Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/0Cow-eRiXVZf2QDYq-SOFb-oX5w.roa
File:                     0Cow-eRiXVZf2QDYq-SOFb-oX5w.roa (raw, json)
Hash identifier:          d6IelubYvJkDJ9RoYbJ+aLU19pHmyb2X+HYHfq8uoGA=
Subject key identifier:   D0:2A:30:F9:E4:62:5D:56:5F:D9:00:D8:AB:E4:8E:15:BF:A8:5F:9C
Certificate issuer:       /CN=7f515ead095eed9ac4cabc5ab4ad0b5867d9f01b
Certificate serial:       01920C1674DD7FA458B70222D55986977537
Authority key identifier: 7F:51:5E:AD:09:5E:ED:9A:C4:CA:BC:5A:B4:AD:0B:58:67:D9:F0:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/0Cow-eRiXVZf2QDYq-SOFb-oX5w.roa
Signing time:             Thu 19 Sep 2024 21:00:51 +0000
ROA not before:           Thu 19 Sep 2024 21:00:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53356
IP address blocks:        45.158.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:0c:16:74:dd:7f:a4:58:b7:02:22:d5:59:86:97:75:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f515ead095eed9ac4cabc5ab4ad0b5867d9f01b
        Validity
            Not Before: Sep 19 21:00:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d02a30f9e4625d565fd900d8abe48e15bfa85f9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f7:ae:e3:ad:79:ba:1b:24:12:9a:d6:a5:c6:
                    51:cd:df:85:11:55:a2:7d:60:37:31:1d:9d:6a:30:
                    ab:f0:0d:49:9a:dc:64:a9:d7:27:a5:26:2e:01:5e:
                    80:2c:2f:1b:7d:33:2c:c2:ee:41:71:f9:37:c8:2e:
                    e7:f7:65:a4:9d:d3:23:55:68:e0:4b:a6:5d:be:72:
                    34:1c:d6:aa:0b:ff:53:7c:43:05:03:77:59:f0:91:
                    f0:d0:cc:b9:50:af:74:a4:5d:25:b4:27:e8:cc:98:
                    a5:5d:de:de:08:3e:25:92:38:52:e6:8a:6e:b0:43:
                    f5:c1:24:dc:17:ab:16:62:ce:35:57:4b:0c:78:6f:
                    c5:d3:81:0c:e0:40:6e:3b:57:27:dd:8f:3d:7c:9c:
                    11:29:2d:f3:e8:59:bf:c6:af:d4:46:8c:91:2f:00:
                    7a:6e:3e:49:81:09:1b:88:4b:f7:bf:59:42:a1:33:
                    3c:d5:0a:7a:4c:d0:61:7d:70:77:8c:b1:87:22:7e:
                    27:fc:03:e0:18:fd:81:85:fd:a6:fd:3b:72:fe:7a:
                    2d:fa:86:3a:4a:ec:bb:05:b4:de:ae:b9:90:a1:5a:
                    95:73:6c:a5:9b:ad:d9:d5:29:91:22:52:94:5b:f3:
                    6a:3e:3a:7f:b6:1e:be:44:ab:c0:f3:de:c3:2d:31:
                    8a:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:2A:30:F9:E4:62:5D:56:5F:D9:00:D8:AB:E4:8E:15:BF:A8:5F:9C
            X509v3 Authority Key Identifier:
                keyid:7F:51:5E:AD:09:5E:ED:9A:C4:CA:BC:5A:B4:AD:0B:58:67:D9:F0:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/0Cow-eRiXVZf2QDYq-SOFb-oX5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:d7:7d:d7:5c:7d:46:51:4f:49:a9:99:f0:10:26:4e:6c:ec:
         80:38:1c:5a:2d:08:4e:2f:c6:81:87:fd:ff:39:fc:c6:27:b4:
         69:33:58:98:af:2a:0f:be:e1:98:20:89:8e:81:dc:67:a3:48:
         05:98:86:73:82:45:20:be:f2:e7:e1:b6:44:20:29:91:af:08:
         83:4a:cb:fe:f6:bf:b5:52:90:e2:43:86:2c:9b:f4:53:2b:99:
         5e:f8:aa:d9:c2:13:a1:c9:12:e5:67:31:1d:86:a4:b1:f9:dc:
         0f:68:65:0a:bd:bf:a6:ec:9e:3c:39:a2:0e:32:d7:70:97:0c:
         a5:d1:69:07:52:f5:31:d2:c5:95:da:31:b5:a0:18:e9:53:9e:
         3f:98:7a:62:bb:17:94:3d:f4:c2:0b:81:21:4f:fc:0b:fc:23:
         29:39:dd:37:78:37:d3:dd:21:d0:35:78:1b:a9:95:15:f3:f1:
         26:1c:3f:cd:67:11:c0:1c:28:f2:f6:7f:75:7a:58:37:a2:23:
         a2:55:53:35:49:9e:0d:9b:3f:c4:4a:24:ae:64:6c:2d:2b:ec:
         ee:5a:97:02:16:84:fd:69:3b:85:d1:7b:a9:25:84:ef:c4:dd:
         1b:ae:65:6e:a4:af:79:68:79:6f:7e:cd:f9:ce:2e:98:cf:c5:
         47:d4:41:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIMFnTdf6RYtwIi1VmGl3U3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNTE1ZWFkMDk1ZWVkOWFjNGNhYmM1YWI0YWQwYjU4Njdk
OWYwMWIwHhcNMjQwOTE5MjEwMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDJhMzBmOWU0NjI1ZDU2NWZkOTAwZDhhYmU0OGUxNWJmYTg1ZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/eu4615uhskEprWpcZRzd+FEVWi
fWA3MR2dajCr8A1JmtxkqdcnpSYuAV6ALC8bfTMswu5Bcfk3yC7n92WkndMjVWjg
S6ZdvnI0HNaqC/9TfEMFA3dZ8JHw0My5UK90pF0ltCfozJilXd7eCD4lkjhS5opu
sEP1wSTcF6sWYs41V0sMeG/F04EM4EBuO1cn3Y89fJwRKS3z6Fm/xq/URoyRLwB6
bj5JgQkbiEv3v1lCoTM81Qp6TNBhfXB3jLGHIn4n/APgGP2Bhf2m/Tty/not+oY6
Suy7BbTerrmQoVqVc2ylm63Z1SmRIlKUW/NqPjp/th6+RKvA897DLTGKbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNAqMPnkYl1WX9kA2KvkjhW/qF+cMB8GA1UdIwQY
MBaAFH9RXq0JXu2axMq8WrStC1hn2fAbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjFGZXJRbGU3WnJFeXJ4YXRLMExXR2ZaOEJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy81YzJhNTktNjAyNS00MDBlLWFiMjgt
ZjBhNjI0ZDQwOTEyLzEvMENvdy1lUmlYVlpmMlFEWXEtU09GYi1vWDV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy81YzJhNTktNjAyNS00MDBlLWFiMjgtZjBhNjI0ZDQwOTEy
LzEvZjFGZXJRbGU3WnJFeXJ4YXRLMExXR2ZaOEJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ59MA0G
CSqGSIb3DQEBCwUAA4IBAQAJ133XXH1GUU9JqZnwECZObOyAOBxaLQhOL8aBh/3/
OfzGJ7RpM1iYryoPvuGYIImOgdxno0gFmIZzgkUgvvLn4bZEICmRrwiDSsv+9r+1
UpDiQ4Ysm/RTK5le+KrZwhOhyRLlZzEdhqSx+dwPaGUKvb+m7J48OaIOMtdwlwyl
0WkHUvUx0sWV2jG1oBjpU54/mHpiuxeUPfTCC4EhT/wL/CMpOd03eDfT3SHQNXgb
qZUV8/EmHD/NZxHAHCjy9n91elg3oiOiVVM1SZ4Nmz/ESiSuZGwtK+zuWpcCFoT9
aTuF0XupJYTvxN0brmVupK95aHlvfs35zi6Yz8VH1EHI
-----END CERTIFICATE-----