Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/3cb9d2-70ff-46d6-9c73-57586156354e/1/DGrPzK-HJkGz0A36SRn-ZYDJTSo.roa
File:                     DGrPzK-HJkGz0A36SRn-ZYDJTSo.roa (raw, json)
Hash identifier:          KOQRjipHI4F+tCk+YYIa8KCwejV7MTYs2DTnyt/4WBQ=
Subject key identifier:   0C:6A:CF:CC:AF:87:26:41:B3:D0:0D:FA:49:19:FE:65:80:C9:4D:2A
Certificate issuer:       /CN=f261df44b346823cce8c6643b5fa6919afb23195
Certificate serial:       018CC726ECF89154921E859DBF80321F0F18
Authority key identifier: F2:61:DF:44:B3:46:82:3C:CE:8C:66:43:B5:FA:69:19:AF:B2:31:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8mHfRLNGgjzOjGZDtfppGa-yMZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/3cb9d2-70ff-46d6-9c73-57586156354e/1/DGrPzK-HJkGz0A36SRn-ZYDJTSo.roa
Signing time:             Mon 01 Jan 2024 22:31:06 +0000
ROA not before:           Mon 01 Jan 2024 22:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30848
IP address blocks:        45.143.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/3cb9d2-70ff-46d6-9c73-57586156354e/1/8mHfRLNGgjzOjGZDtfppGa-yMZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/3cb9d2-70ff-46d6-9c73-57586156354e/1/8mHfRLNGgjzOjGZDtfppGa-yMZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8mHfRLNGgjzOjGZDtfppGa-yMZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ec:f8:91:54:92:1e:85:9d:bf:80:32:1f:0f:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f261df44b346823cce8c6643b5fa6919afb23195
        Validity
            Not Before: Jan  1 22:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c6acfccaf872641b3d00dfa4919fe6580c94d2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:2a:a8:f5:a4:55:25:3e:df:4a:b5:cc:04:6e:
                    f9:28:97:e6:33:1b:cf:31:8e:51:73:7b:d3:8f:22:
                    5e:e8:e6:ba:fe:83:0b:6a:d3:69:75:1b:ca:70:70:
                    e5:c6:14:10:77:f2:66:07:57:ef:f2:ae:22:cd:06:
                    ef:58:bb:0e:3e:48:12:8d:b2:a5:f2:11:aa:ad:04:
                    1a:37:73:60:de:68:f3:c6:c1:09:40:5c:ff:05:75:
                    31:07:7e:2b:68:39:cb:c8:cb:47:84:a4:31:a8:9d:
                    51:21:ca:e0:a7:45:0e:a6:91:83:43:e1:16:2e:5c:
                    e1:b3:90:02:50:b2:b0:a6:d3:d5:d9:b9:d2:d5:bd:
                    67:04:3f:49:8b:92:1f:73:b1:a8:c7:50:35:48:4e:
                    fe:74:55:e9:2c:2e:4b:aa:42:57:09:83:3b:8b:bf:
                    1b:c5:df:16:55:7f:35:8c:46:3e:15:84:4b:cd:af:
                    58:ba:80:33:eb:8b:f9:ab:72:a9:03:e4:2d:3d:3a:
                    47:b3:9c:e0:b3:ac:dc:3b:2a:ab:7c:9e:19:0a:90:
                    0e:74:ea:a5:f8:1e:80:9d:7e:da:58:b0:b5:14:8f:
                    65:3d:96:89:4c:d9:18:ca:e1:42:dd:50:c4:3d:a1:
                    5f:08:e6:9d:1a:83:30:5c:88:73:5a:06:a7:7c:86:
                    83:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:6A:CF:CC:AF:87:26:41:B3:D0:0D:FA:49:19:FE:65:80:C9:4D:2A
            X509v3 Authority Key Identifier:
