Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/HK66luxECFUAhH51KTByt0ANxzA.roa
File:                     HK66luxECFUAhH51KTByt0ANxzA.roa (raw, json)
Hash identifier:          w2SFudKDQO4wdfJeY6ttPGb5URO53m6Rtt81dsss+vM=
Subject key identifier:   1C:AE:BA:96:EC:44:08:55:00:84:7E:75:29:30:72:B7:40:0D:C7:30
Certificate issuer:       /CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
Certificate serial:       018CC793409CA349CFA23D5D6BAF1B6D3BCA
Authority key identifier: E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/HK66luxECFUAhH51KTByt0ANxzA.roa
Signing time:             Tue 02 Jan 2024 00:29:25 +0000
ROA not before:           Tue 02 Jan 2024 00:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63956
IP address blocks:        45.137.244.0/24 maxlen: 24
                          45.137.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 02:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:40:9c:a3:49:cf:a2:3d:5d:6b:af:1b:6d:3b:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
        Validity
            Not Before: Jan  2 00:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1caeba96ec44085500847e75293072b7400dc730
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:f5:08:ca:3d:ee:05:4e:7b:fd:69:1e:13:f7:
                    83:28:19:d6:c9:78:be:6a:b8:18:32:95:66:7d:e7:
                    5c:36:06:89:17:ff:dd:f1:b8:5a:99:cc:62:f2:e7:
                    75:8f:9c:9f:d4:e9:aa:93:31:7f:53:70:d2:08:20:
                    d6:90:13:b1:f3:a5:96:82:21:75:5f:ca:b0:9b:61:
                    74:dd:91:be:d9:97:4f:1b:40:13:15:20:ab:da:ff:
                    a2:02:07:23:36:f8:27:f4:ba:29:b7:d9:19:87:7c:
                    98:14:27:d0:e2:74:5e:a0:fd:68:31:a9:b9:65:d1:
                    b0:54:fa:ae:ef:3f:c3:ae:dd:78:7e:30:4b:b5:ac:
                    b8:18:5d:1c:c2:3a:15:16:12:0f:1d:14:8e:b3:40:
                    1b:03:61:51:a8:c0:0b:ae:b6:03:e2:a2:d0:43:09:
                    5f:c4:c7:4c:eb:1c:52:b2:6a:92:2d:fc:ef:dd:7a:
                    5e:a7:83:29:dc:31:a1:65:05:17:b3:48:c4:a5:19:
                    e9:3f:ca:a5:8d:aa:50:de:f2:1b:35:f0:84:c5:b6:
                    05:b1:6f:0f:5b:ad:22:55:b0:41:af:dc:2c:24:39:
                    a4:c9:67:bd:ec:e0:42:a1:41:54:af:c6:7e:61:87:
                    15:ca:52:3f:32:7f:93:59:7d:79:97:06:c4:c6:57:
                    9a:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:AE:BA:96:EC:44:08:55:00:84:7E:75:29:30:72:B7:40:0D:C7:30
            X509v3 Authority Key Identifier:
                keyid:E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/HK66luxECFUAhH51KTByt0ANxzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c4:38:06:28:ed:1e:77:7f:15:c8:35:33:81:fa:4f:4d:53:8f:
         96:29:50:e2:55:23:47:e8:ee:24:17:5a:4c:4d:8f:27:e6:83:
         df:d9:23:c2:dc:e2:43:c1:bd:d6:d5:ae:2c:95:a1:49:7c:41:
         4d:d7:23:ea:c0:aa:48:f1:90:f4:46:48:ef:8c:0f:80:3b:74:
         22:37:4a:36:d4:7d:02:be:75:b4:74:d7:d3:01:79:16:89:21:
         df:69:0b:06:23:57:48:43:f1:79:6f:cc:aa:01:a7:94:19:82:
         35:8d:52:6f:dc:73:12:11:f7:ee:7d:3c:71:d9:6d:7a:ef:f4:
         3f:48:4c:c1:e4:1d:d5:ea:d6:65:42:fb:98:aa:d0:64:34:2a:
         bd:84:37:03:13:10:38:5b:ae:62:c0:ac:c0:f6:02:b0:d5:e6:
         11:4d:cf:47:82:1f:15:02:8e:94:40:68:1e:fb:f0:dc:3b:4b:
         1d:56:fb:99:bd:0e:e2:3a:24:b2:fc:cc:13:54:f4:78:7f:bc:
         da:a4:94:6e:2a:19:6c:1f:d8:3f:82:8c:e3:f6:cf:15:8c:cb:
         1c:9b:dd:54:28:8b:4e:25:9f:9a:ed:69:61:04:85:29:5b:e8:
         0e:38:71:f0:bd:b6:c0:61:e7:59:b4:9c:9a:5c:a0:97:d5:f4:
         f2:1c:f2:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk0Cco0nPoj1da68bbTvKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDBjNDlhMGU5N2UwZDVmM2NlZDNiN2I2YjlmNzJjYTBj
YjUzZDYwHhcNMjQwMTAyMDAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2FlYmE5NmVjNDQwODU1MDA4NDdlNzUyOTMwNzJiNzQwMGRjNzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivUIyj3uBU57/WkeE/eDKBnWyXi+
argYMpVmfedcNgaJF//d8bhamcxi8ud1j5yf1OmqkzF/U3DSCCDWkBOx86WWgiF1
X8qwm2F03ZG+2ZdPG0ATFSCr2v+iAgcjNvgn9Lopt9kZh3yYFCfQ4nReoP1oMam5
ZdGwVPqu7z/Drt14fjBLtay4GF0cwjoVFhIPHRSOs0AbA2FRqMALrrYD4qLQQwlf
xMdM6xxSsmqSLfzv3Xpep4Mp3DGhZQUXs0jEpRnpP8qljapQ3vIbNfCExbYFsW8P
W60iVbBBr9wsJDmkyWe97OBCoUFUr8Z+YYcVylI/Mn+TWX15lwbExleabQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByuupbsRAhVAIR+dSkwcrdADccwMB8GA1UdIwQY
MBaAFOLQxJoOl+DV887Tt7a59yygy1PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEt
NDY5MGEwMDcxNDFmLzEvSEs2Nmx1eEVDRlVBaEg1MUtUQnl0MEFOeHpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEtNDY5MGEwMDcxNDFm
LzEvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYn0MA0G
CSqGSIb3DQEBCwUAA4IBAQDEOAYo7R53fxXINTOB+k9NU4+WKVDiVSNH6O4kF1pM
TY8n5oPf2SPC3OJDwb3W1a4slaFJfEFN1yPqwKpI8ZD0RkjvjA+AO3QiN0o21H0C
vnW0dNfTAXkWiSHfaQsGI1dIQ/F5b8yqAaeUGYI1jVJv3HMSEffufTxx2W167/Q/
SEzB5B3V6tZlQvuYqtBkNCq9hDcDExA4W65iwKzA9gKw1eYRTc9Hgh8VAo6UQGge
+/DcO0sdVvuZvQ7iOiSy/MwTVPR4f7zapJRuKhlsH9g/gozj9s8VjMscm91UKItO
JZ+a7WlhBIUpW+gOOHHwvbbAYedZtJyaXKCX1fTyHPIn
-----END CERTIFICATE-----