Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/6419af-a23c-4219-9a2b-0463b252bd1a/1/LuKlMoKRVtbSL32oJeLWLM824pc.roa
File:                     LuKlMoKRVtbSL32oJeLWLM824pc.roa (raw, json)
Hash identifier:          llmjKqZDyyoZ51+s2d01lMK88idh6dyJsZOizqTR7K0=
Subject key identifier:   2E:E2:A5:32:82:91:56:D6:D2:2F:7D:A8:25:E2:D6:2C:CF:36:E2:97
Certificate issuer:       /CN=a4b002e0cd28ca1051e02c9d21dbaa38fe4dee07
Certificate serial:       018CC86EEC391BBFBC8A9EA3816305C94068
Authority key identifier: A4:B0:02:E0:CD:28:CA:10:51:E0:2C:9D:21:DB:AA:38:FE:4D:EE:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pLAC4M0oyhBR4CydIduqOP5N7gc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/6419af-a23c-4219-9a2b-0463b252bd1a/1/LuKlMoKRVtbSL32oJeLWLM824pc.roa
Signing time:             Tue 02 Jan 2024 04:29:21 +0000
ROA not before:           Tue 02 Jan 2024 04:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23470
IP address blocks:        45.143.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/6419af-a23c-4219-9a2b-0463b252bd1a/1/pLAC4M0oyhBR4CydIduqOP5N7gc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/6419af-a23c-4219-9a2b-0463b252bd1a/1/pLAC4M0oyhBR4CydIduqOP5N7gc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pLAC4M0oyhBR4CydIduqOP5N7gc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:ec:39:1b:bf:bc:8a:9e:a3:81:63:05:c9:40:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4b002e0cd28ca1051e02c9d21dbaa38fe4dee07
        Validity
            Not Before: Jan  2 04:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ee2a532829156d6d22f7da825e2d62ccf36e297
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:8b:43:4f:d1:16:76:d2:5a:30:93:47:5b:53:
                    17:4e:08:be:a2:74:9d:71:b7:ae:4b:39:aa:98:4d:
                    a9:c1:4d:a3:a6:29:79:a2:75:99:af:52:69:a0:be:
                    1a:74:3d:ce:b9:74:8c:da:4e:24:fc:75:dc:0e:38:
                    57:d1:ed:03:e6:5e:04:d7:86:95:c2:e6:56:b1:32:
                    5f:a9:1f:af:78:53:76:3e:dd:a2:3d:a5:93:e4:89:
                    85:27:97:f2:69:07:d1:e0:c7:4b:09:f3:bf:d9:46:
                    3e:92:fc:a9:f4:a2:a1:3f:b4:41:b6:0e:e6:77:24:
                    6e:46:3c:85:b5:de:04:77:dc:64:00:d7:fb:e9:8f:
                    8d:96:90:fc:d5:e9:ed:84:9b:87:66:2b:c5:f2:a4:
                    d8:1c:a1:fc:70:46:aa:3d:42:97:c6:0f:55:cb:89:
                    23:5d:af:ec:88:c9:10:54:f5:2c:88:49:f3:23:fb:
                    74:84:0d:1f:4e:33:07:c9:a5:a5:dc:b4:62:fd:0b:
                    24:87:57:0b:3a:c4:e0:d8:d5:3e:fe:95:50:cd:77:
                    3c:27:2c:0e:1b:1a:56:1e:31:d3:53:3e:16:dc:d5:
                    6a:97:c0:da:d1:14:b0:ad:09:e9:fc:d1:f0:27:60:
                    2f:7f:c1:ff:0d:9f:1f:94:75:3b:da:40:b9:9e:a4:
                    5f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:E2:A5:32:82:91:56:D6:D2:2F:7D:A8:25:E2:D6:2C:CF:36:E2:97
            X509v3 Authority Key Identifier:
                keyid:A4:B0:02:E0:CD:28:CA:10:51:E0:2C:9D:21:DB:AA:38:FE:4D:EE:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pLAC4M0oyhBR4CydIduqOP5N7gc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/6419af-a23c-4219-9a2b-0463b252bd1a/1/LuKlMoKRVtbSL32oJeLWLM824pc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/6419af-a23c-4219-9a2b-0463b252bd1a/1/pLAC4M0oyhBR4CydIduqOP5N7gc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:e3:0b:4c:18:71:bb:e9:e5:30:00:1b:30:72:64:a8:60:b5:
         10:60:96:68:0e:f3:20:fe:f4:2c:27:b0:35:37:86:29:bb:3f:
         2e:c2:dc:b9:14:ac:3e:c4:22:29:63:9c:e0:b7:32:64:2f:95:
         d7:78:1f:90:84:e3:5e:01:55:41:38:11:a1:93:3f:9a:08:8d:
         d5:82:80:6d:94:0e:1b:a8:d0:d0:64:b4:e6:07:5c:0d:d5:c4:
         22:3a:14:4f:26:8f:65:b3:c2:b6:6c:c4:a2:03:7e:98:72:85:
         ec:e5:da:f9:64:7a:ee:28:5c:8e:4a:54:2a:f6:c8:5a:b0:01:
         a3:70:90:42:84:a8:f3:90:5d:99:9e:2f:7a:2e:d7:e0:a9:23:
         ab:8e:a3:c4:36:28:c9:29:d0:7d:19:50:cb:74:f2:51:ed:d8:
         63:f0:ef:39:72:7c:2a:6f:7a:42:41:a0:cc:0f:64:61:d4:70:
         98:29:de:ea:e0:00:97:5b:c8:53:e4:a4:0b:c9:56:68:f3:9b:
         ad:56:84:9b:6a:05:0c:83:5b:42:e3:8f:d1:bc:8f:b3:08:d5:
         cd:a7:36:9b:ce:fe:c8:32:e9:47:f7:06:5c:1d:36:fc:9e:09:
         53:34:f1:b4:46:bc:68:d1:94:1b:5e:89:f4:5e:d3:ca:36:9d:
         39:28:5c:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbuw5G7+8ip6jgWMFyUBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YjAwMmUwY2QyOGNhMTA1MWUwMmM5ZDIxZGJhYTM4ZmU0
ZGVlMDcwHhcNMjQwMTAyMDQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWUyYTUzMjgyOTE1NmQ2ZDIyZjdkYTgyNWUyZDYyY2NmMzZlMjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgotDT9EWdtJaMJNHW1MXTgi+onSd
cbeuSzmqmE2pwU2jpil5onWZr1JpoL4adD3OuXSM2k4k/HXcDjhX0e0D5l4E14aV
wuZWsTJfqR+veFN2Pt2iPaWT5ImFJ5fyaQfR4MdLCfO/2UY+kvyp9KKhP7RBtg7m
dyRuRjyFtd4Ed9xkANf76Y+NlpD81enthJuHZivF8qTYHKH8cEaqPUKXxg9Vy4kj
Xa/siMkQVPUsiEnzI/t0hA0fTjMHyaWl3LRi/Qskh1cLOsTg2NU+/pVQzXc8JywO
GxpWHjHTUz4W3NVql8Da0RSwrQnp/NHwJ2Avf8H/DZ8flHU72kC5nqRf9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7ipTKCkVbW0i99qCXi1izPNuKXMB8GA1UdIwQY
MBaAFKSwAuDNKMoQUeAsnSHbqjj+Te4HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcExBQzRNMG95aEJSNEN5ZElkdXFPUDVON2djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS82NDE5YWYtYTIzYy00MjE5LTlhMmIt
MDQ2M2IyNTJiZDFhLzEvTHVLbE1vS1JWdGJTTDMyb0plTFdMTTgyNHBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS82NDE5YWYtYTIzYy00MjE5LTlhMmItMDQ2M2IyNTJiZDFh
LzEvcExBQzRNMG95aEJSNEN5ZElkdXFPUDVON2djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY+RMA0G
CSqGSIb3DQEBCwUAA4IBAQAO4wtMGHG76eUwABswcmSoYLUQYJZoDvMg/vQsJ7A1
N4Ypuz8uwty5FKw+xCIpY5zgtzJkL5XXeB+QhONeAVVBOBGhkz+aCI3VgoBtlA4b
qNDQZLTmB1wN1cQiOhRPJo9ls8K2bMSiA36YcoXs5dr5ZHruKFyOSlQq9shasAGj
cJBChKjzkF2Zni96LtfgqSOrjqPENijJKdB9GVDLdPJR7dhj8O85cnwqb3pCQaDM
D2Rh1HCYKd7q4ACXW8hT5KQLyVZo85utVoSbagUMg1tC44/RvI+zCNXNpzabzv7I
MulH9wZcHTb8nglTNPG0Rrxo0ZQbXon0XtPKNp05KFwq
-----END CERTIFICATE-----