Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/fDLvqzEEa4P7wjPQ7vpjcW_N7FQ.roa
File:                     fDLvqzEEa4P7wjPQ7vpjcW_N7FQ.roa (raw, json)
Hash identifier:          kZMy8ls1/oq+RYVR5fvUaELjy4n6IGC2barNnIxTbA8=
Subject key identifier:   7C:32:EF:AB:31:04:6B:83:FB:C2:33:D0:EE:FA:63:71:6F:CD:EC:54
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80147653BB1AFA9A39EDBC39B1D1261
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/fDLvqzEEa4P7wjPQ7vpjcW_N7FQ.roa
Signing time:             Tue 02 Jan 2024 02:29:36 +0000
ROA not before:           Tue 02 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30781
IP address blocks:        45.13.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:47:65:3b:b1:af:a9:a3:9e:db:c3:9b:1d:12:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c32efab31046b83fbc233d0eefa63716fcdec54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ee:38:a4:88:92:03:f0:7c:27:f9:fa:7d:88:
                    78:a7:ca:a1:7b:93:e5:68:30:1a:95:e6:11:72:37:
                    58:58:9e:ab:7f:32:b8:c0:24:31:d0:69:c4:54:fb:
                    46:3b:d3:4a:6e:0a:3c:a9:46:5b:4d:5d:fe:80:b3:
                    3b:94:32:96:be:d0:1f:d4:9a:15:76:64:5f:b8:d8:
                    9d:ef:32:c9:fb:ff:85:7c:bc:44:84:0e:c0:c5:05:
                    25:ae:f5:3b:d6:e5:b7:c1:7c:ae:16:e8:53:55:21:
                    24:32:4f:7b:02:44:dd:08:2e:31:a4:9f:00:19:03:
                    ff:59:14:e4:70:7e:53:6f:29:ee:be:49:6b:53:3b:
                    14:da:2a:a3:f8:87:a3:60:53:43:40:5d:23:0c:7a:
                    ee:c5:be:fe:16:b3:bb:19:75:f5:16:76:a8:01:40:
                    67:1f:0a:f3:86:88:14:da:e9:44:04:18:f9:82:11:
                    08:85:a2:bd:91:53:e0:0c:5f:6f:03:21:67:ac:99:
                    0f:75:14:1f:28:e0:55:42:c5:ac:50:ac:27:e5:34:
                    9f:51:a6:d6:82:2b:dc:8f:1d:ca:22:57:79:46:c9:
                    fb:eb:f9:31:db:b1:84:25:d6:29:3f:12:d1:99:8b:
                    0f:86:22:df:2f:a0:61:c0:5e:d6:8a:cc:8e:c4:0e:
                    77:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:32:EF:AB:31:04:6B:83:FB:C2:33:D0:EE:FA:63:71:6F:CD:EC:54
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/fDLvqzEEa4P7wjPQ7vpjcW_N7FQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:2f:1a:8c:9a:c7:b6:9a:fe:55:9d:9a:c2:b5:ce:3b:6d:73:
         09:32:eb:0e:7f:a1:02:2a:b8:6e:7b:15:1d:69:6b:5a:3f:c0:
         26:82:b1:5c:e6:8e:27:78:67:01:0c:62:1e:ac:8c:f5:b9:60:
         1c:c3:a1:d0:88:cc:86:e2:74:6f:bd:bf:85:36:de:33:e3:1b:
         83:c7:7d:33:95:6f:fa:5f:59:a9:2c:4f:ac:2e:31:a8:09:ac:
         92:5e:fb:2c:ca:b5:bd:35:24:59:0d:ee:3d:0d:af:ee:9a:a4:
         7d:fe:0c:e4:60:fc:42:49:10:8a:0a:16:5a:45:e3:2e:c3:33:
         6e:86:98:73:c0:bb:c5:09:50:34:d1:07:2c:e1:5b:58:13:91:
         ce:ee:64:31:52:ec:5e:6f:b8:3f:15:63:d7:56:0e:82:df:20:
         8e:b3:43:26:3f:f4:50:9a:65:49:24:86:b3:ae:69:ef:66:e2:
         08:0c:30:12:dc:bf:21:62:e3:a4:d8:29:0c:0a:2f:b4:cf:25:
         80:2c:df:11:1b:e5:19:b4:a5:0c:35:03:83:90:20:cb:b6:c0:
         97:a4:f1:f7:c9:39:97:0f:18:c7:26:ea:6a:51:85:45:be:9b:
         90:1a:fc:c5:95:b2:6a:6f:cf:bd:c5:07:25:f3:8a:92:7f:6b:
         27:84:24:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAUdlO7GvqaOe28ObHRJhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzMyZWZhYjMxMDQ2YjgzZmJjMjMzZDBlZWZhNjM3MTZmY2RlYzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAie44pIiSA/B8J/n6fYh4p8qhe5Pl
aDAaleYRcjdYWJ6rfzK4wCQx0GnEVPtGO9NKbgo8qUZbTV3+gLM7lDKWvtAf1JoV
dmRfuNid7zLJ+/+FfLxEhA7AxQUlrvU71uW3wXyuFuhTVSEkMk97AkTdCC4xpJ8A
GQP/WRTkcH5TbynuvklrUzsU2iqj+IejYFNDQF0jDHruxb7+FrO7GXX1FnaoAUBn
HwrzhogU2ulEBBj5ghEIhaK9kVPgDF9vAyFnrJkPdRQfKOBVQsWsUKwn5TSfUabW
givcjx3KIld5Rsn76/kx27GEJdYpPxLRmYsPhiLfL6BhwF7WisyOxA53fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHwy76sxBGuD+8Iz0O76Y3FvzexUMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvZkRMdnF6RUVhNFA3d2pQUTd2cGpjV19ON0ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ11MA0G
CSqGSIb3DQEBCwUAA4IBAQAtLxqMmse2mv5VnZrCtc47bXMJMusOf6ECKrhuexUd
aWtaP8AmgrFc5o4neGcBDGIerIz1uWAcw6HQiMyG4nRvvb+FNt4z4xuDx30zlW/6
X1mpLE+sLjGoCaySXvssyrW9NSRZDe49Da/umqR9/gzkYPxCSRCKChZaReMuwzNu
hphzwLvFCVA00Qcs4VtYE5HO7mQxUuxeb7g/FWPXVg6C3yCOs0MmP/RQmmVJJIaz
rmnvZuIIDDAS3L8hYuOk2CkMCi+0zyWALN8RG+UZtKUMNQODkCDLtsCXpPH3yTmX
DxjHJupqUYVFvpuQGvzFlbJqb8+9xQcl84qSf2snhCQO
-----END CERTIFICATE-----