Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/6a3f6e-2d43-4ec6-a7ec-e13deb4ac7b7/1/l2vT3MoIQ1Laooa8K6w_pNtMBuM.roa
File:                     l2vT3MoIQ1Laooa8K6w_pNtMBuM.roa (raw, json)
Hash identifier:          DBMBQE+QFACFrYKBINIocPfEaNn2HCpAfN6Wqmpef/0=
Subject key identifier:   97:6B:D3:DC:CA:08:43:52:DA:A2:86:BC:2B:AC:3F:A4:DB:4C:06:E3
Certificate issuer:       /CN=fd2c6c1a557f588b647e17911a6300e342c661eb
Certificate serial:       018CC500479BD621887167BEF9AD0E605031
Authority key identifier: FD:2C:6C:1A:55:7F:58:8B:64:7E:17:91:1A:63:00:E3:42:C6:61:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_SxsGlV_WItkfheRGmMA40LGYes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/6a3f6e-2d43-4ec6-a7ec-e13deb4ac7b7/1/l2vT3MoIQ1Laooa8K6w_pNtMBuM.roa
Signing time:             Mon 01 Jan 2024 12:29:39 +0000
ROA not before:           Mon 01 Jan 2024 12:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49791
IP address blocks:        45.144.48.0/22 maxlen: 22
                          2a05:fc1::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/6a3f6e-2d43-4ec6-a7ec-e13deb4ac7b7/1/_SxsGlV_WItkfheRGmMA40LGYes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/6a3f6e-2d43-4ec6-a7ec-e13deb4ac7b7/1/_SxsGlV_WItkfheRGmMA40LGYes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_SxsGlV_WItkfheRGmMA40LGYes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 18:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:47:9b:d6:21:88:71:67:be:f9:ad:0e:60:50:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd2c6c1a557f588b647e17911a6300e342c661eb
        Validity
            Not Before: Jan  1 12:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=976bd3dcca084352daa286bc2bac3fa4db4c06e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:2c:26:b6:10:72:57:17:76:f9:70:72:88:76:
                    44:b0:ee:13:d5:c5:1e:2d:1b:9c:fc:65:7c:c6:b8:
                    53:a1:63:35:46:49:19:e3:7f:45:dd:8f:03:c9:10:
                    84:39:11:6c:12:56:09:57:36:33:5f:f1:0d:cc:71:
                    09:5a:88:58:00:98:f6:5e:b4:11:b1:c2:d2:65:0d:
                    5d:60:f2:89:a7:65:9a:a7:07:47:d6:c9:4c:ad:89:
                    a2:90:e3:41:29:ea:ce:93:36:39:9c:b6:77:d2:fb:
                    b2:8a:2b:a0:9f:08:2e:f1:b8:39:b1:7f:b7:a7:fe:
                    5d:79:9f:26:fa:56:e5:1b:1c:86:18:c6:48:4f:ba:
                    f5:42:ae:6b:ab:76:ea:a4:4b:c1:13:d2:ce:3f:01:
                    c0:b5:f2:c9:23:6d:4f:34:0e:a0:c7:b8:52:36:c3:
                    e8:a0:03:c0:31:d5:a3:5d:37:54:8b:10:16:4a:29:
                    90:d5:97:4c:ce:b9:e3:2a:fb:b7:88:e6:ad:68:c2:
                    94:6c:24:86:33:45:1c:75:6b:26:77:c8:96:e1:f7:
                    30:77:4d:e7:59:30:3b:bb:f3:4f:52:18:1b:57:fe:
                    70:d5:7a:4c:1e:c7:b9:ba:80:ca:f3:46:62:c4:fd:
                    be:13:b8:f9:b5:aa:1f:a6:54:37:37:90:6e:59:e8:
                    2c:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:6B:D3:DC:CA:08:43:52:DA:A2:86:BC:2B:AC:3F:A4:DB:4C:06:E3
            X509v3 Authority Key Identifier:
                keyid:FD:2C:6C:1A:55:7F:58:8B:64:7E:17:91:1A:63:00:E3:42:C6:61:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_SxsGlV_WItkfheRGmMA40LGYes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/6a3f6e-2d43-4ec6-a7ec-e13deb4ac7b7/1/l2vT3MoIQ1Laooa8K6w_pNtMBuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/6a3f6e-2d43-4ec6-a7ec-e13deb4ac7b7/1/_SxsGlV_WItkfheRGmMA40LGYes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.48.0/22
                IPv6:
                  2a05:fc1::/32

    Signature Algorithm: sha256WithRSAEncryption
         a0:0a:d4:cb:d5:52:2c:63:30:33:c4:1c:db:a2:77:7a:5c:56:
         1b:7b:cf:91:88:a8:ec:55:68:58:52:0c:f0:b0:32:e1:e8:92:
         4e:07:10:75:6e:9f:a7:31:b2:8d:7e:22:cc:8e:e9:6c:ce:91:
         98:99:1b:34:44:e4:d9:55:38:93:4b:48:38:8e:f8:21:4b:85:
         d0:cd:0f:0a:c5:c5:da:22:bd:f3:74:2a:fd:d6:39:93:33:d3:
         9d:48:27:d0:9f:a0:e8:7a:02:e8:a6:04:ca:0a:37:31:db:59:
         44:c8:3e:cf:0c:fe:3d:00:33:82:2e:89:37:8b:ba:d7:c8:75:
         2a:1d:31:04:29:61:24:9b:17:64:c5:2f:38:c5:b2:b4:01:eb:
         fc:4c:8f:66:0f:a0:5f:97:98:f2:f2:ae:04:ec:6f:86:4c:c0:
         0c:c7:ca:04:91:03:3b:41:c2:72:c4:b9:3f:9e:14:7d:d2:17:
         ed:de:cf:47:2a:0f:be:57:2a:56:ab:3f:2d:35:c6:89:a3:95:
         64:63:4f:b5:f0:e0:9c:ab:86:3a:31:47:f0:4b:05:7c:16:87:
         aa:b2:1f:ea:c5:1e:71:57:76:5e:7c:bc:7e:4f:26:11:e1:e5:
         0a:25:8f:e7:a8:f1:77:32:c2:cb:cb:37:8f:a7:8a:ff:88:75:
         ab:60:5f:01
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAEeb1iGIcWe++a0OYFAxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMmM2YzFhNTU3ZjU4OGI2NDdlMTc5MTFhNjMwMGUzNDJj
NjYxZWIwHhcNMjQwMTAxMTIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzZiZDNkY2NhMDg0MzUyZGFhMjg2YmMyYmFjM2ZhNGRiNGMwNmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhCwmthByVxd2+XByiHZEsO4T1cUe
LRuc/GV8xrhToWM1RkkZ439F3Y8DyRCEORFsElYJVzYzX/ENzHEJWohYAJj2XrQR
scLSZQ1dYPKJp2WapwdH1slMrYmikONBKerOkzY5nLZ30vuyiiugnwgu8bg5sX+3
p/5deZ8m+lblGxyGGMZIT7r1Qq5rq3bqpEvBE9LOPwHAtfLJI21PNA6gx7hSNsPo
oAPAMdWjXTdUixAWSimQ1ZdMzrnjKvu3iOataMKUbCSGM0UcdWsmd8iW4fcwd03n
WTA7u/NPUhgbV/5w1XpMHse5uoDK80ZixP2+E7j5taofplQ3N5BuWegsTQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJdr09zKCENS2qKGvCusP6TbTAbjMB8GA1UdIwQY
MBaAFP0sbBpVf1iLZH4XkRpjAONCxmHrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1N4c0dsVl9XSXRrZmhlUkdtTUE0MExHWWVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS82YTNmNmUtMmQ0My00ZWM2LWE3ZWMt
ZTEzZGViNGFjN2I3LzEvbDJ2VDNNb0lRMUxhb29hOEs2d19wTnRNQnVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS82YTNmNmUtMmQ0My00ZWM2LWE3ZWMtZTEzZGViNGFjN2I3
LzEvX1N4c0dsVl9XSXRrZmhlUkdtTUE0MExHWWVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZAwMA0E
AgACMAcDBQAqBQ/BMA0GCSqGSIb3DQEBCwUAA4IBAQCgCtTL1VIsYzAzxBzbond6
XFYbe8+RiKjsVWhYUgzwsDLh6JJOBxB1bp+nMbKNfiLMjulszpGYmRs0ROTZVTiT
S0g4jvghS4XQzQ8KxcXaIr3zdCr91jmTM9OdSCfQn6DoegLopgTKCjcx21lEyD7P
DP49ADOCLok3i7rXyHUqHTEEKWEkmxdkxS84xbK0Aev8TI9mD6Bfl5jy8q4E7G+G
TMAMx8oEkQM7QcJyxLk/nhR90hft3s9HKg++VypWqz8tNcaJo5VkY0+18OCcq4Y6
MUfwSwV8Foeqsh/qxR5xV3ZefLx+TyYR4eUKJY/nqPF3MsLLyzePp4r/iHWrYF8B
-----END CERTIFICATE-----