Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/bOF3pLP6zcSfAeHWNwGQ7rT8jrU.roa
File:                     bOF3pLP6zcSfAeHWNwGQ7rT8jrU.roa (raw, json)
Hash identifier:          40nszCitwbjs72LDOpPtaiRFi26EjPTQCnnRRCPlrl4=
Subject key identifier:   6C:E1:77:A4:B3:FA:CD:C4:9F:01:E1:D6:37:01:90:EE:B4:FC:8E:B5
Certificate issuer:       /CN=6fa86d1c1676a59a46acf37336192e985cff0e5b
Certificate serial:       018CC5DC29B0B3FFC12C70991BB4CBD39425
Authority key identifier: 6F:A8:6D:1C:16:76:A5:9A:46:AC:F3:73:36:19:2E:98:5C:FF:0E:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b6htHBZ2pZpGrPNzNhkumFz_Dls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/bOF3pLP6zcSfAeHWNwGQ7rT8jrU.roa
Signing time:             Mon 01 Jan 2024 16:29:49 +0000
ROA not before:           Mon 01 Jan 2024 16:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204451
IP address blocks:        45.14.175.0/24 maxlen: 24
                          45.14.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/b6htHBZ2pZpGrPNzNhkumFz_Dls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/b6htHBZ2pZpGrPNzNhkumFz_Dls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b6htHBZ2pZpGrPNzNhkumFz_Dls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:29:b0:b3:ff:c1:2c:70:99:1b:b4:cb:d3:94:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fa86d1c1676a59a46acf37336192e985cff0e5b
        Validity
            Not Before: Jan  1 16:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ce177a4b3facdc49f01e1d6370190eeb4fc8eb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ad:55:82:7f:e5:a7:13:37:8d:e1:88:eb:24:
                    4a:cb:25:de:7d:0e:39:a7:f3:a6:da:62:94:69:49:
                    d3:30:51:e6:52:51:8a:9e:bb:14:58:b1:23:82:a4:
                    2f:42:e9:a4:16:5a:58:fa:20:26:a5:a7:b0:9b:a0:
                    d3:52:3f:37:34:d8:93:ba:2d:36:6c:90:5a:05:78:
                    71:8d:89:b7:0d:c3:03:51:cb:3f:3b:5d:c5:b7:6a:
                    7b:4f:d1:c6:09:f6:90:d9:38:6b:99:30:af:c8:2b:
                    ee:e0:c3:d6:d5:cb:25:bf:82:e7:8d:5f:3c:d8:64:
                    2e:12:83:d1:50:e7:3c:86:a2:26:26:31:a0:2e:0a:
                    4e:b2:ed:53:b3:57:62:63:13:5d:e0:d8:4f:38:86:
                    10:84:8e:29:f6:fc:ea:b4:a9:74:97:50:01:43:e9:
                    3e:84:b5:9c:2e:cb:9b:c2:f4:bd:89:5d:81:37:a0:
                    3f:c7:66:4a:83:8a:07:a3:bd:45:fc:59:43:83:81:
                    24:73:be:7b:bb:61:c3:77:1a:31:83:a2:e6:56:bb:
                    d7:86:24:21:c9:18:83:37:31:bc:dc:40:92:ae:90:
                    58:24:9c:65:a8:97:61:53:39:00:16:f5:9e:d1:62:
                    4e:89:14:ab:d1:c3:c9:4e:90:bb:be:7b:ca:97:64:
                    e4:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:E1:77:A4:B3:FA:CD:C4:9F:01:E1:D6:37:01:90:EE:B4:FC:8E:B5
            X509v3 Authority Key Identifier:
