Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/TmXOKeiFO094g4qPgwAXVhUTPDk.roa
File:                     TmXOKeiFO094g4qPgwAXVhUTPDk.roa (raw, json)
Hash identifier:          Phu0heoSgpxcZvOkLdXEjyPxIFVbWm+h5RH8qfAL+3w=
Subject key identifier:   4E:65:CE:29:E8:85:3B:4F:78:83:8A:8F:83:00:17:56:15:13:3C:39
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       018D59FD280B33B2EDF20783B0F3C7951337
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/TmXOKeiFO094g4qPgwAXVhUTPDk.roa
Signing time:             Tue 30 Jan 2024 10:49:39 +0000
ROA not before:           Tue 30 Jan 2024 10:49:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57494
IP address blocks:        45.87.245.0/24 maxlen: 24
                          2a10:9684::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:59:fd:28:0b:33:b2:ed:f2:07:83:b0:f3:c7:95:13:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Jan 30 10:49:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e65ce29e8853b4f78838a8f8300175615133c39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ba:97:1e:74:53:56:91:a5:91:8c:a6:ef:b8:
                    46:70:df:db:b6:8e:87:0c:de:8e:73:56:99:eb:d9:
                    a4:35:3b:6e:a0:e2:6e:d8:01:17:57:3f:01:e7:58:
                    86:e7:f1:4b:c0:4e:56:92:18:80:67:7a:77:27:dd:
                    71:c5:fa:af:41:71:a0:39:ba:b5:21:2d:ab:b6:a7:
                    7b:db:35:e5:44:37:f9:5f:d4:1b:5f:dd:9c:25:8c:
                    15:2e:21:fd:aa:4d:70:a6:28:23:9a:8b:5a:af:a0:
                    b6:11:8e:e2:50:6f:24:69:71:4d:b4:8e:d7:d3:03:
                    0d:0f:d1:da:92:ce:6a:12:97:0e:88:a1:7f:0c:3a:
                    c1:75:57:b6:4c:f6:4e:dc:8e:58:e4:e6:86:a4:c7:
                    fd:0e:d5:a7:65:6d:39:53:d8:e6:26:49:1c:2c:58:
                    84:f4:49:c1:53:5f:3a:0b:89:49:5b:2d:42:ef:75:
                    c6:04:cd:c2:31:52:52:28:ff:a8:58:7d:d6:a4:05:
                    24:c9:6c:aa:e7:f0:21:e3:bb:29:95:f2:b4:70:17:
                    62:b7:ae:46:ff:02:a4:39:54:bc:4b:fd:8f:f9:59:
                    83:0f:95:c4:e7:c7:9d:ca:cc:60:2b:4b:99:2e:cd:
                    33:7a:1b:99:a6:92:1b:7a:48:9f:85:1a:c8:1c:c8:
                    22:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:65:CE:29:E8:85:3B:4F:78:83:8A:8F:83:00:17:56:15:13:3C:39
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/TmXOKeiFO094g4qPgwAXVhUTPDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.245.0/24
                IPv6:
                  2a10:9684::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:c0:81:d6:95:14:e1:bb:8c:62:5f:80:3b:ef:8c:05:ec:2d:
         50:4f:2d:16:d0:72:df:da:fc:de:20:cd:b7:65:62:61:90:64:
         0e:62:81:37:9e:7f:d3:2d:8b:e0:ae:ad:78:05:41:49:af:ff:
         34:91:ac:c2:69:40:d6:85:71:b8:ad:6d:0d:b9:9c:b6:a4:1d:
         f5:fc:99:d5:c7:2d:86:e8:28:de:4a:7f:f1:83:54:fa:8a:fe:
         99:9b:eb:b5:52:72:78:ec:0e:63:86:6f:10:40:2d:40:db:1d:
         dc:1e:5e:c9:58:82:ee:4c:b6:05:e9:a6:66:bc:78:9d:98:9b:
         8c:88:f8:39:40:a8:a4:22:a5:f1:ee:8d:5e:66:da:7f:2f:d4:
         1a:68:75:5d:ae:00:8a:69:33:6d:40:b2:f9:0b:7f:24:ec:50:
         50:da:81:43:bd:a7:d2:40:8f:7e:95:37:b6:e9:61:85:bb:7a:
         7a:9f:73:99:4b:ec:f1:6f:a8:0e:11:95:96:35:c0:66:28:aa:
         b1:4e:46:14:de:af:55:13:04:87:56:b8:8e:de:ec:c2:b8:2b:
         76:d8:12:64:91:2d:b4:57:90:06:af:6b:67:38:52:25:f9:c6:
         7b:26:1d:1c:2c:fe:15:eb:91:2f:21:f4:8f:6c:83:dd:0c:0f:
         f2:7e:5f:0e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY1Z/SgLM7Lt8geDsPPHlRM3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjQwMTMwMTA0OTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTY1Y2UyOWU4ODUzYjRmNzg4MzhhOGY4MzAwMTc1NjE1MTMzYzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7qXHnRTVpGlkYym77hGcN/bto6H
DN6Oc1aZ69mkNTtuoOJu2AEXVz8B51iG5/FLwE5WkhiAZ3p3J91xxfqvQXGgObq1
IS2rtqd72zXlRDf5X9QbX92cJYwVLiH9qk1wpigjmotar6C2EY7iUG8kaXFNtI7X
0wMND9Haks5qEpcOiKF/DDrBdVe2TPZO3I5Y5OaGpMf9DtWnZW05U9jmJkkcLFiE
9EnBU186C4lJWy1C73XGBM3CMVJSKP+oWH3WpAUkyWyq5/Ah47splfK0cBdit65G
/wKkOVS8S/2P+VmDD5XE58edysxgK0uZLs0zehuZppIbekifhRrIHMgiZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE5lzinohTtPeIOKj4MAF1YVEzw5MB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvVG1YT0tlaUZPMDk0ZzRxUGd3QVhWaFVUUERrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALVf1MA0E
AgACMAcDBQAqEJaEMA0GCSqGSIb3DQEBCwUAA4IBAQBqwIHWlRThu4xiX4A774wF
7C1QTy0W0HLf2vzeIM23ZWJhkGQOYoE3nn/TLYvgrq14BUFJr/80kazCaUDWhXG4
rW0NuZy2pB31/JnVxy2G6CjeSn/xg1T6iv6Zm+u1UnJ47A5jhm8QQC1A2x3cHl7J
WILuTLYF6aZmvHidmJuMiPg5QKikIqXx7o1eZtp/L9QaaHVdrgCKaTNtQLL5C38k
7FBQ2oFDvafSQI9+lTe26WGFu3p6n3OZS+zxb6gOEZWWNcBmKKqxTkYU3q9VEwSH
VriO3uzCuCt22BJkkS20V5AGr2tnOFIl+cZ7Jh0cLP4V65EvIfSPbIPdDA/yfl8O
-----END CERTIFICATE-----