Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ab9e70-489a-4088-b28e-e68f6cf2c0d2/1/pleieYhr1SB8zM4oKoOOi2u6rNw.roa
File:                     pleieYhr1SB8zM4oKoOOi2u6rNw.roa (raw, json)
Hash identifier:          G5kvwhFuA6j8whop8pjm1hADdTC7EUsFO64QoNC1VmE=
Subject key identifier:   A6:57:A2:79:88:6B:D5:20:7C:CC:CE:28:2A:83:8E:8B:6B:BA:AC:DC
Certificate issuer:       /CN=baaa7b4c01e929c38923981ab51c9727a1f9f07e
Certificate serial:       018CC3B72D547B378662F51409D836161F3F
Authority key identifier: BA:AA:7B:4C:01:E9:29:C3:89:23:98:1A:B5:1C:97:27:A1:F9:F0:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uqp7TAHpKcOJI5gatRyXJ6H58H4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ab9e70-489a-4088-b28e-e68f6cf2c0d2/1/pleieYhr1SB8zM4oKoOOi2u6rNw.roa
Signing time:             Mon 01 Jan 2024 06:30:10 +0000
ROA not before:           Mon 01 Jan 2024 06:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20712
IP address blocks:        45.129.91.0/24 maxlen: 24
                          45.129.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ab9e70-489a-4088-b28e-e68f6cf2c0d2/1/uqp7TAHpKcOJI5gatRyXJ6H58H4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ab9e70-489a-4088-b28e-e68f6cf2c0d2/1/uqp7TAHpKcOJI5gatRyXJ6H58H4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uqp7TAHpKcOJI5gatRyXJ6H58H4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:2d:54:7b:37:86:62:f5:14:09:d8:36:16:1f:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=baaa7b4c01e929c38923981ab51c9727a1f9f07e
        Validity
            Not Before: Jan  1 06:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a657a279886bd5207cccce282a838e8b6bbaacdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:29:92:5b:47:ff:f3:8d:26:dc:a4:6b:3b:4b:
                    9f:76:81:3c:a9:91:fc:e1:50:48:f4:41:6a:c8:c3:
                    ec:5d:77:10:16:52:c4:4a:4f:a4:9f:71:a4:e4:89:
                    e0:75:a9:a3:93:ea:d9:ad:ac:43:06:7c:66:ab:30:
                    d1:ba:11:9f:85:4b:2a:b0:7f:bc:22:e9:9c:7d:87:
                    4c:4a:bb:c9:b3:57:75:2c:a1:d5:c5:b7:9c:4a:1a:
                    a1:77:74:8b:1d:f1:26:62:17:a4:7b:c8:cd:4d:93:
                    7b:6d:53:02:fd:b9:7b:c9:b6:68:b4:be:7d:96:9d:
                    46:17:a1:78:f3:4d:9e:ec:fd:86:c9:7f:c5:4e:b0:
                    3c:3f:c0:24:55:5f:37:36:42:42:80:f0:05:de:00:
                    d1:63:47:e0:8f:26:4a:1b:e8:4f:0b:b0:34:f0:53:
                    6e:0f:ea:45:99:08:5d:76:27:a3:42:b9:8c:ad:f1:
                    a9:f7:8f:6b:4c:7d:6d:57:19:ad:2d:bd:f3:0f:fa:
                    e0:91:f5:9b:65:fa:9b:86:79:63:7f:d9:30:82:8e:
                    0e:73:be:f4:eb:51:e9:b7:39:87:0f:1d:57:cd:97:
                    ac:8f:82:38:dd:3d:97:04:91:e7:3b:31:c3:ea:9a:
                    38:0e:a2:06:7e:37:bf:32:ba:f5:ea:e2:2b:1c:62:
                    9c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:57:A2:79:88:6B:D5:20:7C:CC:CE:28:2A:83:8E:8B:6B:BA:AC:DC
            X509v3 Authority Key Identifier:
                keyid:BA:AA:7B:4C:01:E9:29:C3:89:23:98:1A:B5:1C:97:27:A1:F9:F0:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqp7TAHpKcOJI5gatRyXJ6H58H4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ab9e70-489a-4088-b28e-e68f6cf2c0d2/1/pleieYhr1SB8zM4oKoOOi2u6rNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ab9e70-489a-4088-b28e-e68f6cf2c0d2/1/uqp7TAHpKcOJI5gatRyXJ6H58H4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.89.0/24
                  45.129.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:fa:b4:90:56:2c:a7:17:96:73:f9:ba:0e:4f:5b:58:bc:e9:
         af:e4:d3:cf:5f:d9:a3:ca:61:90:f0:a8:ea:ab:9d:ad:35:09:
         6d:aa:e2:29:3f:b7:d9:2c:f1:2e:52:05:12:55:3b:42:49:f9:
         aa:8d:85:1a:ff:ef:e3:8e:f2:fc:13:89:58:f0:54:da:a8:48:
         3f:b4:dc:f8:2c:dc:2b:65:dd:36:da:31:26:fb:0f:e9:0e:57:
         e9:8e:db:6c:df:4c:d9:cb:f1:4f:d2:d9:7e:f7:db:62:b3:62:
         bc:71:9a:cb:29:d5:03:92:a8:2c:fd:ab:65:30:25:18:5a:8e:
         39:6f:8d:61:79:16:cc:09:17:54:42:e5:c3:95:3c:26:a7:af:
         5e:2e:f0:ad:96:49:fc:42:25:85:e1:27:bb:fc:33:92:b4:8b:
         37:97:48:30:51:3a:7e:b9:d5:98:59:9a:0d:23:4d:e2:fa:60:
         07:bb:51:31:50:5b:91:a4:2c:9a:3b:ae:46:f2:fe:b8:5e:93:
         dd:15:b5:7d:df:e7:fa:88:e3:93:ab:82:0b:df:c3:f6:27:c9:
         61:8d:6b:8e:68:9d:74:5f:79:bc:40:00:f0:64:10:05:1a:80:
         2b:4b:c8:50:e3:fa:cb:b6:a3:4b:81:f1:6a:0f:12:af:40:5f:
         5d:df:5a:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDty1UezeGYvUUCdg2Fh8/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYWE3YjRjMDFlOTI5YzM4OTIzOTgxYWI1MWM5NzI3YTFm
OWYwN2UwHhcNMjQwMTAxMDYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjU3YTI3OTg4NmJkNTIwN2NjY2NlMjgyYTgzOGU4YjZiYmFhY2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCmSW0f/840m3KRrO0ufdoE8qZH8
4VBI9EFqyMPsXXcQFlLESk+kn3Gk5Ingdamjk+rZraxDBnxmqzDRuhGfhUsqsH+8
IumcfYdMSrvJs1d1LKHVxbecShqhd3SLHfEmYheke8jNTZN7bVMC/bl7ybZotL59
lp1GF6F4802e7P2GyX/FTrA8P8AkVV83NkJCgPAF3gDRY0fgjyZKG+hPC7A08FNu
D+pFmQhddiejQrmMrfGp949rTH1tVxmtLb3zD/rgkfWbZfqbhnljf9kwgo4Oc770
61HptzmHDx1XzZesj4I43T2XBJHnOzHD6po4DqIGfje/Mrr16uIrHGKc2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKZXonmIa9UgfMzOKCqDjotruqzcMB8GA1UdIwQY
MBaAFLqqe0wB6SnDiSOYGrUclyeh+fB+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFwN1RBSHBLY09KSTVnYXRSeVhKNkg1OEg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYjllNzAtNDg5YS00MDg4LWIyOGUt
ZTY4ZjZjZjJjMGQyLzEvcGxlaWVZaHIxU0I4ek00b0tvT09pMnU2ck53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYjllNzAtNDg5YS00MDg4LWIyOGUtZTY4ZjZjZjJjMGQy
LzEvdXFwN1RBSHBLY09KSTVnYXRSeVhKNkg1OEg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYFZAwQA
LYFbMA0GCSqGSIb3DQEBCwUAA4IBAQBe+rSQViynF5Zz+boOT1tYvOmv5NPPX9mj
ymGQ8Kjqq52tNQltquIpP7fZLPEuUgUSVTtCSfmqjYUa/+/jjvL8E4lY8FTaqEg/
tNz4LNwrZd022jEm+w/pDlfpjtts30zZy/FP0tl+99tis2K8cZrLKdUDkqgs/atl
MCUYWo45b41heRbMCRdUQuXDlTwmp69eLvCtlkn8QiWF4Se7/DOStIs3l0gwUTp+
udWYWZoNI03i+mAHu1ExUFuRpCyaO65G8v64XpPdFbV93+f6iOOTq4IL38P2J8lh
jWuOaJ10X3m8QADwZBAFGoArS8hQ4/rLtqNLgfFqDxKvQF9d31pr
-----END CERTIFICATE-----