Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/b1e1c5-621b-458a-8e53-de37a01c6c39/1/m_FTERtUl4zmQF-_8spz3BBrFdo.roa
File:                     m_FTERtUl4zmQF-_8spz3BBrFdo.roa (raw, json)
Hash identifier:          Bl/ZllRxMGH2wIkSyOXJwq3KW7MZQ6lDw6xWBIwVI0E=
Subject key identifier:   9B:F1:53:11:1B:54:97:8C:E6:40:5F:BF:F2:CA:73:DC:10:6B:15:DA
Certificate issuer:       /CN=07ff23644ee765f1731dbd559e608bdc0053c34b
Certificate serial:       018CC2DB4D1BA59039FF9974A108FAAA81BC
Authority key identifier: 07:FF:23:64:4E:E7:65:F1:73:1D:BD:55:9E:60:8B:DC:00:53:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_8jZE7nZfFzHb1VnmCL3ABTw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/b1e1c5-621b-458a-8e53-de37a01c6c39/1/m_FTERtUl4zmQF-_8spz3BBrFdo.roa
Signing time:             Mon 01 Jan 2024 02:30:01 +0000
ROA not before:           Mon 01 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199785
IP address blocks:        45.132.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/b1e1c5-621b-458a-8e53-de37a01c6c39/1/B_8jZE7nZfFzHb1VnmCL3ABTw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/b1e1c5-621b-458a-8e53-de37a01c6c39/1/B_8jZE7nZfFzHb1VnmCL3ABTw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_8jZE7nZfFzHb1VnmCL3ABTw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:02:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:4d:1b:a5:90:39:ff:99:74:a1:08:fa:aa:81:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07ff23644ee765f1731dbd559e608bdc0053c34b
        Validity
            Not Before: Jan  1 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bf153111b54978ce6405fbff2ca73dc106b15da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:9e:f4:86:24:77:52:d8:88:24:bc:56:45:04:
                    36:b7:2b:ee:f5:da:e7:47:e8:ed:78:cb:78:f0:96:
                    e8:c6:d3:01:7f:e8:71:39:6e:df:0f:8e:5a:dd:44:
                    9d:78:67:cf:c0:0b:3f:62:71:ee:66:8e:94:df:32:
                    f1:dd:20:c3:60:02:00:25:d0:54:9a:54:08:d1:31:
                    64:2b:56:73:f6:bb:fe:11:01:a4:c8:60:86:11:a4:
                    8f:d1:ac:87:ec:d7:6f:fd:35:27:e2:9e:ca:a9:97:
                    cb:a3:a4:47:09:1b:ce:74:ca:aa:1e:d9:43:71:22:
                    50:48:6f:5c:1f:2c:74:4c:c0:f9:29:e7:9f:b1:d7:
                    10:0b:d0:3a:eb:dd:6a:a3:52:51:a8:77:d2:86:9f:
                    c1:47:ae:36:bf:dd:73:4a:f9:f6:6d:c7:a8:0d:cd:
                    23:be:f5:1c:c8:f0:ad:e8:65:28:ad:25:8a:28:45:
                    40:7d:16:da:c1:a1:5d:e4:2c:20:01:8b:3b:91:e5:
                    a8:e5:87:ee:e5:36:19:a1:35:97:5c:9c:63:92:75:
                    ff:7f:d4:0b:96:9f:8d:7f:cc:9e:b1:60:38:ee:28:
                    16:44:55:cd:f6:ed:3f:03:3b:31:f9:a3:9f:4f:0a:
                    7b:31:f5:94:78:0e:fc:5e:ea:67:ae:50:08:46:47:
                    bb:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:F1:53:11:1B:54:97:8C:E6:40:5F:BF:F2:CA:73:DC:10:6B:15:DA
            X509v3 Authority Key Identifier:
