Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/QhfugyLL6OJ7s84ZoE3oT1FX_Bk.roa
File:                     QhfugyLL6OJ7s84ZoE3oT1FX_Bk.roa (raw, json)
Hash identifier:          5SiQ0E+S989XMqUFzddxgd5dD7uRnT67g0Z9DDH6vBY=
Subject key identifier:   42:17:EE:83:22:CB:E8:E2:7B:B3:CE:19:A0:4D:E8:4F:51:57:FC:19
Certificate issuer:       /CN=f7cb14a41f8d9e628dae88f4752822fc77dfec02
Certificate serial:       018CC5DC691F59ACA760E07B256E6906CBAA
Authority key identifier: F7:CB:14:A4:1F:8D:9E:62:8D:AE:88:F4:75:28:22:FC:77:DF:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/QhfugyLL6OJ7s84ZoE3oT1FX_Bk.roa
Signing time:             Mon 01 Jan 2024 16:30:05 +0000
ROA not before:           Mon 01 Jan 2024 16:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34427
IP address blocks:        45.157.132.0/22 maxlen: 24
                          2a0f:4280::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 04:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:69:1f:59:ac:a7:60:e0:7b:25:6e:69:06:cb:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7cb14a41f8d9e628dae88f4752822fc77dfec02
        Validity
            Not Before: Jan  1 16:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4217ee8322cbe8e27bb3ce19a04de84f5157fc19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4a:1c:71:31:9e:c4:db:d2:0e:f6:c1:ad:a5:
                    06:b0:54:91:37:6a:07:06:05:6e:fe:a5:3b:fb:2d:
                    a0:1e:e6:a1:27:9b:d3:70:c1:03:62:ae:8e:93:6b:
                    2b:b1:d9:63:3c:d1:81:e2:0f:30:2e:42:6e:3b:3c:
                    81:c0:b5:a5:2a:31:5e:06:dc:8f:ac:6d:77:18:41:
                    c8:ce:bb:01:82:a0:d3:e8:3f:e4:bf:06:aa:95:3f:
                    a6:e3:db:7d:e7:d6:5a:c1:9f:89:4d:99:a0:be:bf:
                    a1:c1:9a:92:8a:27:4f:58:e9:91:15:ee:9d:e1:16:
                    97:ec:53:61:c1:1b:a4:b1:2f:89:2c:a0:29:ed:0d:
                    1d:0d:e8:c9:f2:aa:5a:84:6f:3c:af:a4:3d:95:53:
                    4a:76:0c:a8:33:fb:f1:a6:af:17:55:63:88:6c:7f:
                    54:ee:f1:23:de:40:82:39:01:30:4e:5c:39:d4:3d:
                    ca:73:9b:f2:18:66:ae:75:04:87:ef:20:55:32:c5:
                    db:ca:7d:b3:75:91:a9:49:e0:12:27:ed:81:64:0f:
                    1a:6c:98:57:1d:86:a9:3d:07:2e:b1:48:bf:e2:7a:
                    bf:c8:54:90:2b:e0:1b:c2:a2:c7:7f:19:e0:55:2f:
                    24:0f:6e:8a:f8:62:f4:c9:b5:45:7d:43:ff:0a:3c:
                    e3:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:17:EE:83:22:CB:E8:E2:7B:B3:CE:19:A0:4D:E8:4F:51:57:FC:19
            X509v3 Authority Key Identifier:
                keyid:F7:CB:14:A4:1F:8D:9E:62:8D:AE:88:F4:75:28:22:FC:77:DF:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/QhfugyLL6OJ7s84ZoE3oT1FX_Bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.132.0/22
