Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/hhwZNeX2yGniDaymhwF-dTbtdbM.roa
File:                     hhwZNeX2yGniDaymhwF-dTbtdbM.roa (raw, json)
Hash identifier:          r60aHVAumfJJcGBMM/7OB5weVpwdXs4yYnEuIzl5WGQ=
Subject key identifier:   86:1C:19:35:E5:F6:C8:69:E2:0D:AC:A6:87:01:7E:75:36:ED:75:B3
Certificate issuer:       /CN=e754c347d68d15493de71bb962f0a567e134d603
Certificate serial:       018CC4255981523D04C044B20C9FAD90DFAE
Authority key identifier: E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/hhwZNeX2yGniDaymhwF-dTbtdbM.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40028
IP address blocks:        45.43.87.0/24 maxlen: 24
                          107.181.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 10:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:59:81:52:3d:04:c0:44:b2:0c:9f:ad:90:df:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e754c347d68d15493de71bb962f0a567e134d603
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=861c1935e5f6c869e20daca687017e7536ed75b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:41:c2:a2:9c:6b:0c:5e:22:4d:b0:05:f9:72:
                    1b:04:a2:f4:b6:c7:8e:ff:4e:54:1a:49:ef:7d:70:
                    7f:62:83:fd:cd:9c:25:67:a0:0a:82:89:8f:ae:02:
                    64:39:85:a6:56:83:fb:e3:62:78:15:fe:9d:c2:68:
                    36:33:1d:9d:73:75:87:2f:ae:4b:59:c9:20:51:fc:
                    7e:90:18:da:95:6e:fb:2f:94:43:44:ac:3f:14:bd:
                    56:c9:e4:7a:42:c9:61:9c:68:ed:a7:74:17:3e:ca:
                    2a:8d:8e:de:68:bc:45:b6:b4:42:d4:29:08:a1:c0:
                    6f:9f:1b:24:cb:62:e8:51:2b:e8:89:65:7c:dd:4d:
                    e6:3f:3b:6c:b9:32:8c:11:9f:6e:7d:3b:87:ce:6f:
                    e7:45:53:dd:30:17:c0:34:7b:06:e5:84:81:5b:12:
                    8e:f8:d7:3d:e5:2c:59:46:c9:ea:80:38:db:9b:30:
                    93:e1:33:35:c1:7e:9b:95:0d:e8:b7:22:63:c5:24:
                    50:33:3c:69:d0:6e:98:f9:02:46:56:f1:86:b0:2e:
                    3a:27:f2:07:a5:ae:36:8b:d9:d7:06:e0:c6:74:ab:
                    7f:7e:7a:93:39:88:94:0d:51:1a:92:55:84:c5:ae:
                    68:66:29:51:43:dc:76:9b:e4:e1:3c:10:4f:e8:50:
                    80:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:1C:19:35:E5:F6:C8:69:E2:0D:AC:A6:87:01:7E:75:36:ED:75:B3
            X509v3 Authority Key Identifier:
                keyid:E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/hhwZNeX2yGniDaymhwF-dTbtdbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.87.0/24
                  107.181.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:05:56:d4:36:44:b6:58:dc:71:d3:1a:b9:51:10:75:57:55:
         f7:45:0b:f6:57:09:9b:7c:71:3b:fc:89:2b:68:b4:5d:fe:ed:
         c7:27:9a:b2:56:14:01:82:50:be:9c:a0:8e:eb:a1:64:fc:24:
         5a:87:65:89:03:81:85:1a:53:a6:22:f1:7b:c2:d7:35:1b:8b:
         a3:cf:9c:57:6a:6f:10:4a:78:56:65:11:20:da:f4:11:ab:5c:
         3e:25:39:56:e7:5c:a7:0e:0a:80:b2:af:37:57:b9:5c:fe:9f:
         a5:5c:1b:8f:86:d6:6d:d3:77:8f:00:4b:c0:3b:ad:90:66:29:
         d3:65:2d:fb:dc:75:3a:7e:99:94:93:93:fb:d0:fd:e1:a6:d7:
         a3:7b:79:3d:ee:27:3f:33:0b:47:27:fe:82:30:2b:bc:38:a9:
         73:1e:0f:2a:60:da:8b:87:3c:e0:f1:97:50:5b:72:d1:42:47:
         3d:ed:07:d3:ca:3e:bb:ac:7b:9b:2c:8b:8f:31:a8:98:37:24:
         a7:21:45:04:70:84:e5:8a:2a:46:eb:95:08:14:d6:e7:ce:d0:
         68:29:13:04:49:16:0c:87:98:ea:4f:56:bc:db:8a:ec:c3:de:
         60:d2:16:39:fc:a9:ad:78:96:26:9f:29:27:64:54:42:4b:6c:
         01:98:e7:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJVmBUj0EwESyDJ+tkN+uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTRjMzQ3ZDY4ZDE1NDkzZGU3MWJiOTYyZjBhNTY3ZTEz
NGQ2MDMwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjFjMTkzNWU1ZjZjODY5ZTIwZGFjYTY4NzAxN2U3NTM2ZWQ3NWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkHCopxrDF4iTbAF+XIbBKL0tseO
/05UGknvfXB/YoP9zZwlZ6AKgomPrgJkOYWmVoP742J4Ff6dwmg2Mx2dc3WHL65L
WckgUfx+kBjalW77L5RDRKw/FL1WyeR6QslhnGjtp3QXPsoqjY7eaLxFtrRC1CkI
ocBvnxsky2LoUSvoiWV83U3mPztsuTKMEZ9ufTuHzm/nRVPdMBfANHsG5YSBWxKO
+Nc95SxZRsnqgDjbmzCT4TM1wX6blQ3otyJjxSRQMzxp0G6Y+QJGVvGGsC46J/IH
pa42i9nXBuDGdKt/fnqTOYiUDVEaklWExa5oZilRQ9x2m+ThPBBP6FCA+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIYcGTXl9shp4g2spocBfnU27XWzMB8GA1UdIwQY
MBaAFOdUw0fWjRVJPecbuWLwpWfhNNYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2It
MzdiNjJkMjIzOTI0LzEvaGh3Wk5lWDJ5R25pRGF5bWh3Ri1kVGJ0ZGJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2ItMzdiNjJkMjIzOTI0
LzEvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALStXAwQA
a7WWMA0GCSqGSIb3DQEBCwUAA4IBAQAgBVbUNkS2WNxx0xq5URB1V1X3RQv2Vwmb
fHE7/IkraLRd/u3HJ5qyVhQBglC+nKCO66Fk/CRah2WJA4GFGlOmIvF7wtc1G4uj
z5xXam8QSnhWZREg2vQRq1w+JTlW51ynDgqAsq83V7lc/p+lXBuPhtZt03ePAEvA
O62QZinTZS373HU6fpmUk5P70P3hpteje3k97ic/MwtHJ/6CMCu8OKlzHg8qYNqL
hzzg8ZdQW3LRQkc97QfTyj67rHubLIuPMaiYNySnIUUEcITliipG65UIFNbnztBo
KRMESRYMh5jqT1a824rsw95g0hY5/KmteJYmnyknZFRCS2wBmOe1
-----END CERTIFICATE-----