Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/pfi_FF0ImSuPDaNlaP43SqUQDME.roa
File:                     pfi_FF0ImSuPDaNlaP43SqUQDME.roa (raw, json)
Hash identifier:          JTCvHIRbW+dwrg0CDqHL+4aK1M2G4sHyN2quKYHRde0=
Subject key identifier:   A5:F8:BF:14:5D:08:99:2B:8F:0D:A3:65:68:FE:37:4A:A5:10:0C:C1
Certificate issuer:       /CN=7f515ead095eed9ac4cabc5ab4ad0b5867d9f01b
Certificate serial:       0191C7724DBD7B66AA6048480247F77F844C
Authority key identifier: 7F:51:5E:AD:09:5E:ED:9A:C4:CA:BC:5A:B4:AD:0B:58:67:D9:F0:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/pfi_FF0ImSuPDaNlaP43SqUQDME.roa
Signing time:             Fri 06 Sep 2024 13:07:22 +0000
ROA not before:           Fri 06 Sep 2024 13:07:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34827
IP address blocks:        45.158.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c7:72:4d:bd:7b:66:aa:60:48:48:02:47:f7:7f:84:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f515ead095eed9ac4cabc5ab4ad0b5867d9f01b
        Validity
            Not Before: Sep  6 13:07:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5f8bf145d08992b8f0da36568fe374aa5100cc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d6:01:be:e9:83:b1:23:37:e3:4f:f9:10:68:
                    d0:98:7d:6f:f3:b3:75:65:c2:75:7e:4a:34:59:60:
                    cf:66:30:e3:86:d3:38:6f:dd:75:33:3f:5d:af:42:
                    fd:90:63:c2:08:b3:72:b3:e9:f9:73:c9:c3:71:7f:
                    e1:33:d2:67:b5:15:53:65:df:43:3d:3b:fd:1c:18:
                    bc:c1:65:ed:61:ff:a0:fd:7d:b8:e3:ca:a9:0a:d1:
                    e8:18:db:15:34:cb:c0:f7:c4:69:a8:bb:c8:cc:1b:
                    4f:e2:82:b1:f6:da:e6:1d:23:80:17:23:8c:93:9c:
                    36:5f:10:79:96:39:4d:97:de:cd:6c:40:7c:ca:36:
                    3e:c9:dd:e9:6c:0e:6f:a0:52:ac:54:45:98:68:97:
                    5e:84:46:ea:3d:33:53:94:d7:64:55:00:ad:f9:f5:
                    8b:a6:57:b5:19:77:a0:2b:c2:3e:7a:56:1f:2a:85:
                    52:ce:ac:6d:10:ef:77:de:98:e7:79:4d:23:b2:91:
                    ef:af:a0:dd:8e:45:41:4f:7d:7c:82:ff:ff:21:d2:
                    20:d6:25:5a:2f:b9:e2:fc:58:51:c3:80:db:fc:fe:
                    73:54:7f:1e:81:4b:a0:32:9c:9b:18:46:eb:f1:e3:
                    43:d3:ba:00:22:9d:a0:96:ab:6b:8c:d6:91:a5:d6:
                    16:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:F8:BF:14:5D:08:99:2B:8F:0D:A3:65:68:FE:37:4A:A5:10:0C:C1
            X509v3 Authority Key Identifier:
                keyid:7F:51:5E:AD:09:5E:ED:9A:C4:CA:BC:5A:B4:AD:0B:58:67:D9:F0:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/pfi_FF0ImSuPDaNlaP43SqUQDME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:86:76:29:58:7e:5f:d1:1f:2d:c8:54:c8:d2:5c:f0:90:06:
