Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/rtH2Ta1LG4bpCyC1b3q8lUB5MV0.roa
File:                     rtH2Ta1LG4bpCyC1b3q8lUB5MV0.roa (raw, json)
Hash identifier:          BMBM6KG4jKSZ7zWYELrrzGEnjQk5J+bfkLw0G3K/Kng=
Subject key identifier:   AE:D1:F6:4D:AD:4B:1B:86:E9:0B:20:B5:6F:7A:BC:95:40:79:31:5D
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC79517E5FFE1B60357E9F9BC6CED123F
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/rtH2Ta1LG4bpCyC1b3q8lUB5MV0.roa
Signing time:             Tue 02 Jan 2024 00:31:26 +0000
ROA not before:           Tue 02 Jan 2024 00:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16353
IP address blocks:        45.135.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:17:e5:ff:e1:b6:03:57:e9:f9:bc:6c:ed:12:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aed1f64dad4b1b86e90b20b56f7abc954079315d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a2:72:7d:df:d8:0e:e6:97:ca:e3:34:01:2e:
                    2d:4c:3a:7f:a3:e8:d7:59:53:a1:f3:fb:ab:8d:a1:
                    79:da:01:91:33:cc:c8:1a:08:90:fc:2f:da:82:b2:
                    ca:ef:1a:c2:cd:f3:12:6b:20:e6:38:11:fa:aa:ef:
                    5b:53:1a:5c:06:10:a3:e0:4b:74:f7:d1:cf:85:d8:
                    60:0f:4c:d7:2e:2f:d1:05:b8:c3:36:82:7d:e7:85:
                    0b:df:7b:19:b1:bc:77:3d:09:8a:cf:48:3a:02:fe:
                    e7:56:80:d9:f2:79:33:f3:d1:c1:90:c2:92:77:90:
                    26:22:54:9a:43:fa:20:26:b4:f0:a9:fa:71:b2:54:
                    ae:84:c1:ce:f4:7b:64:7c:4d:fb:a5:5a:98:cd:ee:
                    16:8a:8a:ee:0b:df:be:c2:08:92:1b:e6:d0:de:84:
                    4a:8b:2b:b0:7b:0e:bd:5d:5a:bf:df:95:b8:90:a6:
                    7e:37:e2:10:08:e6:44:c7:6c:06:96:84:0e:2e:d0:
                    7a:6d:d4:6c:5a:76:f3:71:57:cc:1a:bd:2a:a2:6e:
                    17:90:8a:46:6b:01:e3:29:63:ea:1b:bd:8c:b6:51:
                    20:6d:a4:d9:55:1a:b4:73:a0:54:e3:10:9c:0c:40:
                    8f:77:b1:21:90:a5:46:c2:37:91:f6:9d:53:4f:e4:
                    5b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:D1:F6:4D:AD:4B:1B:86:E9:0B:20:B5:6F:7A:BC:95:40:79:31:5D
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/rtH2Ta1LG4bpCyC1b3q8lUB5MV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:4a:f5:3f:e6:2f:9c:42:3e:8a:a9:da:06:48:c5:48:8d:38:
         01:5c:67:af:77:f4:b2:12:0c:38:85:17:c4:d9:bc:db:d8:1f:
         5a:eb:8d:6f:13:2e:6f:4d:3d:35:08:49:8f:aa:6d:3c:21:b5:
         3a:6d:eb:ac:bb:c9:11:01:70:3c:f4:50:61:6d:ea:3d:de:cc:
         8b:aa:fb:35:df:dc:7d:85:e6:65:c6:26:bf:af:2a:61:02:67:
         88:06:52:97:1f:cc:55:c9:7c:56:44:bc:8e:dd:88:7f:d7:d7:
         ec:e3:3e:0a:c2:c4:8d:f0:b1:26:d9:11:8f:92:1b:8e:14:64:
         56:2a:64:3f:c2:c2:38:5d:f0:90:86:45:b4:cd:96:fb:fd:93:
         e8:a2:31:8e:d4:b9:e2:a8:4b:a6:b2:39:4b:ac:35:6a:27:67:
         03:fd:27:29:0f:d6:43:95:b0:00:8e:b6:67:c8:90:9d:8e:dc:
         47:3e:fc:fa:2f:24:1e:da:f6:93:2c:ec:9e:26:94:0e:ef:9b:
         8a:3e:44:39:34:2d:32:3c:69:01:48:27:af:49:1a:56:b3:e5:
         97:e7:85:94:55:3a:4c:93:44:ad:39:df:fe:b2:98:9f:0c:3c:
         4d:0a:1e:59:08:46:86:0e:00:04:ca:46:0e:bc:0d:d9:8e:dd:
         22:1c:68:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlRfl/+G2A1fp+bxs7RI/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWQxZjY0ZGFkNGIxYjg2ZTkwYjIwYjU2ZjdhYmM5NTQwNzkzMTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqJyfd/YDuaXyuM0AS4tTDp/o+jX
WVOh8/urjaF52gGRM8zIGgiQ/C/agrLK7xrCzfMSayDmOBH6qu9bUxpcBhCj4Et0
99HPhdhgD0zXLi/RBbjDNoJ954UL33sZsbx3PQmKz0g6Av7nVoDZ8nkz89HBkMKS
d5AmIlSaQ/ogJrTwqfpxslSuhMHO9HtkfE37pVqYze4WioruC9++wgiSG+bQ3oRK
iyuwew69XVq/35W4kKZ+N+IQCOZEx2wGloQOLtB6bdRsWnbzcVfMGr0qom4XkIpG
awHjKWPqG72MtlEgbaTZVRq0c6BU4xCcDECPd7EhkKVGwjeR9p1TT+Rb1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK7R9k2tSxuG6QsgtW96vJVAeTFdMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvcnRIMlRhMUxHNGJwQ3lDMWIzcThsVUI1TVYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYemMA0G
CSqGSIb3DQEBCwUAA4IBAQCQSvU/5i+cQj6KqdoGSMVIjTgBXGevd/SyEgw4hRfE
2bzb2B9a641vEy5vTT01CEmPqm08IbU6beusu8kRAXA89FBhbeo93syLqvs139x9
heZlxia/ryphAmeIBlKXH8xVyXxWRLyO3Yh/19fs4z4KwsSN8LEm2RGPkhuOFGRW
KmQ/wsI4XfCQhkW0zZb7/ZPoojGO1LniqEumsjlLrDVqJ2cD/ScpD9ZDlbAAjrZn
yJCdjtxHPvz6LyQe2vaTLOyeJpQO75uKPkQ5NC0yPGkBSCevSRpWs+WX54WUVTpM
k0StOd/+spifDDxNCh5ZCEaGDgAEykYOvA3Zjt0iHGgW
-----END CERTIFICATE-----