Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/CENW_7R8j2MINEWbrtztWxoU9TI.roa
File:                     CENW_7R8j2MINEWbrtztWxoU9TI.roa (raw, json)
Hash identifier:          BTlt2nsbz2U52B9qoXPWC9MPyRaY6/aQou6KiLWhKXo=
Subject key identifier:   08:43:56:FF:B4:7C:8F:63:08:34:45:9B:AE:DC:ED:5B:1A:14:F5:32
Certificate issuer:       /CN=51ecf9babc9ca6bae9085ce292fb1c2cc18d344f
Certificate serial:       018D3B9400BDDABCB8599BCE4C6A70A0C9AA
Authority key identifier: 51:EC:F9:BA:BC:9C:A6:BA:E9:08:5C:E2:92:FB:1C:2C:C1:8D:34:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uez5urycprrpCFzikvscLMGNNE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/CENW_7R8j2MINEWbrtztWxoU9TI.roa
Signing time:             Wed 24 Jan 2024 13:06:11 +0000
ROA not before:           Wed 24 Jan 2024 13:06:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29066
IP address blocks:        45.158.60.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/Uez5urycprrpCFzikvscLMGNNE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/Uez5urycprrpCFzikvscLMGNNE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uez5urycprrpCFzikvscLMGNNE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3b:94:00:bd:da:bc:b8:59:9b:ce:4c:6a:70:a0:c9:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51ecf9babc9ca6bae9085ce292fb1c2cc18d344f
        Validity
            Not Before: Jan 24 13:06:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=084356ffb47c8f630834459baedced5b1a14f532
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e9:80:9a:c0:14:33:ff:3a:3a:20:63:c9:65:
                    4a:5a:6e:1c:29:fc:58:c2:83:a1:aa:54:00:be:22:
                    c6:2b:8e:e5:70:32:88:c5:aa:08:95:bf:8e:cf:65:
                    1b:90:2b:96:e5:17:ea:05:be:ac:b1:21:f1:2d:21:
                    f6:68:ed:db:02:31:2a:35:83:9a:00:e1:b6:69:f2:
                    f7:0f:72:73:32:d8:ad:9d:2a:cc:22:17:59:c3:6f:
                    84:1d:e2:d9:7a:40:2a:46:ce:ee:90:9b:e0:db:6e:
                    ca:af:66:03:c7:ef:a1:12:6a:04:6e:30:cd:2b:bd:
                    d7:bf:43:8e:4c:b2:e5:61:d5:8b:3e:9b:33:08:17:
                    62:04:20:7b:0a:d1:bc:37:1d:b7:10:c1:0a:62:a8:
                    d2:37:41:33:86:64:08:5f:38:de:15:66:ce:75:62:
                    88:6f:a6:bc:ff:10:25:0b:d6:f5:b0:9e:ef:d0:3d:
                    1a:c5:5b:6b:7b:2c:2d:7b:39:67:b7:c7:00:43:52:
                    ae:d2:22:d8:eb:47:88:3c:2e:4a:15:43:2f:69:0a:
                    fd:c8:a2:cc:ed:c9:fb:94:9d:8f:b1:97:62:f8:3e:
                    e5:31:1e:2a:6c:a4:a2:11:58:bf:8b:cd:9a:c4:2b:
                    02:a7:3c:e1:1d:a3:fe:9d:d0:80:61:ca:f9:6d:a1:
                    6b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:43:56:FF:B4:7C:8F:63:08:34:45:9B:AE:DC:ED:5B:1A:14:F5:32
            X509v3 Authority Key Identifier:
                keyid:51:EC:F9:BA:BC:9C:A6:BA:E9:08:5C:E2:92:FB:1C:2C:C1:8D:34:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uez5urycprrpCFzikvscLMGNNE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/CENW_7R8j2MINEWbrtztWxoU9TI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/fb04c8-7057-45b7-a34c-dcfc6a9e0dc7/1/Uez5urycprrpCFzikvscLMGNNE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:e4:12:81:5a:cd:f8:63:8c:e3:7e:24:fd:72:e3:5d:07:9e:
         8f:6a:4d:ba:6b:09:37:b0:45:3d:c0:44:fa:fb:53:82:9b:66:
         56:27:08:27:f3:f4:72:6f:35:32:c1:53:ee:66:77:71:91:9d:
         34:e6:19:d8:5c:b2:4b:a3:0f:64:21:2d:f9:b4:28:49:1d:79:
         e3:4c:ff:a9:ca:2c:3f:aa:a3:b1:8f:3d:7f:ec:55:6f:a6:a1:
         98:79:55:a8:68:79:5d:4d:96:01:29:3f:56:31:3e:c8:c3:a3:
         40:59:6e:0f:39:e7:0e:b1:7e:3d:2d:dc:23:d3:f7:f0:d7:5d:
         3e:90:ce:aa:54:c9:94:8b:89:f0:f1:72:35:93:a3:b0:53:3c:
         39:a5:e3:bc:91:07:12:27:d3:98:70:15:02:df:da:6b:0f:43:
         0b:eb:b4:32:2a:3d:6c:38:cd:2a:ac:4d:31:15:39:96:e0:2e:
         4a:39:7a:2e:5a:68:0a:32:14:3d:27:89:31:df:f3:a6:ad:e2:
         1e:96:84:9b:07:03:c4:9a:96:63:71:51:2d:4e:54:dc:c9:c9:
         cd:c0:f3:70:54:fe:16:04:4a:3e:69:1d:09:83:1a:0b:97:ee:
         45:4b:71:23:93:49:42:e3:8b:a9:6a:c9:39:37:a8:7f:ab:d8:
         27:79:29:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY07lAC92ry4WZvOTGpwoMmqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxZWNmOWJhYmM5Y2E2YmFlOTA4NWNlMjkyZmIxYzJjYzE4
ZDM0NGYwHhcNMjQwMTI0MTMwNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODQzNTZmZmI0N2M4ZjYzMDgzNDQ1OWJhZWRjZWQ1YjFhMTRmNTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiumAmsAUM/86OiBjyWVKWm4cKfxY
woOhqlQAviLGK47lcDKIxaoIlb+Oz2UbkCuW5RfqBb6ssSHxLSH2aO3bAjEqNYOa
AOG2afL3D3JzMtitnSrMIhdZw2+EHeLZekAqRs7ukJvg227Kr2YDx++hEmoEbjDN
K73Xv0OOTLLlYdWLPpszCBdiBCB7CtG8Nx23EMEKYqjSN0EzhmQIXzjeFWbOdWKI
b6a8/xAlC9b1sJ7v0D0axVtreywtezlnt8cAQ1Ku0iLY60eIPC5KFUMvaQr9yKLM
7cn7lJ2PsZdi+D7lMR4qbKSiEVi/i82axCsCpzzhHaP+ndCAYcr5baFrdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAhDVv+0fI9jCDRFm67c7VsaFPUyMB8GA1UdIwQY
MBaAFFHs+bq8nKa66Qhc4pL7HCzBjTRPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWV6NXVyeWNwcnJwQ0Z6aWt2c2NMTUdOTkU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9mYjA0YzgtNzA1Ny00NWI3LWEzNGMt
ZGNmYzZhOWUwZGM3LzEvQ0VOV183UjhqMk1JTkVXYnJ0enRXeG9VOVRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9mYjA0YzgtNzA1Ny00NWI3LWEzNGMtZGNmYzZhOWUwZGM3
LzEvVWV6NXVyeWNwcnJwQ0Z6aWt2c2NMTUdOTkU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZ48MA0G
CSqGSIb3DQEBCwUAA4IBAQAj5BKBWs34Y4zjfiT9cuNdB56Pak26awk3sEU9wET6
+1OCm2ZWJwgn8/RybzUywVPuZndxkZ005hnYXLJLow9kIS35tChJHXnjTP+pyiw/
qqOxjz1/7FVvpqGYeVWoaHldTZYBKT9WMT7Iw6NAWW4POecOsX49Ldwj0/fw110+
kM6qVMmUi4nw8XI1k6OwUzw5peO8kQcSJ9OYcBUC39prD0ML67QyKj1sOM0qrE0x
FTmW4C5KOXouWmgKMhQ9J4kx3/OmreIeloSbBwPEmpZjcVEtTlTcycnNwPNwVP4W
BEo+aR0JgxoLl+5FS3Ejk0lC44upask5N6h/q9gneSk2
-----END CERTIFICATE-----