Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/rNCqbDioePgPQlJZ6p3Fd_6_1dU.roa
File:                     rNCqbDioePgPQlJZ6p3Fd_6_1dU.roa (raw, json)
Hash identifier:          1TlQZd42NP0aZtVYUhHkBkqKH98N97+oEpPpZnJ73ow=
Subject key identifier:   AC:D0:AA:6C:38:A8:78:F8:0F:42:52:59:EA:9D:C5:77:FE:BF:D5:D5
Certificate issuer:       /CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Certificate serial:       018F520D92AD1D3EF580CBB8428E9CA28BD4
Authority key identifier: 2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/rNCqbDioePgPQlJZ6p3Fd_6_1dU.roa
Signing time:             Tue 07 May 2024 07:56:12 +0000
ROA not before:           Tue 07 May 2024 07:56:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215540
IP address blocks:        45.151.61.0/24 maxlen: 24
                          81.17.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:52:0d:92:ad:1d:3e:f5:80:cb:b8:42:8e:9c:a2:8b:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
        Validity
            Not Before: May  7 07:56:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acd0aa6c38a878f80f425259ea9dc577febfd5d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:81:fd:f1:7f:73:19:6d:95:a8:c4:b0:73:17:
                    e4:73:5f:0f:0b:51:ae:24:4e:83:8d:1f:9f:68:1a:
                    54:86:2e:b0:72:5b:72:ce:d7:85:97:7e:a6:ac:78:
                    be:71:ad:d5:15:34:5f:1a:ac:f3:58:e6:d0:1a:a8:
                    59:3b:31:18:00:12:d2:79:19:ab:21:fc:da:b8:c9:
                    6a:9c:71:e3:6a:27:11:40:7d:73:03:62:d3:92:ee:
                    bf:1b:63:2e:d2:68:ee:3c:c8:e9:ad:6f:73:cb:d2:
                    cb:d5:75:51:57:64:16:2d:dc:4e:e7:12:aa:14:14:
                    45:49:9e:44:20:2c:f7:e4:5e:aa:01:98:8f:d5:19:
                    1a:11:0b:7f:64:fe:ff:e4:c0:0d:1f:ae:d6:9b:2b:
                    aa:54:2f:72:95:b9:5d:7c:f0:1b:84:d1:b9:ad:21:
                    3f:a2:d8:c1:e4:e4:4c:61:f7:2c:83:0a:34:95:a8:
                    8f:16:6b:e7:72:a6:6e:bc:0f:db:60:5e:0d:c5:42:
                    ac:23:9e:82:f9:d7:68:c9:ef:12:09:53:9e:07:a6:
                    f1:7d:a3:0f:21:24:0f:a0:a9:d9:cf:70:89:e2:f6:
                    c2:f9:50:49:c8:7f:88:98:2f:e3:09:1d:64:15:7e:
                    ba:bc:32:c3:5a:f9:eb:ae:23:44:4f:b4:c2:b6:8a:
                    14:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:D0:AA:6C:38:A8:78:F8:0F:42:52:59:EA:9D:C5:77:FE:BF:D5:D5
            X509v3 Authority Key Identifier:
                keyid:2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/rNCqbDioePgPQlJZ6p3Fd_6_1dU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.61.0/24
                  81.17.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:34:91:1b:6a:36:d4:e7:34:9f:97:51:d2:d9:92:3c:8e:32:
         da:72:f4:06:38:b7:a9:36:24:77:c6:6a:06:ee:43:d9:03:0c:
         26:73:14:49:f4:60:9d:e5:47:67:9c:67:82:fc:85:7f:73:6b:
         27:ea:9d:d9:27:2e:e0:ea:e5:16:57:60:5f:90:06:96:1c:f8:
         8e:ca:c1:27:4e:9d:cf:4f:4e:92:12:5c:36:43:64:f9:3c:70:
         53:1a:21:2b:3f:43:12:b9:b8:41:cc:59:69:68:7e:98:ad:ee:
         14:69:92:90:53:d6:17:63:16:f4:48:6d:0c:7e:7c:0b:02:bb:
         1f:c7:dc:61:22:e6:da:10:2d:1c:a2:8c:0c:72:ec:97:f9:43:
         2e:01:a3:2e:7b:b7:54:9c:0f:70:a1:21:56:6b:f7:50:25:1e:
         26:ba:fc:c8:18:24:52:4b:af:d3:b5:99:61:e7:6b:21:fd:36:
         f9:a5:e9:f3:7f:02:2a:c4:1f:9f:da:50:08:43:af:a0:b3:b0:
         d1:65:fe:8d:65:50:a5:3f:6b:69:ec:da:c7:ab:e1:b2:5e:0c:
         88:da:cf:8a:75:08:6d:de:05:46:b0:0f:95:f9:15:db:79:72:
         b6:1d:84:bd:a7:8d:15:43:87:73:c8:38:d5:8b:5b:47:4b:47:
         62:13:ca:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9SDZKtHT71gMu4Qo6coovUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzFjOTYwMDVlMTNhODRhM2YzMWVmMWQ5OTE3NzdmNGI2
ZTMxYTcwHhcNMjQwNTA3MDc1NjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2QwYWE2YzM4YTg3OGY4MGY0MjUyNTllYTlkYzU3N2ZlYmZkNWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYH98X9zGW2VqMSwcxfkc18PC1Gu
JE6DjR+faBpUhi6wcltyzteFl36mrHi+ca3VFTRfGqzzWObQGqhZOzEYABLSeRmr
IfzauMlqnHHjaicRQH1zA2LTku6/G2Mu0mjuPMjprW9zy9LL1XVRV2QWLdxO5xKq
FBRFSZ5EICz35F6qAZiP1RkaEQt/ZP7/5MANH67WmyuqVC9ylbldfPAbhNG5rSE/
otjB5ORMYfcsgwo0laiPFmvncqZuvA/bYF4NxUKsI56C+ddoye8SCVOeB6bxfaMP
ISQPoKnZz3CJ4vbC+VBJyH+ImC/jCR1kFX66vDLDWvnrriNET7TCtooU+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKzQqmw4qHj4D0JSWeqdxXf+v9XVMB8GA1UdIwQY
MBaAFCxxyWAF4TqEo/Me8dmRd39LbjGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUt
N2EyOGFmMjljZGMyLzEvck5DcWJEaW9lUGdQUWxKWjZwM0ZkXzZfMWRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUtN2EyOGFmMjljZGMy
LzEvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZc9AwQA
URGfMA0GCSqGSIb3DQEBCwUAA4IBAQAUNJEbajbU5zSfl1HS2ZI8jjLacvQGOLep
NiR3xmoG7kPZAwwmcxRJ9GCd5UdnnGeC/IV/c2sn6p3ZJy7g6uUWV2BfkAaWHPiO
ysEnTp3PT06SElw2Q2T5PHBTGiErP0MSubhBzFlpaH6Yre4UaZKQU9YXYxb0SG0M
fnwLArsfx9xhIubaEC0coowMcuyX+UMuAaMue7dUnA9woSFWa/dQJR4muvzIGCRS
S6/TtZlh52sh/Tb5penzfwIqxB+f2lAIQ6+gs7DRZf6NZVClP2tp7NrHq+GyXgyI
2s+KdQht3gVGsA+V+RXbeXK2HYS9p40VQ4dzyDjVi1tHS0diE8op
-----END CERTIFICATE-----