Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/A208EebRc_CgErhF0UYpCAoaSjg.roa
File:                     A208EebRc_CgErhF0UYpCAoaSjg.roa (raw, json)
Hash identifier:          +ucopGLU4+pXCCIxtHXKBuT6vx1/yXtaoKbhpTzneso=
Subject key identifier:   03:6D:3C:11:E6:D1:73:F0:A0:12:B8:45:D1:46:29:08:0A:1A:4A:38
Certificate issuer:       /CN=bd19d4535c7e62b921e859e6557b821f278e716a
Certificate serial:       018CC4930D9B512A43B7A81D00C734CB7491
Authority key identifier: BD:19:D4:53:5C:7E:62:B9:21:E8:59:E6:55:7B:82:1F:27:8E:71:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/A208EebRc_CgErhF0UYpCAoaSjg.roa
Signing time:             Mon 01 Jan 2024 10:30:20 +0000
ROA not before:           Mon 01 Jan 2024 10:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400529
IP address blocks:        45.134.10.0/24 maxlen: 24
                          45.134.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:0d:9b:51:2a:43:b7:a8:1d:00:c7:34:cb:74:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd19d4535c7e62b921e859e6557b821f278e716a
        Validity
            Not Before: Jan  1 10:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=036d3c11e6d173f0a012b845d14629080a1a4a38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:57:bb:aa:4c:2c:63:a1:3d:53:4b:0b:c2:d2:
                    90:29:b2:e5:6d:69:b2:93:11:4a:f4:99:08:4e:39:
                    08:34:4a:3e:85:ce:eb:ad:63:48:a2:dd:6b:66:6b:
                    91:72:4c:5d:2c:97:aa:7e:3c:10:90:8b:72:af:95:
                    d9:fb:1c:c0:5c:c4:7b:c4:1e:3a:1e:f6:00:c2:4a:
                    81:4a:b5:84:00:0f:7c:e2:19:84:37:b7:cc:ca:df:
                    e0:a6:32:f1:03:18:b8:63:1b:e1:62:88:7d:81:0a:
                    c4:47:71:2f:06:7a:72:8c:3b:b2:c6:ed:71:1a:f0:
                    28:3e:69:d7:82:49:3d:1f:ad:6b:53:e4:0c:a5:dd:
                    72:c2:7c:ca:8b:79:72:6b:ed:26:da:ba:b9:f2:06:
                    39:f1:f4:5c:53:11:75:96:74:2f:fc:6b:c8:2a:0b:
                    8e:fb:ba:c0:fe:ec:41:6d:ff:42:4a:f8:58:13:b1:
                    70:eb:5d:27:ee:93:25:9f:a3:fb:67:1b:43:22:88:
                    11:21:9b:5b:53:d8:6d:b6:42:fe:fc:a5:6c:a6:3a:
                    04:c9:79:a2:96:49:da:36:79:a8:35:36:7a:c7:eb:
                    be:50:f5:98:2b:6e:61:ef:56:d1:27:97:c2:50:02:
                    1d:de:a5:e0:3d:79:9f:42:9b:92:2f:30:93:f5:f3:
                    5b:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:6D:3C:11:E6:D1:73:F0:A0:12:B8:45:D1:46:29:08:0A:1A:4A:38
            X509v3 Authority Key Identifier:
                keyid:BD:19:D4:53:5C:7E:62:B9:21:E8:59:E6:55:7B:82:1F:27:8E:71:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/A208EebRc_CgErhF0UYpCAoaSjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:c2:d9:5a:4f:ac:59:56:fb:66:59:dc:38:54:c2:3f:76:45:
         d2:9b:cb:51:f0:38:1e:6c:58:40:82:8d:99:bd:53:e8:f0:6c:
         51:3c:94:e6:6b:c0:d2:1d:c4:99:65:06:73:8b:0c:8c:bc:75:
         44:ce:08:63:fe:5e:6f:7b:70:23:c0:f9:b9:71:14:2b:96:58:
         28:21:82:86:71:4e:8b:ea:d4:6f:14:90:98:7f:82:e7:0c:f8:
         5a:67:c7:55:bf:6f:7c:0c:5c:e4:e6:b0:d5:5b:3a:9a:61:e6:
         32:95:20:aa:2f:5c:0c:f9:2d:30:fd:71:d0:8a:58:38:c1:52:
         a0:5c:46:9e:2b:3f:66:9f:f0:50:0d:a2:43:69:e1:b7:89:e8:
         2c:e2:60:cf:36:e2:b0:dc:f8:d7:cf:d0:af:71:6d:c4:db:8b:
         10:8a:09:eb:1c:5f:eb:81:03:0a:44:17:7d:e0:b6:98:06:4c:
         c8:ca:89:95:19:f8:91:d9:84:c1:d3:46:30:ae:f8:7e:4a:86:
         e6:93:23:63:b4:fd:33:27:5b:e0:8d:d5:53:8e:f1:9b:95:90:
         1b:ce:af:14:42:df:aa:7c:20:1a:3d:7b:9c:2d:e3:e1:3c:31:
         8e:a2:7d:38:6e:49:94:2a:9e:19:a7:13:d4:4e:4f:c0:93:67:
         56:d6:65:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkw2bUSpDt6gdAMc0y3SRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMTlkNDUzNWM3ZTYyYjkyMWU4NTllNjU1N2I4MjFmMjc4
ZTcxNmEwHhcNMjQwMTAxMTAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzZkM2MxMWU2ZDE3M2YwYTAxMmI4NDVkMTQ2MjkwODBhMWE0YTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVe7qkwsY6E9U0sLwtKQKbLlbWmy
kxFK9JkITjkINEo+hc7rrWNIot1rZmuRckxdLJeqfjwQkItyr5XZ+xzAXMR7xB46
HvYAwkqBSrWEAA984hmEN7fMyt/gpjLxAxi4YxvhYoh9gQrER3EvBnpyjDuyxu1x
GvAoPmnXgkk9H61rU+QMpd1ywnzKi3lya+0m2rq58gY58fRcUxF1lnQv/GvIKguO
+7rA/uxBbf9CSvhYE7Fw610n7pMln6P7ZxtDIogRIZtbU9httkL+/KVspjoEyXmi
lknaNnmoNTZ6x+u+UPWYK25h71bRJ5fCUAId3qXgPXmfQpuSLzCT9fNb9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANtPBHm0XPwoBK4RdFGKQgKGko4MB8GA1UdIwQY
MBaAFL0Z1FNcfmK5IehZ5lV7gh8njnFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlJuVVUxeC1ZcmtoNkZubVZYdUNIeWVPY1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8yNTk5ZjktNmY3Ni00ZGI2LWJjYTct
YzEzMzFmNDlmYzA5LzEvQTIwOEVlYlJjX0NnRXJoRjBVWXBDQW9hU2pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8yNTk5ZjktNmY3Ni00ZGI2LWJjYTctYzEzMzFmNDlmYzA5
LzEvdlJuVVUxeC1ZcmtoNkZubVZYdUNIeWVPY1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYYKMA0G
CSqGSIb3DQEBCwUAA4IBAQBjwtlaT6xZVvtmWdw4VMI/dkXSm8tR8DgebFhAgo2Z
vVPo8GxRPJTma8DSHcSZZQZziwyMvHVEzghj/l5ve3AjwPm5cRQrllgoIYKGcU6L
6tRvFJCYf4LnDPhaZ8dVv298DFzk5rDVWzqaYeYylSCqL1wM+S0w/XHQilg4wVKg
XEaeKz9mn/BQDaJDaeG3iegs4mDPNuKw3PjXz9CvcW3E24sQignrHF/rgQMKRBd9
4LaYBkzIyomVGfiR2YTB00Ywrvh+SobmkyNjtP0zJ1vgjdVTjvGblZAbzq8UQt+q
fCAaPXucLePhPDGOon04bkmUKp4ZpxPUTk/Ak2dW1mUc
-----END CERTIFICATE-----