Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/305360-2203-4a21-a2fd-91e8599ddbf7/1/fFQjsTaAFHFAOZJFbSYYuW0ljAs.roa
File:                     fFQjsTaAFHFAOZJFbSYYuW0ljAs.roa (raw, json)
Hash identifier:          lEaMndftnCn93E0o5v6pJyu/niyBLkXX5AayNelw/xw=
Subject key identifier:   7C:54:23:B1:36:80:14:71:40:39:92:45:6D:26:18:B9:6D:25:8C:0B
Certificate issuer:       /CN=a724383490a105bdc0d21597bfb1478ef04630b1
Certificate serial:       018E9E128808F24AD7DB37AFA79C55D7D41C
Authority key identifier: A7:24:38:34:90:A1:05:BD:C0:D2:15:97:BF:B1:47:8E:F0:46:30:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pyQ4NJChBb3A0hWXv7FHjvBGMLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/305360-2203-4a21-a2fd-91e8599ddbf7/1/fFQjsTaAFHFAOZJFbSYYuW0ljAs.roa
Signing time:             Tue 02 Apr 2024 09:09:58 +0000
ROA not before:           Tue 02 Apr 2024 09:09:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50588
IP address blocks:        45.145.120.0/23 maxlen: 23
                          185.149.12.0/23 maxlen: 23
                          193.109.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/305360-2203-4a21-a2fd-91e8599ddbf7/1/pyQ4NJChBb3A0hWXv7FHjvBGMLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/305360-2203-4a21-a2fd-91e8599ddbf7/1/pyQ4NJChBb3A0hWXv7FHjvBGMLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pyQ4NJChBb3A0hWXv7FHjvBGMLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 13:30:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9e:12:88:08:f2:4a:d7:db:37:af:a7:9c:55:d7:d4:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a724383490a105bdc0d21597bfb1478ef04630b1
        Validity
            Not Before: Apr  2 09:09:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c5423b136801471403992456d2618b96d258c0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:aa:8b:76:e3:a9:a0:0a:32:c0:1c:f0:c0:36:
                    47:4b:1e:f3:26:61:9a:99:c8:ae:aa:36:17:b5:67:
                    33:88:4f:21:85:38:cb:99:22:78:5d:e1:18:80:4b:
                    6b:a7:de:13:87:58:36:5b:16:a6:24:b9:dd:78:2c:
                    37:82:b4:c3:f4:66:73:8c:93:02:8c:55:d6:92:38:
                    85:42:77:f5:50:ff:e7:8c:70:a9:79:ff:63:f5:a7:
                    38:53:6a:98:cd:40:0f:3d:cb:24:91:3a:8e:58:8f:
                    35:45:05:14:77:98:df:c8:02:36:02:d8:82:af:af:
                    97:f0:9f:b3:93:08:90:cd:c4:10:05:0d:51:49:ed:
                    6f:db:fa:bb:2d:f9:04:9b:29:00:46:a5:f3:83:0f:
                    9e:d1:91:47:0a:88:ad:57:bf:29:1b:ab:c5:71:07:
                    b6:20:cb:60:51:e7:38:3f:dd:f1:28:51:89:5c:21:
                    cd:77:ec:26:10:b6:f9:d9:41:96:69:a7:94:8f:00:
                    f9:cd:fd:75:a3:12:08:71:ab:63:1f:c7:1a:90:96:
                    67:14:2b:e5:2e:9b:0c:ec:28:65:9b:e2:b7:e0:12:
                    a8:e3:6b:6b:df:18:e6:ab:b9:26:21:71:e8:49:42:
                    80:b2:a9:2d:c3:b8:aa:ea:62:00:e1:65:92:c8:d0:
                    f9:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:54:23:B1:36:80:14:71:40:39:92:45:6D:26:18:B9:6D:25:8C:0B
            X509v3 Authority Key Identifier:
                keyid:A7:24:38:34:90:A1:05:BD:C0:D2:15:97:BF:B1:47:8E:F0:46:30:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pyQ4NJChBb3A0hWXv7FHjvBGMLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/305360-2203-4a21-a2fd-91e8599ddbf7/1/fFQjsTaAFHFAOZJFbSYYuW0ljAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/305360-2203-4a21-a2fd-91e8599ddbf7/1/pyQ4NJChBb3A0hWXv7FHjvBGMLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.120.0/23
                  185.149.12.0/23
                  193.109.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:90:cb:b0:23:a7:ed:ec:99:b0:79:92:ad:37:b9:cf:91:c0:
         ec:ce:51:a8:de:e2:6a:a0:76:c4:c8:07:d3:4c:96:83:68:3d:
         1a:79:0f:e6:35:fa:8c:dd:c1:d6:1d:7f:fd:a7:a1:b0:f4:7f:
         ad:b9:bf:00:92:93:c6:7d:29:e6:a2:a2:4e:fc:4b:6d:91:97:
         09:10:5c:13:4c:b0:21:2a:09:73:4e:3f:76:07:db:81:fc:72:
         76:d8:e0:cf:ad:ad:01:4e:22:87:a8:e1:82:8b:91:f2:a8:2a:
         93:34:a6:a0:61:65:ec:81:75:f0:29:37:ea:4c:8e:de:62:f3:
         6b:1b:4e:48:1d:bc:eb:cf:ad:02:6e:56:58:22:b8:9c:85:8d:
         b7:2b:49:28:a9:11:d4:1c:6d:b0:fb:c3:72:2c:14:31:fc:14:
         5b:d3:e0:31:9c:b5:d9:e5:fa:b0:2e:fb:a0:6c:e9:1a:97:15:
         f3:a1:78:cc:e4:e0:c7:e4:7d:22:b3:04:e3:1c:51:8b:d1:0a:
         bf:05:9e:23:de:2e:d8:80:7c:ce:6d:4d:d5:0b:45:86:9f:41:
         5c:e4:43:b4:b2:dc:00:c7:cc:99:eb:c1:fc:23:12:f5:d0:70:
         3d:ac:15:08:8b:ff:4d:81:d8:6e:6d:b8:a8:2f:4a:0d:50:66:
         e7:db:01:5b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY6eEogI8krX2zevp5xV19QcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3MjQzODM0OTBhMTA1YmRjMGQyMTU5N2JmYjE0NzhlZjA0
NjMwYjEwHhcNMjQwNDAyMDkwOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzU0MjNiMTM2ODAxNDcxNDAzOTkyNDU2ZDI2MThiOTZkMjU4YzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6qLduOpoAoywBzwwDZHSx7zJmGa
mciuqjYXtWcziE8hhTjLmSJ4XeEYgEtrp94Th1g2WxamJLndeCw3grTD9GZzjJMC
jFXWkjiFQnf1UP/njHCpef9j9ac4U2qYzUAPPcskkTqOWI81RQUUd5jfyAI2AtiC
r6+X8J+zkwiQzcQQBQ1RSe1v2/q7LfkEmykARqXzgw+e0ZFHCoitV78pG6vFcQe2
IMtgUec4P93xKFGJXCHNd+wmELb52UGWaaeUjwD5zf11oxIIcatjH8cakJZnFCvl
LpsM7Chlm+K34BKo42tr3xjmq7kmIXHoSUKAsqktw7iq6mIA4WWSyND5lQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHxUI7E2gBRxQDmSRW0mGLltJYwLMB8GA1UdIwQY
MBaAFKckODSQoQW9wNIVl7+xR47wRjCxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHlRNE5KQ2hCYjNBMGhXWHY3RkhqdkJHTUxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8zMDUzNjAtMjIwMy00YTIxLWEyZmQt
OTFlODU5OWRkYmY3LzEvZkZRanNUYUFGSEZBT1pKRmJTWVl1VzBsakFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8zMDUzNjAtMjIwMy00YTIxLWEyZmQtOTFlODU5OWRkYmY3
LzEvcHlRNE5KQ2hCYjNBMGhXWHY3RkhqdkJHTUxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLZF4AwQB
uZUMAwQAwW0/MA0GCSqGSIb3DQEBCwUAA4IBAQB7kMuwI6ft7JmweZKtN7nPkcDs
zlGo3uJqoHbEyAfTTJaDaD0aeQ/mNfqM3cHWHX/9p6Gw9H+tub8AkpPGfSnmoqJO
/EttkZcJEFwTTLAhKglzTj92B9uB/HJ22ODPra0BTiKHqOGCi5HyqCqTNKagYWXs
gXXwKTfqTI7eYvNrG05IHbzrz60CblZYIrichY23K0koqRHUHG2w+8NyLBQx/BRb
0+AxnLXZ5fqwLvugbOkalxXzoXjM5ODH5H0iswTjHFGL0Qq/BZ4j3i7YgHzObU3V
C0WGn0Fc5EO0stwAx8yZ68H8IxL10HA9rBUIi/9NgdhubbioL0oNUGbn2wFb
-----END CERTIFICATE-----