Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/d21da4-f65b-4531-976a-8ec0604e6929/1/yox5EwRnepJQLTECir_-jc_lEc4.roa
File:                     yox5EwRnepJQLTECir_-jc_lEc4.roa (raw, json)
Hash identifier:          kSA8LnxSCSDe1VD850GrwAbXsGZq3D2vSZIC3FLRGC4=
Subject key identifier:   CA:8C:79:13:04:67:7A:92:50:2D:31:02:8A:BF:FE:8D:CF:E5:11:CE
Certificate issuer:       /CN=e1a323546484220cb402063380f4016369262acf
Certificate serial:       018CF8A744A72A54DB16CC2211C92884DE22
Authority key identifier: E1:A3:23:54:64:84:22:0C:B4:02:06:33:80:F4:01:63:69:26:2A:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4aMjVGSEIgy0AgYzgPQBY2kmKs8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/d21da4-f65b-4531-976a-8ec0604e6929/1/yox5EwRnepJQLTECir_-jc_lEc4.roa
Signing time:             Thu 11 Jan 2024 13:12:40 +0000
ROA not before:           Thu 11 Jan 2024 13:12:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202361
IP address blocks:        45.129.167.0/24 maxlen: 24
                          2a13:40::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/d21da4-f65b-4531-976a-8ec0604e6929/1/4aMjVGSEIgy0AgYzgPQBY2kmKs8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/d21da4-f65b-4531-976a-8ec0604e6929/1/4aMjVGSEIgy0AgYzgPQBY2kmKs8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4aMjVGSEIgy0AgYzgPQBY2kmKs8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:02:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f8:a7:44:a7:2a:54:db:16:cc:22:11:c9:28:84:de:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1a323546484220cb402063380f4016369262acf
        Validity
            Not Before: Jan 11 13:12:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca8c791304677a92502d31028abffe8dcfe511ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:13:86:98:1f:76:2c:08:8f:b5:21:60:49:68:
                    9c:64:71:86:29:a0:c3:db:a4:9d:a2:96:ce:22:1d:
                    65:ce:b1:c8:99:44:59:3b:ce:b0:7d:c0:3e:3c:ef:
                    94:f7:7b:68:f6:d5:b0:8e:b6:ac:54:f1:a3:d7:6d:
                    c1:2e:0e:c7:52:a0:97:3b:ca:0f:f6:c8:c4:79:39:
                    a1:62:bd:7f:f3:24:00:bf:32:0f:05:a2:7a:e9:5a:
                    8b:45:ed:1e:11:d2:56:96:85:4a:6b:ee:ea:be:8a:
                    29:1a:8f:bf:7a:7f:15:d4:58:91:35:66:35:38:1d:
                    6b:80:5f:64:42:a9:e0:6c:d0:e6:d5:81:bb:88:ee:
                    e4:e5:65:9e:9d:62:7c:0a:07:7b:d9:b8:e7:c4:35:
                    41:d5:8a:62:c2:63:eb:6c:97:b6:c6:93:b8:9f:5d:
                    21:ba:7f:d6:ec:8e:ed:c4:1d:29:09:6e:de:6f:7b:
                    ed:ce:be:b3:4a:51:be:72:93:c7:d4:f4:29:db:53:
                    f7:31:93:d3:81:e1:85:37:ea:bc:58:93:fc:0a:84:
                    e7:97:8e:21:51:08:9f:97:66:af:19:c0:92:7f:6c:
                    11:49:4c:99:13:09:b7:03:81:5b:7c:43:9a:f3:44:
                    fe:49:bc:a2:de:76:c6:15:2c:7b:51:b2:91:39:5a:
                    94:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:8C:79:13:04:67:7A:92:50:2D:31:02:8A:BF:FE:8D:CF:E5:11:CE
            X509v3 Authority Key Identifier:
