Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/FER8QXpz2hwrCOMhOKnAB1dxZm0.roa
File:                     FER8QXpz2hwrCOMhOKnAB1dxZm0.roa (raw, json)
Hash identifier:          mQpJWuP5KotNmKE8Ooo9SyJc091VStWTdiPM+kws04g=
Subject key identifier:   14:44:7C:41:7A:73:DA:1C:2B:08:E3:21:38:A9:C0:07:57:71:66:6D
Certificate issuer:       /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial:       018CC794638EAE81B28B5A974DD8751E7D22
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/FER8QXpz2hwrCOMhOKnAB1dxZm0.roa
Signing time:             Tue 02 Jan 2024 00:30:39 +0000
ROA not before:           Tue 02 Jan 2024 00:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200180
IP address blocks:        45.155.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:63:8e:ae:81:b2:8b:5a:97:4d:d8:75:1e:7d:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
        Validity
            Not Before: Jan  2 00:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14447c417a73da1c2b08e32138a9c0075771666d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:12:93:d2:b6:42:e9:d5:0e:87:6e:fb:c5:19:
                    ca:ed:eb:49:f4:ec:42:6c:54:cc:d8:c2:74:4e:e8:
                    9d:72:5d:bd:af:c3:81:c8:e2:ec:14:83:b5:53:c3:
                    02:5b:3d:cc:76:63:88:2b:e7:84:44:26:3e:3c:22:
                    b3:15:b8:1b:cd:99:30:28:7c:a0:e2:cb:1c:32:66:
                    c2:ab:4e:55:97:92:75:a0:8c:5c:e5:9c:64:36:35:
                    67:88:10:9a:c8:84:67:c6:30:84:f9:89:6d:42:cc:
                    74:67:27:d8:73:fd:99:64:12:42:75:75:db:3a:2a:
                    09:2e:b9:1a:98:ca:4e:05:ce:a6:47:7a:db:25:53:
                    78:44:a8:bd:f0:78:f6:50:24:3b:01:9b:1d:f5:c9:
                    a9:45:78:d9:fd:c5:d7:e3:62:01:e0:76:dd:1a:69:
                    eb:cc:28:66:34:0e:41:c9:ce:c2:30:84:49:91:3f:
                    ad:7b:dc:ac:5d:16:7e:5a:57:f8:95:00:12:9c:f3:
                    c0:48:81:0d:60:d3:bc:09:41:f2:ab:d0:eb:b8:4e:
                    a7:ca:c3:99:50:3c:bc:3f:e2:72:60:9c:9e:75:fc:
                    d3:ac:90:1f:64:7b:2d:fa:52:0c:b3:07:bc:cf:10:
                    ea:67:7c:28:3e:4e:70:0c:3f:ee:31:c6:ec:58:e9:
                    ce:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:44:7C:41:7A:73:DA:1C:2B:08:E3:21:38:A9:C0:07:57:71:66:6D
            X509v3 Authority Key Identifier:
                keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/FER8QXpz2hwrCOMhOKnAB1dxZm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:2c:a5:2d:81:7b:f4:d6:48:a6:26:0c:e1:70:ec:21:9c:3c:
         eb:3e:d9:02:0e:9f:b5:5b:58:cf:2c:9d:71:66:64:f3:5a:fa:
         92:d6:50:5f:5a:7a:62:b6:0c:d4:8d:26:4b:5f:16:8d:bf:52:
         15:32:24:b1:fb:20:8c:bd:5b:02:d6:da:9c:c4:9b:18:e8:66:
         cf:a7:c2:33:71:29:d7:23:c0:e3:e6:f7:95:12:15:ad:d0:70:
         e4:ce:59:87:48:2e:77:51:f2:51:2f:4b:5d:ce:e2:e5:45:09:
         23:24:c5:cf:74:02:48:eb:de:66:9f:f0:2a:e8:ce:2c:72:57:
         40:f0:77:9e:e2:f0:94:74:f1:86:0f:47:1e:0c:97:8c:99:79:
         71:2e:84:42:93:e0:37:4f:51:b2:b5:48:c5:b7:84:b9:06:c6:
         5a:7b:4e:1d:74:7b:8e:e9:5c:d8:64:f2:be:1b:99:80:74:03:
         70:16:36:35:d1:ab:a6:ae:1c:0e:06:85:0b:ca:b3:9c:2f:20:
         8e:3a:2d:ee:6d:31:c2:41:74:8f:8d:17:f4:63:3a:bb:bb:53:
         08:b2:2a:3b:8d:e5:b2:f0:83:68:57:65:dc:e6:4a:49:eb:42:
         27:a5:a0:dd:bc:dc:4b:77:c8:fb:1b:5c:06:b4:1a:9b:e6:aa:
         84:fb:b0:5b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlGOOroGyi1qXTdh1Hn0iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjQwMTAyMDAzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDQ0N2M0MTdhNzNkYTFjMmIwOGUzMjEzOGE5YzAwNzU3NzE2NjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxKT0rZC6dUOh277xRnK7etJ9OxC
bFTM2MJ0Tuidcl29r8OByOLsFIO1U8MCWz3MdmOIK+eERCY+PCKzFbgbzZkwKHyg
4sscMmbCq05Vl5J1oIxc5ZxkNjVniBCayIRnxjCE+YltQsx0ZyfYc/2ZZBJCdXXb
OioJLrkamMpOBc6mR3rbJVN4RKi98Hj2UCQ7AZsd9cmpRXjZ/cXX42IB4HbdGmnr
zChmNA5Byc7CMIRJkT+te9ysXRZ+Wlf4lQASnPPASIENYNO8CUHyq9DruE6nysOZ
UDy8P+JyYJyedfzTrJAfZHst+lIMswe8zxDqZ3woPk5wDD/uMcbsWOnOVwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBREfEF6c9ocKwjjITipwAdXcWZtMB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xL0ZFUjhRWHB6Mmh3ckNPTWhPS25BQjFkeFptMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtm6Qw
DQYJKoZIhvcNAQELBQADggEBABkspS2Be/TWSKYmDOFw7CGcPOs+2QIOn7VbWM8s
nXFmZPNa+pLWUF9aemK2DNSNJktfFo2/UhUyJLH7IIy9WwLW2pzEmxjoZs+nwjNx
KdcjwOPm95USFa3QcOTOWYdILndR8lEvS13O4uVFCSMkxc90Akjr3maf8Crozixy
V0Dwd57i8JR08YYPRx4Ml4yZeXEuhEKT4DdPUbK1SMW3hLkGxlp7Th10e47pXNhk
8r4bmYB0A3AWNjXRq6auHA4GhQvKs5wvII46Le5tMcJBdI+NF/RjOru7UwiyKjuN
5bLwg2hXZdzmSknrQieloN283Et3yPsbXAa0GpvmqoT7sFs=
-----END CERTIFICATE-----