Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/UeqWP9xa0Y4HrRCFRr_C16PN-Ck.roa
File:                     UeqWP9xa0Y4HrRCFRr_C16PN-Ck.roa (raw, json)
Hash identifier:          iOlYd7tlDlIti73IokF16mS37kGo1nLViBSis48QGKg=
Subject key identifier:   51:EA:96:3F:DC:5A:D1:8E:07:AD:10:85:46:BF:C2:D7:A3:CD:F8:29
Certificate issuer:       /CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
Certificate serial:       018E6602853D7AA29680B050457C5DE8687D
Authority key identifier: E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/UeqWP9xa0Y4HrRCFRr_C16PN-Ck.roa
Signing time:             Fri 22 Mar 2024 11:53:44 +0000
ROA not before:           Fri 22 Mar 2024 11:53:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28753
IP address blocks:        45.135.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:66:02:85:3d:7a:a2:96:80:b0:50:45:7c:5d:e8:68:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
        Validity
            Not Before: Mar 22 11:53:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51ea963fdc5ad18e07ad108546bfc2d7a3cdf829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:e3:d2:d6:7f:56:b2:86:51:a7:40:cd:b6:2a:
                    bc:5e:29:3c:24:6e:4c:52:eb:2e:fd:7c:6b:cc:54:
                    cc:dd:c9:5f:e3:f8:8d:11:6b:5b:4b:5f:23:a9:55:
                    21:4a:22:86:e3:1b:9d:13:64:6f:20:25:50:c7:c1:
                    00:e2:f7:f2:26:53:9a:f9:46:80:55:59:86:c7:ee:
                    ce:45:89:ec:05:79:9d:98:4c:43:a9:c7:50:fa:8f:
                    eb:a1:7b:39:d6:49:b3:22:81:9d:a0:e8:b0:86:52:
                    d0:39:af:41:cc:21:ae:e5:f4:46:c4:a7:fe:50:d5:
                    ca:e0:8f:5a:1d:a9:08:c5:a0:ae:52:e2:bd:ae:63:
                    9a:43:90:6a:4a:1b:58:3e:33:5f:5d:14:6b:c0:80:
                    bb:11:ef:e4:ab:95:04:1b:81:83:02:fd:35:94:d5:
                    1b:2d:5f:09:6f:ec:13:d7:87:a4:b1:ad:45:e9:85:
                    57:86:e8:be:be:4e:94:5a:a3:db:6e:3d:57:91:39:
                    61:e3:0c:e2:ab:4c:99:0b:73:d5:5d:76:89:34:0a:
                    22:19:dd:82:25:03:b7:27:e0:0a:38:84:87:2f:17:
                    09:dc:13:de:bc:0d:b3:e7:10:e3:df:e8:23:6d:88:
                    ac:82:03:05:c6:22:b1:e4:a8:24:94:e3:32:5b:e7:
                    56:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:EA:96:3F:DC:5A:D1:8E:07:AD:10:85:46:BF:C2:D7:A3:CD:F8:29
            X509v3 Authority Key Identifier:
                keyid:E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/UeqWP9xa0Y4HrRCFRr_C16PN-Ck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:57:a7:f8:b3:5a:4a:be:e4:da:b9:1d:9b:d8:a5:62:31:cb:
         cb:6b:d4:4c:68:8c:2b:37:0d:92:57:7c:6a:ce:5a:7d:63:7e:
         56:79:93:94:1f:6f:d9:e3:46:d3:9c:e4:47:f1:08:f5:73:f3:
         13:fb:3c:b9:c2:95:47:d4:24:10:d8:d5:b6:d5:d0:a6:e8:5a:
         e0:34:d1:8f:d1:b8:30:dc:b8:d3:c1:6b:1d:82:b6:91:ac:04:
         d5:43:27:7a:60:55:f9:75:c6:19:1b:53:5d:ed:41:cd:b3:14:
         2b:e5:6e:20:44:0e:11:09:eb:c2:71:c9:79:51:c4:4d:04:e5:
         7a:de:6a:39:31:3d:57:0f:c7:f1:ae:3a:6e:2d:42:73:d2:77:
         c5:69:41:f9:5c:31:f9:33:56:62:95:48:2c:0f:a3:13:22:ce:
         37:24:7d:2f:fb:0f:7a:fe:31:13:88:2a:69:01:b5:64:08:49:
         ee:b8:9d:ec:53:c0:65:e9:be:11:63:b3:3a:bc:f5:c0:c5:26:
         88:f5:6c:ac:ab:14:c9:ec:ea:82:20:b6:2d:63:1b:a0:02:e6:
         7c:46:16:da:a3:a6:a6:4f:d4:3c:a5:c9:98:ac:9a:2f:66:9a:
         28:b6:6b:54:1d:6f:22:a3:ae:76:3a:ed:9a:eb:4e:65:c5:b6:
         b7:81:d6:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5mAoU9eqKWgLBQRXxd6Gh9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NmQwZGFiMzQ3YTM4ZTJiODdiNWEyMmEyZjdjOWUyMWMx
OGM5YmMwHhcNMjQwMzIyMTE1MzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWVhOTYzZmRjNWFkMThlMDdhZDEwODU0NmJmYzJkN2EzY2RmODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+PS1n9WsoZRp0DNtiq8Xik8JG5M
Uusu/XxrzFTM3clf4/iNEWtbS18jqVUhSiKG4xudE2RvICVQx8EA4vfyJlOa+UaA
VVmGx+7ORYnsBXmdmExDqcdQ+o/roXs51kmzIoGdoOiwhlLQOa9BzCGu5fRGxKf+
UNXK4I9aHakIxaCuUuK9rmOaQ5BqShtYPjNfXRRrwIC7Ee/kq5UEG4GDAv01lNUb
LV8Jb+wT14eksa1F6YVXhui+vk6UWqPbbj1XkTlh4wziq0yZC3PVXXaJNAoiGd2C
JQO3J+AKOISHLxcJ3BPevA2z5xDj3+gjbYisggMFxiKx5KgklOMyW+dWWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFHqlj/cWtGOB60QhUa/wtejzfgpMB8GA1UdIwQY
MBaAFOdtDas0ejjiuHtaIqL3yeIcGMm8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDkt
YmQzYmZjOTliZGE5LzEvVWVxV1A5eGEwWTRIclJDRlJyX0MxNlBOLUNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDktYmQzYmZjOTliZGE5
LzEvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYeIMA0G
CSqGSIb3DQEBCwUAA4IBAQBoV6f4s1pKvuTauR2b2KViMcvLa9RMaIwrNw2SV3xq
zlp9Y35WeZOUH2/Z40bTnORH8Qj1c/MT+zy5wpVH1CQQ2NW21dCm6FrgNNGP0bgw
3LjTwWsdgraRrATVQyd6YFX5dcYZG1Nd7UHNsxQr5W4gRA4RCevCccl5UcRNBOV6
3mo5MT1XD8fxrjpuLUJz0nfFaUH5XDH5M1ZilUgsD6MTIs43JH0v+w96/jETiCpp
AbVkCEnuuJ3sU8Bl6b4RY7M6vPXAxSaI9WysqxTJ7OqCILYtYxugAuZ8Rhbao6am
T9Q8pcmYrJovZpootmtUHW8io652Ou2a605lxba3gdaL
-----END CERTIFICATE-----