Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/AfaQMcG5nupi5Lo-Tvel_s7Le20.roa
File:                     AfaQMcG5nupi5Lo-Tvel_s7Le20.roa (raw, json)
Hash identifier:          hLksjOierG0XYoxbZdK6VhFdINWiM54OI4l3WDILnac=
Subject key identifier:   01:F6:90:31:C1:B9:9E:EA:62:E4:BA:3E:4E:F7:A5:FE:CE:CB:7B:6D
Certificate issuer:       /CN=f7cb14a41f8d9e628dae88f4752822fc77dfec02
Certificate serial:       018CC5DC68E5656F36F26EFE9324E37A1094
Authority key identifier: F7:CB:14:A4:1F:8D:9E:62:8D:AE:88:F4:75:28:22:FC:77:DF:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/AfaQMcG5nupi5Lo-Tvel_s7Le20.roa
Signing time:             Mon 01 Jan 2024 16:30:05 +0000
ROA not before:           Mon 01 Jan 2024 16:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        45.157.132.0/22 maxlen: 24
                          2a0f:4280::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:68:e5:65:6f:36:f2:6e:fe:93:24:e3:7a:10:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7cb14a41f8d9e628dae88f4752822fc77dfec02
        Validity
            Not Before: Jan  1 16:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01f69031c1b99eea62e4ba3e4ef7a5fececb7b6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:83:2b:b2:dc:01:ef:18:9b:e0:ea:ec:dc:d1:
                    a6:0f:9e:da:a0:06:2e:19:b7:d4:22:df:37:32:90:
                    3e:32:47:f6:dd:86:63:00:96:71:32:ec:19:36:92:
                    7a:47:04:fb:f1:bb:ad:9e:76:6c:81:ee:2a:5c:0c:
                    27:e4:4c:be:7e:2c:71:f5:51:5f:d0:43:ff:36:92:
                    9d:6e:3c:c8:ae:f3:72:c4:6d:8f:b1:ee:58:f5:a9:
                    d5:46:33:f9:84:47:70:eb:2c:84:d4:db:6f:b7:05:
                    05:14:46:15:dc:8a:4c:95:e2:23:31:5a:3f:57:52:
                    b3:e9:c9:c8:c2:98:62:83:d0:e1:37:ba:e6:6f:69:
                    29:bc:31:75:af:23:d2:54:d6:33:90:13:21:3f:45:
                    a5:bd:85:c8:88:fe:0b:84:a7:b9:d4:a3:a7:e4:b9:
                    3c:88:9d:a1:a9:3e:57:db:f0:90:35:d4:9e:fe:a3:
                    b4:3e:33:a3:3c:61:18:81:6d:87:72:a0:c3:ae:15:
                    c4:1a:39:d6:af:7a:e0:f1:59:4a:bc:89:42:00:b4:
                    9f:82:2e:4b:21:af:cf:bb:58:4e:8a:51:4b:3c:b9:
                    c7:37:33:e4:13:51:27:f7:b3:53:e8:07:5c:7e:ec:
                    80:26:37:fa:26:d9:dc:a4:83:fb:83:da:0e:44:fb:
                    4e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:F6:90:31:C1:B9:9E:EA:62:E4:BA:3E:4E:F7:A5:FE:CE:CB:7B:6D
            X509v3 Authority Key Identifier:
                keyid:F7:CB:14:A4:1F:8D:9E:62:8D:AE:88:F4:75:28:22:FC:77:DF:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/AfaQMcG5nupi5Lo-Tvel_s7Le20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.132.0/22
