Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/ca510c-b6d1-4eb3-8dd1-498f4c10b655/1/fPtxjrNJWuql8kZhZun76HUpYQM.roa
File:                     fPtxjrNJWuql8kZhZun76HUpYQM.roa (raw, json)
Hash identifier:          9OHVh+ifRyg2V3+jUqLQGmi9sm9+6UCkVbElWTP7uiQ=
Subject key identifier:   7C:FB:71:8E:B3:49:5A:EA:A5:F2:46:61:66:E9:FB:E8:75:29:61:03
Certificate issuer:       /CN=ded8582b0243863c572ce25786ccb36ff795b22e
Certificate serial:       018CC8DE983AF2DA43EFE6EF7F1682528224
Authority key identifier: DE:D8:58:2B:02:43:86:3C:57:2C:E2:57:86:CC:B3:6F:F7:95:B2:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3thYKwJDhjxXLOJXhsyzb_eVsi4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/ca510c-b6d1-4eb3-8dd1-498f4c10b655/1/fPtxjrNJWuql8kZhZun76HUpYQM.roa
Signing time:             Tue 02 Jan 2024 06:31:20 +0000
ROA not before:           Tue 02 Jan 2024 06:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207123
IP address blocks:        45.142.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/ca510c-b6d1-4eb3-8dd1-498f4c10b655/1/3thYKwJDhjxXLOJXhsyzb_eVsi4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/ca510c-b6d1-4eb3-8dd1-498f4c10b655/1/3thYKwJDhjxXLOJXhsyzb_eVsi4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3thYKwJDhjxXLOJXhsyzb_eVsi4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:98:3a:f2:da:43:ef:e6:ef:7f:16:82:52:82:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ded8582b0243863c572ce25786ccb36ff795b22e
        Validity
            Not Before: Jan  2 06:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cfb718eb3495aeaa5f2466166e9fbe875296103
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:03:42:61:9d:ed:68:fa:f6:12:49:06:b3:dc:
                    4d:a0:ea:46:7b:53:ed:b2:41:39:07:8a:48:98:5e:
                    15:57:9d:3f:89:5a:c2:0e:37:46:24:22:0d:bc:ce:
                    11:9d:ad:44:4b:a4:be:02:d7:e0:11:02:64:20:c5:
                    0c:c1:27:d4:4e:3f:74:63:5f:bd:4f:79:4c:7c:25:
                    16:2c:08:40:0c:73:e4:f5:1a:42:d6:9d:7b:61:ce:
                    25:eb:99:c9:96:e4:a5:3c:6b:17:97:7a:2d:c1:0b:
                    d1:25:04:13:6c:7e:d4:9c:74:7c:78:af:cf:a5:57:
                    84:ce:ce:af:44:f5:47:37:65:f3:c2:93:62:22:1d:
                    de:09:19:6a:08:34:29:28:89:9b:a2:41:a5:89:59:
                    ac:7d:f0:f7:fc:d3:e7:35:18:55:9b:aa:42:4c:a5:
                    4c:54:69:5a:5a:69:27:1b:ee:13:a9:c8:2f:27:49:
                    10:cd:ea:a2:59:1a:59:34:e4:92:98:a1:7c:b7:ca:
                    08:72:3b:de:92:11:2a:0c:44:88:d2:1e:59:9e:0a:
                    a1:41:8f:3c:a8:e4:5f:cf:ac:89:0d:e4:6d:f9:06:
                    24:53:6a:86:ce:ee:d2:ce:23:72:f8:4c:70:c6:18:
                    ff:7f:44:81:4c:16:c1:d7:b3:7f:b7:02:b3:6f:36:
                    4d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:FB:71:8E:B3:49:5A:EA:A5:F2:46:61:66:E9:FB:E8:75:29:61:03
            X509v3 Authority Key Identifier:
                keyid:DE:D8:58:2B:02:43:86:3C:57:2C:E2:57:86:CC:B3:6F:F7:95:B2:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3thYKwJDhjxXLOJXhsyzb_eVsi4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ca510c-b6d1-4eb3-8dd1-498f4c10b655/1/fPtxjrNJWuql8kZhZun76HUpYQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ca510c-b6d1-4eb3-8dd1-498f4c10b655/1/3thYKwJDhjxXLOJXhsyzb_eVsi4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:98:15:28:3e:83:9c:51:57:b1:9e:d7:4c:78:f7:e6:62:5d:
         92:21:c8:52:4a:f4:dc:89:06:98:4a:37:38:a4:f7:be:8f:6b:
         5b:a7:0a:f9:1f:6a:70:f3:38:9e:6b:33:22:5a:e2:12:16:38:
         4f:46:f3:ef:ea:61:82:03:cc:2c:86:c3:bd:bf:2a:bc:66:da:
         a7:07:2e:b2:6a:34:b5:66:d2:6d:07:1a:68:c9:d7:b2:f0:cf:
         0d:47:2c:8a:b4:c2:df:27:aa:9f:5a:0a:86:47:a8:43:12:29:
         17:0b:f6:15:d0:e0:a9:2c:72:94:d9:1b:79:f3:85:30:cb:17:
         55:3c:3a:ff:24:88:8f:31:a8:9d:37:07:0e:e7:3c:7c:61:62:
         29:d5:00:f8:c2:ba:f9:05:da:bc:ee:26:cb:2a:c4:09:65:ae:
         d8:fd:85:39:a9:db:7f:4b:d6:d1:ae:2d:77:76:e1:e8:35:ca:
         e8:22:63:3f:ea:67:8d:30:ce:50:f8:23:fc:da:3f:5f:51:de:
         68:04:3a:a6:28:85:50:f0:8b:00:7f:37:12:18:0b:c5:0f:0c:
         5b:16:22:4d:68:83:bf:05:8d:17:d2:3f:16:2c:cc:30:e9:17:
         ec:6b:f9:77:94:c5:bb:b4:c4:3b:39:e5:65:8b:a5:69:90:7d:
         6f:10:80:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3pg68tpD7+bvfxaCUoIkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZDg1ODJiMDI0Mzg2M2M1NzJjZTI1Nzg2Y2NiMzZmZjc5
NWIyMmUwHhcNMjQwMTAyMDYzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2ZiNzE4ZWIzNDk1YWVhYTVmMjQ2NjE2NmU5ZmJlODc1Mjk2MTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgNCYZ3taPr2EkkGs9xNoOpGe1Pt
skE5B4pImF4VV50/iVrCDjdGJCINvM4Rna1ES6S+AtfgEQJkIMUMwSfUTj90Y1+9
T3lMfCUWLAhADHPk9RpC1p17Yc4l65nJluSlPGsXl3otwQvRJQQTbH7UnHR8eK/P
pVeEzs6vRPVHN2XzwpNiIh3eCRlqCDQpKImbokGliVmsffD3/NPnNRhVm6pCTKVM
VGlaWmknG+4TqcgvJ0kQzeqiWRpZNOSSmKF8t8oIcjvekhEqDESI0h5ZngqhQY88
qORfz6yJDeRt+QYkU2qGzu7SziNy+Exwxhj/f0SBTBbB17N/twKzbzZNfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHz7cY6zSVrqpfJGYWbp++h1KWEDMB8GA1UdIwQY
MBaAFN7YWCsCQ4Y8VyziV4bMs2/3lbIuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3RoWUt3SkRoanhYTE9KWGhzeXpiX2VWc2k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9jYTUxMGMtYjZkMS00ZWIzLThkZDEt
NDk4ZjRjMTBiNjU1LzEvZlB0eGpyTkpXdXFsOGtaaFp1bjc2SFVwWVFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9jYTUxMGMtYjZkMS00ZWIzLThkZDEtNDk4ZjRjMTBiNjU1
LzEvM3RoWUt3SkRoanhYTE9KWGhzeXpiX2VWc2k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY5ZMA0G
CSqGSIb3DQEBCwUAA4IBAQDAmBUoPoOcUVexntdMePfmYl2SIchSSvTciQaYSjc4
pPe+j2tbpwr5H2pw8zieazMiWuISFjhPRvPv6mGCA8wshsO9vyq8ZtqnBy6yajS1
ZtJtBxpoydey8M8NRyyKtMLfJ6qfWgqGR6hDEikXC/YV0OCpLHKU2Rt584UwyxdV
PDr/JIiPMaidNwcO5zx8YWIp1QD4wrr5Bdq87ibLKsQJZa7Y/YU5qdt/S9bRri13
duHoNcroImM/6meNMM5Q+CP82j9fUd5oBDqmKIVQ8IsAfzcSGAvFDwxbFiJNaIO/
BY0X0j8WLMww6Rfsa/l3lMW7tMQ7OeVli6VpkH1vEICC
-----END CERTIFICATE-----