Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/75452b-a4ea-4112-af03-8ed8433d38c4/1/Fe-_sT07oH0DI0cqrvDrNj_3RLc.roa
File:                     Fe-_sT07oH0DI0cqrvDrNj_3RLc.roa (raw, json)
Hash identifier:          u2w2gRNI0xfHoIqeh3NdHoDSYl1y47RJDS9APwxrMZ0=
Subject key identifier:   15:EF:BF:B1:3D:3B:A0:7D:03:23:47:2A:AE:F0:EB:36:3F:F7:44:B7
Certificate issuer:       /CN=531f247d4bc70214606d07d659319ec3f3479706
Certificate serial:       018CC348930B1820C737E2E5B017A930A68B
Authority key identifier: 53:1F:24:7D:4B:C7:02:14:60:6D:07:D6:59:31:9E:C3:F3:47:97:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ux8kfUvHAhRgbQfWWTGew_NHlwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/75452b-a4ea-4112-af03-8ed8433d38c4/1/Fe-_sT07oH0DI0cqrvDrNj_3RLc.roa
Signing time:             Mon 01 Jan 2024 04:29:22 +0000
ROA not before:           Mon 01 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24961
IP address blocks:        45.81.132.0/22 maxlen: 22
                          91.212.140.0/24 maxlen: 24
                          2a0e:4680::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/75452b-a4ea-4112-af03-8ed8433d38c4/1/Ux8kfUvHAhRgbQfWWTGew_NHlwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/75452b-a4ea-4112-af03-8ed8433d38c4/1/Ux8kfUvHAhRgbQfWWTGew_NHlwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ux8kfUvHAhRgbQfWWTGew_NHlwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:93:0b:18:20:c7:37:e2:e5:b0:17:a9:30:a6:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=531f247d4bc70214606d07d659319ec3f3479706
        Validity
            Not Before: Jan  1 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15efbfb13d3ba07d0323472aaef0eb363ff744b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6d:80:71:38:16:e6:ab:4a:f0:f3:53:ec:e0:
                    b5:55:9e:ef:62:c7:a1:91:62:0e:42:6d:d4:2f:f0:
                    85:ca:35:a7:e8:a7:39:1c:53:ae:68:7f:49:eb:df:
                    a6:89:e8:ea:6a:2e:b8:7a:87:aa:ba:29:86:58:ed:
                    9b:ef:d9:42:85:3e:67:9c:52:67:b7:5e:bb:b7:57:
                    4f:73:2d:7f:25:56:9b:fd:ca:af:92:f7:85:dd:63:
                    da:9d:02:f0:57:94:2c:39:c6:b7:df:a0:9a:b7:c1:
                    2a:cd:59:fa:dd:32:51:4d:39:ee:e2:a9:7e:b3:1a:
                    ff:e3:3a:23:a2:68:69:85:74:f5:01:10:ea:49:12:
                    31:13:42:83:f9:e0:fa:34:f5:41:f3:64:8f:b3:ef:
                    13:a1:08:84:69:db:be:be:ec:93:de:aa:82:1b:76:
                    91:07:ed:cd:ea:4c:6d:fc:71:5a:9a:bf:31:76:58:
                    3c:21:01:04:fe:8e:c3:01:8a:2f:38:69:e0:7b:c0:
                    bb:de:7c:d7:4d:a7:73:36:29:f1:f8:54:0f:e3:07:
                    0c:52:2a:68:2d:ae:ef:e3:1b:47:05:6d:34:d2:b7:
                    a7:99:f7:f4:3e:19:0d:83:d1:80:01:01:90:c9:2f:
                    05:8b:7d:8a:fa:5e:43:b5:15:14:6c:0b:29:33:2e:
                    50:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:EF:BF:B1:3D:3B:A0:7D:03:23:47:2A:AE:F0:EB:36:3F:F7:44:B7
            X509v3 Authority Key Identifier:
                keyid:53:1F:24:7D:4B:C7:02:14:60:6D:07:D6:59:31:9E:C3:F3:47:97:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ux8kfUvHAhRgbQfWWTGew_NHlwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/75452b-a4ea-4112-af03-8ed8433d38c4/1/Fe-_sT07oH0DI0cqrvDrNj_3RLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/75452b-a4ea-4112-af03-8ed8433d38c4/1/Ux8kfUvHAhRgbQfWWTGew_NHlwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.132.0/22
                  91.212.140.0/24
                IPv6:
                  2a0e:4680::/32

    Signature Algorithm: sha256WithRSAEncryption
         a5:c8:0b:4f:46:0c:78:ee:9e:fc:de:c0:c5:a5:a4:34:3c:43:
         5f:ed:58:87:a4:eb:ff:18:78:42:3d:f9:54:ba:8b:85:79:a5:
         41:a5:b2:42:97:64:10:a8:fa:16:7c:f0:6d:69:8d:2d:e1:04:
         37:ad:27:52:f3:a3:b2:df:f3:44:ff:21:c0:70:a8:9d:c9:6b:
         19:d7:6f:21:d9:54:a8:8a:3f:07:c3:da:dd:f9:73:2e:49:20:
         d0:27:28:8a:d9:b5:a0:9b:e9:99:94:9d:d2:3f:98:ce:b4:6e:
         c2:38:64:99:d0:1d:2a:86:df:06:27:17:ae:01:e3:48:98:42:
         70:34:a2:5e:b5:27:7a:2e:03:5d:c8:6e:dc:44:35:69:79:e4:
         04:4e:56:e8:58:38:9c:c2:b5:5a:ae:c8:0c:5a:bd:09:01:15:
         1b:92:1b:7f:67:33:91:62:26:a9:09:44:9e:94:6f:09:79:5d:
         16:d9:4c:b6:87:59:4b:8a:b6:f7:d0:be:b9:45:91:21:96:3d:
         35:ff:56:d9:ec:2d:0d:6f:2b:0f:74:44:95:c5:23:af:d4:93:
         3e:62:3d:67:c7:e5:ef:1b:06:8b:f9:2b:7e:9a:78:b9:bb:54:
         3e:4d:da:b8:40:e1:0e:d3:2f:55:37:3c:55:6b:8e:28:c7:00:
         81:07:b6:d0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDSJMLGCDHN+LlsBepMKaLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMWYyNDdkNGJjNzAyMTQ2MDZkMDdkNjU5MzE5ZWMzZjM0
Nzk3MDYwHhcNMjQwMTAxMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWVmYmZiMTNkM2JhMDdkMDMyMzQ3MmFhZWYwZWIzNjNmZjc0NGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqG2AcTgW5qtK8PNT7OC1VZ7vYseh
kWIOQm3UL/CFyjWn6Kc5HFOuaH9J69+miejqai64eoequimGWO2b79lChT5nnFJn
t167t1dPcy1/JVab/cqvkveF3WPanQLwV5QsOca336Cat8EqzVn63TJRTTnu4ql+
sxr/4zojomhphXT1ARDqSRIxE0KD+eD6NPVB82SPs+8ToQiEadu+vuyT3qqCG3aR
B+3N6kxt/HFamr8xdlg8IQEE/o7DAYovOGnge8C73nzXTadzNinx+FQP4wcMUipo
La7v4xtHBW000renmff0PhkNg9GAAQGQyS8Fi32K+l5DtRUUbAspMy5Q2QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBXvv7E9O6B9AyNHKq7w6zY/90S3MB8GA1UdIwQY
MBaAFFMfJH1LxwIUYG0H1lkxnsPzR5cGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXg4a2ZVdkhBaFJnYlFmV1dUR2V3X05IbHdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS83NTQ1MmItYTRlYS00MTEyLWFmMDMt
OGVkODQzM2QzOGM0LzEvRmUtX3NUMDdvSDBESTBjcXJ2RHJOal8zUkxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS83NTQ1MmItYTRlYS00MTEyLWFmMDMtOGVkODQzM2QzOGM0
LzEvVXg4a2ZVdkhBaFJnYlFmV1dUR2V3X05IbHdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLVGEAwQA
W9SMMA0EAgACMAcDBQAqDkaAMA0GCSqGSIb3DQEBCwUAA4IBAQClyAtPRgx47p78
3sDFpaQ0PENf7ViHpOv/GHhCPflUuouFeaVBpbJCl2QQqPoWfPBtaY0t4QQ3rSdS
86Oy3/NE/yHAcKidyWsZ128h2VSoij8Hw9rd+XMuSSDQJyiK2bWgm+mZlJ3SP5jO
tG7COGSZ0B0qht8GJxeuAeNImEJwNKJetSd6LgNdyG7cRDVpeeQETlboWDicwrVa
rsgMWr0JARUbkht/ZzORYiapCUSelG8JeV0W2Uy2h1lLirb30L65RZEhlj01/1bZ
7C0NbysPdESVxSOv1JM+Yj1nx+XvGwaL+St+mni5u1Q+Tdq4QOEO0y9VNzxVa44o
xwCBB7bQ
-----END CERTIFICATE-----