Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/63e5a5-5d4f-43ee-af70-dc73f9d9be29/1/HdNzKwswUIZpPPz8JLkFXvEIOGI.roa
File:                     HdNzKwswUIZpPPz8JLkFXvEIOGI.roa (raw, json)
Hash identifier:          767lqXY4cMMh/KSKkPNZJ3Sz1GVHWVLlBXY6eIjaCj4=
Subject key identifier:   1D:D3:73:2B:0B:30:50:86:69:3C:FC:FC:24:B9:05:5E:F1:08:38:62
Certificate issuer:       /CN=07feb9ae0fa8927045f83423743c4a73a27a74a7
Certificate serial:       018CC6B8CE7B2E6B1C65A5916439CB206763
Authority key identifier: 07:FE:B9:AE:0F:A8:92:70:45:F8:34:23:74:3C:4A:73:A2:7A:74:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_65rg-oknBF-DQjdDxKc6J6dKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/63e5a5-5d4f-43ee-af70-dc73f9d9be29/1/HdNzKwswUIZpPPz8JLkFXvEIOGI.roa
Signing time:             Mon 01 Jan 2024 20:30:49 +0000
ROA not before:           Mon 01 Jan 2024 20:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15510
IP address blocks:        45.158.164.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/63e5a5-5d4f-43ee-af70-dc73f9d9be29/1/B_65rg-oknBF-DQjdDxKc6J6dKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/63e5a5-5d4f-43ee-af70-dc73f9d9be29/1/B_65rg-oknBF-DQjdDxKc6J6dKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_65rg-oknBF-DQjdDxKc6J6dKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ce:7b:2e:6b:1c:65:a5:91:64:39:cb:20:67:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07feb9ae0fa8927045f83423743c4a73a27a74a7
        Validity
            Not Before: Jan  1 20:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dd3732b0b305086693cfcfc24b9055ef1083862
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:9a:9f:87:55:52:37:c5:45:dd:88:19:14:08:
                    77:2d:14:e8:48:79:21:42:2b:10:e2:80:24:3e:b1:
                    f3:f1:51:5d:ef:ed:04:55:6f:b9:fe:5f:a1:53:47:
                    8b:a5:77:24:51:c8:9d:a1:23:23:6d:fd:85:32:34:
                    c3:ea:fe:bd:50:23:c9:10:f6:b7:17:cd:50:62:b8:
                    39:6f:82:4a:33:d2:cc:4b:08:3f:67:e6:77:ea:cc:
                    45:0b:99:34:f2:63:e6:27:83:f0:bc:42:fa:be:8b:
                    f7:9d:f6:1f:f2:13:13:16:e0:59:cb:3a:b9:35:d0:
                    b8:39:81:3a:ad:9f:4e:e4:12:7d:19:b7:a9:c9:d4:
                    ee:dc:d1:72:f1:23:5d:4b:ba:93:c9:0d:ad:a1:6c:
                    75:2b:c3:60:6c:36:98:01:e7:0b:ef:1d:af:12:ea:
                    9c:e0:dd:e5:4a:0c:4b:05:e2:f7:6e:99:34:79:a4:
                    ea:58:be:ca:6d:1d:68:a7:f1:53:f5:21:81:f6:67:
                    56:8c:bc:ee:f1:6c:48:3e:a0:3d:ad:d4:f8:43:41:
                    68:67:68:bf:86:e0:50:90:03:51:f9:b7:b4:90:7f:
                    88:c0:be:38:79:7c:6b:84:a7:c2:15:eb:a3:57:b8:
                    f9:94:07:f5:7d:a7:6b:03:ea:ae:a7:4a:6b:4f:ce:
                    ae:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:D3:73:2B:0B:30:50:86:69:3C:FC:FC:24:B9:05:5E:F1:08:38:62
            X509v3 Authority Key Identifier:
                keyid:07:FE:B9:AE:0F:A8:92:70:45:F8:34:23:74:3C:4A:73:A2:7A:74:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_65rg-oknBF-DQjdDxKc6J6dKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/63e5a5-5d4f-43ee-af70-dc73f9d9be29/1/HdNzKwswUIZpPPz8JLkFXvEIOGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/63e5a5-5d4f-43ee-af70-dc73f9d9be29/1/B_65rg-oknBF-DQjdDxKc6J6dKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:d5:ed:78:32:20:bd:c7:aa:d3:e6:31:a9:de:da:c3:5e:8a:
         d9:d2:f8:4a:25:e7:48:0c:9c:e4:2c:8f:9f:10:12:2f:72:b6:
         0d:b8:4e:7b:cc:ec:38:7b:05:ba:c3:77:69:ad:47:f7:4e:8e:
         f6:0e:6c:17:ef:30:da:3e:ba:80:98:c4:c1:c8:da:a6:05:cb:
         11:30:b1:13:5d:5c:04:0d:3d:3c:1a:c2:3e:6b:f6:e7:cc:e8:
         d5:e9:c3:96:a9:b6:e7:70:e5:a5:d7:bf:97:88:41:02:4f:62:
         b1:bf:0c:eb:4f:81:10:13:09:d3:f6:1b:8b:aa:32:f7:6e:d1:
         c0:a8:b9:12:2a:c2:3a:61:30:92:70:5f:f9:a4:5f:b2:35:68:
         3f:d6:fc:2d:33:4a:ad:dc:42:7f:44:7d:44:9f:bd:12:4f:25:
         4a:07:4d:68:96:c4:02:93:86:17:b2:35:51:03:89:c2:a1:6a:
         f1:fc:90:81:20:3f:9c:35:94:1f:ec:ae:cd:66:16:a4:86:44:
         cc:f9:24:76:09:c5:22:44:87:69:e8:f4:f1:81:cd:34:6a:a1:
         fa:61:80:54:e5:b3:01:0e:ca:af:62:9b:2b:84:67:04:32:85:
         01:1a:d5:cf:de:41:73:56:61:99:e7:64:24:98:67:17:0e:87:
         e3:cf:31:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuM57LmscZaWRZDnLIGdjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZmViOWFlMGZhODkyNzA0NWY4MzQyMzc0M2M0YTczYTI3
YTc0YTcwHhcNMjQwMTAxMjAzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGQzNzMyYjBiMzA1MDg2NjkzY2ZjZmMyNGI5MDU1ZWYxMDgzODYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5qfh1VSN8VF3YgZFAh3LRToSHkh
QisQ4oAkPrHz8VFd7+0EVW+5/l+hU0eLpXckUcidoSMjbf2FMjTD6v69UCPJEPa3
F81QYrg5b4JKM9LMSwg/Z+Z36sxFC5k08mPmJ4PwvEL6vov3nfYf8hMTFuBZyzq5
NdC4OYE6rZ9O5BJ9GbepydTu3NFy8SNdS7qTyQ2toWx1K8NgbDaYAecL7x2vEuqc
4N3lSgxLBeL3bpk0eaTqWL7KbR1op/FT9SGB9mdWjLzu8WxIPqA9rdT4Q0FoZ2i/
huBQkANR+be0kH+IwL44eXxrhKfCFeujV7j5lAf1fadrA+qup0prT86u1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3TcysLMFCGaTz8/CS5BV7xCDhiMB8GA1UdIwQY
MBaAFAf+ua4PqJJwRfg0I3Q8SnOienSnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl82NXJnLW9rbkJGLURRamREeEtjNko2ZEtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy82M2U1YTUtNWQ0Zi00M2VlLWFmNzAt
ZGM3M2Y5ZDliZTI5LzEvSGROekt3c3dVSVpwUFB6OEpMa0ZYdkVJT0dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy82M2U1YTUtNWQ0Zi00M2VlLWFmNzAtZGM3M2Y5ZDliZTI5
LzEvQl82NXJnLW9rbkJGLURRamREeEtjNko2ZEtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ6kMA0G
CSqGSIb3DQEBCwUAA4IBAQAw1e14MiC9x6rT5jGp3trDXorZ0vhKJedIDJzkLI+f
EBIvcrYNuE57zOw4ewW6w3dprUf3To72DmwX7zDaPrqAmMTByNqmBcsRMLETXVwE
DT08GsI+a/bnzOjV6cOWqbbncOWl17+XiEECT2KxvwzrT4EQEwnT9huLqjL3btHA
qLkSKsI6YTCScF/5pF+yNWg/1vwtM0qt3EJ/RH1En70STyVKB01olsQCk4YXsjVR
A4nCoWrx/JCBID+cNZQf7K7NZhakhkTM+SR2CcUiRIdp6PTxgc00aqH6YYBU5bMB
DsqvYpsrhGcEMoUBGtXP3kFzVmGZ52QkmGcXDofjzzFZ
-----END CERTIFICATE-----