Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/cWGh-YeqJJ15a1wMYDPbFLsgtE4.roa
File:                     cWGh-YeqJJ15a1wMYDPbFLsgtE4.roa (raw, json)
Hash identifier:          tsqhpY3TmYQ2Z5Huu0WnwydjgN4ESIcZnUW7PEAbDO0=
Subject key identifier:   71:61:A1:F9:87:AA:24:9D:79:6B:5C:0C:60:33:DB:14:BB:20:B4:4E
Certificate issuer:       /CN=7ca643bb399c6d87adc4c7cba5d2b72fbd00d046
Certificate serial:       018CC26D0422CC0EEAFB417FD29F8EBC85DE
Authority key identifier: 7C:A6:43:BB:39:9C:6D:87:AD:C4:C7:CB:A5:D2:B7:2F:BD:00:D0:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fKZDuzmcbYetxMfLpdK3L70A0EY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/cWGh-YeqJJ15a1wMYDPbFLsgtE4.roa
Signing time:             Mon 01 Jan 2024 00:29:33 +0000
ROA not before:           Mon 01 Jan 2024 00:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        45.82.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/fKZDuzmcbYetxMfLpdK3L70A0EY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/fKZDuzmcbYetxMfLpdK3L70A0EY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fKZDuzmcbYetxMfLpdK3L70A0EY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 21:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:04:22:cc:0e:ea:fb:41:7f:d2:9f:8e:bc:85:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ca643bb399c6d87adc4c7cba5d2b72fbd00d046
        Validity
            Not Before: Jan  1 00:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7161a1f987aa249d796b5c0c6033db14bb20b44e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6f:e4:d3:b3:4d:df:8e:35:24:e8:d1:d2:b4:
                    35:6c:95:0e:8c:03:5c:57:3c:68:38:55:9d:86:13:
                    4a:85:85:0d:f4:27:8c:c6:8f:8f:f2:5e:93:51:68:
                    16:45:54:8b:7d:f1:83:21:ca:1a:70:af:ce:15:71:
                    04:a5:36:66:9a:bf:3d:d3:20:fe:8d:8f:91:bf:aa:
                    00:52:7d:b0:35:a3:87:98:13:d4:76:2d:d4:6e:f8:
                    78:01:11:42:8a:ad:37:1f:5b:35:2e:53:eb:2a:1c:
                    ad:d7:47:8f:89:34:12:ad:d6:bb:39:d5:56:13:6b:
                    3b:0b:8d:97:3a:41:ae:ad:de:af:8f:3e:85:d6:e4:
                    ef:47:09:7e:b4:19:d3:e1:ee:16:13:2d:b8:bf:c9:
                    71:fc:8d:88:cf:70:19:eb:a2:f2:ab:af:3f:25:89:
                    01:85:c7:02:99:00:12:b9:a6:b5:e0:29:44:72:ea:
                    32:b0:6b:f6:a4:51:91:cf:86:34:8f:2d:f0:32:be:
                    9c:51:54:1a:42:72:e2:e4:32:bc:fc:38:70:33:65:
                    fb:15:8e:16:17:e4:f0:7c:cb:30:42:9e:05:3d:80:
                    d2:a0:92:32:b5:7d:1b:00:bf:2f:c8:79:ab:0e:6e:
                    86:6b:ef:e4:b4:3a:33:c6:ba:b0:9c:cb:0f:24:a0:
                    48:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:61:A1:F9:87:AA:24:9D:79:6B:5C:0C:60:33:DB:14:BB:20:B4:4E
            X509v3 Authority Key Identifier:
