Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/4953ee-910f-4b8e-b464-2650edd3013f/1/pwqEQrTNpjo0zM0uQK-mhMpQmZk.roa
File:                     pwqEQrTNpjo0zM0uQK-mhMpQmZk.roa (raw, json)
Hash identifier:          yVsDUfeys13Hbv8MsD/9sO7W/cjeTO0KboSAsO0zSME=
Subject key identifier:   A7:0A:84:42:B4:CD:A6:3A:34:CC:CD:2E:40:AF:A6:84:CA:50:99:99
Certificate issuer:       /CN=f8d7213f3585b7112dff0cb43c192b1caf307d18
Certificate serial:       018CC8710F279166F8755AB2E7694CBA3577
Authority key identifier: F8:D7:21:3F:35:85:B7:11:2D:FF:0C:B4:3C:19:2B:1C:AF:30:7D:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-NchPzWFtxEt_wy0PBkrHK8wfRg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/4953ee-910f-4b8e-b464-2650edd3013f/1/pwqEQrTNpjo0zM0uQK-mhMpQmZk.roa
Signing time:             Tue 02 Jan 2024 04:31:41 +0000
ROA not before:           Tue 02 Jan 2024 04:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7155
IP address blocks:        45.140.216.0/22 maxlen: 24
                          2a0f:1b00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/4953ee-910f-4b8e-b464-2650edd3013f/1/1-NchPzWFtxEt_wy0PBkrHK8wfRg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/4953ee-910f-4b8e-b464-2650edd3013f/1/1-NchPzWFtxEt_wy0PBkrHK8wfRg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-NchPzWFtxEt_wy0PBkrHK8wfRg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:0f:27:91:66:f8:75:5a:b2:e7:69:4c:ba:35:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8d7213f3585b7112dff0cb43c192b1caf307d18
        Validity
            Not Before: Jan  2 04:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a70a8442b4cda63a34cccd2e40afa684ca509999
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f8:9a:65:2b:34:60:dc:65:bd:5b:90:33:b1:
                    d0:ac:fb:11:c0:66:ca:88:bc:71:21:4b:cf:67:08:
                    9f:43:59:1a:9b:09:09:dd:56:49:29:b8:98:04:25:
                    db:28:12:c1:c0:76:ff:d8:f7:a3:3f:b5:79:02:0b:
                    14:c2:05:a2:1c:7f:41:60:a3:9c:49:14:1d:03:8b:
                    91:61:8a:53:73:2b:8f:0f:b5:99:47:7c:5d:4e:0c:
                    a3:4e:95:ce:76:76:d3:0b:33:4e:7e:ba:0a:cc:08:
                    4d:71:15:04:a8:6c:b7:f6:9f:6d:d8:0f:9b:14:b0:
                    32:e6:e8:ed:ff:9b:2d:44:72:e7:da:f0:aa:db:44:
                    1c:6c:27:f7:e6:97:30:d7:da:fa:81:25:24:98:b2:
                    a8:03:4f:df:45:4a:f2:00:00:88:d7:1c:60:7b:23:
                    c3:da:ec:c6:52:cb:c3:ad:f2:18:96:ce:f6:4c:0c:
                    64:4b:ca:89:b8:3b:5a:91:67:c6:25:4a:3b:cd:cc:
                    3c:a7:b0:56:48:89:30:7a:aa:c4:ba:95:17:df:1b:
                    f8:c4:d9:49:b8:17:13:47:ce:da:60:84:a5:cd:87:
                    c5:21:b6:8c:1a:38:f3:ba:94:fd:64:c2:0a:11:97:
                    94:30:83:57:63:9e:6a:92:98:2c:24:f9:5d:3c:c0:
                    a5:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:0A:84:42:B4:CD:A6:3A:34:CC:CD:2E:40:AF:A6:84:CA:50:99:99
            X509v3 Authority Key Identifier:
