Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/63e5a5-5d4f-43ee-af70-dc73f9d9be29/1/Kfn7vj2lehtw-yq0YJyUnWHmiag.roa
File:                     Kfn7vj2lehtw-yq0YJyUnWHmiag.roa (raw, json)
Hash identifier:          owudEGJ2EuChpZ/DsT/aEBKu76ZNOLLr6AmcBwswM7I=
Subject key identifier:   29:F9:FB:BE:3D:A5:7A:1B:70:FB:2A:B4:60:9C:94:9D:61:E6:89:A8
Certificate issuer:       /CN=07feb9ae0fa8927045f83423743c4a73a27a74a7
Certificate serial:       018CC6B8CF3399E5EC3960ECD1BFE0AA8E07
Authority key identifier: 07:FE:B9:AE:0F:A8:92:70:45:F8:34:23:74:3C:4A:73:A2:7A:74:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_65rg-oknBF-DQjdDxKc6J6dKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/63e5a5-5d4f-43ee-af70-dc73f9d9be29/1/Kfn7vj2lehtw-yq0YJyUnWHmiag.roa
Signing time:             Mon 01 Jan 2024 20:30:49 +0000
ROA not before:           Mon 01 Jan 2024 20:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40913
IP address blocks:        45.158.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/63e5a5-5d4f-43ee-af70-dc73f9d9be29/1/B_65rg-oknBF-DQjdDxKc6J6dKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/63e5a5-5d4f-43ee-af70-dc73f9d9be29/1/B_65rg-oknBF-DQjdDxKc6J6dKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_65rg-oknBF-DQjdDxKc6J6dKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:cf:33:99:e5:ec:39:60:ec:d1:bf:e0:aa:8e:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07feb9ae0fa8927045f83423743c4a73a27a74a7
        Validity
            Not Before: Jan  1 20:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29f9fbbe3da57a1b70fb2ab4609c949d61e689a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:04:51:68:f8:09:f7:af:77:c9:9d:2b:72:8a:
                    48:3b:79:f7:0b:57:0b:4e:3f:c4:fc:ad:8f:b4:e4:
                    dc:38:2c:f4:39:81:c4:0f:74:11:ff:99:ee:59:4d:
                    ae:bb:47:ae:6f:63:db:c9:81:5c:af:e2:74:65:4c:
                    02:cf:93:71:a4:3a:ff:bd:c9:f9:fe:e7:e6:27:48:
                    49:f0:f2:e4:73:5f:0c:6f:02:02:aa:67:81:2e:58:
                    5b:4e:a0:9c:e6:c5:14:6d:33:95:6c:99:66:e1:09:
                    13:ef:06:98:00:b7:09:eb:ec:c0:2a:13:28:3b:07:
                    b2:4b:f1:cd:a6:e4:31:7a:95:cf:9a:b2:6e:f8:a7:
                    47:80:19:a0:ef:20:b5:de:6d:5c:b2:16:3b:db:bd:
                    84:9e:ce:d6:bc:35:e4:13:91:73:cc:77:d0:d9:72:
                    ef:8e:66:95:d3:13:91:24:27:98:f5:be:7f:ca:c0:
                    56:fc:fd:fa:19:39:91:17:cc:75:a8:57:88:23:76:
                    57:f3:4d:f5:c1:f5:f4:9d:73:ca:dc:b7:be:76:bd:
                    53:8d:3d:b5:ff:3a:d1:52:39:6f:17:11:e5:ab:78:
                    d7:4a:e4:30:37:20:de:bc:74:7e:a1:02:f8:6c:da:
                    74:e2:7f:94:96:0e:37:dc:d9:cb:88:f1:d8:98:96:
                    f7:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:F9:FB:BE:3D:A5:7A:1B:70:FB:2A:B4:60:9C:94:9D:61:E6:89:A8
            X509v3 Authority Key Identifier:
                keyid:07:FE:B9:AE:0F:A8:92:70:45:F8:34:23:74:3C:4A:73:A2:7A:74:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_65rg-oknBF-DQjdDxKc6J6dKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/63e5a5-5d4f-43ee-af70-dc73f9d9be29/1/Kfn7vj2lehtw-yq0YJyUnWHmiag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/63e5a5-5d4f-43ee-af70-dc73f9d9be29/1/B_65rg-oknBF-DQjdDxKc6J6dKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:b6:cb:21:8b:6c:56:7c:b3:c5:5a:14:1a:08:3e:b7:4e:c6:
         f8:01:ad:72:dc:a6:25:bb:47:d3:12:1d:c5:c7:6f:2b:e0:71:
         77:04:60:d4:31:05:9e:f8:ba:2b:78:53:66:98:d5:9e:6b:15:
         6d:58:49:8c:83:8d:69:d1:a4:83:07:84:9a:19:c7:c8:03:bd:
         01:a9:b6:36:9f:99:2e:be:2a:72:ed:21:79:3e:3e:90:2b:9e:
         5f:ed:81:ca:8f:9f:57:70:e2:1d:8d:83:5c:23:93:be:dc:b9:
         ce:df:b2:9e:0a:87:f1:7a:ec:3c:45:61:94:7a:4b:38:af:44:
         e1:00:42:7f:4b:b6:c6:1f:04:4e:35:61:cf:d7:71:2f:37:14:
         68:50:fe:73:6c:a6:5a:0a:20:77:7e:03:5c:f3:a7:49:8a:db:
         0e:80:69:61:b8:e4:39:b8:86:48:ec:ea:ed:4f:bc:b0:44:44:
         8a:41:11:53:7a:d8:db:cb:1a:59:60:b5:73:14:41:f5:de:a5:
         a9:71:45:49:ff:2e:c2:ec:7b:a8:38:9f:5e:08:09:1a:7e:41:
         84:38:6e:bc:a3:d5:7f:3d:fc:ab:4f:9b:64:14:ca:b4:dd:2b:
         df:ce:dc:de:79:43:2b:3b:41:23:d4:cd:eb:cf:19:aa:22:2d:
         1a:ad:eb:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuM8zmeXsOWDs0b/gqo4HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZmViOWFlMGZhODkyNzA0NWY4MzQyMzc0M2M0YTczYTI3
YTc0YTcwHhcNMjQwMTAxMjAzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWY5ZmJiZTNkYTU3YTFiNzBmYjJhYjQ2MDljOTQ5ZDYxZTY4OWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwRRaPgJ9693yZ0rcopIO3n3C1cL
Tj/E/K2PtOTcOCz0OYHED3QR/5nuWU2uu0eub2PbyYFcr+J0ZUwCz5NxpDr/vcn5
/ufmJ0hJ8PLkc18MbwICqmeBLlhbTqCc5sUUbTOVbJlm4QkT7waYALcJ6+zAKhMo
OweyS/HNpuQxepXPmrJu+KdHgBmg7yC13m1cshY7272Ens7WvDXkE5FzzHfQ2XLv
jmaV0xORJCeY9b5/ysBW/P36GTmRF8x1qFeII3ZX8031wfX0nXPK3Le+dr1TjT21
/zrRUjlvFxHlq3jXSuQwNyDevHR+oQL4bNp04n+Ulg433NnLiPHYmJb36wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCn5+749pXobcPsqtGCclJ1h5omoMB8GA1UdIwQY
MBaAFAf+ua4PqJJwRfg0I3Q8SnOienSnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl82NXJnLW9rbkJGLURRamREeEtjNko2ZEtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy82M2U1YTUtNWQ0Zi00M2VlLWFmNzAt
ZGM3M2Y5ZDliZTI5LzEvS2ZuN3ZqMmxlaHR3LXlxMFlKeVVuV0htaWFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy82M2U1YTUtNWQ0Zi00M2VlLWFmNzAtZGM3M2Y5ZDliZTI5
LzEvQl82NXJnLW9rbkJGLURRamREeEtjNko2ZEtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ6mMA0G
CSqGSIb3DQEBCwUAA4IBAQCztsshi2xWfLPFWhQaCD63Tsb4Aa1y3KYlu0fTEh3F
x28r4HF3BGDUMQWe+LoreFNmmNWeaxVtWEmMg41p0aSDB4SaGcfIA70BqbY2n5ku
vipy7SF5Pj6QK55f7YHKj59XcOIdjYNcI5O+3LnO37KeCofxeuw8RWGUeks4r0Th
AEJ/S7bGHwRONWHP13EvNxRoUP5zbKZaCiB3fgNc86dJitsOgGlhuOQ5uIZI7Ort
T7ywRESKQRFTetjbyxpZYLVzFEH13qWpcUVJ/y7C7HuoOJ9eCAkafkGEOG68o9V/
PfyrT5tkFMq03SvfztzeeUMrO0Ej1M3rzxmqIi0areuY
-----END CERTIFICATE-----