Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/F4UI4ybOifBfn-xOfyHAde2Mj9c.roa
File:                     F4UI4ybOifBfn-xOfyHAde2Mj9c.roa (raw, json)
Hash identifier:          0PCH6BF7/3q43D682K2lKa/7ZVqoTmH59+HT5oGtsRc=
Subject key identifier:   17:85:08:E3:26:CE:89:F0:5F:9F:EC:4E:7F:21:C0:75:ED:8C:8F:D7
Certificate issuer:       /CN=f7cb14a41f8d9e628dae88f4752822fc77dfec02
Certificate serial:       019420D65BE8B62FE099FD8B359C35DD71B3
Authority key identifier: F7:CB:14:A4:1F:8D:9E:62:8D:AE:88:F4:75:28:22:FC:77:DF:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/F4UI4ybOifBfn-xOfyHAde2Mj9c.roa
Signing time:             Wed 01 Jan 2025 07:48:26 +0000
ROA not before:           Wed 01 Jan 2025 07:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        45.157.132.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 04:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:5b:e8:b6:2f:e0:99:fd:8b:35:9c:35:dd:71:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7cb14a41f8d9e628dae88f4752822fc77dfec02
        Validity
            Not Before: Jan  1 07:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=178508e326ce89f05f9fec4e7f21c075ed8c8fd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:14:b4:d5:ef:24:0e:7c:cf:2c:53:d1:21:ff:
                    9e:68:56:55:36:0a:49:0d:bf:02:16:58:56:74:e7:
                    b7:73:fb:aa:b3:4b:84:30:42:c8:67:59:9e:70:12:
                    6c:fe:a1:fc:10:3c:a5:85:e5:d3:6e:54:8b:38:ac:
                    24:79:c9:d1:e8:8f:5f:6c:45:8c:59:3d:ac:5e:d6:
                    7e:ed:8f:36:97:5d:d7:f6:57:b6:3e:1a:ff:fd:e6:
                    9a:0c:ef:3e:3f:c5:b4:bd:8f:80:cf:f9:6e:4e:0b:
                    3d:8d:4a:cf:c2:dd:bd:11:4a:91:33:64:04:13:63:
                    50:44:88:e0:1d:1c:d4:99:ec:37:3d:31:c9:f0:ac:
                    43:7a:1c:70:5a:8f:ad:6c:17:4c:e6:1b:c4:59:b1:
                    97:15:a0:ac:b6:34:fd:73:57:83:0c:a9:f8:0f:df:
                    63:44:b7:c1:33:7e:44:b5:5f:2e:dc:5b:81:3f:64:
                    11:2e:d2:97:fe:89:de:ef:38:93:57:b5:4e:b4:5a:
                    73:dc:df:2f:97:c9:e9:b3:dc:37:13:d7:c2:01:c0:
                    9c:e8:37:14:2e:4f:de:93:0a:03:6c:68:72:3b:5f:
                    0f:36:69:b9:b2:48:2d:9c:a1:a2:d9:17:23:83:37:
                    34:59:7f:c8:4b:48:c7:36:5e:72:59:5a:c2:95:64:
                    e0:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:85:08:E3:26:CE:89:F0:5F:9F:EC:4E:7F:21:C0:75:ED:8C:8F:D7
            X509v3 Authority Key Identifier:
                keyid:F7:CB:14:A4:1F:8D:9E:62:8D:AE:88:F4:75:28:22:FC:77:DF:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/F4UI4ybOifBfn-xOfyHAde2Mj9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:6c:df:3e:10:bb:2c:d2:aa:b6:2c:8e:ab:81:4f:4c:95:e6:
         5f:fa:b9:b3:cc:89:ec:ce:0d:2a:0d:84:66:f2:8e:46:2a:3a:
         eb:44:f8:87:dd:d8:7a:36:6a:ad:0b:42:28:a3:a4:e1:23:d7:
         38:54:20:23:a8:df:68:bb:41:14:66:b4:2e:1c:e9:b4:fb:67:
         04:00:0c:92:d1:2d:5a:f4:c2:43:48:3c:dc:32:62:47:d0:f3:
         cd:ba:11:16:29:4a:fc:c9:89:85:98:4e:dd:81:8d:b5:4e:50:
         42:97:dc:cc:e5:71:54:6c:6b:db:e2:92:0b:46:72:01:9e:5f:
         6e:ef:e1:37:84:a9:0c:d2:7a:f0:43:f6:20:f7:1a:c2:d8:52:
         04:18:da:00:15:81:ac:76:1b:d6:2a:69:df:64:9e:cd:b2:04:
         6e:5a:8a:7f:9b:0d:f7:8b:f2:5b:89:d8:e8:ad:c2:84:53:07:
         b7:da:2c:d8:4a:6a:52:6a:ec:c2:95:ba:85:f2:0d:ff:e7:c2:
         65:53:9a:44:02:4f:26:43:c4:8b:58:5f:eb:51:b5:a5:ba:20:
         81:48:7a:c6:45:48:ac:e8:34:7e:67:7c:b5:e2:fa:87:06:19:
         a9:93:9f:32:9b:71:82:71:17:9c:17:13:6a:29:29:73:24:0d:
         7f:53:c1:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1lvoti/gmf2LNZw13XGzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3Y2IxNGE0MWY4ZDllNjI4ZGFlODhmNDc1MjgyMmZjNzdk
ZmVjMDIwHhcNMjUwMTAxMDc0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzg1MDhlMzI2Y2U4OWYwNWY5ZmVjNGU3ZjIxYzA3NWVkOGM4ZmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBS01e8kDnzPLFPRIf+eaFZVNgpJ
Db8CFlhWdOe3c/uqs0uEMELIZ1mecBJs/qH8EDylheXTblSLOKwkecnR6I9fbEWM
WT2sXtZ+7Y82l13X9le2Phr//eaaDO8+P8W0vY+Az/luTgs9jUrPwt29EUqRM2QE
E2NQRIjgHRzUmew3PTHJ8KxDehxwWo+tbBdM5hvEWbGXFaCstjT9c1eDDKn4D99j
RLfBM35EtV8u3FuBP2QRLtKX/one7ziTV7VOtFpz3N8vl8nps9w3E9fCAcCc6DcU
Lk/ekwoDbGhyO18PNmm5skgtnKGi2Rcjgzc0WX/IS0jHNl5yWVrClWTgtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBeFCOMmzonwX5/sTn8hwHXtjI/XMB8GA1UdIwQY
MBaAFPfLFKQfjZ5ija6I9HUoIvx33+wCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOThzVXBCLU5ubUtOcm9qMGRTZ2lfSGZmN0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84OTAzMTEtNDhlZS00ODZkLTkzNTkt
ZTdlZTRlNzVkM2FmLzEvRjRVSTR5Yk9pZkJmbi14T2Z5SEFkZTJNajljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84OTAzMTEtNDhlZS00ODZkLTkzNTktZTdlZTRlNzVkM2Fm
LzEvOThzVXBCLU5ubUtOcm9qMGRTZ2lfSGZmN0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ2EMA0G
CSqGSIb3DQEBCwUAA4IBAQAebN8+ELss0qq2LI6rgU9MleZf+rmzzInszg0qDYRm
8o5GKjrrRPiH3dh6NmqtC0Ioo6ThI9c4VCAjqN9ou0EUZrQuHOm0+2cEAAyS0S1a
9MJDSDzcMmJH0PPNuhEWKUr8yYmFmE7dgY21TlBCl9zM5XFUbGvb4pILRnIBnl9u
7+E3hKkM0nrwQ/Yg9xrC2FIEGNoAFYGsdhvWKmnfZJ7NsgRuWop/mw33i/Jbidjo
rcKEUwe32izYSmpSauzClbqF8g3/58JlU5pEAk8mQ8SLWF/rUbWluiCBSHrGRUis
6DR+Z3y14vqHBhmpk58ym3GCcRecFxNqKSlzJA1/U8Go
-----END CERTIFICATE-----