                IPv6:
                  2a0f:4280::/29

    Signature Algorithm: sha256WithRSAEncryption
         1e:03:c8:24:42:fb:50:cd:01:74:6f:73:26:48:ca:ba:bc:3b:
         89:32:e7:97:3f:9c:28:c2:22:f8:44:17:49:d2:5a:75:51:86:
         d5:81:f0:af:34:e7:52:d4:e3:7b:65:86:c1:83:ce:dd:61:51:
         c8:33:cb:f2:9e:4d:10:80:ef:97:c3:2c:e6:8f:6e:18:13:8c:
         5c:3a:66:a1:fb:67:9e:61:57:82:2b:ad:39:68:11:2d:02:a0:
         9d:44:c1:d7:67:f7:78:d8:79:9b:66:b4:cc:56:91:28:ac:38:
         56:7c:60:cb:74:2b:02:9b:03:63:7e:f9:4b:7b:90:f0:4d:ff:
         b1:a3:8a:2c:d5:99:a0:93:c2:3c:61:b1:65:b2:05:97:73:6c:
         15:4f:fc:f2:33:c3:2f:6a:68:e1:9a:97:28:9d:38:33:8f:3c:
         a2:7a:1e:b5:a6:5f:04:35:2e:02:ff:ca:57:b6:6b:ee:36:4b:
         a5:f2:8b:e8:bf:45:b9:4f:48:c6:8e:9c:15:91:6e:8b:3d:84:
         ce:9f:a7:35:f8:cf:cb:55:44:5f:92:d2:67:7e:74:bf:28:28:
         c5:80:30:6d:16:d2:b2:72:39:e4:45:77:22:3e:df:35:02:08:
         d1:c1:6d:bb:35:df:d2:7c:82:b1:13:1d:15:eb:41:dd:ba:89:
         3c:b4:0f:f2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3GkfWaynYOB7JW5pBsuqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3Y2IxNGE0MWY4ZDllNjI4ZGFlODhmNDc1MjgyMmZjNzdk
ZmVjMDIwHhcNMjQwMTAxMTYzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjE3ZWU4MzIyY2JlOGUyN2JiM2NlMTlhMDRkZTg0ZjUxNTdmYzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEoccTGexNvSDvbBraUGsFSRN2oH
BgVu/qU7+y2gHuahJ5vTcMEDYq6Ok2srsdljPNGB4g8wLkJuOzyBwLWlKjFeBtyP
rG13GEHIzrsBgqDT6D/kvwaqlT+m49t959ZawZ+JTZmgvr+hwZqSiidPWOmRFe6d
4RaX7FNhwRuksS+JLKAp7Q0dDejJ8qpahG88r6Q9lVNKdgyoM/vxpq8XVWOIbH9U
7vEj3kCCOQEwTlw51D3Kc5vyGGaudQSH7yBVMsXbyn2zdZGpSeASJ+2BZA8abJhX
HYapPQcusUi/4nq/yFSQK+AbwqLHfxngVS8kD26K+GL0ybVFfUP/CjzjEwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEIX7oMiy+jie7POGaBN6E9RV/wZMB8GA1UdIwQY
MBaAFPfLFKQfjZ5ija6I9HUoIvx33+wCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOThzVXBCLU5ubUtOcm9qMGRTZ2lfSGZmN0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84OTAzMTEtNDhlZS00ODZkLTkzNTkt
ZTdlZTRlNzVkM2FmLzEvUWhmdWd5TEw2T0o3czg0Wm9FM29UMUZYX0JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84OTAzMTEtNDhlZS00ODZkLTkzNTktZTdlZTRlNzVkM2Fm
LzEvOThzVXBCLU5ubUtOcm9qMGRTZ2lfSGZmN0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZ2EMA0E
AgACMAcDBQMqD0KAMA0GCSqGSIb3DQEBCwUAA4IBAQAeA8gkQvtQzQF0b3MmSMq6
vDuJMueXP5wowiL4RBdJ0lp1UYbVgfCvNOdS1ON7ZYbBg87dYVHIM8vynk0QgO+X
wyzmj24YE4xcOmah+2eeYVeCK605aBEtAqCdRMHXZ/d42HmbZrTMVpEorDhWfGDL
dCsCmwNjfvlLe5DwTf+xo4os1Zmgk8I8YbFlsgWXc2wVT/zyM8MvamjhmpconTgz
jzyieh61pl8ENS4C/8pXtmvuNkul8ovov0W5T0jGjpwVkW6LPYTOn6c1+M/LVURf
ktJnfnS/KCjFgDBtFtKycjnkRXciPt81AgjRwW27Nd/SfIKxEx0V60Hduok8tA/y
-----END CERTIFICATE-----