Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/fh6jXd8l1PiE8ETtkSHQOUfLpoc.roa
File:                     fh6jXd8l1PiE8ETtkSHQOUfLpoc.roa (raw, json)
Hash identifier:          Uve8rH0tAlkUS/OJYT4o7MmbSeqiG649r/Wip7nzAdo=
Subject key identifier:   7E:1E:A3:5D:DF:25:D4:F8:84:F0:44:ED:91:21:D0:39:47:CB:A6:87
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       0193055BC8B0A79FD8AFB0122FCB935CBAF2
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/fh6jXd8l1PiE8ETtkSHQOUfLpoc.roa
Signing time:             Thu 07 Nov 2024 06:42:01 +0000
ROA not before:           Thu 07 Nov 2024 06:42:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.145.154.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:05:5b:c8:b0:a7:9f:d8:af:b0:12:2f:cb:93:5c:ba:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Nov  7 06:42:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e1ea35ddf25d4f884f044ed9121d03947cba687
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:9e:20:ff:f9:b5:df:a5:bc:9d:21:27:a5:95:
                    41:5c:9c:ae:8e:38:59:75:b7:e9:4e:4a:a1:f1:94:
                    38:5e:85:1d:3b:4a:01:0f:ff:96:0c:66:5a:6c:d6:
                    e0:40:ee:15:45:b9:d0:9a:2f:84:dc:63:41:e3:da:
                    b8:e7:75:a4:89:23:54:b6:f0:28:e8:de:d8:de:49:
                    c1:03:71:c8:86:9c:c5:c2:7c:1c:ba:50:76:51:cb:
                    ba:5e:df:c8:89:9c:c4:70:98:16:a1:d0:20:1a:4b:
                    2e:79:8b:66:4d:0c:56:33:65:59:49:53:3c:b8:be:
                    89:cb:41:23:ee:30:6e:eb:21:aa:d6:d5:d7:6d:03:
                    10:97:39:29:dd:12:fa:1f:cd:7f:ec:c9:c6:dc:51:
                    e0:6e:e9:b7:03:ae:99:88:19:72:c7:b6:5a:20:8f:
                    f5:a8:d2:c1:95:20:ae:5a:8c:d3:0d:55:bb:0c:db:
                    c1:ff:82:ac:f8:78:b6:97:8c:21:53:a7:7d:84:70:
                    2c:7f:55:fd:a7:b1:ec:86:0f:5d:ef:67:5d:08:bc:
                    de:d1:1b:c6:54:9c:a8:82:89:49:df:e4:a8:e5:c7:
                    78:cf:2e:d6:c5:fa:fe:d9:98:7e:11:79:2f:72:61:
                    2d:6a:2d:e3:e5:70:dd:f1:81:45:34:8b:2f:3e:66:
                    26:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:1E:A3:5D:DF:25:D4:F8:84:F0:44:ED:91:21:D0:39:47:CB:A6:87
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/fh6jXd8l1PiE8ETtkSHQOUfLpoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:86:75:e8:a6:5b:bb:67:5b:df:10:bc:51:38:6e:63:69:78:
         15:b1:88:16:ca:e5:43:78:55:e3:0a:38:e5:3b:8b:7e:32:62:
         17:bc:0a:4e:7c:2f:7f:17:c8:44:13:29:10:d6:3d:be:0b:4c:
         70:25:24:95:aa:ab:76:50:0c:b4:5c:22:71:66:0a:f0:f1:86:
         52:9f:7f:b9:c8:72:23:30:c2:67:42:fa:67:91:5d:ae:75:0d:
         58:20:85:ca:31:b8:86:28:f3:95:dc:25:a3:0a:7b:9a:48:4b:
         68:f3:80:45:4d:28:aa:d9:3a:75:36:b2:b1:1d:37:6b:93:b4:
         43:15:a6:8a:12:79:43:f7:9f:41:eb:f9:a7:f6:80:ea:c5:4f:
         93:70:ee:5c:c6:3a:cd:07:1e:56:e7:e9:68:fe:79:3f:75:9d:
         df:b4:b9:99:39:78:62:5b:ae:6a:57:21:a3:05:46:df:4e:bf:
         80:35:77:85:4e:ad:db:a8:9b:89:bd:63:8d:0d:78:d7:ef:27:
         83:79:db:2a:04:42:4a:4b:19:8d:64:df:72:3e:a0:40:76:79:
         e6:9a:e3:15:53:65:2e:82:b0:ff:9a:a4:55:ae:19:c2:1b:34:
         33:ba:4a:71:72:d4:b5:92:bf:f0:cc:22:66:30:51:e5:77:44:
         f8:db:2d:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMFW8iwp5/Yr7ASL8uTXLryMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjQxMTA3MDY0MjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTFlYTM1ZGRmMjVkNGY4ODRmMDQ0ZWQ5MTIxZDAzOTQ3Y2JhNjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxp4g//m136W8nSEnpZVBXJyujjhZ
dbfpTkqh8ZQ4XoUdO0oBD/+WDGZabNbgQO4VRbnQmi+E3GNB49q453WkiSNUtvAo
6N7Y3knBA3HIhpzFwnwculB2Ucu6Xt/IiZzEcJgWodAgGksueYtmTQxWM2VZSVM8
uL6Jy0Ej7jBu6yGq1tXXbQMQlzkp3RL6H81/7MnG3FHgbum3A66ZiBlyx7ZaII/1
qNLBlSCuWozTDVW7DNvB/4Ks+Hi2l4whU6d9hHAsf1X9p7Hshg9d72ddCLze0RvG
VJyogolJ3+So5cd4zy7Wxfr+2Zh+EXkvcmEtai3j5XDd8YFFNIsvPmYmwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH4eo13fJdT4hPBE7ZEh0DlHy6aHMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvZmg2alhkOGwxUGlFOEVUdGtTSFFPVWZMcG9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZGaMA0G
CSqGSIb3DQEBCwUAA4IBAQCPhnXoplu7Z1vfELxROG5jaXgVsYgWyuVDeFXjCjjl
O4t+MmIXvApOfC9/F8hEEykQ1j2+C0xwJSSVqqt2UAy0XCJxZgrw8YZSn3+5yHIj
MMJnQvpnkV2udQ1YIIXKMbiGKPOV3CWjCnuaSEto84BFTSiq2Tp1NrKxHTdrk7RD
FaaKEnlD959B6/mn9oDqxU+TcO5cxjrNBx5W5+lo/nk/dZ3ftLmZOXhiW65qVyGj
BUbfTr+ANXeFTq3bqJuJvWONDXjX7yeDedsqBEJKSxmNZN9yPqBAdnnmmuMVU2Uu
grD/mqRVrhnCGzQzukpxctS1kr/wzCJmMFHld0T42y13
-----END CERTIFICATE-----