Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/F2Wo1pOD6_7EBx-UN77hPi4ucag.roa
File:                     F2Wo1pOD6_7EBx-UN77hPi4ucag.roa (raw, json)
Hash identifier:          KU7w7x22Wmqr+mp9EPVHcZRX/4wpKr7zb49VenPl8Wo=
Subject key identifier:   17:65:A8:D6:93:83:EB:FE:C4:07:1F:94:37:BE:E1:3E:2E:2E:71:A8
Certificate issuer:       /CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
Certificate serial:       018E0997B56CCD1B3F4F05893647E2F3477E
Authority key identifier: 5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/F2Wo1pOD6_7EBx-UN77hPi4ucag.roa
Signing time:             Mon 04 Mar 2024 13:12:01 +0000
ROA not before:           Mon 04 Mar 2024 13:12:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215649
IP address blocks:        45.89.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:09:97:b5:6c:cd:1b:3f:4f:05:89:36:47:e2:f3:47:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
        Validity
            Not Before: Mar  4 13:12:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1765a8d69383ebfec4071f9437bee13e2e2e71a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:04:bc:8f:50:ec:86:66:d7:07:9d:5d:b4:79:
                    c0:62:ea:b8:f4:e9:fa:bd:50:3b:d6:d5:47:21:44:
                    4c:17:ab:cb:c5:dc:d6:bb:ca:54:21:81:92:0e:78:
                    dd:4b:cb:37:e4:eb:f2:a9:5e:8b:cc:69:0f:a0:9c:
                    82:5c:b9:36:94:13:fa:62:ad:24:ae:cb:7e:ac:a6:
                    3f:7d:db:57:84:18:68:d8:bc:b8:e4:78:35:fb:e1:
                    f4:79:5c:fb:0e:ae:3d:6b:aa:ff:3f:0f:76:d9:cc:
                    a9:39:b4:46:3c:6d:7e:da:b9:2a:5c:b8:b5:25:ea:
                    7b:2b:d3:99:41:00:77:8e:6b:47:58:eb:6e:2d:3d:
                    f6:de:db:da:de:0d:7c:83:aa:29:cd:45:66:97:bb:
                    df:84:68:28:8a:1d:87:7a:6a:ca:3a:6b:cd:46:4f:
                    52:72:f5:16:00:4d:0c:5b:66:fc:c9:30:8b:da:ed:
                    83:e2:45:5d:c4:48:90:42:f1:50:9f:20:23:64:e3:
                    61:d4:da:72:0b:6e:16:eb:3d:a7:dd:6d:f6:66:37:
                    7a:c7:3e:85:11:a2:bd:06:c0:d3:c2:54:3e:3d:16:
                    ef:70:95:34:61:0c:55:6d:46:5f:39:fb:0f:f3:0c:
                    d2:81:45:06:96:eb:f0:4b:40:10:46:bc:3c:3d:dd:
                    84:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:65:A8:D6:93:83:EB:FE:C4:07:1F:94:37:BE:E1:3E:2E:2E:71:A8
            X509v3 Authority Key Identifier:
                keyid:5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/F2Wo1pOD6_7EBx-UN77hPi4ucag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:a9:0b:cf:a3:77:25:45:9a:2c:29:76:f0:d4:66:02:08:e7:
         3d:a9:07:0e:cb:5e:c2:23:4c:cd:f4:74:8a:19:d6:ef:d7:65:
         f2:95:24:8b:92:50:66:55:f2:a1:7d:86:45:1d:af:58:80:d3:
         8f:49:06:b9:54:9a:ff:19:77:fb:af:26:eb:bd:66:b0:11:27:
         f0:97:de:e5:6d:d6:30:da:19:db:8d:5a:ea:a4:2b:4e:8d:4a:
         dc:5c:a0:2e:81:08:cb:ed:15:62:68:64:b0:f3:7a:ef:71:4e:
         be:9a:88:72:89:c8:59:5c:7a:e9:59:87:d9:bd:cf:0d:03:f7:
         a7:76:6f:ca:c7:c0:be:68:87:15:89:7c:f6:fa:d5:2a:20:78:
         66:42:f7:c9:4e:39:73:34:2e:d6:c5:a5:3d:cd:c4:7f:bc:c5:
         82:10:d5:13:13:e9:74:66:ea:46:53:91:ea:b6:3b:19:9b:74:
         32:a1:19:cd:1e:2a:23:49:0a:da:8a:34:7d:66:4a:15:97:7d:
         73:b0:4f:5f:a7:4d:6b:74:7e:99:74:74:7c:53:60:ad:db:27:
         d8:88:eb:39:0f:2d:e9:92:30:65:1e:a5:15:75:2a:21:93:43:
         bf:09:e6:ff:b5:1e:64:eb:51:94:ae:ea:c6:ca:97:0a:19:73:
         76:3f:1b:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4Jl7VszRs/TwWJNkfi80d+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZWUwZDdlNzMwODRhNDJlNGM3ZjcxMThmMjM4M2ZjZmYz
NjliYTQwHhcNMjQwMzA0MTMxMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzY1YThkNjkzODNlYmZlYzQwNzFmOTQzN2JlZTEzZTJlMmU3MWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQS8j1DshmbXB51dtHnAYuq49On6
vVA71tVHIURMF6vLxdzWu8pUIYGSDnjdS8s35OvyqV6LzGkPoJyCXLk2lBP6Yq0k
rst+rKY/fdtXhBho2Ly45Hg1++H0eVz7Dq49a6r/Pw922cypObRGPG1+2rkqXLi1
Jep7K9OZQQB3jmtHWOtuLT323tva3g18g6opzUVml7vfhGgoih2HemrKOmvNRk9S
cvUWAE0MW2b8yTCL2u2D4kVdxEiQQvFQnyAjZONh1NpyC24W6z2n3W32Zjd6xz6F
EaK9BsDTwlQ+PRbvcJU0YQxVbUZfOfsP8wzSgUUGluvwS0AQRrw8Pd2E2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBdlqNaTg+v+xAcflDe+4T4uLnGoMB8GA1UdIwQY
MBaAFF7uDX5zCEpC5Mf3EY8jg/z/NpukMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgt
ZGRjMjY2NTY0NmNjLzEvRjJXbzFwT0Q2XzdFQngtVU43N2hQaTR1Y2FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgtZGRjMjY2NTY0NmNj
LzEvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVkdMA0G
CSqGSIb3DQEBCwUAA4IBAQBJqQvPo3clRZosKXbw1GYCCOc9qQcOy17CI0zN9HSK
Gdbv12XylSSLklBmVfKhfYZFHa9YgNOPSQa5VJr/GXf7rybrvWawESfwl97lbdYw
2hnbjVrqpCtOjUrcXKAugQjL7RViaGSw83rvcU6+mohyichZXHrpWYfZvc8NA/en
dm/Kx8C+aIcViXz2+tUqIHhmQvfJTjlzNC7WxaU9zcR/vMWCENUTE+l0ZupGU5Hq
tjsZm3QyoRnNHiojSQraijR9ZkoVl31zsE9fp01rdH6ZdHR8U2Ct2yfYiOs5Dy3p
kjBlHqUVdSohk0O/Ceb/tR5k61GUrurGypcKGXN2PxtO
-----END CERTIFICATE-----