b9:be:13:87:0f:1f:ab:1d:ed:cb:ff:
         51:b8:b4:05:7d:12:63:6b:40:97:41:43:62:fe:75:24:80:d7:
         f3:a9:5a:4e:a2:a4:50:3a:f9:f0:83:ff:91:62:ee:8e:3b:71:
         48:04:c1:77:af:d8:4d:e1:0a:74:79:57:13:67:dd:d4:ef:24:
         5e:b2:51:1b:d4:f4:fa:04:f1:16:ae:24:bb:20:ca:7a:14:7c:
         20:75:6d:71:95:56:a5:d6:29:c6:9e:33:6e:15:14:00:64:22:
         8b:c5:e0:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1GQxuI83ArQH8gsXlaENx7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZmVlN2NiZDhlNzhkMWYxNGE0NTNhMDRiOTE2ZjdjMTU4
MWQyMDQwHhcNMjQwMTI2MTQ1MzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yzg5MmM3OTc0YmM5NzJlYWUwYWZmYzMwYWYwN2MwYzhiN2RmYjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVZxI5gRM2AKnfR3OUWlgyHUZa4
F78LDVTWOOsxuI2wgirPbpozvN1+wn350pzqrgCw/Nkrx4075QZwXvssKZLKLMhQ
HFMbr0x4uYgL7wxyd12Ha9w0BhDUG//NEiLiCbOP7ONjUDa4DCXjq35i6Fg2Fgni
lk6IWyyVX2oyNUvkYp7YfS7Hi9JOzW6jjhMRcIlKev1KuWIq4+BG+Kab4QVT1Ckq
OHUavOaR8DTh5E4Mhey7kO8do6U1Iv9eKnmSvYJMLgQrr28ljDzdIX4q2Hwnu8qN
wPfGnhndnhw3bt0B0MUh2rneyN7u6ESnNsjB8MJlSXj+5vMgJjYsSbVURwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHyJLHl0vJcurgr/wwrwfAyLffsaMB8GA1UdIwQY
MBaAFJn+58vY540fFKRToEuRb3wVgdIEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWY3bnk5am5qUjhVcEZPZ1M1RnZmQldCMGdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8wZGQ0Y2ItMWY3Mi00MGVkLWE2NTct
MWMyMmVmZjcyODE4LzEvZklrc2VYUzhseTZ1Q3ZfREN2QjhESXQ5LXhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8wZGQ0Y2ItMWY3Mi00MGVkLWE2NTctMWMyMmVmZjcyODE4
LzEvbWY3bnk5am5qUjhVcEZPZ1M1RnZmQldCMGdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZ5MMA0G
CSqGSIb3DQEBCwUAA4IBAQBl67qHsl1I6AeJgoKzP5hI08M15SolfkIi5h5qkhbk
ajSvYQUiWmdN5aOQNj+rhTFUlFkEbJoo2I5WTtXhhzJeRWjY6Jlu4rJxycPLI/Fz
VqG9/VnZEwsOdvHFEyZjGD8fAEbzfJKsHG39wPniFr8x36kcLp0duGOefAtb0ikt
UJ3+L4d3KUfmUGg+MwFrt8hMHFV2eXBhub4Thw8fqx3ty/9RuLQFfRJja0CXQUNi
/nUkgNfzqVpOoqRQOvnwg/+RYu6OO3FIBMF3r9hN4Qp0eVcTZ93U7yReslEb1PT6
BPEWriS7IMp6FHwgdW1xlVal1inGnjNuFRQAZCKLxeBQ
-----END CERTIFICATE-----