Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/7f7259-53d0-41ae-951d-400417c9717e/1/1-lz0nFUI1y0v8SBY_R-4Uq8-BY0.roa
File:                     1-lz0nFUI1y0v8SBY_R-4Uq8-BY0.roa (raw, json)
Hash identifier:          VG/JnKZElYNIGh89HVAngmxCEcurmKg7MzHOLkoTCUU=
Subject key identifier:   FA:5C:F4:9C:55:08:D7:2D:2F:F1:20:58:FD:1F:B8:52:AF:3E:05:8D
Certificate issuer:       /CN=eff92d9368a09ad36f7a57edfbd0a05d9fd40e1d
Certificate serial:       018CC7267124A417C8FFBC0C5BEC1DFFC62C
Authority key identifier: EF:F9:2D:93:68:A0:9A:D3:6F:7A:57:ED:FB:D0:A0:5D:9F:D4:0E:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7_ktk2igmtNvelft-9CgXZ_UDh0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/7f7259-53d0-41ae-951d-400417c9717e/1/1-lz0nFUI1y0v8SBY_R-4Uq8-BY0.roa
Signing time:             Mon 01 Jan 2024 22:30:34 +0000
ROA not before:           Mon 01 Jan 2024 22:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44558
IP address blocks:        45.130.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/7f7259-53d0-41ae-951d-400417c9717e/1/7_ktk2igmtNvelft-9CgXZ_UDh0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/7f7259-53d0-41ae-951d-400417c9717e/1/7_ktk2igmtNvelft-9CgXZ_UDh0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7_ktk2igmtNvelft-9CgXZ_UDh0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:71:24:a4:17:c8:ff:bc:0c:5b:ec:1d:ff:c6:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eff92d9368a09ad36f7a57edfbd0a05d9fd40e1d
        Validity
            Not Before: Jan  1 22:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa5cf49c5508d72d2ff12058fd1fb852af3e058d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f5:ee:7e:11:d2:c1:97:76:9c:74:1c:61:37:
                    9f:1d:10:3f:4a:e9:54:87:6d:c6:dd:0b:f9:84:66:
                    a7:69:a0:3f:76:58:42:61:61:85:be:b0:de:ef:9b:
                    f7:53:af:af:be:b9:d4:a2:d6:27:5c:b0:f8:77:e0:
                    de:6c:9b:62:3a:e9:fc:e7:79:ae:ab:1f:11:75:61:
                    20:30:a1:bd:ad:62:3d:3f:b3:1b:76:01:1e:4e:63:
                    d9:11:eb:99:37:a0:27:e5:e6:f4:6b:31:a0:cb:47:
                    1d:c4:1e:fd:93:6d:4c:90:a1:d6:ae:64:11:32:5e:
                    d3:56:0a:0b:aa:61:bf:49:46:be:25:99:8d:32:55:
                    43:0f:4f:fb:20:03:c7:65:01:fc:71:ad:68:9e:44:
                    55:66:ba:01:37:0a:21:19:f2:57:59:74:c5:54:53:
                    8b:6b:bd:ff:fe:96:4a:58:89:54:e5:ff:10:91:43:
                    21:ad:c8:92:c7:25:a4:dd:ff:8d:83:a4:78:29:c8:
                    23:78:d4:6d:d0:bd:d8:bc:38:d1:6f:93:0e:5a:57:
                    d2:0e:27:b2:0c:73:f4:43:7d:55:c9:a4:df:6a:3b:
                    d3:a7:da:e1:aa:cd:bf:0c:0d:5f:84:0b:7d:8a:d0:
                    53:79:0b:cc:09:1e:c7:5b:d7:22:2d:b2:eb:ba:e8:
                    4c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:5C:F4:9C:55:08:D7:2D:2F:F1:20:58:FD:1F:B8:52:AF:3E:05:8D
            X509v3 Authority Key Identifier:
