Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/fhP4HhMVU2QS_NeW9WXslt8CdQI.roa
File:                     fhP4HhMVU2QS_NeW9WXslt8CdQI.roa (raw, json)
Hash identifier:          soPxwZr6W8CIzC7ESGR/UIRQmDIjV0zA07GKfqUMGOc=
Subject key identifier:   7E:13:F8:1E:13:15:53:64:12:FC:D7:96:F5:65:EC:96:DF:02:75:02
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC9D2B50902A8DD88922C9CBFDC5F1E0A
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/fhP4HhMVU2QS_NeW9WXslt8CdQI.roa
Signing time:             Tue 02 Jan 2024 10:57:58 +0000
ROA not before:           Tue 02 Jan 2024 10:57:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207923
IP address blocks:        45.158.100.0/22 maxlen: 24
                          2a0f:4c40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:d2:b5:09:02:a8:dd:88:92:2c:9c:bf:dc:5f:1e:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  2 10:57:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e13f81e1315536412fcd796f565ec96df027502
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:73:db:e6:f3:2a:12:d8:2b:ca:06:65:cf:e9:
                    0a:f9:c3:bd:ff:92:b2:9c:86:62:f1:78:f3:75:1f:
                    ef:63:3c:d9:4c:00:25:d4:38:2f:68:9c:cd:98:0d:
                    c1:c6:21:a4:98:f8:25:3d:bf:02:18:79:c6:71:85:
                    0e:78:b5:b4:a7:75:db:ce:49:c9:3d:7a:33:a1:1b:
                    35:cb:2c:01:38:eb:2a:a7:91:57:13:9e:c6:52:ff:
                    2b:bf:f5:d3:bc:7d:09:b1:9c:74:29:b8:66:13:8b:
                    d7:b6:cb:c3:a3:63:26:df:f1:22:5a:43:95:07:c4:
                    e0:51:6a:8b:27:f5:8c:1f:44:84:43:f6:4f:05:22:
                    18:41:17:81:fc:af:52:f2:fa:f4:91:e1:11:6c:8e:
                    ec:a2:d7:04:73:b5:dc:a6:b4:78:a3:7d:93:1e:c5:
                    b8:1f:c3:1e:60:c1:bc:1a:aa:24:91:dd:73:9a:2b:
                    b3:dd:28:0e:a0:fc:84:7b:60:6e:c1:4e:5a:44:7b:
                    04:32:63:a1:86:ab:f3:eb:dd:7d:ea:5c:34:d6:c8:
                    90:8e:73:e2:f4:56:57:72:bc:3c:e8:43:b3:10:7d:
                    3d:21:b1:73:fe:7f:8a:6a:5a:63:6c:8b:18:40:fa:
                    e6:dd:9d:72:ab:ee:7f:95:0f:1d:8e:0a:b1:87:e4:
                    cb:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:13:F8:1E:13:15:53:64:12:FC:D7:96:F5:65:EC:96:DF:02:75:02
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/fhP4HhMVU2QS_NeW9WXslt8CdQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.100.0/22
                IPv6:
                  2a0f:4c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         26:ba:66:41:1e:8e:01:9d:37:db:e6:c2:ae:70:9f:5f:ef:17:
         46:54:f9:f9:2e:ad:5b:3c:76:22:04:1a:a3:4b:80:4d:5e:28:
         a4:88:27:70:d7:cf:e3:3e:5c:20:bf:b1:54:e9:49:bd:a3:c2:
         ae:5e:03:de:69:18:ce:83:20:50:ab:af:ee:51:ee:77:d8:9f:
         db:51:fa:fc:e4:7f:b3:75:1a:db:3e:9b:20:66:42:9e:80:f2:
         b7:23:67:4f:98:0c:f1:14:91:6e:0d:a3:6b:b1:4b:f7:f6:c2:
         a6:ff:18:5d:13:7a:b4:7e:ef:d6:d8:c6:18:ee:d1:69:7c:af:
         f7:3d:45:f8:93:85:eb:12:46:dc:47:de:20:d5:5a:00:24:74:
         a5:0a:73:1c:0e:af:d9:a3:29:cb:78:44:3d:34:7a:4b:ba:83:
         93:9a:3b:31:64:68:9d:50:c1:cf:e5:cc:e0:1f:3f:7b:d2:d1:
         6f:ec:90:79:d4:eb:46:8d:4d:55:10:97:1b:95:e8:36:5d:09:
         67:63:40:6f:43:63:8e:9a:86:19:e1:5a:69:7b:af:64:ce:33:
         9e:21:6a:5e:93:28:04:c0:ac:7d:f1:44:7b:a8:f0:75:94:8b:
         47:e9:eb:c7:43:01:1d:9c:02:de:7f:06:9f:7b:1d:24:0d:9b:
         d6:80:fd:bc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJ0rUJAqjdiJIsnL/cXx4KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAyMTA1NzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTEzZjgxZTEzMTU1MzY0MTJmY2Q3OTZmNTY1ZWM5NmRmMDI3NTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnPb5vMqEtgrygZlz+kK+cO9/5Ky
nIZi8XjzdR/vYzzZTAAl1DgvaJzNmA3BxiGkmPglPb8CGHnGcYUOeLW0p3XbzknJ
PXozoRs1yywBOOsqp5FXE57GUv8rv/XTvH0JsZx0KbhmE4vXtsvDo2Mm3/EiWkOV
B8TgUWqLJ/WMH0SEQ/ZPBSIYQReB/K9S8vr0keERbI7sotcEc7XcprR4o32THsW4
H8MeYMG8Gqokkd1zmiuz3SgOoPyEe2BuwU5aRHsEMmOhhqvz69196lw01siQjnPi
9FZXcrw86EOzEH09IbFz/n+KalpjbIsYQPrm3Z1yq+5/lQ8djgqxh+TL/QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH4T+B4TFVNkEvzXlvVl7JbfAnUCMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvZmhQNEhoTVZVMlFTX05lVzlXWHNsdDhDZFFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZ5kMA0E
AgACMAcDBQMqD0xAMA0GCSqGSIb3DQEBCwUAA4IBAQAmumZBHo4BnTfb5sKucJ9f
7xdGVPn5Lq1bPHYiBBqjS4BNXiikiCdw18/jPlwgv7FU6Um9o8KuXgPeaRjOgyBQ
q6/uUe532J/bUfr85H+zdRrbPpsgZkKegPK3I2dPmAzxFJFuDaNrsUv39sKm/xhd
E3q0fu/W2MYY7tFpfK/3PUX4k4XrEkbcR94g1VoAJHSlCnMcDq/ZoynLeEQ9NHpL
uoOTmjsxZGidUMHP5czgHz970tFv7JB51OtGjU1VEJcbleg2XQlnY0BvQ2OOmoYZ
4Vppe69kzjOeIWpekygEwKx98UR7qPB1lItH6evHQwEdnALefwafex0kDZvWgP28
-----END CERTIFICATE-----