Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/0lHEC7WwqxWN6J_7IaZldwErvkU.roa
File:                     0lHEC7WwqxWN6J_7IaZldwErvkU.roa (raw, json)
Hash identifier:          Nz5G0RIpUZODc6xxLEkXRKv3WSHJ4knYosk1o/sPFzk=
Subject key identifier:   D2:51:C4:0B:B5:B0:AB:15:8D:E8:9F:FB:21:A6:65:77:01:2B:BE:45
Certificate issuer:       /CN=f7cb14a41f8d9e628dae88f4752822fc77dfec02
Certificate serial:       0192B831B15D5C9CEA3A80923BF5A325F8C6
Authority key identifier: F7:CB:14:A4:1F:8D:9E:62:8D:AE:88:F4:75:28:22:FC:77:DF:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/0lHEC7WwqxWN6J_7IaZldwErvkU.roa
Signing time:             Wed 23 Oct 2024 07:05:17 +0000
ROA not before:           Wed 23 Oct 2024 07:05:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        45.157.132.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b8:31:b1:5d:5c:9c:ea:3a:80:92:3b:f5:a3:25:f8:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7cb14a41f8d9e628dae88f4752822fc77dfec02
        Validity
            Not Before: Oct 23 07:05:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d251c40bb5b0ab158de89ffb21a66577012bbe45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:07:9d:31:b7:35:83:97:61:6d:a2:41:f9:56:
                    79:3c:9f:84:96:3a:74:69:eb:82:bf:04:cd:71:e3:
                    28:40:b7:36:1c:1b:c8:ce:1a:1a:e2:76:46:ad:f7:
                    43:e9:80:ad:5e:58:46:97:2f:09:22:23:28:7b:b0:
                    29:ce:6e:90:d5:35:38:1d:bb:74:0e:33:c0:2c:91:
                    2f:e1:79:d1:f0:47:19:a9:af:63:fb:93:05:d5:7c:
                    0e:5b:f8:81:05:3d:3e:19:42:1f:8c:f9:d6:53:d4:
                    e7:a5:e2:1b:c2:cd:c4:47:8c:f0:89:ee:60:f2:cf:
                    6f:60:ee:c0:ef:9b:df:fd:e1:fc:a9:ef:e2:31:1c:
                    28:2e:ef:33:46:90:56:31:f8:c0:db:b6:b6:3a:ea:
                    db:97:e5:c2:a4:51:97:30:7f:e7:97:cb:37:18:e3:
                    0b:10:f5:9c:84:41:d8:04:da:45:b9:0d:35:e6:89:
                    12:82:f6:93:6e:80:41:24:12:72:c0:52:11:2a:71:
                    9d:3f:e5:7f:f2:53:f6:75:c2:e1:4e:9e:6f:09:41:
                    b7:45:88:d3:f4:5d:18:cc:d9:00:2d:df:dc:d8:4e:
                    72:f3:4a:cd:b0:12:3f:de:d4:37:d9:a4:f6:66:95:
                    0c:04:2a:cd:b0:28:e8:36:d0:4e:34:48:f6:25:7b:
                    ef:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:51:C4:0B:B5:B0:AB:15:8D:E8:9F:FB:21:A6:65:77:01:2B:BE:45
            X509v3 Authority Key Identifier:
                keyid:F7:CB:14:A4:1F:8D:9E:62:8D:AE:88:F4:75:28:22:FC:77:DF:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/0lHEC7WwqxWN6J_7IaZldwErvkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:32:7e:f4:32:9d:32:b3:72:c6:f7:df:37:e1:af:b9:cc:af:
         2a:41:36:b2:2d:c0:41:9e:bf:4b:4a:0f:65:09:b3:de:dd:94:
         06:ae:a5:aa:97:1a:7f:16:18:a7:5f:4e:35:5a:46:31:5e:71:
         04:7d:b3:19:7d:37:e6:6a:c2:9b:34:66:92:d7:3f:63:99:13:
         e7:db:aa:9e:61:94:4d:d3:5e:c8:22:4e:da:9c:43:d6:df:ee:
         2f:41:d3:31:b3:3b:0f:47:24:7d:75:2b:6a:f0:3d:cf:50:4e:
         33:ce:90:0d:12:21:58:28:2f:98:3d:3a:4f:2e:15:1d:40:b5:
         60:74:2b:7f:12:3c:98:b3:eb:12:ef:9e:73:eb:0d:24:0f:fb:
         44:29:34:83:c2:4c:4d:43:48:ca:4c:31:92:26:ae:db:fc:af:
         35:9c:24:34:34:d5:2e:cf:97:31:fa:17:94:e4:ea:49:3e:2b:
         c3:03:dd:1f:9d:85:85:7b:74:cd:de:a5:e2:6f:84:f8:e8:a0:
         16:ce:3e:0a:bb:03:b5:35:69:2b:84:e1:d9:ad:44:f5:71:03:
         cf:df:e5:bf:1e:61:39:e0:de:b6:d7:d1:f9:6d:ef:fe:39:48:
         31:ef:f2:ab:ad:7b:47:d8:8c:2c:7c:c2:d4:66:2a:1a:d8:a6:
         c1:28:5a:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK4MbFdXJzqOoCSO/WjJfjGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3Y2IxNGE0MWY4ZDllNjI4ZGFlODhmNDc1MjgyMmZjNzdk
ZmVjMDIwHhcNMjQxMDIzMDcwNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjUxYzQwYmI1YjBhYjE1OGRlODlmZmIyMWE2NjU3NzAxMmJiZTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQedMbc1g5dhbaJB+VZ5PJ+Eljp0
aeuCvwTNceMoQLc2HBvIzhoa4nZGrfdD6YCtXlhGly8JIiMoe7Apzm6Q1TU4Hbt0
DjPALJEv4XnR8EcZqa9j+5MF1XwOW/iBBT0+GUIfjPnWU9TnpeIbws3ER4zwie5g
8s9vYO7A75vf/eH8qe/iMRwoLu8zRpBWMfjA27a2Ourbl+XCpFGXMH/nl8s3GOML
EPWchEHYBNpFuQ015okSgvaTboBBJBJywFIRKnGdP+V/8lP2dcLhTp5vCUG3RYjT
9F0YzNkALd/c2E5y80rNsBI/3tQ32aT2ZpUMBCrNsCjoNtBONEj2JXvvlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJRxAu1sKsVjeif+yGmZXcBK75FMB8GA1UdIwQY
MBaAFPfLFKQfjZ5ija6I9HUoIvx33+wCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOThzVXBCLU5ubUtOcm9qMGRTZ2lfSGZmN0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84OTAzMTEtNDhlZS00ODZkLTkzNTkt
ZTdlZTRlNzVkM2FmLzEvMGxIRUM3V3dxeFdONkpfN0lhWmxkd0VydmtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84OTAzMTEtNDhlZS00ODZkLTkzNTktZTdlZTRlNzVkM2Fm
LzEvOThzVXBCLU5ubUtOcm9qMGRTZ2lfSGZmN0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ2EMA0G
CSqGSIb3DQEBCwUAA4IBAQBjMn70Mp0ys3LG99834a+5zK8qQTayLcBBnr9LSg9l
CbPe3ZQGrqWqlxp/FhinX041WkYxXnEEfbMZfTfmasKbNGaS1z9jmRPn26qeYZRN
017IIk7anEPW3+4vQdMxszsPRyR9dStq8D3PUE4zzpANEiFYKC+YPTpPLhUdQLVg
dCt/EjyYs+sS755z6w0kD/tEKTSDwkxNQ0jKTDGSJq7b/K81nCQ0NNUuz5cx+heU
5OpJPivDA90fnYWFe3TN3qXib4T46KAWzj4KuwO1NWkrhOHZrUT1cQPP3+W/HmE5
4N6219H5be/+OUgx7/KrrXtH2IwsfMLUZioa2KbBKFo0
-----END CERTIFICATE-----