                keyid:F8:D7:21:3F:35:85:B7:11:2D:FF:0C:B4:3C:19:2B:1C:AF:30:7D:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-NchPzWFtxEt_wy0PBkrHK8wfRg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4953ee-910f-4b8e-b464-2650edd3013f/1/pwqEQrTNpjo0zM0uQK-mhMpQmZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4953ee-910f-4b8e-b464-2650edd3013f/1/1-NchPzWFtxEt_wy0PBkrHK8wfRg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.216.0/22
                IPv6:
                  2a0f:1b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         30:05:06:a2:f5:29:d5:05:10:64:17:a2:cc:04:b5:00:bd:ad:
         f4:6c:c7:88:c8:05:ca:bb:65:21:fe:e3:6b:2f:63:05:e7:cf:
         df:84:eb:a9:04:b4:14:25:64:f6:b4:68:ec:32:ab:85:28:a2:
         0f:c8:1f:e7:f6:6c:f5:4e:03:a2:ae:fc:8f:c8:ff:a7:da:1b:
         e4:1f:dc:0b:18:31:17:b2:8f:02:8e:a5:c8:ef:c7:14:6b:96:
         73:15:ea:97:c7:77:bc:24:cb:1e:95:af:6c:ce:68:69:88:3c:
         73:5d:85:6d:b6:95:f1:a6:d5:6d:34:e3:14:5d:ef:85:7e:42:
         55:d2:83:98:e5:fd:da:87:ba:31:fc:41:ad:dd:28:3d:c8:70:
         65:c7:f6:e8:5c:27:e5:97:70:de:55:cb:27:0a:da:24:07:25:
         c5:60:a0:99:fa:85:b2:5e:42:43:fa:b4:e0:99:10:fe:0d:4f:
         86:ac:a6:7e:06:62:00:e9:f7:df:3c:4d:80:39:4e:ae:83:2c:
         13:f9:e0:40:8d:dd:43:6f:6b:37:89:55:57:24:75:1d:ab:29:
         4f:1f:1a:f1:42:af:ea:0f:b2:af:71:5b:91:fc:a9:99:e3:a7:
         77:98:da:1e:aa:a5:85:98:f4:79:b3:e0:43:dc:4f:af:60:58:
         bf:80:b3:d2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIcQ8nkWb4dVqy52lMujV3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZDcyMTNmMzU4NWI3MTEyZGZmMGNiNDNjMTkyYjFjYWYz
MDdkMTgwHhcNMjQwMTAyMDQzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzBhODQ0MmI0Y2RhNjNhMzRjY2NkMmU0MGFmYTY4NGNhNTA5OTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/iaZSs0YNxlvVuQM7HQrPsRwGbK
iLxxIUvPZwifQ1kamwkJ3VZJKbiYBCXbKBLBwHb/2PejP7V5AgsUwgWiHH9BYKOc
SRQdA4uRYYpTcyuPD7WZR3xdTgyjTpXOdnbTCzNOfroKzAhNcRUEqGy39p9t2A+b
FLAy5ujt/5stRHLn2vCq20QcbCf35pcw19r6gSUkmLKoA0/fRUryAACI1xxgeyPD
2uzGUsvDrfIYls72TAxkS8qJuDtakWfGJUo7zcw8p7BWSIkweqrEupUX3xv4xNlJ
uBcTR87aYISlzYfFIbaMGjjzupT9ZMIKEZeUMINXY55qkpgsJPldPMCl5wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKcKhEK0zaY6NMzNLkCvpoTKUJmZMB8GA1UdIwQY
MBaAFPjXIT81hbcRLf8MtDwZKxyvMH0YMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1OY2hQeldGdHhFdF93eTBQQmtySEs4d2ZSZy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTkvNDk1M2VlLTkxMGYtNGI4ZS1iNDY0
LTI2NTBlZGQzMDEzZi8xL3B3cUVRclROcGpvMHpNMHVRSy1taE1wUW1aay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTkvNDk1M2VlLTkxMGYtNGI4ZS1iNDY0LTI2NTBlZGQzMDEz
Zi8xLzEtTmNoUHpXRnR4RXRfd3kwUEJrckhLOHdmUmcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAItjNgw
DQQCAAIwBwMFAyoPGwAwDQYJKoZIhvcNAQELBQADggEBADAFBqL1KdUFEGQXoswE
tQC9rfRsx4jIBcq7ZSH+42svYwXnz9+E66kEtBQlZPa0aOwyq4Uoog/IH+f2bPVO
A6Ku/I/I/6faG+Qf3AsYMReyjwKOpcjvxxRrlnMV6pfHd7wkyx6Vr2zOaGmIPHNd
hW22lfGm1W004xRd74V+QlXSg5jl/dqHujH8Qa3dKD3IcGXH9uhcJ+WXcN5VyycK
2iQHJcVgoJn6hbJeQkP6tOCZEP4NT4aspn4GYgDp9988TYA5Tq6DLBP54ECN3UNv
azeJVVckdR2rKU8fGvFCr+oPsq9xW5H8qZnjp3eY2h6qpYWY9Hmz4EPcT69gWL+A
s9I=
-----END CERTIFICATE-----