Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/d6c752-aa4b-4fa7-ab1f-91a394684644/1/ivwQoi4kskYQAUqLoBAmr62JJRc.roa
File:                     ivwQoi4kskYQAUqLoBAmr62JJRc.roa (raw, json)
Hash identifier:          Q6UmF13fEgurLHJXEzeW6AvEFFsjrcO80t4BfWuMxBk=
Subject key identifier:   8A:FC:10:A2:2E:24:B2:46:10:01:4A:8B:A0:10:26:AF:AD:89:25:17
Certificate issuer:       /CN=111014ce8ad38d15350096d549ee1c5805d09dc8
Certificate serial:       018CC8DE4F38E701DEC9E6D89F640E548EAF
Authority key identifier: 11:10:14:CE:8A:D3:8D:15:35:00:96:D5:49:EE:1C:58:05:D0:9D:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERAUzorTjRU1AJbVSe4cWAXQncg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/d6c752-aa4b-4fa7-ab1f-91a394684644/1/ivwQoi4kskYQAUqLoBAmr62JJRc.roa
Signing time:             Tue 02 Jan 2024 06:31:01 +0000
ROA not before:           Tue 02 Jan 2024 06:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43648
IP address blocks:        45.132.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/d6c752-aa4b-4fa7-ab1f-91a394684644/1/ERAUzorTjRU1AJbVSe4cWAXQncg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/d6c752-aa4b-4fa7-ab1f-91a394684644/1/ERAUzorTjRU1AJbVSe4cWAXQncg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ERAUzorTjRU1AJbVSe4cWAXQncg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:4f:38:e7:01:de:c9:e6:d8:9f:64:0e:54:8e:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111014ce8ad38d15350096d549ee1c5805d09dc8
        Validity
            Not Before: Jan  2 06:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8afc10a22e24b24610014a8ba01026afad892517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:22:80:f9:01:4c:33:b1:d4:71:b0:01:b2:69:
                    1f:f0:82:66:25:63:ec:61:d8:3a:36:44:74:d1:68:
                    af:a2:89:0d:4b:30:fa:cb:5b:98:f0:49:fc:ff:7b:
                    02:ec:b2:97:7b:3d:3d:d4:b5:e5:83:35:f0:46:86:
                    f3:cd:af:ab:90:58:fd:8b:91:d2:da:80:26:ae:fe:
                    5b:7a:b4:22:38:ae:44:76:33:11:4c:30:d4:8d:44:
                    ea:ab:71:90:6e:c9:eb:18:73:eb:bc:8c:72:32:06:
                    32:54:7b:b6:c6:26:e8:4a:e3:c2:92:6a:24:cb:8f:
                    a3:1a:c1:c3:97:75:3d:7b:0a:aa:f6:c2:92:5a:1a:
                    38:5f:cf:0f:3a:cb:98:97:cd:c4:3c:7d:2c:19:bf:
                    b3:85:6d:7b:62:e9:cc:db:31:c4:c5:ca:24:ef:61:
                    d2:b4:3a:67:e5:b1:bf:74:8a:78:6d:96:87:db:9d:
                    e8:3a:be:82:56:ac:ba:a1:1f:52:6b:b7:73:17:70:
                    70:2e:18:9b:ac:cd:cf:2f:bb:d0:5a:2c:2c:d3:7c:
                    29:1b:e8:1d:9a:8f:0e:01:5d:ac:44:a5:18:18:7f:
                    07:2f:06:3a:a0:ec:f9:43:34:d5:84:5f:04:5d:2c:
                    80:78:81:55:4d:45:53:13:1b:ea:3c:40:34:50:08:
                    c5:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:FC:10:A2:2E:24:B2:46:10:01:4A:8B:A0:10:26:AF:AD:89:25:17
            X509v3 Authority Key Identifier:
                keyid:11:10:14:CE:8A:D3:8D:15:35:00:96:D5:49:EE:1C:58:05:D0:9D:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERAUzorTjRU1AJbVSe4cWAXQncg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/d6c752-aa4b-4fa7-ab1f-91a394684644/1/ivwQoi4kskYQAUqLoBAmr62JJRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/d6c752-aa4b-4fa7-ab1f-91a394684644/1/ERAUzorTjRU1AJbVSe4cWAXQncg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:75:f1:4b:18:f1:d0:8c:60:64:ce:34:3c:d1:0d:4b:63:8e:
         7b:75:a8:44:c7:e1:ae:2d:c5:5d:ef:ab:a0:97:12:92:17:1d:
         90:d3:74:16:b5:5d:2d:49:fd:8c:30:27:7b:ae:90:ab:84:52:
         33:d9:87:95:a5:2f:49:1d:69:26:2e:4f:27:46:36:b5:66:6e:
         53:09:42:64:94:11:fc:26:b0:1f:0e:7c:3f:95:91:5e:1d:5d:
         d2:c6:c6:a2:4d:e3:e0:a0:39:45:a1:0b:38:08:14:3b:eb:11:
         c1:f6:45:c6:5f:9a:89:cc:c2:b7:6d:f4:ad:e4:c3:2c:f8:48:
         d7:eb:43:ba:01:dc:8f:65:97:93:a8:3c:c4:3a:e1:48:c0:d7:
         e1:e9:c4:42:12:63:c0:8f:00:3c:44:9b:29:25:ec:24:00:f9:
         84:f2:d0:87:3d:05:02:39:7c:1e:a0:b8:c1:2f:ba:87:f7:e3:
         12:df:e3:3a:99:fc:84:4a:09:21:3f:5a:b4:ec:4f:ca:72:97:
         55:89:1c:49:78:91:4e:78:9d:39:22:54:58:50:c7:98:f2:f7:
         f9:f2:7f:23:a6:2d:18:c4:fc:57:b2:e0:d1:4d:dc:3e:0b:f6:
         6b:86:37:15:5c:c5:17:0d:3e:69:6b:e5:36:0d:d6:d9:76:ea:
         d0:c2:16:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3k845wHeyebYn2QOVI6vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMTAxNGNlOGFkMzhkMTUzNTAwOTZkNTQ5ZWUxYzU4MDVk
MDlkYzgwHhcNMjQwMTAyMDYzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWZjMTBhMjJlMjRiMjQ2MTAwMTRhOGJhMDEwMjZhZmFkODkyNTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyKA+QFMM7HUcbABsmkf8IJmJWPs
Ydg6NkR00WivookNSzD6y1uY8En8/3sC7LKXez091LXlgzXwRobzza+rkFj9i5HS
2oAmrv5berQiOK5EdjMRTDDUjUTqq3GQbsnrGHPrvIxyMgYyVHu2xiboSuPCkmok
y4+jGsHDl3U9ewqq9sKSWho4X88POsuYl83EPH0sGb+zhW17YunM2zHExcok72HS
tDpn5bG/dIp4bZaH253oOr6CVqy6oR9Sa7dzF3BwLhibrM3PL7vQWiws03wpG+gd
mo8OAV2sRKUYGH8HLwY6oOz5QzTVhF8EXSyAeIFVTUVTExvqPEA0UAjFFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIr8EKIuJLJGEAFKi6AQJq+tiSUXMB8GA1UdIwQY
MBaAFBEQFM6K040VNQCW1UnuHFgF0J3IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJBVXpvclRqUlUxQUpiVlNlNGNXQVhRbmNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9kNmM3NTItYWE0Yi00ZmE3LWFiMWYt
OTFhMzk0Njg0NjQ0LzEvaXZ3UW9pNGtza1lRQVVxTG9CQW1yNjJKSlJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9kNmM3NTItYWE0Yi00ZmE3LWFiMWYtOTFhMzk0Njg0NjQ0
LzEvRVJBVXpvclRqUlUxQUpiVlNlNGNXQVhRbmNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYTcMA0G
CSqGSIb3DQEBCwUAA4IBAQCOdfFLGPHQjGBkzjQ80Q1LY457dahEx+GuLcVd76ug
lxKSFx2Q03QWtV0tSf2MMCd7rpCrhFIz2YeVpS9JHWkmLk8nRja1Zm5TCUJklBH8
JrAfDnw/lZFeHV3SxsaiTePgoDlFoQs4CBQ76xHB9kXGX5qJzMK3bfSt5MMs+EjX
60O6AdyPZZeTqDzEOuFIwNfh6cRCEmPAjwA8RJspJewkAPmE8tCHPQUCOXweoLjB
L7qH9+MS3+M6mfyESgkhP1q07E/KcpdViRxJeJFOeJ05IlRYUMeY8vf58n8jpi0Y
xPxXsuDRTdw+C/ZrhjcVXMUXDT5pa+U2DdbZdurQwhZi
-----END CERTIFICATE-----