                keyid:6F:A8:6D:1C:16:76:A5:9A:46:AC:F3:73:36:19:2E:98:5C:FF:0E:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6htHBZ2pZpGrPNzNhkumFz_Dls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/bOF3pLP6zcSfAeHWNwGQ7rT8jrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/b6htHBZ2pZpGrPNzNhkumFz_Dls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.173.0/24
                  45.14.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:71:7f:fc:f6:53:34:05:ca:60:87:34:05:a6:19:5a:56:de:
         cc:e4:66:f0:1c:75:8e:df:34:c7:c4:7f:58:16:76:33:8d:52:
         e9:72:07:a6:d8:e5:0a:d3:be:91:67:8d:76:1e:5b:f5:1a:06:
         96:f1:11:56:f5:63:94:3e:4c:08:b6:42:8c:80:e1:d5:89:72:
         86:55:b4:d5:1c:e4:f6:95:fe:3e:7e:6a:63:00:da:2c:e4:d5:
         51:57:2b:33:fa:01:57:4e:ad:09:5f:c2:6c:94:8e:6a:de:ec:
         03:75:81:01:67:76:9c:a9:75:25:1f:d5:9b:3f:ce:28:18:4b:
         0c:f7:57:6a:f5:94:e2:1b:e1:7e:be:4d:ef:32:ab:d9:ac:ec:
         a6:d7:ad:15:c3:4a:db:49:cd:49:07:65:9e:e1:7c:23:d8:6c:
         a4:04:54:01:87:d9:bf:e6:94:93:b1:00:a9:40:a3:63:eb:f5:
         03:cb:5e:a8:92:6e:07:e2:1e:45:1e:1b:cf:84:f1:91:61:b2:
         5b:d1:c4:3d:0a:74:3b:e9:c1:2d:e2:6a:f1:7e:c1:1b:0b:13:
         49:6e:c1:5c:84:06:fd:22:a4:f6:04:82:4d:47:80:2e:d3:b3:
         9d:79:21:c2:5b:4b:8d:de:d7:b3:b1:48:84:5e:7f:bb:d8:12:
         98:7d:91:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3Cmws//BLHCZG7TL05QlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYTg2ZDFjMTY3NmE1OWE0NmFjZjM3MzM2MTkyZTk4NWNm
ZjBlNWIwHhcNMjQwMTAxMTYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2UxNzdhNGIzZmFjZGM0OWYwMWUxZDYzNzAxOTBlZWI0ZmM4ZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm61Vgn/lpxM3jeGI6yRKyyXefQ45
p/Om2mKUaUnTMFHmUlGKnrsUWLEjgqQvQumkFlpY+iAmpaewm6DTUj83NNiTui02
bJBaBXhxjYm3DcMDUcs/O13Ft2p7T9HGCfaQ2ThrmTCvyCvu4MPW1cslv4LnjV88
2GQuEoPRUOc8hqImJjGgLgpOsu1Ts1diYxNd4NhPOIYQhI4p9vzqtKl0l1ABQ+k+
hLWcLsubwvS9iV2BN6A/x2ZKg4oHo71F/FlDg4Ekc757u2HDdxoxg6LmVrvXhiQh
yRiDNzG83ECSrpBYJJxlqJdhUzkAFvWe0WJOiRSr0cPJTpC7vnvKl2TkrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGzhd6Sz+s3EnwHh1jcBkO60/I61MB8GA1UdIwQY
MBaAFG+obRwWdqWaRqzzczYZLphc/w5bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjZodEhCWjJwWnBHclBOek5oa3VtRnpfRGxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hZmUzNzMtZTViYy00MDEwLThhZDYt
NmFhYjJiMWI5MjJjLzEvYk9GM3BMUDZ6Y1NmQWVIV053R1E3clQ4anJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hZmUzNzMtZTViYy00MDEwLThhZDYtNmFhYjJiMWI5MjJj
LzEvYjZodEhCWjJwWnBHclBOek5oa3VtRnpfRGxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQ6tAwQA
LQ6vMA0GCSqGSIb3DQEBCwUAA4IBAQBJcX/89lM0BcpghzQFphlaVt7M5GbwHHWO
3zTHxH9YFnYzjVLpcgem2OUK076RZ412Hlv1GgaW8RFW9WOUPkwItkKMgOHViXKG
VbTVHOT2lf4+fmpjANos5NVRVysz+gFXTq0JX8JslI5q3uwDdYEBZ3acqXUlH9Wb
P84oGEsM91dq9ZTiG+F+vk3vMqvZrOym160Vw0rbSc1JB2We4Xwj2GykBFQBh9m/
5pSTsQCpQKNj6/UDy16okm4H4h5FHhvPhPGRYbJb0cQ9CnQ76cEt4mrxfsEbCxNJ
bsFchAb9IqT2BIJNR4Au07OdeSHCW0uN3tezsUiEXn+72BKYfZHh
-----END CERTIFICATE-----