Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/fR6UM7VER9dk984P5-y6VwVFiLQ.roa
File:                     fR6UM7VER9dk984P5-y6VwVFiLQ.roa (raw, json)
Hash identifier:          S0QgPJOGR867h2ojiGY0WQjOSAzEO1v49NidyA/qZn4=
Subject key identifier:   7D:1E:94:33:B5:44:47:D7:64:F7:CE:0F:E7:EC:BA:57:05:45:88:B4
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       018D9D9EFF470B38CA8B10EA7E6D5AD42B7F
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/fR6UM7VER9dk984P5-y6VwVFiLQ.roa
Signing time:             Mon 12 Feb 2024 14:00:59 +0000
ROA not before:           Mon 12 Feb 2024 14:00:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210558
IP address blocks:        45.152.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9d:9e:ff:47:0b:38:ca:8b:10:ea:7e:6d:5a:d4:2b:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Feb 12 14:00:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d1e9433b54447d764f7ce0fe7ecba57054588b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:7c:10:9b:57:2a:15:48:c4:b6:9a:0d:5b:cf:
                    74:78:96:78:77:04:cb:fc:3f:ef:f0:90:08:7d:14:
                    0b:1c:c4:6f:02:b9:6b:5b:8a:89:e1:ae:66:0a:04:
                    63:b1:8e:6c:c6:d6:e1:db:b9:2a:c3:2e:2c:b4:bf:
                    70:65:4f:bd:f5:d9:0b:c2:48:9e:78:93:af:75:e7:
                    ff:79:08:42:c2:a6:9d:44:e9:84:d5:16:3b:7a:fb:
                    30:44:3c:e3:16:e0:65:68:cb:f5:45:f8:b3:f9:49:
                    8c:01:5c:1e:fb:05:b6:f0:52:84:ac:2e:8b:f5:9a:
                    d6:b2:a2:67:bf:8d:e2:53:db:06:87:fe:94:72:f0:
                    06:79:a2:74:bf:d1:16:23:08:8e:d8:95:cb:1c:f1:
                    e0:2d:00:b1:9c:50:20:fa:71:42:a6:09:e9:e2:aa:
                    c4:5b:33:66:f1:f0:fe:18:d3:d3:ed:1c:a3:1d:d0:
                    9c:fb:bb:b3:2c:9e:c3:e3:5f:40:c3:61:86:78:be:
                    db:f4:7b:2f:2b:50:f4:c2:8c:2d:74:fc:e9:71:69:
                    93:e7:ab:8b:b9:90:e9:cb:91:ac:36:17:50:43:47:
                    b7:42:c5:f6:26:1c:81:2a:8f:ff:51:a0:c4:ef:79:
                    a4:3e:8b:2a:48:35:6d:ed:18:e2:f2:4c:28:9c:14:
                    fd:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:1E:94:33:B5:44:47:D7:64:F7:CE:0F:E7:EC:BA:57:05:45:88:B4
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/fR6UM7VER9dk984P5-y6VwVFiLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:f2:2b:4b:f1:4e:be:ee:e1:51:37:71:45:09:29:c8:dd:89:
         9b:90:fa:e9:90:54:9a:75:fe:36:07:70:c4:10:9c:69:6d:19:
         45:7c:0e:f9:71:c2:cf:be:f7:e9:09:64:99:98:06:3c:39:ed:
         27:2d:22:ec:7b:01:aa:39:27:52:92:e1:dd:49:d7:cb:07:35:
         be:42:6f:1c:7b:a6:30:ce:ea:36:5f:ee:10:d6:98:95:db:db:
         3b:6c:68:e1:cd:cf:c8:57:28:93:f9:62:3c:22:9c:e8:ec:f1:
         0f:3b:56:11:fa:67:f4:78:17:91:0f:c5:70:bb:72:f0:53:9f:
         cd:89:a7:c3:98:4d:a0:ee:e7:09:12:c3:83:31:11:c6:85:87:
         6c:0d:c1:24:03:87:e6:f6:38:15:ad:23:73:05:22:b8:82:a4:
         d0:c6:71:b8:ba:65:9b:52:82:96:c8:dc:eb:07:d9:ec:09:ac:
         bc:24:4b:11:29:1b:42:13:47:a9:fd:8c:0e:f8:2f:db:ee:d3:
         87:9b:a6:67:df:3c:68:06:45:c5:b3:29:19:3b:05:19:30:7c:
         84:98:00:0b:69:ff:c6:b3:af:b8:98:07:67:3a:02:7c:d8:55:
         f2:cf:57:7d:52:3a:fb:e8:cd:0c:86:81:47:31:d7:0a:f2:32:
         c6:12:6a:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2dnv9HCzjKixDqfm1a1Ct/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjQwMjEyMTQwMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDFlOTQzM2I1NDQ0N2Q3NjRmN2NlMGZlN2VjYmE1NzA1NDU4OGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHwQm1cqFUjEtpoNW890eJZ4dwTL
/D/v8JAIfRQLHMRvArlrW4qJ4a5mCgRjsY5sxtbh27kqwy4stL9wZU+99dkLwkie
eJOvdef/eQhCwqadROmE1RY7evswRDzjFuBlaMv1Rfiz+UmMAVwe+wW28FKErC6L
9ZrWsqJnv43iU9sGh/6UcvAGeaJ0v9EWIwiO2JXLHPHgLQCxnFAg+nFCpgnp4qrE
WzNm8fD+GNPT7RyjHdCc+7uzLJ7D419Aw2GGeL7b9HsvK1D0wowtdPzpcWmT56uL
uZDpy5GsNhdQQ0e3QsX2JhyBKo//UaDE73mkPosqSDVt7Rji8kwonBT9IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0elDO1REfXZPfOD+fsulcFRYi0MB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvZlI2VU03VkVSOWRrOTg0UDUteTZWd1ZGaUxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZiVMA0G
CSqGSIb3DQEBCwUAA4IBAQCB8itL8U6+7uFRN3FFCSnI3YmbkPrpkFSadf42B3DE
EJxpbRlFfA75ccLPvvfpCWSZmAY8Oe0nLSLsewGqOSdSkuHdSdfLBzW+Qm8ce6Yw
zuo2X+4Q1piV29s7bGjhzc/IVyiT+WI8Ipzo7PEPO1YR+mf0eBeRD8Vwu3LwU5/N
iafDmE2g7ucJEsODMRHGhYdsDcEkA4fm9jgVrSNzBSK4gqTQxnG4umWbUoKWyNzr
B9nsCay8JEsRKRtCE0ep/YwO+C/b7tOHm6Zn3zxoBkXFsykZOwUZMHyEmAALaf/G
s6+4mAdnOgJ82FXyz1d9Ujr76M0MhoFHMdcK8jLGEmr6
-----END CERTIFICATE-----