Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/V2I353X9c6UPJJCcNKACwjU9uDo.roa
File:                     V2I353X9c6UPJJCcNKACwjU9uDo.roa (raw, json)
Hash identifier:          Q52qzpu1g5L7Lxt0kixPoC8hflYnsk0ZDAAzDKk5FVQ=
Subject key identifier:   57:62:37:E7:75:FD:73:A5:0F:24:90:9C:34:A0:02:C2:35:3D:B8:3A
Certificate issuer:       /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial:       018E8025322ED20F99701A0D71FE586BCD8D
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/V2I353X9c6UPJJCcNKACwjU9uDo.roa
Signing time:             Wed 27 Mar 2024 13:41:45 +0000
ROA not before:           Wed 27 Mar 2024 13:41:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44103
IP address blocks:        45.94.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:80:25:32:2e:d2:0f:99:70:1a:0d:71:fe:58:6b:cd:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
        Validity
            Not Before: Mar 27 13:41:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=576237e775fd73a50f24909c34a002c2353db83a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:af:3b:b9:10:a7:8c:6b:d4:83:20:7c:01:f6:
                    98:89:5b:b8:e0:e8:ee:60:87:d7:42:69:ec:a7:81:
                    fe:ce:57:1c:ae:d4:6f:3d:f5:eb:f8:ad:c0:91:52:
                    03:68:e6:52:1e:a2:e8:0a:c0:7b:4e:d0:2d:b7:6e:
                    f4:e0:b4:a8:8e:27:62:55:61:27:4f:75:6d:f6:68:
                    92:ed:24:0e:0c:64:2e:a6:a1:75:9b:ae:34:06:6d:
                    b2:b5:17:2c:56:0d:6c:d9:97:09:46:23:39:7f:1e:
                    b7:03:fb:28:b2:52:2a:05:07:c2:a1:64:ce:90:c4:
                    d5:27:85:73:67:90:19:20:6e:8a:18:03:98:39:67:
                    39:2f:7c:46:1f:92:1a:4f:2d:20:25:03:b4:8f:c1:
                    06:f2:2e:15:7c:94:06:4a:37:33:d6:92:d2:6b:3f:
                    23:fd:4a:81:a4:6c:fb:f6:3a:c5:ae:73:d6:e0:6f:
                    1f:c1:1b:0e:3a:a9:c7:df:d7:8d:77:33:42:23:44:
                    43:2e:6d:ba:9e:94:b8:a9:9f:1e:cb:4f:5c:a2:b2:
                    fc:52:cc:4a:f7:3a:67:36:63:c7:9d:7f:bb:58:b5:
                    59:51:5e:91:d1:1f:4a:7d:e8:d8:53:c6:7b:09:13:
                    b5:b9:aa:f6:71:36:5b:5c:32:0e:d0:ba:ef:4a:9a:
                    a9:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:62:37:E7:75:FD:73:A5:0F:24:90:9C:34:A0:02:C2:35:3D:B8:3A
            X509v3 Authority Key Identifier:
                keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/V2I353X9c6UPJJCcNKACwjU9uDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:0d:e2:2b:0e:e8:4e:62:07:8a:09:4c:e8:8b:3c:51:3e:bb:
         74:42:42:46:74:7e:7c:b7:e8:6c:ac:af:e6:b3:77:cf:e7:54:
         5c:0f:e9:d4:68:2e:1c:b2:e5:dc:37:1d:38:b8:e7:b1:8f:b0:
         bc:d9:51:dd:03:61:00:d8:e6:95:d4:96:71:ae:83:26:2e:b1:
         a6:98:4e:ac:a7:26:dc:74:5b:0f:da:33:c4:e4:8e:38:65:4a:
         d2:c2:e9:4d:df:4a:35:12:d1:27:05:5d:ce:ba:ee:f0:f9:d0:
         84:65:70:8f:34:02:46:c1:36:7d:0c:9c:fc:5e:fb:aa:f5:d3:
         a2:da:1e:33:7a:a9:0b:67:3d:4a:da:9a:a2:76:58:61:33:2d:
         4f:a9:32:00:2d:2d:98:bd:ec:6c:50:15:fa:fc:5d:cd:a0:43:
         37:de:5f:55:3d:62:a9:03:14:9b:ca:77:01:5f:bb:b6:c7:a3:
         88:5f:d4:15:49:9e:bb:64:ff:d3:bc:e4:1d:c1:6d:97:b0:ae:
         a8:44:09:09:cd:cb:57:eb:c8:bf:c7:d5:d4:fc:3d:da:de:98:
         d9:da:10:f1:87:b8:ec:98:e9:4a:0c:ce:b2:ef:c7:32:20:27:
         a7:86:73:f9:8c:b2:03:21:56:ac:76:73:f0:e4:f8:01:d0:8f:
         dc:ca:7b:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6AJTIu0g+ZcBoNcf5Ya82NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTVkN2ZlZTRhNDk5ZWNhZjExZDJkM2RhOGUzODlkZTMy
MzQxMmYwHhcNMjQwMzI3MTM0MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzYyMzdlNzc1ZmQ3M2E1MGYyNDkwOWMzNGEwMDJjMjM1M2RiODNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqa87uRCnjGvUgyB8AfaYiVu44Oju
YIfXQmnsp4H+zlccrtRvPfXr+K3AkVIDaOZSHqLoCsB7TtAtt2704LSojidiVWEn
T3Vt9miS7SQODGQupqF1m640Bm2ytRcsVg1s2ZcJRiM5fx63A/soslIqBQfCoWTO
kMTVJ4VzZ5AZIG6KGAOYOWc5L3xGH5IaTy0gJQO0j8EG8i4VfJQGSjcz1pLSaz8j
/UqBpGz79jrFrnPW4G8fwRsOOqnH39eNdzNCI0RDLm26npS4qZ8ey09corL8UsxK
9zpnNmPHnX+7WLVZUV6R0R9KfejYU8Z7CRO1uar2cTZbXDIO0LrvSpqp2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFdiN+d1/XOlDySQnDSgAsI1Pbg6MB8GA1UdIwQY
MBaAFCRV1/7kpJnsrxHS09qOOJ3jI0EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEt
MWUwNDY1NTEzYjYzLzEvVjJJMzUzWDljNlVQSkpDY05LQUN3alU5dURvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zZmZiNzYtOTkzMS00OTQyLTlkYTEtMWUwNDY1NTEzYjYz
LzEvSkZYWF91U2ttZXl2RWRMVDJvNDRuZU1qUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV41MA0G
CSqGSIb3DQEBCwUAA4IBAQBqDeIrDuhOYgeKCUzoizxRPrt0QkJGdH58t+hsrK/m
s3fP51RcD+nUaC4csuXcNx04uOexj7C82VHdA2EA2OaV1JZxroMmLrGmmE6spybc
dFsP2jPE5I44ZUrSwulN30o1EtEnBV3Ouu7w+dCEZXCPNAJGwTZ9DJz8Xvuq9dOi
2h4zeqkLZz1K2pqidlhhMy1PqTIALS2YvexsUBX6/F3NoEM33l9VPWKpAxSbyncB
X7u2x6OIX9QVSZ67ZP/TvOQdwW2XsK6oRAkJzctX68i/x9XU/D3a3pjZ2hDxh7js
mOlKDM6y78cyICenhnP5jLIDIVasdnPw5PgB0I/cynvu
-----END CERTIFICATE-----