Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/f154b2-b124-4532-9707-dbfcd11c3303/1/fIzb047DyNcNolAuM681cAHU1-w.roa
File:                     fIzb047DyNcNolAuM681cAHU1-w.roa (raw, json)
Hash identifier:          vb97hXH2h3J9gfFwu2LmrP5GHQeYbFaoAmaam4XlKqI=
Subject key identifier:   7C:8C:DB:D3:8E:C3:C8:D7:0D:A2:50:2E:33:AF:35:70:01:D4:D7:EC
Certificate issuer:       /CN=476334619b14945dfbc064d4ae1f576b0e1deca7
Certificate serial:       018CCA2A35458296C611FE60A8B1532A2F08
Authority key identifier: 47:63:34:61:9B:14:94:5D:FB:C0:64:D4:AE:1F:57:6B:0E:1D:EC:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R2M0YZsUlF37wGTUrh9Xaw4d7Kc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/f154b2-b124-4532-9707-dbfcd11c3303/1/fIzb047DyNcNolAuM681cAHU1-w.roa
Signing time:             Tue 02 Jan 2024 12:33:32 +0000
ROA not before:           Tue 02 Jan 2024 12:33:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210858
IP address blocks:        45.142.14.0/24 maxlen: 24
                          2a0b:100::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/f154b2-b124-4532-9707-dbfcd11c3303/1/R2M0YZsUlF37wGTUrh9Xaw4d7Kc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/f154b2-b124-4532-9707-dbfcd11c3303/1/R2M0YZsUlF37wGTUrh9Xaw4d7Kc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R2M0YZsUlF37wGTUrh9Xaw4d7Kc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:35:45:82:96:c6:11:fe:60:a8:b1:53:2a:2f:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=476334619b14945dfbc064d4ae1f576b0e1deca7
        Validity
            Not Before: Jan  2 12:33:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c8cdbd38ec3c8d70da2502e33af357001d4d7ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:09:f6:d7:e4:7e:03:d4:f2:90:7d:e1:b3:4a:
                    f8:b4:4e:c7:46:75:77:3e:32:af:d8:5b:47:7c:40:
                    d8:1f:db:29:93:64:ac:6d:da:50:06:69:8b:0d:91:
                    7e:c0:62:24:8d:a6:e6:39:ea:94:98:7f:04:c9:60:
                    a5:6c:18:70:a6:6e:3a:93:ca:e3:06:f1:f0:70:58:
                    52:6d:39:c5:e5:ba:5d:3e:2a:4e:5c:9a:51:7c:39:
                    97:99:79:37:98:c9:83:43:d6:41:02:31:a9:ff:85:
                    e4:5b:69:3c:ce:88:40:d9:87:e0:6e:b1:56:ce:a6:
                    46:d1:d2:4e:85:38:e9:74:2f:09:ea:6c:ef:ba:f3:
                    d2:b1:9b:5b:48:3b:ba:99:86:6a:63:2d:54:14:77:
                    7b:55:9f:f5:64:0c:c8:55:32:4b:8c:00:01:d1:e8:
                    94:15:ca:67:4e:de:64:5f:f0:57:d1:1d:85:07:a9:
                    bf:49:f6:17:88:09:a4:73:7d:89:d7:13:a0:35:fd:
                    88:3a:e6:6e:47:94:c1:88:36:44:38:dd:c7:45:8b:
                    ff:4a:3e:61:b1:13:48:59:f3:30:03:84:55:36:b6:
                    d1:18:a2:03:37:a1:b2:43:ab:39:34:ac:37:e6:79:
                    ff:c0:ea:34:78:9c:d3:ef:a3:40:77:4c:fd:9b:bd:
                    fa:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:8C:DB:D3:8E:C3:C8:D7:0D:A2:50:2E:33:AF:35:70:01:D4:D7:EC
            X509v3 Authority Key Identifier:
                keyid:47:63:34:61:9B:14:94:5D:FB:C0:64:D4:AE:1F:57:6B:0E:1D:EC:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R2M0YZsUlF37wGTUrh9Xaw4d7Kc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/f154b2-b124-4532-9707-dbfcd11c3303/1/fIzb047DyNcNolAuM681cAHU1-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/f154b2-b124-4532-9707-dbfcd11c3303/1/R2M0YZsUlF37wGTUrh9Xaw4d7Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.14.0/24
                IPv6:
                  2a0b:100::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:cf:6f:02:d4:2a:5e:9d:dd:a6:0e:c5:04:e2:03:c2:29:78:
         58:18:e0:e8:03:65:2d:41:49:d7:aa:7d:fc:f6:67:c8:21:a6:
         ef:e3:7b:00:27:74:44:24:55:30:8d:32:cb:f1:c1:7f:9c:1e:
         e9:d1:3e:63:53:6a:10:28:36:e5:ea:fe:74:dc:21:0d:0f:f3:
         79:5a:4e:96:e8:c9:ab:f5:3c:73:0a:84:e1:07:fe:6f:c4:4a:
         95:82:9f:2d:21:41:dd:f8:9c:f6:9f:e2:43:ee:ec:82:5b:97:
         80:eb:d9:cf:54:e6:d8:8c:86:8f:eb:f1:f0:31:20:69:1c:25:
         46:b3:e3:0d:3f:62:ba:14:f7:51:92:bc:6a:84:1d:34:96:dd:
         08:e2:13:1a:c9:87:0e:d5:0c:7f:0f:82:6e:5e:81:ee:e3:ca:
         0f:36:a0:d2:40:ec:85:e8:63:2e:42:f8:53:13:08:36:e1:e3:
         25:fb:03:2e:d0:53:9d:ab:24:79:ce:b5:24:a8:42:ac:dd:78:
         5e:fc:64:59:9d:20:c2:7a:5f:97:78:50:05:7b:17:b3:1f:fa:
         75:ed:b8:c1:3b:50:87:62:49:8f:93:e1:0d:42:31:80:95:0f:
         78:e9:30:dd:5a:2c:b0:4a:53:f8:73:4d:27:6f:bc:d3:e9:33:
         5f:19:8e:72
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKjVFgpbGEf5gqLFTKi8IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NjMzNDYxOWIxNDk0NWRmYmMwNjRkNGFlMWY1NzZiMGUx
ZGVjYTcwHhcNMjQwMTAyMTIzMzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzhjZGJkMzhlYzNjOGQ3MGRhMjUwMmUzM2FmMzU3MDAxZDRkN2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQn21+R+A9TykH3hs0r4tE7HRnV3
PjKv2FtHfEDYH9spk2SsbdpQBmmLDZF+wGIkjabmOeqUmH8EyWClbBhwpm46k8rj
BvHwcFhSbTnF5bpdPipOXJpRfDmXmXk3mMmDQ9ZBAjGp/4XkW2k8zohA2YfgbrFW
zqZG0dJOhTjpdC8J6mzvuvPSsZtbSDu6mYZqYy1UFHd7VZ/1ZAzIVTJLjAAB0eiU
FcpnTt5kX/BX0R2FB6m/SfYXiAmkc32J1xOgNf2IOuZuR5TBiDZEON3HRYv/Sj5h
sRNIWfMwA4RVNrbRGKIDN6GyQ6s5NKw35nn/wOo0eJzT76NAd0z9m736lQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHyM29OOw8jXDaJQLjOvNXAB1NfsMB8GA1UdIwQY
MBaAFEdjNGGbFJRd+8Bk1K4fV2sOHeynMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjJNMFlac1VsRjM3d0dUVXJoOVhhdzRkN0tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9mMTU0YjItYjEyNC00NTMyLTk3MDct
ZGJmY2QxMWMzMzAzLzEvZkl6YjA0N0R5TmNOb2xBdU02ODFjQUhVMS13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9mMTU0YjItYjEyNC00NTMyLTk3MDctZGJmY2QxMWMzMzAz
LzEvUjJNMFlac1VsRjM3d0dUVXJoOVhhdzRkN0tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALY4OMA0E
AgACMAcDBQMqCwEAMA0GCSqGSIb3DQEBCwUAA4IBAQBZz28C1Cpend2mDsUE4gPC
KXhYGODoA2UtQUnXqn389mfIIabv43sAJ3REJFUwjTLL8cF/nB7p0T5jU2oQKDbl
6v503CEND/N5Wk6W6Mmr9TxzCoThB/5vxEqVgp8tIUHd+Jz2n+JD7uyCW5eA69nP
VObYjIaP6/HwMSBpHCVGs+MNP2K6FPdRkrxqhB00lt0I4hMayYcO1Qx/D4JuXoHu
48oPNqDSQOyF6GMuQvhTEwg24eMl+wMu0FOdqyR5zrUkqEKs3Xhe/GRZnSDCel+X
eFAFexezH/p17bjBO1CHYkmPk+ENQjGAlQ946TDdWiywSlP4c00nb7zT6TNfGY5y
-----END CERTIFICATE-----