Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/fdhWQe7287sUvpbGEZ0ZSFwGI-U.roa
File:                     fdhWQe7287sUvpbGEZ0ZSFwGI-U.roa (raw, json)
Hash identifier:          9/r3MaUOTlAWQ7SoTjaZLFkyQi5TcOOw67bmCHcn6r0=
Subject key identifier:   7D:D8:56:41:EE:F6:F3:BB:14:BE:96:C6:11:9D:19:48:5C:06:23:E5
Certificate issuer:       /CN=7de98f48e988790d0e0793537941b413d2e60306
Certificate serial:       018CC3B69037D867A9BB8C9B6CB525744F77
Authority key identifier: 7D:E9:8F:48:E9:88:79:0D:0E:07:93:53:79:41:B4:13:D2:E6:03:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/femPSOmIeQ0OB5NTeUG0E9LmAwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/fdhWQe7287sUvpbGEZ0ZSFwGI-U.roa
Signing time:             Mon 01 Jan 2024 06:29:30 +0000
ROA not before:           Mon 01 Jan 2024 06:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35762
IP address blocks:        5.252.44.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/femPSOmIeQ0OB5NTeUG0E9LmAwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/femPSOmIeQ0OB5NTeUG0E9LmAwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/femPSOmIeQ0OB5NTeUG0E9LmAwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:90:37:d8:67:a9:bb:8c:9b:6c:b5:25:74:4f:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7de98f48e988790d0e0793537941b413d2e60306
        Validity
            Not Before: Jan  1 06:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7dd85641eef6f3bb14be96c6119d19485c0623e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:17:c7:76:e0:9f:cf:52:40:09:77:a9:43:98:
                    c7:ca:2f:7d:71:30:f3:df:8a:8d:3d:27:6e:24:a2:
                    bf:39:7c:86:00:62:87:ec:8a:29:76:8f:d5:ca:d4:
                    ec:ea:8c:37:5c:36:12:96:8e:b5:7a:22:3e:e0:bd:
                    10:73:fa:dd:0c:33:f7:ba:a5:59:fd:48:d7:29:a6:
                    bb:3f:48:fe:f1:b6:ec:69:83:d7:1e:0b:15:cf:bc:
                    78:bf:5b:88:a0:24:32:23:d5:4f:f8:80:45:2e:54:
                    22:f3:1f:f6:bf:0c:f3:63:e2:3d:85:14:e3:2f:46:
                    99:5e:3c:35:a5:84:35:a8:92:5d:d6:5b:ce:d6:4c:
                    90:45:2f:72:0d:e4:c7:94:0f:7f:75:ee:73:bc:9c:
                    7e:c2:cb:5d:c7:56:fa:eb:67:0b:11:58:f2:b0:cb:
                    40:5d:fc:80:6f:9d:e5:47:c6:65:50:5d:e8:24:1d:
                    02:76:f5:23:6f:b4:9b:3e:4a:66:52:4e:74:62:0a:
                    38:91:2a:91:04:53:f7:c0:0e:9b:db:44:48:24:d2:
                    d4:9c:95:98:33:42:d0:ee:75:2f:8a:c8:d9:f1:de:
                    f2:86:b2:53:bd:f9:6f:96:4c:5d:85:31:7a:7b:69:
                    5c:b1:74:f2:a2:9c:8a:78:ae:10:e4:ea:95:7f:39:
                    56:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:D8:56:41:EE:F6:F3:BB:14:BE:96:C6:11:9D:19:48:5C:06:23:E5
            X509v3 Authority Key Identifier:
                keyid:7D:E9:8F:48:E9:88:79:0D:0E:07:93:53:79:41:B4:13:D2:E6:03:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/femPSOmIeQ0OB5NTeUG0E9LmAwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/fdhWQe7287sUvpbGEZ0ZSFwGI-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/femPSOmIeQ0OB5NTeUG0E9LmAwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:dd:75:3a:6d:ae:2b:1e:32:da:b6:19:be:25:63:36:bd:5d:
         cd:2f:ec:16:4a:a1:17:40:33:7b:78:40:e5:ee:9b:02:df:ee:
         17:6a:54:8d:65:7a:47:90:f5:fb:22:9c:46:06:5f:df:5e:1e:
         f8:f8:b3:e2:83:c0:e9:a5:22:a1:ba:d9:f1:2f:09:ce:d5:4c:
         f5:2b:3d:74:40:e8:a6:40:a8:fe:67:d7:19:4a:72:87:58:4a:
         82:50:26:e6:c6:0b:fb:d4:45:a3:74:44:20:62:71:c2:1f:92:
         cb:21:e0:d9:4d:7f:96:c0:63:bc:e1:6e:9e:f8:16:0a:36:d2:
         3f:4f:7b:fb:cf:32:32:e1:77:5e:c2:c3:21:5d:a6:e6:55:87:
         33:b3:9e:c6:43:e9:0a:75:34:ac:58:61:be:21:47:bf:ab:5c:
         86:c1:f1:87:6d:99:e0:71:5b:98:bf:aa:10:ef:b1:9b:9e:74:
         c9:a8:1a:c8:38:3a:fe:7e:f9:a8:35:36:23:b9:17:5e:98:57:
         c6:6c:93:ef:82:c6:8e:fc:28:80:f9:50:f2:ff:25:b8:15:a7:
         50:e4:9c:7d:8a:cf:81:7d:b2:bd:fe:e8:d4:83:ee:d2:7a:31:
         e7:71:1a:17:a9:27:f6:a0:66:84:53:b6:e4:51:48:b7:75:2b:
         bd:af:8f:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtpA32Gepu4ybbLUldE93MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZTk4ZjQ4ZTk4ODc5MGQwZTA3OTM1Mzc5NDFiNDEzZDJl
NjAzMDYwHhcNMjQwMTAxMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGQ4NTY0MWVlZjZmM2JiMTRiZTk2YzYxMTlkMTk0ODVjMDYyM2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhfHduCfz1JACXepQ5jHyi99cTDz
34qNPSduJKK/OXyGAGKH7Iopdo/VytTs6ow3XDYSlo61eiI+4L0Qc/rdDDP3uqVZ
/UjXKaa7P0j+8bbsaYPXHgsVz7x4v1uIoCQyI9VP+IBFLlQi8x/2vwzzY+I9hRTj
L0aZXjw1pYQ1qJJd1lvO1kyQRS9yDeTHlA9/de5zvJx+wstdx1b662cLEVjysMtA
XfyAb53lR8ZlUF3oJB0CdvUjb7SbPkpmUk50Ygo4kSqRBFP3wA6b20RIJNLUnJWY
M0LQ7nUvisjZ8d7yhrJTvflvlkxdhTF6e2lcsXTyopyKeK4Q5OqVfzlWEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3YVkHu9vO7FL6WxhGdGUhcBiPlMB8GA1UdIwQY
MBaAFH3pj0jpiHkNDgeTU3lBtBPS5gMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmVtUFNPbUllUTBPQjVOVGVVRzBFOUxtQXdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jMGZjMGEtMTVkNC00NmNjLWE4Yjkt
NDc2MzJjYjViODU0LzEvZmRoV1FlNzI4N3NVdnBiR0VaMFpTRndHSS1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jMGZjMGEtMTVkNC00NmNjLWE4YjktNDc2MzJjYjViODU0
LzEvZmVtUFNPbUllUTBPQjVOVGVVRzBFOUxtQXdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBfwsMA0G
CSqGSIb3DQEBCwUAA4IBAQAe3XU6ba4rHjLathm+JWM2vV3NL+wWSqEXQDN7eEDl
7psC3+4XalSNZXpHkPX7IpxGBl/fXh74+LPig8DppSKhutnxLwnO1Uz1Kz10QOim
QKj+Z9cZSnKHWEqCUCbmxgv71EWjdEQgYnHCH5LLIeDZTX+WwGO84W6e+BYKNtI/
T3v7zzIy4XdewsMhXabmVYczs57GQ+kKdTSsWGG+IUe/q1yGwfGHbZngcVuYv6oQ
77GbnnTJqBrIODr+fvmoNTYjuRdemFfGbJPvgsaO/CiA+VDy/yW4FadQ5Jx9is+B
fbK9/ujUg+7SejHncRoXqSf2oGaEU7bkUUi3dSu9r48E
-----END CERTIFICATE-----