Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/d0cc41-c8f1-4a44-91f0-d1a4599cb0e5/1/J55h7KPixZEPWLQawzaJhw9KaDw.roa
File:                     J55h7KPixZEPWLQawzaJhw9KaDw.roa (raw, json)
Hash identifier:          Fa5z48VSYGFFuxQSVqR0kxY8xOtGeCOyfWZ1IMVW9jo=
Subject key identifier:   27:9E:61:EC:A3:E2:C5:91:0F:58:B4:1A:C3:36:89:87:0F:4A:68:3C
Certificate issuer:       /CN=f7d32e75294187d46e8eae0f8fe72b5fd7abf886
Certificate serial:       018E53E0CC7533934A1FF9E1EAFF7223B170
Authority key identifier: F7:D3:2E:75:29:41:87:D4:6E:8E:AE:0F:8F:E7:2B:5F:D7:AB:F8:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/99MudSlBh9Rujq4Pj-crX9er-IY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/d0cc41-c8f1-4a44-91f0-d1a4599cb0e5/1/J55h7KPixZEPWLQawzaJhw9KaDw.roa
Signing time:             Mon 18 Mar 2024 23:23:44 +0000
ROA not before:           Mon 18 Mar 2024 23:23:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215424
IP address blocks:        45.14.76.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/d0cc41-c8f1-4a44-91f0-d1a4599cb0e5/1/99MudSlBh9Rujq4Pj-crX9er-IY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/d0cc41-c8f1-4a44-91f0-d1a4599cb0e5/1/99MudSlBh9Rujq4Pj-crX9er-IY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/99MudSlBh9Rujq4Pj-crX9er-IY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 05:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:53:e0:cc:75:33:93:4a:1f:f9:e1:ea:ff:72:23:b1:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7d32e75294187d46e8eae0f8fe72b5fd7abf886
        Validity
            Not Before: Mar 18 23:23:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=279e61eca3e2c5910f58b41ac33689870f4a683c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:20:df:11:98:49:9c:91:d3:89:8c:89:0f:ca:
                    56:df:fa:77:87:fe:e9:c4:3a:d2:96:49:39:4c:1e:
                    22:c5:df:2a:72:42:31:08:d5:8b:0a:7b:59:ae:76:
                    12:7e:96:9d:1b:d7:cb:57:c5:82:18:d4:52:05:76:
                    5d:92:97:28:af:f2:45:65:d8:f2:0f:bd:fb:12:dc:
                    16:cb:5a:a2:09:43:9c:12:85:3a:07:15:e9:dd:96:
                    5c:a1:21:ff:ae:f6:ff:75:a5:cf:8c:30:13:4b:1e:
                    9a:c2:8b:7a:10:55:32:b1:7d:89:97:89:9e:b2:83:
                    4f:e3:ac:f0:1d:6b:3d:ec:da:ba:83:26:56:ad:68:
                    0a:ed:dc:d2:45:ed:87:6e:8d:4e:1b:ff:bd:2e:6a:
                    11:81:39:fc:49:15:4a:15:bb:8c:e3:54:47:42:19:
                    d9:99:b6:dd:42:d7:7b:53:66:56:e3:a9:12:db:b0:
                    e1:a7:cf:f1:60:1b:a3:49:07:dd:a0:bd:56:f0:b3:
                    4e:08:29:f1:7b:5d:88:46:87:a0:50:f4:9b:c1:1f:
                    57:cf:c0:a7:0e:3e:21:46:fa:6e:bc:3a:ce:cf:d9:
                    5f:86:a1:bf:86:c7:4e:e7:40:1a:d0:b7:49:03:42:
                    a3:20:78:42:3c:87:19:05:a4:b8:57:7a:d1:bb:f1:
                    fa:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:9E:61:EC:A3:E2:C5:91:0F:58:B4:1A:C3:36:89:87:0F:4A:68:3C
            X509v3 Authority Key Identifier:
                keyid:F7:D3:2E:75:29:41:87:D4:6E:8E:AE:0F:8F:E7:2B:5F:D7:AB:F8:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/99MudSlBh9Rujq4Pj-crX9er-IY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d0cc41-c8f1-4a44-91f0-d1a4599cb0e5/1/J55h7KPixZEPWLQawzaJhw9KaDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d0cc41-c8f1-4a44-91f0-d1a4599cb0e5/1/99MudSlBh9Rujq4Pj-crX9er-IY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:d2:7d:23:af:07:30:f0:ac:9f:4a:ea:b8:37:41:1c:57:99:
         55:4a:aa:41:1b:9c:2f:7d:9b:c7:2b:30:09:ea:4a:bd:28:2e:
         a4:6e:c5:cb:82:f2:63:6a:86:d9:c6:3a:ba:9b:a1:35:80:00:
         31:ad:14:ba:8b:af:1b:ad:67:05:d7:00:89:ec:ce:b2:3f:96:
         7d:ed:09:ca:8a:8b:58:0b:e9:52:11:c0:0a:21:18:8f:19:0d:
         9e:af:75:1f:1d:91:b2:f4:46:01:df:62:f1:df:88:1a:50:96:
         0b:3a:7c:1e:00:87:f5:a6:ff:cf:18:03:94:1e:0f:ec:8b:5a:
         b4:3a:18:ef:5d:55:10:83:ad:26:d5:39:db:04:39:1b:f7:af:
         17:6b:12:be:07:bd:90:a3:8f:e6:c6:c2:c1:5b:67:64:b0:60:
         28:55:49:23:6f:a0:fa:4e:c1:20:f6:6c:10:ce:08:c3:19:70:
         9a:a0:ab:83:b5:3c:be:19:d0:ca:b4:86:b0:d8:13:dc:36:83:
         81:00:a4:63:05:25:ef:07:3d:ea:02:23:fd:15:94:e2:15:87:
         e6:bb:0c:7e:bb:84:20:b0:90:ed:fd:46:1c:8a:81:ca:b8:9d:
         aa:63:d9:19:a9:4e:5b:1d:5d:ac:a5:72:cf:f8:cb:96:52:e1:
         cb:6e:58:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5T4Mx1M5NKH/nh6v9yI7FwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3ZDMyZTc1Mjk0MTg3ZDQ2ZThlYWUwZjhmZTcyYjVmZDdh
YmY4ODYwHhcNMjQwMzE4MjMyMzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzllNjFlY2EzZTJjNTkxMGY1OGI0MWFjMzM2ODk4NzBmNGE2ODNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSDfEZhJnJHTiYyJD8pW3/p3h/7p
xDrSlkk5TB4ixd8qckIxCNWLCntZrnYSfpadG9fLV8WCGNRSBXZdkpcor/JFZdjy
D737EtwWy1qiCUOcEoU6BxXp3ZZcoSH/rvb/daXPjDATSx6awot6EFUysX2Jl4me
soNP46zwHWs97Nq6gyZWrWgK7dzSRe2Hbo1OG/+9LmoRgTn8SRVKFbuM41RHQhnZ
mbbdQtd7U2ZW46kS27Dhp8/xYBujSQfdoL1W8LNOCCnxe12IRoegUPSbwR9Xz8Cn
Dj4hRvpuvDrOz9lfhqG/hsdO50Aa0LdJA0KjIHhCPIcZBaS4V3rRu/H6aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCeeYeyj4sWRD1i0GsM2iYcPSmg8MB8GA1UdIwQY
MBaAFPfTLnUpQYfUbo6uD4/nK1/Xq/iGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTlNdWRTbEJoOVJ1anE0UGotY3JYOWVyLUlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9kMGNjNDEtYzhmMS00YTQ0LTkxZjAt
ZDFhNDU5OWNiMGU1LzEvSjU1aDdLUGl4WkVQV0xRYXd6YUpodzlLYUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9kMGNjNDEtYzhmMS00YTQ0LTkxZjAtZDFhNDU5OWNiMGU1
LzEvOTlNdWRTbEJoOVJ1anE0UGotY3JYOWVyLUlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ5MMA0G
CSqGSIb3DQEBCwUAA4IBAQAl0n0jrwcw8KyfSuq4N0EcV5lVSqpBG5wvfZvHKzAJ
6kq9KC6kbsXLgvJjaobZxjq6m6E1gAAxrRS6i68brWcF1wCJ7M6yP5Z97QnKiotY
C+lSEcAKIRiPGQ2er3UfHZGy9EYB32Lx34gaUJYLOnweAIf1pv/PGAOUHg/si1q0
OhjvXVUQg60m1TnbBDkb968XaxK+B72Qo4/mxsLBW2dksGAoVUkjb6D6TsEg9mwQ
zgjDGXCaoKuDtTy+GdDKtIaw2BPcNoOBAKRjBSXvBz3qAiP9FZTiFYfmuwx+u4Qg
sJDt/UYcioHKuJ2qY9kZqU5bHV2spXLP+MuWUuHLblhQ
-----END CERTIFICATE-----