Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/IT5P9AD-ch8AtkvdNqs_JEKuxAw.roa
File:                     IT5P9AD-ch8AtkvdNqs_JEKuxAw.roa (raw, json)
Hash identifier:          DgIKVg2PNHTSFbONTvoSKwtG/f/Yzc50e9cf1ntfQdY=
Subject key identifier:   21:3E:4F:F4:00:FE:72:1F:00:B6:4B:DD:36:AB:3F:24:42:AE:C4:0C
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018E5353CE84AA112CE77FDD0807AFB21270
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/IT5P9AD-ch8AtkvdNqs_JEKuxAw.roa
Signing time:             Mon 18 Mar 2024 20:49:45 +0000
ROA not before:           Mon 18 Mar 2024 20:49:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32613
IP address blocks:        45.13.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:53:53:ce:84:aa:11:2c:e7:7f:dd:08:07:af:b2:12:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Mar 18 20:49:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=213e4ff400fe721f00b64bdd36ab3f2442aec40c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f1:69:ac:07:85:34:64:70:94:89:d7:00:61:
                    0e:2c:91:3e:e3:88:35:0d:c4:0d:4c:f0:77:6d:12:
                    5e:c3:0b:8f:a0:e9:70:c9:48:0f:9d:54:f7:ac:0f:
                    fc:ea:56:86:37:fe:6f:56:b8:ea:8b:00:51:78:6e:
                    11:9e:3f:bb:ef:92:b8:9a:2c:39:e1:c8:87:94:0d:
                    87:8e:b4:40:7f:bc:fd:7d:67:e9:56:3a:ce:bf:24:
                    58:a5:93:b5:a1:fb:5b:12:4b:71:38:cb:91:eb:c6:
                    91:20:e6:4b:4d:64:3e:33:b2:5b:cf:28:e2:7c:9b:
                    d7:c3:85:0f:70:f8:a6:d0:6d:ae:c8:6a:ca:7c:db:
                    2a:af:02:fe:79:83:f5:cd:23:e2:41:be:6e:72:c6:
                    60:1e:fb:e4:68:46:52:9f:3f:56:d4:55:ed:4f:1b:
                    8d:f6:e7:18:05:c0:49:88:c9:e3:c6:a2:a1:e8:51:
                    7c:63:30:e2:86:4e:5b:cc:e8:3f:3c:c4:f6:a3:c4:
                    64:0f:24:85:ea:41:87:af:c8:d6:15:14:bf:4a:6a:
                    9b:82:d0:10:4f:50:53:20:1e:36:87:2c:14:28:30:
                    84:7b:4b:17:c4:24:5e:b0:c1:ae:20:95:bb:75:a7:
                    d8:94:18:46:8f:fc:75:70:d6:14:f7:1d:f5:e4:d7:
                    96:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:3E:4F:F4:00:FE:72:1F:00:B6:4B:DD:36:AB:3F:24:42:AE:C4:0C
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/IT5P9AD-ch8AtkvdNqs_JEKuxAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:f1:fa:26:63:9d:24:80:90:1d:6d:98:ab:79:0b:0e:2c:05:
         ce:74:9a:68:30:74:36:a7:4c:0b:af:4b:d8:42:34:76:9c:46:
         86:6a:a2:79:8c:f9:f6:fa:5b:63:85:d3:0e:98:ad:60:b6:9d:
         f5:bb:6a:e6:33:86:71:03:26:3b:a1:ff:9f:60:38:ae:9c:9d:
         78:6d:19:37:8a:3f:b6:dc:8e:73:f2:49:8b:7f:a4:b7:d1:d5:
         a6:7c:04:4d:50:b1:3a:b1:a5:05:b6:fc:4c:a5:b0:20:49:ce:
         d9:58:ee:6b:b9:07:fd:46:2f:9b:59:16:86:19:7b:59:0a:68:
         37:32:ec:f4:5c:b8:c1:de:b7:2d:71:47:9a:eb:7c:ae:d4:64:
         3f:18:ce:ef:e5:12:6d:d7:0b:b0:c1:15:07:e5:ae:88:88:43:
         fe:5b:67:e7:ca:24:74:8e:ae:40:4c:02:3b:1f:1b:0f:83:b9:
         4f:92:25:8c:7b:81:44:d6:d5:1f:e3:4f:fe:a5:da:54:b0:70:
         bc:34:22:79:df:37:4a:d1:3f:46:e1:20:58:de:cf:04:fa:3b:
         16:7e:c4:75:81:19:3b:a2:a4:e8:59:d2:81:75:04:cd:95:16:
         6a:f8:4b:4b:85:0c:5a:0a:2d:79:c6:3c:2a:b5:8b:38:e7:c7:
         b1:e2:12:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5TU86EqhEs53/dCAevshJwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMzE4MjA0OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTNlNGZmNDAwZmU3MjFmMDBiNjRiZGQzNmFiM2YyNDQyYWVjNDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvFprAeFNGRwlInXAGEOLJE+44g1
DcQNTPB3bRJewwuPoOlwyUgPnVT3rA/86laGN/5vVrjqiwBReG4Rnj+775K4miw5
4ciHlA2HjrRAf7z9fWfpVjrOvyRYpZO1oftbEktxOMuR68aRIOZLTWQ+M7Jbzyji
fJvXw4UPcPim0G2uyGrKfNsqrwL+eYP1zSPiQb5ucsZgHvvkaEZSnz9W1FXtTxuN
9ucYBcBJiMnjxqKh6FF8YzDihk5bzOg/PMT2o8RkDySF6kGHr8jWFRS/SmqbgtAQ
T1BTIB42hywUKDCEe0sXxCResMGuIJW7dafYlBhGj/x1cNYU9x315NeW1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCE+T/QA/nIfALZL3TarPyRCrsQMMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvSVQ1UDlBRC1jaDhBdGt2ZE5xc19KRUt1eEF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ28MA0G
CSqGSIb3DQEBCwUAA4IBAQBA8fomY50kgJAdbZireQsOLAXOdJpoMHQ2p0wLr0vY
QjR2nEaGaqJ5jPn2+ltjhdMOmK1gtp31u2rmM4ZxAyY7of+fYDiunJ14bRk3ij+2
3I5z8kmLf6S30dWmfARNULE6saUFtvxMpbAgSc7ZWO5ruQf9Ri+bWRaGGXtZCmg3
Muz0XLjB3rctcUea63yu1GQ/GM7v5RJt1wuwwRUH5a6IiEP+W2fnyiR0jq5ATAI7
HxsPg7lPkiWMe4FE1tUf40/+pdpUsHC8NCJ53zdK0T9G4SBY3s8E+jsWfsR1gRk7
oqToWdKBdQTNlRZq+EtLhQxaCi15xjwqtYs458ex4hIw
-----END CERTIFICATE-----