Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/1f6073-87b2-4bb3-acb7-5c3db98bf864/1/SFqfgGnuXDhKp9FlMUvHfOBSCeE.roa
File:                     SFqfgGnuXDhKp9FlMUvHfOBSCeE.roa (raw, json)
Hash identifier:          vzJfUmTYTlnrggMk/FUzrVGuuLQ7QvflVNmwL5J1uGM=
Subject key identifier:   48:5A:9F:80:69:EE:5C:38:4A:A7:D1:65:31:4B:C7:7C:E0:52:09:E1
Certificate issuer:       /CN=5598ae5d5f12825a84e6c401c013ca5e5dcd9ec9
Certificate serial:       018EE1F61DFEED4DB4FC361842F88B4C217E
Authority key identifier: 55:98:AE:5D:5F:12:82:5A:84:E6:C4:01:C0:13:CA:5E:5D:CD:9E:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VZiuXV8SglqE5sQBwBPKXl3Nnsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/1f6073-87b2-4bb3-acb7-5c3db98bf864/1/SFqfgGnuXDhKp9FlMUvHfOBSCeE.roa
Signing time:             Mon 15 Apr 2024 13:33:06 +0000
ROA not before:           Mon 15 Apr 2024 13:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        45.157.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/1f6073-87b2-4bb3-acb7-5c3db98bf864/1/VZiuXV8SglqE5sQBwBPKXl3Nnsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/1f6073-87b2-4bb3-acb7-5c3db98bf864/1/VZiuXV8SglqE5sQBwBPKXl3Nnsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VZiuXV8SglqE5sQBwBPKXl3Nnsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e1:f6:1d:fe:ed:4d:b4:fc:36:18:42:f8:8b:4c:21:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5598ae5d5f12825a84e6c401c013ca5e5dcd9ec9
        Validity
            Not Before: Apr 15 13:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=485a9f8069ee5c384aa7d165314bc77ce05209e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:98:a1:1f:6d:2c:ae:42:89:f3:23:61:cc:17:
                    e5:37:39:18:92:c2:d4:81:10:5e:8d:ca:3f:23:38:
                    69:7e:cc:b4:2f:68:ef:58:10:59:ef:fb:e9:a6:81:
                    23:92:61:0b:34:30:90:3f:14:73:d4:b2:87:e8:79:
                    56:33:a1:0c:1b:87:8b:14:dd:a6:97:a7:f4:9b:7b:
                    66:dc:80:f0:f1:ab:cf:16:d1:6a:8d:ec:c5:d4:b3:
                    b5:30:a2:8c:99:2c:d7:06:c8:56:e1:d9:c7:51:dd:
                    cc:1c:8d:e7:d3:81:46:4f:66:4a:96:4a:d2:3c:93:
                    9d:8a:9d:ff:b4:fd:5b:b4:44:24:14:58:9e:04:03:
                    ad:4b:6f:6f:e4:a5:9f:0b:f4:c8:bd:3a:c7:27:48:
                    f8:53:32:6c:3b:02:21:b2:88:0e:aa:1b:e6:b2:d3:
                    83:4d:5c:b0:fa:33:29:9d:9a:b8:0a:ce:45:2c:0e:
                    f8:c1:34:e1:c4:a1:20:04:e9:48:ba:90:9b:4f:47:
                    15:12:47:07:7c:5b:34:99:10:6a:53:f9:9d:3e:13:
                    52:01:19:4e:92:2a:75:10:58:4a:11:17:16:80:80:
                    c9:95:92:78:5c:a0:d4:65:7b:d2:b4:53:ba:88:3e:
                    62:e5:cf:1a:92:19:e9:25:b4:09:fa:5a:f8:e5:15:
                    aa:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:5A:9F:80:69:EE:5C:38:4A:A7:D1:65:31:4B:C7:7C:E0:52:09:E1
            X509v3 Authority Key Identifier:
                keyid:55:98:AE:5D:5F:12:82:5A:84:E6:C4:01:C0:13:CA:5E:5D:CD:9E:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VZiuXV8SglqE5sQBwBPKXl3Nnsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/1f6073-87b2-4bb3-acb7-5c3db98bf864/1/SFqfgGnuXDhKp9FlMUvHfOBSCeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/1f6073-87b2-4bb3-acb7-5c3db98bf864/1/VZiuXV8SglqE5sQBwBPKXl3Nnsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:a5:80:3e:26:07:e9:95:8d:5a:0d:b6:73:f4:0b:42:16:20:
         f7:2a:5f:61:30:48:bb:9e:5b:9f:6a:0c:40:1e:a6:71:44:46:
         11:41:7a:97:fc:d4:41:c5:66:2c:44:9e:da:c0:f1:1b:f4:80:
         7a:b4:c8:6d:a7:a5:d6:5b:6a:4a:6f:12:4c:c9:02:db:61:0e:
         e4:e2:b4:c8:87:88:5c:81:df:d6:a5:22:84:34:9f:39:f6:62:
         4f:c9:a0:58:f7:cd:b1:1e:32:07:00:63:09:78:12:b0:77:6a:
         ca:e5:98:83:1f:cf:e6:c5:7b:6e:84:cb:f6:1f:06:af:35:49:
         e7:4a:1b:4f:21:0b:36:fb:26:29:d9:ee:e9:d3:de:2a:56:28:
         d3:2c:b4:7e:55:b6:46:57:2c:3f:62:71:04:50:76:cb:6b:74:
         b3:35:67:02:a5:bd:c6:f0:9c:b8:98:45:f5:20:11:a0:ab:d6:
         06:a8:ce:47:52:28:5b:46:15:01:93:13:4f:d5:49:25:b1:bc:
         f4:b8:fe:ed:17:dc:39:ad:e6:00:ba:00:68:13:ec:d5:91:9b:
         6c:e8:12:6a:d6:d9:64:fb:a5:5a:b1:a7:31:a0:fb:f5:17:4b:
         bf:8a:10:a7:0b:4b:82:97:57:a4:c7:89:9a:c5:77:ec:a6:5a:
         4c:0a:0f:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7h9h3+7U20/DYYQviLTCF+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1OThhZTVkNWYxMjgyNWE4NGU2YzQwMWMwMTNjYTVlNWRj
ZDllYzkwHhcNMjQwNDE1MTMzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODVhOWY4MDY5ZWU1YzM4NGFhN2QxNjUzMTRiYzc3Y2UwNTIwOWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5ihH20srkKJ8yNhzBflNzkYksLU
gRBejco/Izhpfsy0L2jvWBBZ7/vppoEjkmELNDCQPxRz1LKH6HlWM6EMG4eLFN2m
l6f0m3tm3IDw8avPFtFqjezF1LO1MKKMmSzXBshW4dnHUd3MHI3n04FGT2ZKlkrS
PJOdip3/tP1btEQkFFieBAOtS29v5KWfC/TIvTrHJ0j4UzJsOwIhsogOqhvmstOD
TVyw+jMpnZq4Cs5FLA74wTThxKEgBOlIupCbT0cVEkcHfFs0mRBqU/mdPhNSARlO
kip1EFhKERcWgIDJlZJ4XKDUZXvStFO6iD5i5c8akhnpJbQJ+lr45RWqQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEhan4Bp7lw4SqfRZTFLx3zgUgnhMB8GA1UdIwQY
MBaAFFWYrl1fEoJahObEAcATyl5dzZ7JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlppdVhWOFNnbHFFNXNRQndCUEtYbDNObnNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xZjYwNzMtODdiMi00YmIzLWFjYjct
NWMzZGI5OGJmODY0LzEvU0ZxZmdHbnVYRGhLcDlGbE1VdkhmT0JTQ2VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xZjYwNzMtODdiMi00YmIzLWFjYjctNWMzZGI5OGJmODY0
LzEvVlppdVhWOFNnbHFFNXNRQndCUEtYbDNObnNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ01MA0G
CSqGSIb3DQEBCwUAA4IBAQCwpYA+JgfplY1aDbZz9AtCFiD3Kl9hMEi7nlufagxA
HqZxREYRQXqX/NRBxWYsRJ7awPEb9IB6tMhtp6XWW2pKbxJMyQLbYQ7k4rTIh4hc
gd/WpSKENJ859mJPyaBY982xHjIHAGMJeBKwd2rK5ZiDH8/mxXtuhMv2HwavNUnn
ShtPIQs2+yYp2e7p094qVijTLLR+VbZGVyw/YnEEUHbLa3SzNWcCpb3G8Jy4mEX1
IBGgq9YGqM5HUihbRhUBkxNP1Uklsbz0uP7tF9w5reYAugBoE+zVkZts6BJq1tlk
+6VasacxoPv1F0u/ihCnC0uCl1ekx4maxXfsplpMCg8T
-----END CERTIFICATE-----