                keyid:F2:61:DF:44:B3:46:82:3C:CE:8C:66:43:B5:FA:69:19:AF:B2:31:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8mHfRLNGgjzOjGZDtfppGa-yMZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/3cb9d2-70ff-46d6-9c73-57586156354e/1/DGrPzK-HJkGz0A36SRn-ZYDJTSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/3cb9d2-70ff-46d6-9c73-57586156354e/1/8mHfRLNGgjzOjGZDtfppGa-yMZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:7b:a1:3b:b6:1a:da:69:9d:4b:bc:5a:0b:59:e0:b0:c8:8e:
         92:bb:e5:18:bd:b6:d6:a0:8a:16:22:0d:86:ce:39:78:65:9a:
         4e:23:bc:f6:a2:b7:ba:f1:9a:ae:42:a3:2a:4c:63:dc:1f:14:
         a6:a9:84:bc:e5:21:10:5f:72:b7:57:f4:1f:58:bb:ab:47:c1:
         25:88:40:c0:0a:ed:00:da:d9:56:04:67:3c:ee:11:3a:df:4f:
         49:ba:65:33:1d:b9:d0:89:88:be:fe:24:4b:42:80:86:27:f8:
         13:cc:db:71:70:75:da:2a:fe:5b:e1:39:6b:c4:9a:3e:81:72:
         8d:ab:b8:20:ff:38:40:1b:69:f1:8a:e5:75:f6:66:47:9f:bf:
         0c:9f:35:12:52:74:77:8d:2f:c1:d7:5d:90:97:b1:21:75:44:
         08:4d:91:f7:11:6e:27:14:14:92:ac:be:ac:9e:3c:b7:a4:d5:
         0a:9e:8e:b4:4b:ec:05:26:65:25:ce:d7:bd:7f:32:8c:91:3a:
         a2:eb:a6:b1:a4:fb:8f:02:45:e2:4b:8b:45:88:3f:1f:b4:64:
         d4:63:bb:42:d9:9c:fe:b4:72:86:6c:cc:80:05:d5:58:15:5a:
         12:29:54:2b:66:29:f2:3d:0f:95:9b:21:02:5b:49:02:1b:de:
         bc:93:b9:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJuz4kVSSHoWdv4AyHw8YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyNjFkZjQ0YjM0NjgyM2NjZThjNjY0M2I1ZmE2OTE5YWZi
MjMxOTUwHhcNMjQwMTAxMjIzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzZhY2ZjY2FmODcyNjQxYjNkMDBkZmE0OTE5ZmU2NTgwYzk0ZDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSqo9aRVJT7fSrXMBG75KJfmMxvP
MY5Rc3vTjyJe6Oa6/oMLatNpdRvKcHDlxhQQd/JmB1fv8q4izQbvWLsOPkgSjbKl
8hGqrQQaN3Ng3mjzxsEJQFz/BXUxB34raDnLyMtHhKQxqJ1RIcrgp0UOppGDQ+EW
Llzhs5ACULKwptPV2bnS1b1nBD9Ji5Ifc7Gox1A1SE7+dFXpLC5LqkJXCYM7i78b
xd8WVX81jEY+FYRLza9YuoAz64v5q3KpA+QtPTpHs5zgs6zcOyqrfJ4ZCpAOdOql
+B6AnX7aWLC1FI9lPZaJTNkYyuFC3VDEPaFfCOadGoMwXIhzWganfIaDmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAxqz8yvhyZBs9AN+kkZ/mWAyU0qMB8GA1UdIwQY
MBaAFPJh30SzRoI8zoxmQ7X6aRmvsjGVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG1IZlJMTkdnanpPakdaRHRmcHBHYS15TVpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny8zY2I5ZDItNzBmZi00NmQ2LTljNzMt
NTc1ODYxNTYzNTRlLzEvREdyUHpLLUhKa0d6MEEzNlNSbi1aWURKVFNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny8zY2I5ZDItNzBmZi00NmQ2LTljNzMtNTc1ODYxNTYzNTRl
LzEvOG1IZlJMTkdnanpPakdaRHRmcHBHYS15TVpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY+3MA0G
CSqGSIb3DQEBCwUAA4IBAQBGe6E7thraaZ1LvFoLWeCwyI6Su+UYvbbWoIoWIg2G
zjl4ZZpOI7z2ore68ZquQqMqTGPcHxSmqYS85SEQX3K3V/QfWLurR8EliEDACu0A
2tlWBGc87hE6309JumUzHbnQiYi+/iRLQoCGJ/gTzNtxcHXaKv5b4TlrxJo+gXKN
q7gg/zhAG2nxiuV19mZHn78MnzUSUnR3jS/B112Ql7EhdUQITZH3EW4nFBSSrL6s
njy3pNUKno60S+wFJmUlzte9fzKMkTqi66axpPuPAkXiS4tFiD8ftGTUY7tC2Zz+
tHKGbMyABdVYFVoSKVQrZinyPQ+VmyECW0kCG968k7l/
-----END CERTIFICATE-----