Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/oufjHOKl_LbwcWNoE9yRU_bzf9M.roa
File:                     oufjHOKl_LbwcWNoE9yRU_bzf9M.roa (raw, json)
Hash identifier:          8nwzBUOgGUm+w3uT8s0Fagt++CXWTGrFZ/8HRhAVueg=
Subject key identifier:   A2:E7:E3:1C:E2:A5:FC:B6:F0:71:63:68:13:DC:91:53:F6:F3:7F:D3
Certificate issuer:       /CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
Certificate serial:       018DD4C940FCED770987226C5AA0488B8C69
Authority key identifier: CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/oufjHOKl_LbwcWNoE9yRU_bzf9M.roa
Signing time:             Fri 23 Feb 2024 07:06:15 +0000
ROA not before:           Fri 23 Feb 2024 07:06:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208992
IP address blocks:        45.144.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d4:c9:40:fc:ed:77:09:87:22:6c:5a:a0:48:8b:8c:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
        Validity
            Not Before: Feb 23 07:06:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2e7e31ce2a5fcb6f071636813dc9153f6f37fd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:0c:cc:72:bd:30:90:31:af:b8:6e:91:52:57:
                    35:c3:a9:68:0e:61:1f:5e:f2:ea:ef:22:35:0a:9c:
                    81:8f:58:65:f4:37:e0:fc:8b:76:5e:95:d8:b3:33:
                    f8:dc:f4:48:8d:33:41:5c:ff:d6:79:46:09:e3:40:
                    4b:a2:04:e9:8a:09:9e:9b:54:82:b0:99:3b:68:ac:
                    a8:ee:d4:8a:de:7b:d7:91:14:b9:b2:dc:72:fd:c3:
                    d8:9a:76:79:a2:28:0b:7f:5c:ff:69:c3:66:9d:a6:
                    04:91:71:54:b0:ca:af:d5:d7:45:96:63:aa:06:a7:
                    96:02:0e:2a:4f:59:4e:9b:2b:6a:b3:31:aa:e0:10:
                    55:b9:3d:88:a3:9a:da:a2:35:46:7e:53:78:51:c4:
                    de:ed:08:21:3c:c3:9c:df:bd:b1:cd:28:d7:57:88:
                    7d:c5:a5:6e:e9:f3:1b:69:df:9b:9e:12:14:5e:e9:
                    d0:17:fb:c8:41:01:fc:d6:fe:bf:7a:0d:d4:7b:6a:
                    6b:d3:4f:f3:20:12:e3:20:69:99:04:a4:c3:82:91:
                    c6:45:1f:20:12:28:55:7a:af:11:c9:cc:ef:a0:91:
                    b0:36:39:50:e7:53:c9:c5:cc:b1:26:16:d5:cd:75:
                    15:f9:03:95:72:11:c4:90:52:36:ea:ba:79:14:df:
                    01:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:E7:E3:1C:E2:A5:FC:B6:F0:71:63:68:13:DC:91:53:F6:F3:7F:D3
            X509v3 Authority Key Identifier:
                keyid:CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/oufjHOKl_LbwcWNoE9yRU_bzf9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:f9:9c:3e:c8:53:fd:47:6d:20:9d:ec:d1:8a:60:e7:36:7a:
         d2:d4:03:fe:78:77:e9:a2:1e:48:fb:a9:9b:42:57:aa:98:0e:
         9c:12:b9:45:af:b7:c7:21:7a:e0:9a:99:9f:74:f9:a2:cb:42:
         cd:59:02:4b:f2:98:86:7b:9c:65:7a:13:b7:9e:7a:17:a0:eb:
         4b:cb:92:8f:2d:04:2e:3c:3d:17:53:0b:99:e6:4e:ab:b5:5b:
         aa:d9:78:ff:a7:ce:c6:f9:2d:66:e3:0e:46:02:be:f9:01:8c:
         e3:20:14:ea:d9:b0:d3:4e:bf:0c:af:50:be:9b:64:06:09:e0:
         e9:4b:8c:f7:0e:c3:2b:d9:8c:79:00:dc:6a:01:7f:27:94:9f:
         82:b9:6c:e7:de:83:3b:f0:f0:80:c5:f7:6d:9f:de:d7:bf:f5:
         ea:a1:c5:49:df:3a:b0:ef:12:8a:c9:a0:a8:72:20:76:6c:dd:
         2b:9c:e0:06:a0:17:7e:9a:e0:da:4b:bf:3e:46:45:95:5e:3d:
         1a:6b:4f:d2:d2:70:89:c0:b9:2a:d5:38:8a:93:68:54:03:fe:
         9e:e1:64:5e:13:9d:e6:d6:02:df:cb:29:78:19:dd:d7:86:78:
         3b:57:12:c4:e4:81:fe:15:40:43:58:86:e6:82:34:ec:55:ba:
         ed:4c:b1:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3UyUD87XcJhyJsWqBIi4xpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2Q3M2Y4MmMyNjBkYTg3Mzg2ZGNmN2JlMjZkNWM1NDQ1
NTI2ZmEwHhcNMjQwMjIzMDcwNjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmU3ZTMxY2UyYTVmY2I2ZjA3MTYzNjgxM2RjOTE1M2Y2ZjM3ZmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigzMcr0wkDGvuG6RUlc1w6loDmEf
XvLq7yI1CpyBj1hl9Dfg/It2XpXYszP43PRIjTNBXP/WeUYJ40BLogTpigmem1SC
sJk7aKyo7tSK3nvXkRS5stxy/cPYmnZ5oigLf1z/acNmnaYEkXFUsMqv1ddFlmOq
BqeWAg4qT1lOmytqszGq4BBVuT2Io5raojVGflN4UcTe7QghPMOc372xzSjXV4h9
xaVu6fMbad+bnhIUXunQF/vIQQH81v6/eg3Ue2pr00/zIBLjIGmZBKTDgpHGRR8g
EihVeq8RyczvoJGwNjlQ51PJxcyxJhbVzXUV+QOVchHEkFI26rp5FN8B4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKLn4xzipfy28HFjaBPckVP283/TMB8GA1UdIwQY
MBaAFM/Nc/gsJg2oc4bc974m1cVEVSb6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTct
NmVkYzFiMjI1NjI1LzEvb3VmakhPS2xfTGJ3Y1dOb0U5eVJVX2J6ZjlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTctNmVkYzFiMjI1NjI1
LzEvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZAqMA0G
CSqGSIb3DQEBCwUAA4IBAQC3+Zw+yFP9R20gnezRimDnNnrS1AP+eHfpoh5I+6mb
QleqmA6cErlFr7fHIXrgmpmfdPmiy0LNWQJL8piGe5xlehO3nnoXoOtLy5KPLQQu
PD0XUwuZ5k6rtVuq2Xj/p87G+S1m4w5GAr75AYzjIBTq2bDTTr8Mr1C+m2QGCeDp
S4z3DsMr2Yx5ANxqAX8nlJ+CuWzn3oM78PCAxfdtn97Xv/XqocVJ3zqw7xKKyaCo
ciB2bN0rnOAGoBd+muDaS78+RkWVXj0aa0/S0nCJwLkq1TiKk2hUA/6e4WReE53m
1gLfyyl4Gd3Xhng7VxLE5IH+FUBDWIbmgjTsVbrtTLF7
-----END CERTIFICATE-----