Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/fl58xPOCZYlPpfL-c9VrMsGv15w.roa
File:                     fl58xPOCZYlPpfL-c9VrMsGv15w.roa (raw, json)
Hash identifier:          ZRBm1hGQR1P7McrWWsFQNq+2OzS3fG5tapeSIgG7TLE=
Subject key identifier:   7E:5E:7C:C4:F3:82:65:89:4F:A5:F2:FE:73:D5:6B:32:C1:AF:D7:9C
Certificate issuer:       /CN=c12ac9b14fd261a8d2763aad417432bebc49a0d6
Certificate serial:       018CC8DCF61BD06860C3AB455CB73BD93728
Authority key identifier: C1:2A:C9:B1:4F:D2:61:A8:D2:76:3A:AD:41:74:32:BE:BC:49:A0:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wSrJsU_SYajSdjqtQXQyvrxJoNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/fl58xPOCZYlPpfL-c9VrMsGv15w.roa
Signing time:             Tue 02 Jan 2024 06:29:33 +0000
ROA not before:           Tue 02 Jan 2024 06:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203735
IP address blocks:        45.143.30.0/24 maxlen: 24
                          45.143.29.0/24 maxlen: 24
                          45.143.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/wSrJsU_SYajSdjqtQXQyvrxJoNY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/wSrJsU_SYajSdjqtQXQyvrxJoNY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wSrJsU_SYajSdjqtQXQyvrxJoNY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:f6:1b:d0:68:60:c3:ab:45:5c:b7:3b:d9:37:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c12ac9b14fd261a8d2763aad417432bebc49a0d6
        Validity
            Not Before: Jan  2 06:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e5e7cc4f38265894fa5f2fe73d56b32c1afd79c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b7:0c:95:5d:cb:d4:24:5a:5f:a5:2d:68:8f:
                    c8:f9:fb:0c:2a:f3:cc:98:44:03:84:33:51:df:b2:
                    9b:65:0d:69:ca:b4:00:30:a8:9e:6d:30:37:b0:34:
                    0c:c0:a4:3d:bd:e7:06:8d:dd:0c:d8:49:e8:3e:55:
                    88:a3:d8:de:df:ee:b8:64:a8:49:f5:33:e2:8b:1a:
                    38:54:21:a6:94:9a:6c:7a:39:ee:21:98:48:f2:f3:
                    60:88:7e:93:11:96:61:cc:a5:12:e3:11:e5:1f:98:
                    dc:c9:6e:9f:71:41:22:91:11:15:c8:b0:b3:04:9a:
                    64:59:ff:65:d6:28:58:30:e4:57:a7:e6:ff:54:f1:
                    ad:65:c2:63:68:c0:9c:b5:1c:12:05:80:d2:64:3d:
                    dc:15:86:a2:9b:be:bf:02:bf:b9:f9:29:8d:22:3f:
                    28:f8:a2:f7:e1:59:5e:76:d0:7f:c7:ce:ea:a3:67:
                    3d:e5:4d:fa:a9:59:42:c7:f5:4c:9f:f0:da:b8:b0:
                    5d:d8:7f:f4:01:ff:5d:c5:fd:62:49:66:67:52:e5:
                    fb:9b:ac:5c:8f:dc:b9:3f:42:8c:8c:a0:4c:93:9a:
                    e7:49:0e:cd:8b:82:96:aa:e0:a2:1c:cc:21:f4:40:
                    e7:7a:02:ad:17:c9:b5:b6:51:9c:c3:b1:92:7e:f5:
                    23:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:5E:7C:C4:F3:82:65:89:4F:A5:F2:FE:73:D5:6B:32:C1:AF:D7:9C
            X509v3 Authority Key Identifier:
                keyid:C1:2A:C9:B1:4F:D2:61:A8:D2:76:3A:AD:41:74:32:BE:BC:49:A0:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wSrJsU_SYajSdjqtQXQyvrxJoNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/fl58xPOCZYlPpfL-c9VrMsGv15w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/wSrJsU_SYajSdjqtQXQyvrxJoNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.29.0-45.143.31.255

    Signature Algorithm: sha256WithRSAEncryption
         8a:5d:f2:49:33:15:75:ce:f9:ee:7c:db:c3:38:51:cb:ce:c3:
         0e:e3:2e:9e:e2:5f:f1:88:c3:e2:94:f7:bd:9e:4a:ba:6f:8a:
         f9:72:2d:1f:74:03:5d:2c:0a:b9:59:b8:1e:d5:02:cb:3d:8b:
         0b:44:dd:0a:57:c9:98:84:49:d1:fd:d4:7c:95:97:78:b6:fc:
         72:fa:e5:53:14:14:de:e9:d4:10:ff:a0:4f:24:dc:29:43:94:
         5a:2a:05:2e:25:24:3a:5d:01:96:5d:86:85:a5:2f:54:9e:b3:
         d0:e3:52:9c:3b:6d:4f:b1:37:95:74:33:75:f9:11:9d:5a:18:
         24:57:36:d8:34:be:a4:17:00:40:83:d8:e0:b0:49:54:27:61:
         27:d7:37:2e:40:55:58:23:54:5d:ac:b5:a8:d2:3b:2b:7d:73:
         8f:9e:25:cb:55:95:42:c8:5a:de:cc:7e:8e:bb:03:be:cf:0d:
         7d:57:f3:6b:8a:c3:ca:13:e0:c4:b2:d1:46:e8:a7:94:1e:61:
         2f:2d:3c:48:f9:81:2e:36:f1:3f:93:a8:74:f0:b4:27:6d:6d:
         be:09:de:14:df:a0:b9:25:1b:55:7d:45:17:9c:cf:d6:87:24:
         35:8a:00:07:53:e3:83:3f:da:fb:f9:1e:90:66:22:92:7e:fd:
         11:da:f2:1e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzI3PYb0Ghgw6tFXLc72TcoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMmFjOWIxNGZkMjYxYThkMjc2M2FhZDQxNzQzMmJlYmM0
OWEwZDYwHhcNMjQwMTAyMDYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTVlN2NjNGYzODI2NTg5NGZhNWYyZmU3M2Q1NmIzMmMxYWZkNzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLcMlV3L1CRaX6UtaI/I+fsMKvPM
mEQDhDNR37KbZQ1pyrQAMKiebTA3sDQMwKQ9vecGjd0M2EnoPlWIo9je3+64ZKhJ
9TPiixo4VCGmlJpsejnuIZhI8vNgiH6TEZZhzKUS4xHlH5jcyW6fcUEikREVyLCz
BJpkWf9l1ihYMORXp+b/VPGtZcJjaMCctRwSBYDSZD3cFYaim76/Ar+5+SmNIj8o
+KL34VledtB/x87qo2c95U36qVlCx/VMn/DauLBd2H/0Af9dxf1iSWZnUuX7m6xc
j9y5P0KMjKBMk5rnSQ7Ni4KWquCiHMwh9EDnegKtF8m1tlGcw7GSfvUjSwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFH5efMTzgmWJT6Xy/nPVazLBr9ecMB8GA1UdIwQY
MBaAFMEqybFP0mGo0nY6rUF0Mr68SaDWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1NySnNVX1NZYWpTZGpxdFFYUXl2cnhKb05ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83MDExZGQtYzJkOS00MzQxLTkyMzYt
MjE2N2NmMDFjZjRhLzEvZmw1OHhQT0NaWWxQcGZMLWM5VnJNc0d2MTV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS83MDExZGQtYzJkOS00MzQxLTkyMzYtMjE2N2NmMDFjZjRh
LzEvd1NySnNVX1NZYWpTZGpxdFFYUXl2cnhKb05ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtjx0D
BAUtjwAwDQYJKoZIhvcNAQELBQADggEBAIpd8kkzFXXO+e5828M4UcvOww7jLp7i
X/GIw+KU972eSrpvivlyLR90A10sCrlZuB7VAss9iwtE3QpXyZiESdH91HyVl3i2
/HL65VMUFN7p1BD/oE8k3ClDlFoqBS4lJDpdAZZdhoWlL1Ses9DjUpw7bU+xN5V0
M3X5EZ1aGCRXNtg0vqQXAECD2OCwSVQnYSfXNy5AVVgjVF2stajSOyt9c4+eJctV
lULIWt7Mfo67A77PDX1X82uKw8oT4MSy0Ubop5QeYS8tPEj5gS428T+TqHTwtCdt
bb4J3hTfoLklG1V9RRecz9aHJDWKAAdT44M/2vv5HpBmIpJ+/RHa8h4=
-----END CERTIFICATE-----