         be:47:32:40:66:2b:b9:36:69:21:ac:35:70:95:41:25:ee:f4:
         96:8a:3e:a0:22:2a:d6:b5:96:37:c6:b7:fe:e3:66:e5:11:c7:
         92:8d:21:3f:30:10:96:10:de:37:fa:e9:5c:fe:e9:4b:4a:f4:
         e8:f9:3a:51:0b:9e:0b:51:d9:9a:a4:0e:81:15:9f:41:bc:0f:
         68:1c:d7:b8:e9:ee:7f:49:41:51:7b:ae:3e:62:c7:75:25:e4:
         11:25:14:16:28:b5:15:cd:2c:0d:70:3c:d9:2f:dd:f6:d7:ec:
         42:95:2f:4b:2c:4f:49:90:8e:27:37:f4:d9:52:9c:93:56:c9:
         5c:a8:ec:51:32:a9:ad:72:66:7f:3c:87:f2:3c:8f:4d:a8:c9:
         12:d6:3d:1c:32:ae:f2:53:1b:0e:d1:94:57:b0:a6:04:e6:01:
         91:47:9a:89:63:6c:7d:8a:d9:4c:bd:9d:2a:cf:87:e5:b5:e0:
         f6:63:7c:e0:f1:9b:54:40:47:ff:5b:7a:00:6b:04:18:cb:ae:
         a2:3e:7b:90:8c:7c:0d:0a:36:55:18:75:6b:64:19:8b:db:49:
         e6:db:c9:0b:c9:96:9f:ca:37:93:66:a0:a3:e8:42:67:b6:9f:
         12:1c:db:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHHck29e2aqYEhIAkf3f4RMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNTE1ZWFkMDk1ZWVkOWFjNGNhYmM1YWI0YWQwYjU4Njdk
OWYwMWIwHhcNMjQwOTA2MTMwNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWY4YmYxNDVkMDg5OTJiOGYwZGEzNjU2OGZlMzc0YWE1MTAwY2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9YBvumDsSM340/5EGjQmH1v87N1
ZcJ1fko0WWDPZjDjhtM4b911Mz9dr0L9kGPCCLNys+n5c8nDcX/hM9JntRVTZd9D
PTv9HBi8wWXtYf+g/X2448qpCtHoGNsVNMvA98RpqLvIzBtP4oKx9trmHSOAFyOM
k5w2XxB5ljlNl97NbEB8yjY+yd3pbA5voFKsVEWYaJdehEbqPTNTlNdkVQCt+fWL
ple1GXegK8I+elYfKoVSzqxtEO933pjneU0jspHvr6DdjkVBT318gv//IdIg1iVa
L7ni/FhRw4Db/P5zVH8egUugMpybGEbr8eND07oAIp2glqtrjNaRpdYWQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKX4vxRdCJkrjw2jZWj+N0qlEAzBMB8GA1UdIwQY
MBaAFH9RXq0JXu2axMq8WrStC1hn2fAbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjFGZXJRbGU3WnJFeXJ4YXRLMExXR2ZaOEJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy81YzJhNTktNjAyNS00MDBlLWFiMjgt
ZjBhNjI0ZDQwOTEyLzEvcGZpX0ZGMEltU3VQRGFObGFQNDNTcVVRRE1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy81YzJhNTktNjAyNS00MDBlLWFiMjgtZjBhNjI0ZDQwOTEy
LzEvZjFGZXJRbGU3WnJFeXJ4YXRLMExXR2ZaOEJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ58MA0G
CSqGSIb3DQEBCwUAA4IBAQBuhnYpWH5f0R8tyFTI0lzwkAa+RzJAZiu5NmkhrDVw
lUEl7vSWij6gIirWtZY3xrf+42blEceSjSE/MBCWEN43+ulc/ulLSvTo+TpRC54L
UdmapA6BFZ9BvA9oHNe46e5/SUFRe64+Ysd1JeQRJRQWKLUVzSwNcDzZL9321+xC
lS9LLE9JkI4nN/TZUpyTVslcqOxRMqmtcmZ/PIfyPI9NqMkS1j0cMq7yUxsO0ZRX
sKYE5gGRR5qJY2x9itlMvZ0qz4flteD2Y3zg8ZtUQEf/W3oAawQYy66iPnuQjHwN
CjZVGHVrZBmL20nm28kLyZafyjeTZqCj6EJntp8SHNui
-----END CERTIFICATE-----