                keyid:E1:A3:23:54:64:84:22:0C:B4:02:06:33:80:F4:01:63:69:26:2A:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4aMjVGSEIgy0AgYzgPQBY2kmKs8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/d21da4-f65b-4531-976a-8ec0604e6929/1/yox5EwRnepJQLTECir_-jc_lEc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/d21da4-f65b-4531-976a-8ec0604e6929/1/4aMjVGSEIgy0AgYzgPQBY2kmKs8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.167.0/24
                IPv6:
                  2a13:40::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:12:b4:53:55:0f:4b:8d:6c:b2:41:ac:96:39:77:fe:4c:9c:
         db:7c:95:6a:c5:f7:93:2f:df:c7:8f:d9:99:e6:7b:f5:bc:e2:
         50:97:f2:fa:25:5f:37:55:21:2b:4f:24:b2:9f:d0:12:8a:f1:
         d2:40:83:97:da:79:ac:52:f0:9c:d9:56:e7:5d:7a:b3:33:f9:
         32:13:57:57:81:6d:0e:8a:e8:0a:0a:40:98:ea:e0:ad:f9:54:
         c4:68:7f:0e:3c:82:42:da:50:cd:8e:88:78:c3:79:ec:b3:75:
         68:20:0f:4a:4e:ea:d7:19:fb:d2:c3:a5:42:ed:3e:a1:dd:26:
         8c:af:f7:65:2c:7b:65:fb:e1:0d:dd:b0:22:59:55:c0:cc:8e:
         2e:2f:fe:66:f8:e7:02:21:ee:43:e2:ba:f2:b9:ee:9b:c1:61:
         c0:2d:ad:d8:24:28:7a:f3:7f:c3:dc:60:ce:ba:2b:84:0e:f5:
         7d:04:62:ef:c0:75:e9:35:17:7a:d7:3f:83:53:29:6f:77:eb:
         97:cb:d4:b1:8c:98:1b:d4:50:58:50:66:b9:5e:f8:c5:fa:fd:
         8d:39:f6:ef:f1:f7:f2:1a:4a:10:eb:b6:84:0f:0b:23:63:96:
         7d:6d:ea:08:7c:73:ba:58:9c:ae:f9:65:ac:55:f4:33:36:2a:
         dc:b1:f5:c1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYz4p0SnKlTbFswiEckohN4iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxYTMyMzU0NjQ4NDIyMGNiNDAyMDYzMzgwZjQwMTYzNjky
NjJhY2YwHhcNMjQwMTExMTMxMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYThjNzkxMzA0Njc3YTkyNTAyZDMxMDI4YWJmZmU4ZGNmZTUxMWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhOGmB92LAiPtSFgSWicZHGGKaDD
26SdopbOIh1lzrHImURZO86wfcA+PO+U93to9tWwjrasVPGj123BLg7HUqCXO8oP
9sjEeTmhYr1/8yQAvzIPBaJ66VqLRe0eEdJWloVKa+7qvoopGo+/en8V1FiRNWY1
OB1rgF9kQqngbNDm1YG7iO7k5WWenWJ8Cgd72bjnxDVB1YpiwmPrbJe2xpO4n10h
un/W7I7txB0pCW7eb3vtzr6zSlG+cpPH1PQp21P3MZPTgeGFN+q8WJP8CoTnl44h
UQifl2avGcCSf2wRSUyZEwm3A4FbfEOa80T+Sbyi3nbGFSx7UbKROVqU+QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMqMeRMEZ3qSUC0xAoq//o3P5RHOMB8GA1UdIwQY
MBaAFOGjI1RkhCIMtAIGM4D0AWNpJirPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGFNalZHU0VJZ3kwQWdZemdQUUJZMmttS3M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9kMjFkYTQtZjY1Yi00NTMxLTk3NmEt
OGVjMDYwNGU2OTI5LzEveW94NUV3Um5lcEpRTFRFQ2lyXy1qY19sRWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9kMjFkYTQtZjY1Yi00NTMxLTk3NmEtOGVjMDYwNGU2OTI5
LzEvNGFNalZHU0VJZ3kwQWdZemdQUUJZMmttS3M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALYGnMA0E
AgACMAcDBQAqEwBAMA0GCSqGSIb3DQEBCwUAA4IBAQBAErRTVQ9LjWyyQayWOXf+
TJzbfJVqxfeTL9/Hj9mZ5nv1vOJQl/L6JV83VSErTySyn9ASivHSQIOX2nmsUvCc
2VbnXXqzM/kyE1dXgW0OiugKCkCY6uCt+VTEaH8OPIJC2lDNjoh4w3nss3VoIA9K
TurXGfvSw6VC7T6h3SaMr/dlLHtl++EN3bAiWVXAzI4uL/5m+OcCIe5D4rryue6b
wWHALa3YJCh683/D3GDOuiuEDvV9BGLvwHXpNRd61z+DUylvd+uXy9SxjJgb1FBY
UGa5XvjF+v2NOfbv8ffyGkoQ67aEDwsjY5Z9beoIfHO6WJyu+WWsVfQzNircsfXB
-----END CERTIFICATE-----