                keyid:07:FF:23:64:4E:E7:65:F1:73:1D:BD:55:9E:60:8B:DC:00:53:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_8jZE7nZfFzHb1VnmCL3ABTw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/b1e1c5-621b-458a-8e53-de37a01c6c39/1/m_FTERtUl4zmQF-_8spz3BBrFdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/b1e1c5-621b-458a-8e53-de37a01c6c39/1/B_8jZE7nZfFzHb1VnmCL3ABTw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:d7:70:f0:60:3a:fe:93:d5:63:df:03:6c:65:11:0f:bb:31:
         fd:2f:29:91:83:5e:76:88:7a:a8:a5:7c:04:de:51:7e:4e:72:
         60:89:0f:fa:05:14:98:60:0e:9f:61:27:9e:c4:d8:b5:ab:db:
         97:de:2a:b3:e8:0f:71:c1:eb:f6:fa:c7:65:ed:17:b0:ee:31:
         95:f2:62:fd:7a:1e:db:46:db:89:41:f4:81:6c:44:2c:98:84:
         5d:d4:bf:5b:9f:87:07:f4:93:b9:35:55:8b:93:8b:4e:b4:d0:
         72:0e:0d:11:2b:a0:ec:69:6b:26:bf:e7:45:5b:95:20:8a:27:
         92:26:dc:7d:3d:a8:6d:2f:67:ad:18:07:34:7e:6c:72:2a:fa:
         67:a3:a2:a3:66:7b:60:15:e7:7d:8b:8e:f3:f3:cb:ac:c6:93:
         c1:ec:8d:fe:67:8c:20:b2:44:a6:2d:7d:2a:cc:af:5d:8c:6a:
         43:fe:03:0c:31:64:68:7a:cb:07:62:75:61:59:34:20:14:c9:
         09:18:24:62:34:db:bb:e8:48:0f:27:02:a8:c8:a1:12:05:c5:
         75:a9:a0:a0:7a:d8:0c:77:58:63:57:52:0f:1a:f9:94:5f:ee:
         e9:0e:e6:81:87:bc:0a:fe:69:1c:76:ef:24:3d:e1:58:9a:25:
         ac:32:76:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC200bpZA5/5l0oQj6qoG8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZmYyMzY0NGVlNzY1ZjE3MzFkYmQ1NTllNjA4YmRjMDA1
M2MzNGIwHhcNMjQwMTAxMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmYxNTMxMTFiNTQ5NzhjZTY0MDVmYmZmMmNhNzNkYzEwNmIxNWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJ70hiR3UtiIJLxWRQQ2tyvu9drn
R+jteMt48JboxtMBf+hxOW7fD45a3USdeGfPwAs/YnHuZo6U3zLx3SDDYAIAJdBU
mlQI0TFkK1Zz9rv+EQGkyGCGEaSP0ayH7Ndv/TUn4p7KqZfLo6RHCRvOdMqqHtlD
cSJQSG9cHyx0TMD5KeefsdcQC9A6691qo1JRqHfShp/BR642v91zSvn2bceoDc0j
vvUcyPCt6GUorSWKKEVAfRbawaFd5CwgAYs7keWo5Yfu5TYZoTWXXJxjknX/f9QL
lp+Nf8yesWA47igWRFXN9u0/Azsx+aOfTwp7MfWUeA78XupnrlAIRke78wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJvxUxEbVJeM5kBfv/LKc9wQaxXaMB8GA1UdIwQY
MBaAFAf/I2RO52Xxcx29VZ5gi9wAU8NLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl84alpFN25aZkZ6SGIxVm5tQ0wzQUJUdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9iMWUxYzUtNjIxYi00NThhLThlNTMt
ZGUzN2EwMWM2YzM5LzEvbV9GVEVSdFVsNHptUUYtXzhzcHozQkJyRmRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9iMWUxYzUtNjIxYi00NThhLThlNTMtZGUzN2EwMWM2YzM5
LzEvQl84alpFN25aZkZ6SGIxVm5tQ0wzQUJUdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYQBMA0G
CSqGSIb3DQEBCwUAA4IBAQA/13DwYDr+k9Vj3wNsZREPuzH9LymRg152iHqopXwE
3lF+TnJgiQ/6BRSYYA6fYSeexNi1q9uX3iqz6A9xwev2+sdl7Rew7jGV8mL9eh7b
RtuJQfSBbEQsmIRd1L9bn4cH9JO5NVWLk4tOtNByDg0RK6DsaWsmv+dFW5UgiieS
Jtx9PahtL2etGAc0fmxyKvpno6KjZntgFed9i47z88usxpPB7I3+Z4wgskSmLX0q
zK9djGpD/gMMMWRoessHYnVhWTQgFMkJGCRiNNu76EgPJwKoyKESBcV1qaCgetgM
d1hjV1IPGvmUX+7pDuaBh7wK/mkcdu8kPeFYmiWsMnar
-----END CERTIFICATE-----