Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/ea7e61-98b3-4120-83ce-c077e1702bc7/1/SUQoU-rXEunMjTy8tiNgHC4y94Y.roa
File:                     SUQoU-rXEunMjTy8tiNgHC4y94Y.roa (raw, json)
Hash identifier:          6tnm2+WHS0XQ0q6yiShJC2yvxZijiMuav+AitEzmDqI=
Subject key identifier:   49:44:28:53:EA:D7:12:E9:CC:8D:3C:BC:B6:23:60:1C:2E:32:F7:86
Certificate issuer:       /CN=fcea08e8421df2f245c7cb333ee76a14a8882d4a
Certificate serial:       018CC86EFBFF3E22B435EFDF97690404688F
Authority key identifier: FC:EA:08:E8:42:1D:F2:F2:45:C7:CB:33:3E:E7:6A:14:A8:88:2D:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_OoI6EId8vJFx8szPudqFKiILUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/ea7e61-98b3-4120-83ce-c077e1702bc7/1/SUQoU-rXEunMjTy8tiNgHC4y94Y.roa
Signing time:             Tue 02 Jan 2024 04:29:25 +0000
ROA not before:           Tue 02 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43948
IP address blocks:        45.86.104.0/24 maxlen: 24
                          2a0f:95c0::/34 maxlen: 34

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/ea7e61-98b3-4120-83ce-c077e1702bc7/1/_OoI6EId8vJFx8szPudqFKiILUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/ea7e61-98b3-4120-83ce-c077e1702bc7/1/_OoI6EId8vJFx8szPudqFKiILUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_OoI6EId8vJFx8szPudqFKiILUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fb:ff:3e:22:b4:35:ef:df:97:69:04:04:68:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fcea08e8421df2f245c7cb333ee76a14a8882d4a
        Validity
            Not Before: Jan  2 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49442853ead712e9cc8d3cbcb623601c2e32f786
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a0:89:32:d1:87:92:f6:3e:13:73:e1:f7:35:
                    86:0a:37:59:0e:3a:90:91:7d:e8:ef:2a:38:8e:9e:
                    7a:f5:d9:b6:9f:2c:a1:96:68:ea:e2:4e:65:7a:d5:
                    24:5d:e8:05:42:e3:49:41:11:24:e9:8e:1b:e9:85:
                    a4:20:f8:f1:d8:3a:3c:ef:4a:5a:f9:cd:7c:44:24:
                    e5:07:c5:ba:f3:94:ca:64:3a:bb:0a:20:fc:5f:d7:
                    fb:e9:9f:68:f5:8f:69:73:98:ca:1d:32:f9:cd:04:
                    a0:bf:e8:cc:df:6c:0a:46:fa:1a:3a:2b:e5:31:e3:
                    a6:dc:7d:fc:d8:dd:2f:f3:df:9b:fa:5f:c6:9f:d6:
                    89:74:50:94:76:28:b7:fb:32:a1:34:32:fc:83:fa:
                    c1:09:15:39:70:02:f6:34:b6:2c:36:fd:e9:67:bc:
                    b5:7e:98:24:c6:88:b6:6f:24:ab:04:98:fe:38:79:
                    52:db:0e:1c:3e:c0:f4:c7:2c:1a:57:3c:a2:28:d3:
                    92:33:da:6b:0f:24:54:c0:b0:f2:a2:1b:06:bf:de:
                    b2:63:c1:d5:24:99:62:15:57:3a:b8:f9:c7:33:4d:
                    7c:ba:73:a6:f3:e8:51:37:4d:42:05:1c:0e:2a:b4:
                    8b:57:70:c4:ce:75:49:01:71:4f:0a:2e:57:8b:e3:
                    22:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:44:28:53:EA:D7:12:E9:CC:8D:3C:BC:B6:23:60:1C:2E:32:F7:86
            X509v3 Authority Key Identifier:
                keyid:FC:EA:08:E8:42:1D:F2:F2:45:C7:CB:33:3E:E7:6A:14:A8:88:2D:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_OoI6EId8vJFx8szPudqFKiILUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/ea7e61-98b3-4120-83ce-c077e1702bc7/1/SUQoU-rXEunMjTy8tiNgHC4y94Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/ea7e61-98b3-4120-83ce-c077e1702bc7/1/_OoI6EId8vJFx8szPudqFKiILUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.104.0/24
                IPv6:
                  2a0f:95c0::/34

    Signature Algorithm: sha256WithRSAEncryption
         01:5c:9a:08:44:f3:5e:3d:b3:bf:98:fc:3b:8b:8a:dc:1b:fd:
         dc:89:94:ca:23:6a:80:37:7d:02:8a:1e:18:c1:a2:3a:98:2d:
         34:67:57:ed:76:87:6b:e2:67:cd:ac:cf:57:01:c7:34:94:a8:
         d8:4d:95:9b:d5:99:dd:a9:f9:c0:57:6d:e7:0a:fa:0d:59:00:
         4d:bc:44:3e:17:3b:b3:b3:23:d4:f3:ed:33:c7:3b:1f:21:92:
         f9:68:9f:83:6f:34:3b:a8:80:7a:df:3c:d5:e8:cd:b6:0d:85:
         3a:81:f4:fe:4f:72:1e:9b:41:5a:47:97:32:39:81:c8:d4:75:
         88:55:ae:be:99:62:df:94:36:3c:48:16:7c:73:53:1e:56:80:
         ed:74:8e:81:11:4e:8d:54:58:2c:72:9e:50:ab:57:6a:c3:2c:
         76:d7:b2:48:23:ee:bf:b6:ca:22:89:05:90:1e:61:56:3d:e7:
         03:a5:86:a7:e2:51:f1:17:cd:d0:67:8d:a2:11:80:ce:e9:73:
         4c:64:70:9d:22:99:10:59:da:ba:ce:0d:71:77:93:59:99:4f:
         c1:81:f1:f8:81:67:03:78:a9:4d:6a:f0:99:8a:13:fb:af:be:
         b2:fd:70:3b:d3:2b:60:16:61:eb:75:e2:4b:47:88:9b:6b:09:
         58:59:2d:24
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzIbvv/PiK0Ne/fl2kEBGiPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjZWEwOGU4NDIxZGYyZjI0NWM3Y2IzMzNlZTc2YTE0YTg4
ODJkNGEwHhcNMjQwMTAyMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTQ0Mjg1M2VhZDcxMmU5Y2M4ZDNjYmNiNjIzNjAxYzJlMzJmNzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6CJMtGHkvY+E3Ph9zWGCjdZDjqQ
kX3o7yo4jp569dm2nyyhlmjq4k5letUkXegFQuNJQREk6Y4b6YWkIPjx2Do870pa
+c18RCTlB8W685TKZDq7CiD8X9f76Z9o9Y9pc5jKHTL5zQSgv+jM32wKRvoaOivl
MeOm3H382N0v89+b+l/Gn9aJdFCUdii3+zKhNDL8g/rBCRU5cAL2NLYsNv3pZ7y1
fpgkxoi2bySrBJj+OHlS2w4cPsD0xywaVzyiKNOSM9prDyRUwLDyohsGv96yY8HV
JJliFVc6uPnHM018unOm8+hRN01CBRwOKrSLV3DEznVJAXFPCi5Xi+MicQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFElEKFPq1xLpzI08vLYjYBwuMveGMB8GA1UdIwQY
MBaAFPzqCOhCHfLyRcfLMz7nahSoiC1KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX09vSTZFSWQ4dkpGeDhzelB1ZHFGS2lJTFVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9lYTdlNjEtOThiMy00MTIwLTgzY2Ut
YzA3N2UxNzAyYmM3LzEvU1VRb1UtclhFdW5NalR5OHRpTmdIQzR5OTRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9lYTdlNjEtOThiMy00MTIwLTgzY2UtYzA3N2UxNzAyYmM3
LzEvX09vSTZFSWQ4dkpGeDhzelB1ZHFGS2lJTFVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQALVZoMA4E
AgACMAgDBgYqD5XAADANBgkqhkiG9w0BAQsFAAOCAQEAAVyaCETzXj2zv5j8O4uK
3Bv93ImUyiNqgDd9AooeGMGiOpgtNGdX7XaHa+JnzazPVwHHNJSo2E2Vm9WZ3an5
wFdt5wr6DVkATbxEPhc7s7Mj1PPtM8c7HyGS+Wifg280O6iAet881ejNtg2FOoH0
/k9yHptBWkeXMjmByNR1iFWuvpli35Q2PEgWfHNTHlaA7XSOgRFOjVRYLHKeUKtX
asMsdteySCPuv7bKIokFkB5hVj3nA6WGp+JR8RfN0GeNohGAzulzTGRwnSKZEFna
us4NcXeTWZlPwYHx+IFnA3ipTWrwmYoT+6++sv1wO9MrYBZh63XiS0eIm2sJWFkt
JA==
-----END CERTIFICATE-----