                IPv6:
                  2a0f:4280::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:dc:6b:c0:4b:f0:5c:ca:43:a5:4c:84:56:39:5f:74:62:14:
         e3:55:71:7f:ec:86:32:6c:8b:4c:81:34:aa:9a:aa:90:39:d7:
         fb:a4:02:ee:64:49:a5:35:bf:d0:21:8d:e8:6a:53:9b:5a:02:
         8e:98:8c:59:9d:19:75:7e:bf:13:4a:ea:22:ae:90:93:be:1e:
         69:bf:fe:3a:95:39:4a:04:03:c1:6c:71:1d:e9:b0:df:e5:36:
         d5:08:1a:d7:05:5a:0b:88:13:56:09:07:ca:b0:7c:b5:b3:06:
         99:67:e6:27:1b:93:60:e1:00:a4:90:ef:d6:0b:88:45:d9:14:
         15:40:fd:64:20:2c:94:47:33:5e:e2:f0:3c:04:94:99:57:27:
         40:c7:c1:08:14:12:3c:44:19:2b:b2:9c:7d:9a:94:91:35:34:
         d1:69:f6:1c:34:c5:fa:28:5d:51:4a:cb:12:2d:7d:3e:5b:c8:
         65:46:33:08:10:8f:27:0c:ea:0c:97:c3:7c:d2:83:e3:65:e6:
         af:95:7e:81:fc:bd:63:f8:68:75:67:47:ad:8b:7d:82:fe:9b:
         a3:d8:2b:41:bd:f9:57:04:8a:81:f2:1b:43:e9:48:57:ef:cf:
         fd:30:ac:e6:dd:81:8f:4d:71:18:b5:fa:1e:5f:39:b7:4e:ec:
         df:14:40:40
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3GjlZW828m7+kyTjehCUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3Y2IxNGE0MWY4ZDllNjI4ZGFlODhmNDc1MjgyMmZjNzdk
ZmVjMDIwHhcNMjQwMTAxMTYzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWY2OTAzMWMxYjk5ZWVhNjJlNGJhM2U0ZWY3YTVmZWNlY2I3YjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4MrstwB7xib4Ors3NGmD57aoAYu
GbfUIt83MpA+Mkf23YZjAJZxMuwZNpJ6RwT78butnnZsge4qXAwn5Ey+fixx9VFf
0EP/NpKdbjzIrvNyxG2Pse5Y9anVRjP5hEdw6yyE1NtvtwUFFEYV3IpMleIjMVo/
V1Kz6cnIwphig9DhN7rmb2kpvDF1ryPSVNYzkBMhP0WlvYXIiP4LhKe51KOn5Lk8
iJ2hqT5X2/CQNdSe/qO0PjOjPGEYgW2HcqDDrhXEGjnWr3rg8VlKvIlCALSfgi5L
Ia/Pu1hOilFLPLnHNzPkE1En97NT6AdcfuyAJjf6JtncpIP7g9oORPtO3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAH2kDHBuZ7qYuS6Pk73pf7Oy3ttMB8GA1UdIwQY
MBaAFPfLFKQfjZ5ija6I9HUoIvx33+wCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOThzVXBCLU5ubUtOcm9qMGRTZ2lfSGZmN0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84OTAzMTEtNDhlZS00ODZkLTkzNTkt
ZTdlZTRlNzVkM2FmLzEvQWZhUU1jRzVudXBpNUxvLVR2ZWxfczdMZTIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84OTAzMTEtNDhlZS00ODZkLTkzNTktZTdlZTRlNzVkM2Fm
LzEvOThzVXBCLU5ubUtOcm9qMGRTZ2lfSGZmN0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZ2EMA0E
AgACMAcDBQMqD0KAMA0GCSqGSIb3DQEBCwUAA4IBAQBC3GvAS/BcykOlTIRWOV90
YhTjVXF/7IYybItMgTSqmqqQOdf7pALuZEmlNb/QIY3oalObWgKOmIxZnRl1fr8T
SuoirpCTvh5pv/46lTlKBAPBbHEd6bDf5TbVCBrXBVoLiBNWCQfKsHy1swaZZ+Yn
G5Ng4QCkkO/WC4hF2RQVQP1kICyURzNe4vA8BJSZVydAx8EIFBI8RBkrspx9mpSR
NTTRafYcNMX6KF1RSssSLX0+W8hlRjMIEI8nDOoMl8N80oPjZeavlX6B/L1j+Gh1
Z0eti32C/puj2CtBvflXBIqB8htD6UhX78/9MKzm3YGPTXEYtfoeXzm3TuzfFEBA
-----END CERTIFICATE-----