Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/H-y-W9RsfkQ7Mnls-83J61LoDF4.roa
File:                     H-y-W9RsfkQ7Mnls-83J61LoDF4.roa (raw, json)
Hash identifier:          hUlvJJlD51FGej4NW3Ox3Z0r/Ako/ldikZLmQiBPH5M=
Subject key identifier:   1F:EC:BE:5B:D4:6C:7E:44:3B:32:79:6C:FB:CD:C9:EB:52:E8:0C:5E
Certificate issuer:       /CN=7f515ead095eed9ac4cabc5ab4ad0b5867d9f01b
Certificate serial:       0191C77422CEF65264B089C5995D56090D35
Authority key identifier: 7F:51:5E:AD:09:5E:ED:9A:C4:CA:BC:5A:B4:AD:0B:58:67:D9:F0:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/H-y-W9RsfkQ7Mnls-83J61LoDF4.roa
Signing time:             Fri 06 Sep 2024 13:09:22 +0000
ROA not before:           Fri 06 Sep 2024 13:09:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199058
IP address blocks:        45.158.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c7:74:22:ce:f6:52:64:b0:89:c5:99:5d:56:09:0d:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f515ead095eed9ac4cabc5ab4ad0b5867d9f01b
        Validity
            Not Before: Sep  6 13:09:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fecbe5bd46c7e443b32796cfbcdc9eb52e80c5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:1b:f5:25:aa:d4:ef:e4:1f:e1:68:e1:95:42:
                    ca:86:aa:6e:2a:d5:23:c3:59:00:3b:8f:f0:86:88:
                    bf:b0:40:f9:b0:ea:26:5f:65:73:6e:86:dc:35:c4:
                    92:48:7d:41:f2:10:5d:b8:2d:69:0f:48:44:cf:1c:
                    5f:57:cb:88:92:09:44:71:81:93:eb:14:bd:bb:6d:
                    61:da:47:7c:9b:19:0e:ef:1d:34:a2:c3:59:5f:a8:
                    56:88:d6:96:f0:60:d4:bb:ff:b7:02:db:90:73:cb:
                    7a:c7:b4:8b:f3:e2:08:6b:a5:b4:67:b8:19:be:e2:
                    4c:14:f5:d6:2f:1e:5b:03:0f:0a:19:21:16:a6:44:
                    5d:83:d3:ed:aa:d9:25:13:0d:5e:92:a6:0d:57:2a:
                    14:67:b3:2d:6d:d1:b2:e7:10:46:ed:8b:3c:c1:13:
                    5d:e6:c4:df:d6:d9:9c:8f:5e:c7:a9:b8:f4:77:fa:
                    18:88:ce:09:12:a1:82:34:41:b0:bf:7a:5b:25:3f:
                    18:9f:a7:86:05:0e:a3:31:ce:44:a5:e9:83:bb:22:
                    0b:8a:9c:ee:0d:a3:2c:a3:d3:5a:a2:23:bb:3a:30:
                    29:5b:2e:79:51:fd:5e:77:d3:9f:9b:43:df:98:10:
                    6b:90:1b:34:e2:cc:68:be:ca:1e:e7:46:0e:0f:9d:
                    7f:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:EC:BE:5B:D4:6C:7E:44:3B:32:79:6C:FB:CD:C9:EB:52:E8:0C:5E
            X509v3 Authority Key Identifier:
                keyid:7F:51:5E:AD:09:5E:ED:9A:C4:CA:BC:5A:B4:AD:0B:58:67:D9:F0:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/H-y-W9RsfkQ7Mnls-83J61LoDF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:97:83:11:72:83:1b:f6:9f:0b:df:7a:61:21:59:26:7f:33:
         3a:05:89:2c:b9:2f:4b:f9:99:a2:f3:5c:43:b7:1e:98:46:1f:
         01:86:31:11:9e:f3:1f:ab:4d:65:a0:f9:71:f3:a6:f0:41:6e:
         80:d1:1e:6e:34:68:d0:d8:af:55:ee:10:2c:4b:13:a7:e4:21:
         62:be:80:ec:72:b4:fd:bd:0b:ef:3e:7c:80:a2:16:bc:13:26:
         c8:5e:2f:5e:f7:ef:c9:63:78:e2:c6:9f:0c:36:5f:2b:22:ec:
         1d:a7:2e:7c:06:10:21:80:35:2b:70:97:0c:ff:20:4c:4d:da:
         4b:d8:ad:db:d5:90:37:5c:d6:9e:99:3c:a5:f6:bc:59:4b:17:
         05:3e:74:b5:d1:69:1c:f6:0f:83:7a:88:72:28:bf:5d:dc:e0:
         02:d6:c0:da:56:ff:c5:cf:8b:48:e5:d5:56:a7:3e:df:f1:f9:
         4c:6f:22:c1:8f:cf:ea:67:e9:12:41:38:02:3a:6f:5e:17:e4:
         6d:24:ce:2c:57:66:74:c6:48:09:96:d6:b8:2e:3e:04:02:14:
         41:69:f2:f3:26:a4:dd:fc:71:5a:b8:62:71:1e:4a:38:97:e7:
         20:04:8a:9a:85:26:db:95:6a:3f:de:ad:d1:bb:fa:8d:12:9e:
         cf:ea:9c:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHHdCLO9lJksInFmV1WCQ01MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNTE1ZWFkMDk1ZWVkOWFjNGNhYmM1YWI0YWQwYjU4Njdk
OWYwMWIwHhcNMjQwOTA2MTMwOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmVjYmU1YmQ0NmM3ZTQ0M2IzMjc5NmNmYmNkYzllYjUyZTgwYzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Bv1JarU7+Qf4WjhlULKhqpuKtUj
w1kAO4/whoi/sED5sOomX2VzbobcNcSSSH1B8hBduC1pD0hEzxxfV8uIkglEcYGT
6xS9u21h2kd8mxkO7x00osNZX6hWiNaW8GDUu/+3AtuQc8t6x7SL8+IIa6W0Z7gZ
vuJMFPXWLx5bAw8KGSEWpkRdg9PtqtklEw1ekqYNVyoUZ7MtbdGy5xBG7Ys8wRNd
5sTf1tmcj17Hqbj0d/oYiM4JEqGCNEGwv3pbJT8Yn6eGBQ6jMc5EpemDuyILipzu
DaMso9NaoiO7OjApWy55Uf1ed9Ofm0PfmBBrkBs04sxovsoe50YOD51/zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/svlvUbH5EOzJ5bPvNyetS6AxeMB8GA1UdIwQY
MBaAFH9RXq0JXu2axMq8WrStC1hn2fAbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjFGZXJRbGU3WnJFeXJ4YXRLMExXR2ZaOEJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy81YzJhNTktNjAyNS00MDBlLWFiMjgt
ZjBhNjI0ZDQwOTEyLzEvSC15LVc5UnNma1E3TW5scy04M0o2MUxvREY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy81YzJhNTktNjAyNS00MDBlLWFiMjgtZjBhNjI0ZDQwOTEy
LzEvZjFGZXJRbGU3WnJFeXJ4YXRLMExXR2ZaOEJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ5/MA0G
CSqGSIb3DQEBCwUAA4IBAQAkl4MRcoMb9p8L33phIVkmfzM6BYksuS9L+Zmi81xD
tx6YRh8BhjERnvMfq01loPlx86bwQW6A0R5uNGjQ2K9V7hAsSxOn5CFivoDscrT9
vQvvPnyAoha8EybIXi9e9+/JY3jixp8MNl8rIuwdpy58BhAhgDUrcJcM/yBMTdpL
2K3b1ZA3XNaemTyl9rxZSxcFPnS10Wkc9g+DeohyKL9d3OAC1sDaVv/Fz4tI5dVW
pz7f8flMbyLBj8/qZ+kSQTgCOm9eF+RtJM4sV2Z0xkgJlta4Lj4EAhRBafLzJqTd
/HFauGJxHko4l+cgBIqahSbblWo/3q3Ru/qNEp7P6pzx
-----END CERTIFICATE-----