                keyid:EF:F9:2D:93:68:A0:9A:D3:6F:7A:57:ED:FB:D0:A0:5D:9F:D4:0E:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7_ktk2igmtNvelft-9CgXZ_UDh0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/7f7259-53d0-41ae-951d-400417c9717e/1/1-lz0nFUI1y0v8SBY_R-4Uq8-BY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/7f7259-53d0-41ae-951d-400417c9717e/1/7_ktk2igmtNvelft-9CgXZ_UDh0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:96:47:14:82:cc:f2:7a:fd:5d:6d:eb:dd:c3:40:cc:f4:0c:
         ed:79:5f:8d:36:da:48:7c:f3:68:8b:51:ec:52:b4:e0:39:6e:
         56:89:bd:15:0c:ed:6f:04:04:7b:0f:9a:4b:0a:1b:fa:74:14:
         c5:b1:ee:85:d6:7a:03:13:9b:9a:2f:33:48:18:3b:5d:d7:6e:
         c4:92:83:3d:23:75:79:98:a2:2c:e8:d0:d2:94:20:eb:de:59:
         bc:04:33:b8:f0:b2:e4:c2:60:b1:ca:74:65:2a:28:b4:b7:12:
         3f:63:41:9d:15:ad:76:e5:9f:86:45:11:0b:79:06:d6:a7:ce:
         3c:48:39:e1:3a:25:ff:54:fa:47:2e:ea:40:36:9b:fe:70:90:
         cd:42:e1:83:49:c1:fe:0e:97:b1:8a:c0:9c:c4:f0:5d:a3:73:
         95:8e:f2:31:d7:b8:b4:08:5a:a5:63:da:24:2b:e0:33:eb:fa:
         ed:60:cc:40:5d:95:ed:4f:17:df:ea:19:69:b9:0a:1c:ce:df:
         78:80:fb:1e:a7:a4:0b:a3:79:df:01:b1:35:68:74:f1:8f:05:
         7e:c5:68:b5:80:34:b1:59:b7:06:ad:40:a6:57:fb:e8:4f:52:
         a6:ff:e2:cb:09:f5:4c:65:8b:7a:9a:9f:bf:08:96:14:04:66:
         13:9b:41:21
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJnEkpBfI/7wMW+wd/8YsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmZjkyZDkzNjhhMDlhZDM2ZjdhNTdlZGZiZDBhMDVkOWZk
NDBlMWQwHhcNMjQwMTAxMjIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTVjZjQ5YzU1MDhkNzJkMmZmMTIwNThmZDFmYjg1MmFmM2UwNThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvXufhHSwZd2nHQcYTefHRA/SulU
h23G3Qv5hGanaaA/dlhCYWGFvrDe75v3U6+vvrnUotYnXLD4d+DebJtiOun853mu
qx8RdWEgMKG9rWI9P7MbdgEeTmPZEeuZN6An5eb0azGgy0cdxB79k21MkKHWrmQR
Ml7TVgoLqmG/SUa+JZmNMlVDD0/7IAPHZQH8ca1onkRVZroBNwohGfJXWXTFVFOL
a73//pZKWIlU5f8QkUMhrciSxyWk3f+Ng6R4KcgjeNRt0L3YvDjRb5MOWlfSDiey
DHP0Q31VyaTfajvTp9rhqs2/DA1fhAt9itBTeQvMCR7HW9ciLbLruuhMIwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPpc9JxVCNctL/EgWP0fuFKvPgWNMB8GA1UdIwQY
MBaAFO/5LZNooJrTb3pX7fvQoF2f1A4dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN19rdGsyaWdtdE52ZWxmdC05Q2dYWl9VRGgwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83ZjcyNTktNTNkMC00MWFlLTk1MWQt
NDAwNDE3Yzk3MTdlLzEvMS1sejBuRlVJMXkwdjhTQllfUi00VXE4LUJZMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjIvN2Y3MjU5LTUzZDAtNDFhZS05NTFkLTQwMDQxN2M5NzE3
ZS8xLzdfa3RrMmlnbXROdmVsZnQtOUNnWFpfVURoMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2CnDAN
BgkqhkiG9w0BAQsFAAOCAQEAFZZHFILM8nr9XW3r3cNAzPQM7XlfjTbaSHzzaItR
7FK04DluVom9FQztbwQEew+aSwob+nQUxbHuhdZ6AxObmi8zSBg7XdduxJKDPSN1
eZiiLOjQ0pQg695ZvAQzuPCy5MJgscp0ZSootLcSP2NBnRWtduWfhkURC3kG1qfO
PEg54Tol/1T6Ry7qQDab/nCQzULhg0nB/g6XsYrAnMTwXaNzlY7yMde4tAhapWPa
JCvgM+v67WDMQF2V7U8X3+oZabkKHM7feID7HqekC6N53wGxNWh08Y8FfsVotYA0
sVm3Bq1Aplf76E9Spv/iywn1TGWLepqfvwiWFARmE5tBIQ==
-----END CERTIFICATE-----