                keyid:7C:A6:43:BB:39:9C:6D:87:AD:C4:C7:CB:A5:D2:B7:2F:BD:00:D0:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fKZDuzmcbYetxMfLpdK3L70A0EY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/cWGh-YeqJJ15a1wMYDPbFLsgtE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/fKZDuzmcbYetxMfLpdK3L70A0EY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:79:ac:42:90:94:95:33:4c:90:b2:cc:d9:27:04:27:23:ae:
         c2:55:02:7e:10:7a:07:ed:3a:e4:33:d1:bc:38:80:58:51:55:
         54:95:83:77:19:87:04:5f:e7:cb:26:ce:84:7d:ff:01:ba:24:
         82:55:5f:e3:9d:ac:aa:e4:3a:ee:04:38:df:3c:8b:1e:81:5c:
         7b:3e:92:51:2d:5d:85:e5:55:e5:04:5b:d9:8e:9e:8c:8c:7e:
         b3:25:c5:f0:c3:40:47:08:a2:63:5e:65:95:92:5c:d6:dd:3f:
         9c:f4:eb:a4:00:c8:f7:fb:14:34:c7:8e:60:65:38:67:fa:41:
         41:d3:6e:ec:39:71:28:49:83:6b:c6:de:47:d6:65:ff:1a:83:
         2b:59:54:60:e9:a2:dc:04:f3:65:6d:7a:32:03:13:66:5d:9d:
         37:4c:aa:76:7a:43:93:c6:44:29:cb:68:86:c1:42:59:84:bd:
         a7:a7:1c:7b:99:d2:3b:9f:8d:29:61:bd:0b:90:7b:83:3c:37:
         d6:fb:d3:f4:b9:4e:79:e0:c0:0e:4c:32:3d:df:fc:cc:aa:8d:
         8b:cd:1f:b9:ca:d4:80:d4:a6:2b:e6:10:5b:c8:70:38:ef:a7:
         2e:d9:ed:bf:4e:cb:77:51:d5:3b:d8:0f:2e:da:a5:4c:0c:4e:
         bf:81:5f:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQQizA7q+0F/0p+OvIXeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjYTY0M2JiMzk5YzZkODdhZGM0YzdjYmE1ZDJiNzJmYmQw
MGQwNDYwHhcNMjQwMTAxMDAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTYxYTFmOTg3YWEyNDlkNzk2YjVjMGM2MDMzZGIxNGJiMjBiNDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2/k07NN3441JOjR0rQ1bJUOjANc
VzxoOFWdhhNKhYUN9CeMxo+P8l6TUWgWRVSLffGDIcoacK/OFXEEpTZmmr890yD+
jY+Rv6oAUn2wNaOHmBPUdi3Ubvh4ARFCiq03H1s1LlPrKhyt10ePiTQSrda7OdVW
E2s7C42XOkGurd6vjz6F1uTvRwl+tBnT4e4WEy24v8lx/I2Iz3AZ66Lyq68/JYkB
hccCmQASuaa14ClEcuoysGv2pFGRz4Y0jy3wMr6cUVQaQnLi5DK8/DhwM2X7FY4W
F+TwfMswQp4FPYDSoJIytX0bAL8vyHmrDm6Ga+/ktDozxrqwnMsPJKBInwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFhofmHqiSdeWtcDGAz2xS7ILROMB8GA1UdIwQY
MBaAFHymQ7s5nG2HrcTHy6XSty+9ANBGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZktaRHV6bWNiWWV0eE1mTHBkSzNMNzBBMEVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9jMDMwMWQtNTgwMS00YWM2LWI1MDMt
NDRlYTY0NzIxYzllLzEvY1dHaC1ZZXFKSjE1YTF3TVlEUGJGTHNndEU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9jMDMwMWQtNTgwMS00YWM2LWI1MDMtNDRlYTY0NzIxYzll
LzEvZktaRHV6bWNiWWV0eE1mTHBkSzNMNzBBMEVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVIqMA0G
CSqGSIb3DQEBCwUAA4IBAQAWeaxCkJSVM0yQsszZJwQnI67CVQJ+EHoH7TrkM9G8
OIBYUVVUlYN3GYcEX+fLJs6Eff8BuiSCVV/jnayq5DruBDjfPIsegVx7PpJRLV2F
5VXlBFvZjp6MjH6zJcXww0BHCKJjXmWVklzW3T+c9OukAMj3+xQ0x45gZThn+kFB
027sOXEoSYNrxt5H1mX/GoMrWVRg6aLcBPNlbXoyAxNmXZ03TKp2ekOTxkQpy2iG
wUJZhL2npxx7mdI7n40pYb0LkHuDPDfW+9P0uU554MAOTDI93/zMqo2LzR+5ytSA
1KYr5hBbyHA476cu2e2/Tst3UdU72A8u2qVMDE6/gV87
-----END CERTIFICATE-----