Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/cecfb6-07fb-4275-b06a-8aa50d67037c/1/FUYjq3S9XxtlJuaiBuAVR6jX5mU.roa
File:                     FUYjq3S9XxtlJuaiBuAVR6jX5mU.roa (raw, json)
Hash identifier:          a3vEuamY4t/XRj2np9Wc1PcYkgvgoKcsmuS/Kg2PVEA=
Subject key identifier:   15:46:23:AB:74:BD:5F:1B:65:26:E6:A2:06:E0:15:47:A8:D7:E6:65
Certificate issuer:       /CN=d3a7c3be06bc45c3f12b90b185278ad4ec919756
Certificate serial:       018CC64A58798A3C83B9B273DDCB6E88F7CE
Authority key identifier: D3:A7:C3:BE:06:BC:45:C3:F1:2B:90:B1:85:27:8A:D4:EC:91:97:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/06fDvga8RcPxK5CxhSeK1OyRl1Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/cecfb6-07fb-4275-b06a-8aa50d67037c/1/FUYjq3S9XxtlJuaiBuAVR6jX5mU.roa
Signing time:             Mon 01 Jan 2024 18:30:10 +0000
ROA not before:           Mon 01 Jan 2024 18:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209879
IP address blocks:        45.148.88.0/22 maxlen: 27

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/cecfb6-07fb-4275-b06a-8aa50d67037c/1/06fDvga8RcPxK5CxhSeK1OyRl1Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/cecfb6-07fb-4275-b06a-8aa50d67037c/1/06fDvga8RcPxK5CxhSeK1OyRl1Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/06fDvga8RcPxK5CxhSeK1OyRl1Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:03:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:58:79:8a:3c:83:b9:b2:73:dd:cb:6e:88:f7:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3a7c3be06bc45c3f12b90b185278ad4ec919756
        Validity
            Not Before: Jan  1 18:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=154623ab74bd5f1b6526e6a206e01547a8d7e665
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:57:68:84:91:02:50:e7:4a:d0:f7:62:7b:f3:
                    df:8c:f9:e0:f9:01:5d:8b:48:94:aa:06:2c:00:fe:
                    a5:c2:a4:33:7f:df:9d:a3:ed:ef:32:3a:0a:e6:eb:
                    09:40:79:d5:2f:1e:40:9f:8e:76:ac:9b:32:2e:02:
                    f7:33:c6:42:ae:9c:c0:cf:0e:4d:03:c8:1b:ac:1a:
                    84:cb:95:12:65:17:f5:80:cb:ca:0c:c3:71:a1:c1:
                    84:58:28:8f:45:5e:a5:06:9c:fa:ba:36:70:c5:a6:
                    21:83:42:f4:48:c9:b7:9f:a6:c1:f9:10:db:cc:c8:
                    2f:25:55:a9:56:97:f0:c6:bf:b9:e5:58:f9:b9:80:
                    88:20:72:2a:01:6e:57:a2:a8:ef:9e:14:2a:f2:95:
                    5a:28:42:be:d4:58:6f:ab:46:67:0c:1d:be:eb:56:
                    4c:3c:4b:81:af:31:e6:2e:e4:78:f1:61:15:68:e7:
                    25:30:2b:da:66:2f:3e:a7:eb:90:3c:3a:6e:27:24:
                    8b:ed:97:63:b2:49:24:db:ba:8f:a8:22:18:39:f3:
                    fb:8c:f9:ae:04:d9:74:85:49:3a:6d:88:a5:ac:9f:
                    a2:2d:02:87:b0:3a:9e:61:9e:38:7f:89:d9:07:eb:
                    51:61:77:b6:7d:dd:88:91:f4:bf:54:18:12:93:54:
                    4f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:46:23:AB:74:BD:5F:1B:65:26:E6:A2:06:E0:15:47:A8:D7:E6:65
            X509v3 Authority Key Identifier:
                keyid:D3:A7:C3:BE:06:BC:45:C3:F1:2B:90:B1:85:27:8A:D4:EC:91:97:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/06fDvga8RcPxK5CxhSeK1OyRl1Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/cecfb6-07fb-4275-b06a-8aa50d67037c/1/FUYjq3S9XxtlJuaiBuAVR6jX5mU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/cecfb6-07fb-4275-b06a-8aa50d67037c/1/06fDvga8RcPxK5CxhSeK1OyRl1Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:82:05:56:5e:d2:f5:b5:79:4e:ac:12:53:8d:97:2c:1e:0f:
         db:90:35:89:d9:00:25:ae:f3:af:8b:ff:41:1b:b7:67:f5:07:
         ee:7f:06:4e:b7:b3:ff:6a:ef:4b:ed:fb:90:2f:70:bc:84:82:
         42:c4:c6:21:d5:26:83:27:1c:e6:dc:d2:cc:d6:be:0c:26:0f:
         b2:27:00:b5:0a:a0:01:04:b3:81:19:25:2f:67:14:12:25:dd:
         7d:5b:90:5d:16:1b:8e:5f:ca:49:b2:b7:ff:42:34:e9:02:03:
         9c:63:85:a9:00:b1:db:df:55:c3:e6:b0:cc:f3:7d:0b:51:79:
         85:a9:c2:b0:7a:66:c7:28:45:65:6b:69:7d:b0:8e:48:70:ae:
         97:5c:c2:0b:0f:63:d2:e9:a7:a4:16:74:79:b1:25:e1:12:8f:
         c9:8b:88:bc:f0:04:6f:9e:ae:f8:df:0c:29:2c:05:8e:90:6b:
         97:44:8d:7d:a3:36:5d:1e:de:ba:46:a6:b7:94:70:d2:6b:b0:
         7e:3a:de:b9:76:26:1f:c4:0c:3d:d5:37:c3:db:15:bd:4a:86:
         57:63:18:dd:5d:01:a3:51:71:14:45:61:1e:df:d2:79:73:2a:
         e1:d5:0b:7d:cf:3c:01:0c:8b:65:92:01:f6:e5:44:ab:ed:57:
         e6:d1:49:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSlh5ijyDubJz3ctuiPfOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYTdjM2JlMDZiYzQ1YzNmMTJiOTBiMTg1Mjc4YWQ0ZWM5
MTk3NTYwHhcNMjQwMTAxMTgzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTQ2MjNhYjc0YmQ1ZjFiNjUyNmU2YTIwNmUwMTU0N2E4ZDdlNjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqldohJECUOdK0Pdie/PfjPng+QFd
i0iUqgYsAP6lwqQzf9+do+3vMjoK5usJQHnVLx5An452rJsyLgL3M8ZCrpzAzw5N
A8gbrBqEy5USZRf1gMvKDMNxocGEWCiPRV6lBpz6ujZwxaYhg0L0SMm3n6bB+RDb
zMgvJVWpVpfwxr+55Vj5uYCIIHIqAW5XoqjvnhQq8pVaKEK+1Fhvq0ZnDB2+61ZM
PEuBrzHmLuR48WEVaOclMCvaZi8+p+uQPDpuJySL7Zdjskkk27qPqCIYOfP7jPmu
BNl0hUk6bYilrJ+iLQKHsDqeYZ44f4nZB+tRYXe2fd2IkfS/VBgSk1RPBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVGI6t0vV8bZSbmogbgFUeo1+ZlMB8GA1UdIwQY
MBaAFNOnw74GvEXD8SuQsYUnitTskZdWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDZmRHZnYThSY1B4SzVDeGhTZUsxT3lSbDFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9jZWNmYjYtMDdmYi00Mjc1LWIwNmEt
OGFhNTBkNjcwMzdjLzEvRlVZanEzUzlYeHRsSnVhaUJ1QVZSNmpYNW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9jZWNmYjYtMDdmYi00Mjc1LWIwNmEtOGFhNTBkNjcwMzdj
LzEvMDZmRHZnYThSY1B4SzVDeGhTZUsxT3lSbDFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZRYMA0G
CSqGSIb3DQEBCwUAA4IBAQBmggVWXtL1tXlOrBJTjZcsHg/bkDWJ2QAlrvOvi/9B
G7dn9QfufwZOt7P/au9L7fuQL3C8hIJCxMYh1SaDJxzm3NLM1r4MJg+yJwC1CqAB
BLOBGSUvZxQSJd19W5BdFhuOX8pJsrf/QjTpAgOcY4WpALHb31XD5rDM830LUXmF
qcKwembHKEVla2l9sI5IcK6XXMILD2PS6aekFnR5sSXhEo/Ji4i88ARvnq743wwp
LAWOkGuXRI19ozZdHt66Rqa3lHDSa7B+Ot65diYfxAw91TfD2xW9SoZXYxjdXQGj
UXEURWEe39J5cyrh1Qt9zzwBDItlkgH25USr7Vfm0Ulj
-----END CERTIFICATE-----