Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/j7oAqr_sqPOoJmUBIMKMvlBTWiU.roa
File:                     j7oAqr_sqPOoJmUBIMKMvlBTWiU.roa (raw, json)
Hash identifier:          aziZya9QE2kOrTg98LUABKgzgYRUrRVJT+kmkhWLCD8=
Subject key identifier:   8F:BA:00:AA:BF:EC:A8:F3:A8:26:65:01:20:C2:8C:BE:50:53:5A:25
Certificate issuer:       /CN=21c1672dbbbf7165a6a83b3227a7119f0d31e8ee
Certificate serial:       01922327923AF2B96BC0F14BA0363523D2E0
Authority key identifier: 21:C1:67:2D:BB:BF:71:65:A6:A8:3B:32:27:A7:11:9F:0D:31:E8:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/j7oAqr_sqPOoJmUBIMKMvlBTWiU.roa
Signing time:             Tue 24 Sep 2024 08:30:48 +0000
ROA not before:           Tue 24 Sep 2024 08:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213336
IP address blocks:        45.148.176.0/22 maxlen: 24
                          45.148.176.0/24 maxlen: 24
                          45.148.177.0/24 maxlen: 24
                          45.148.178.0/24 maxlen: 24
                          45.148.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:23:27:92:3a:f2:b9:6b:c0:f1:4b:a0:36:35:23:d2:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21c1672dbbbf7165a6a83b3227a7119f0d31e8ee
        Validity
            Not Before: Sep 24 08:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fba00aabfeca8f3a826650120c28cbe50535a25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:66:26:d9:96:fa:6b:9d:68:f2:9a:76:9e:a1:
                    c8:66:20:98:50:f3:f4:da:08:39:a6:16:6f:d3:03:
                    2a:95:d6:44:0f:7e:29:58:08:50:ab:ec:cc:43:f9:
                    a9:ef:1b:e9:72:e4:c8:e1:66:10:3c:e0:7c:3e:dd:
                    7c:67:2d:03:f8:9b:f2:14:10:ed:ad:a4:38:13:92:
                    84:13:1d:8f:86:ce:8a:8e:84:24:76:4d:cc:0a:08:
                    b7:c6:99:c0:98:d5:ff:f1:d3:1f:1e:63:87:44:e7:
                    3d:1e:64:0b:30:b9:67:d2:cb:f2:80:0e:48:60:c8:
                    d9:b1:e5:cd:fb:a3:48:fb:7c:26:2e:ed:48:00:2b:
                    60:c9:42:86:7d:0c:12:98:aa:c3:a4:85:d1:dc:68:
                    5f:5c:27:c7:fa:66:ca:aa:b8:aa:64:cc:f2:b6:c7:
                    11:73:c9:7d:06:cd:df:82:b6:16:b2:cd:59:cb:ac:
                    f8:a7:db:74:d7:d3:b5:fa:b0:1c:c5:d7:3b:e0:20:
                    80:35:c7:c9:81:2d:b5:5e:e3:70:40:f2:88:e4:34:
                    d8:a6:36:dc:73:e7:ea:09:ba:64:7f:dc:d2:f9:25:
                    94:59:7b:2b:a2:d9:d2:8f:4c:24:cf:13:1a:c6:32:
                    cd:50:81:10:7c:79:c0:db:13:0e:ce:8a:93:d9:b3:
                    d8:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:BA:00:AA:BF:EC:A8:F3:A8:26:65:01:20:C2:8C:BE:50:53:5A:25
            X509v3 Authority Key Identifier:
                keyid:21:C1:67:2D:BB:BF:71:65:A6:A8:3B:32:27:A7:11:9F:0D:31:E8:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/j7oAqr_sqPOoJmUBIMKMvlBTWiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c05d4c-96d3-4b57-ae34-3477c7fcd4d9/1/IcFnLbu_cWWmqDsyJ6cRnw0x6O4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:f3:4e:c5:b9:cb:b9:7f:c0:8f:e0:1a:8e:8b:a0:46:6a:ec:
         e1:77:55:d5:00:9c:ad:c4:1a:ac:b7:6d:57:6b:9b:ed:b1:ad:
         bc:42:20:d4:ef:2d:fc:36:23:96:2f:16:71:ac:b9:67:51:03:
         a0:05:9f:c3:79:37:c0:a9:80:d0:e4:3e:fd:c8:d1:07:15:cb:
         65:09:14:09:7f:0a:a2:c6:66:bb:ae:e4:d5:ca:69:9e:4a:87:
         2b:bd:34:e1:14:ed:6f:6e:c9:e1:d7:d0:a6:b7:e7:8c:46:76:
         b7:05:52:b8:32:51:0c:ee:fc:78:69:fa:d1:de:d1:62:29:dd:
         f9:ac:d0:2a:a3:9c:5d:55:3f:66:10:95:35:d8:d9:a6:ee:28:
         e3:72:5a:33:27:0a:53:89:e6:ae:fc:3d:ce:44:28:8d:e9:30:
         3b:21:7f:cf:5c:68:2b:68:5e:a1:b4:23:e2:f8:de:1f:28:0c:
         83:45:26:df:25:20:52:9c:85:ef:ab:24:b5:86:7f:39:3f:57:
         60:61:c3:54:8c:36:ca:e9:b0:37:3a:bf:a0:da:c2:c1:93:df:
         af:8a:4f:30:68:d9:1e:12:f9:3d:79:e5:17:06:1d:02:fe:f4:
         3a:22:69:a2:0d:15:84:20:d1:bc:8d:c8:e3:97:10:d8:fd:8f:
         c9:44:0f:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIjJ5I68rlrwPFLoDY1I9LgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYzE2NzJkYmJiZjcxNjVhNmE4M2IzMjI3YTcxMTlmMGQz
MWU4ZWUwHhcNMjQwOTI0MDgzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmJhMDBhYWJmZWNhOGYzYTgyNjY1MDEyMGMyOGNiZTUwNTM1YTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmYm2Zb6a51o8pp2nqHIZiCYUPP0
2gg5phZv0wMqldZED34pWAhQq+zMQ/mp7xvpcuTI4WYQPOB8Pt18Zy0D+JvyFBDt
raQ4E5KEEx2Phs6KjoQkdk3MCgi3xpnAmNX/8dMfHmOHROc9HmQLMLln0svygA5I
YMjZseXN+6NI+3wmLu1IACtgyUKGfQwSmKrDpIXR3GhfXCfH+mbKqriqZMzytscR
c8l9Bs3fgrYWss1Zy6z4p9t019O1+rAcxdc74CCANcfJgS21XuNwQPKI5DTYpjbc
c+fqCbpkf9zS+SWUWXsrotnSj0wkzxMaxjLNUIEQfHnA2xMOzoqT2bPYBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+6AKq/7KjzqCZlASDCjL5QU1olMB8GA1UdIwQY
MBaAFCHBZy27v3Flpqg7MienEZ8NMejuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWNGbkxidV9jV1dtcURzeUo2Y1JudzB4Nk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9jMDVkNGMtOTZkMy00YjU3LWFlMzQt
MzQ3N2M3ZmNkNGQ5LzEvajdvQXFyX3NxUE9vSm1VQklNS012bEJUV2lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9jMDVkNGMtOTZkMy00YjU3LWFlMzQtMzQ3N2M3ZmNkNGQ5
LzEvSWNGbkxidV9jV1dtcURzeUo2Y1JudzB4Nk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZSwMA0G
CSqGSIb3DQEBCwUAA4IBAQC2807Fucu5f8CP4BqOi6BGauzhd1XVAJytxBqst21X
a5vtsa28QiDU7y38NiOWLxZxrLlnUQOgBZ/DeTfAqYDQ5D79yNEHFctlCRQJfwqi
xma7ruTVymmeSocrvTThFO1vbsnh19Cmt+eMRna3BVK4MlEM7vx4afrR3tFiKd35
rNAqo5xdVT9mEJU12Nmm7ijjclozJwpTieau/D3ORCiN6TA7IX/PXGgraF6htCPi
+N4fKAyDRSbfJSBSnIXvqyS1hn85P1dgYcNUjDbK6bA3Or+g2sLBk9+vik8waNke
Evk9eeUXBh0C/vQ6ImmiDRWEING8jcjjlxDY/Y/JRA/i
-----END CERTIFICATE-----