Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/2DCNhxfoavfo11LT4hYvKEAYMfo.roa
File:                     2DCNhxfoavfo11LT4hYvKEAYMfo.roa (raw, json)
Hash identifier:          Yj5oNbp5Ysf02sjS+XSA4JvHyIMVOZOl7GhAOHpp7/s=
Subject key identifier:   D8:30:8D:87:17:E8:6A:F7:E8:D7:52:D3:E2:16:2F:28:40:18:31:FA
Certificate issuer:       /CN=3a0b05f40a6916394782302d1b5660737257a48b
Certificate serial:       018CC5015808A7EFD8FC3F98B2CF00663B5A
Authority key identifier: 3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/2DCNhxfoavfo11LT4hYvKEAYMfo.roa
Signing time:             Mon 01 Jan 2024 12:30:48 +0000
ROA not before:           Mon 01 Jan 2024 12:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61135
IP address blocks:        45.158.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:58:08:a7:ef:d8:fc:3f:98:b2:cf:00:66:3b:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0b05f40a6916394782302d1b5660737257a48b
        Validity
            Not Before: Jan  1 12:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8308d8717e86af7e8d752d3e2162f28401831fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a2:26:18:d0:6b:9f:80:44:78:70:37:b1:d0:
                    ec:6f:f2:dc:25:b9:48:79:6b:67:ce:d3:b8:e8:da:
                    95:39:34:21:5d:34:e8:3c:af:d5:4e:20:87:cc:ee:
                    77:ed:24:3a:30:71:05:ee:ec:cd:89:b0:f4:ca:14:
                    ae:7f:09:55:c0:ca:c9:71:a2:28:dc:37:b3:db:e7:
                    25:c4:49:0a:33:30:47:24:07:0a:75:c6:27:05:29:
                    73:42:62:03:a4:7a:fe:51:1a:08:b8:29:62:e4:48:
                    67:a2:13:43:13:95:07:f9:e1:0e:05:79:e9:96:34:
                    ce:20:6a:ff:fc:1b:5d:8a:fc:74:9e:e6:89:fb:fb:
                    d1:e2:4f:84:67:72:9c:27:ba:45:43:4e:9d:e5:c9:
                    28:96:5e:fd:cf:2d:02:6f:eb:1a:e2:e3:6d:6f:f2:
                    63:a1:59:79:d6:6c:12:cc:60:29:8f:49:f1:44:63:
                    22:9e:cd:1e:d9:db:a7:89:12:e8:4d:5d:77:c4:d1:
                    b9:e4:01:1d:f0:c5:fc:e4:13:e7:40:09:ea:49:d4:
                    1c:0c:8a:c1:de:80:54:6f:79:bf:6e:75:8a:fa:79:
                    0b:a0:31:ce:f4:a1:00:61:18:01:3e:c4:20:ee:62:
                    c0:9b:27:e0:42:8e:01:77:bc:4c:f0:a7:b3:2d:67:
                    93:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:30:8D:87:17:E8:6A:F7:E8:D7:52:D3:E2:16:2F:28:40:18:31:FA
            X509v3 Authority Key Identifier:
                keyid:3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/2DCNhxfoavfo11LT4hYvKEAYMfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:5f:4d:65:63:13:e0:e0:0d:79:39:aa:25:68:5f:91:b5:63:
         b6:d7:0f:54:d9:5b:f2:6c:0b:e3:2d:ef:2e:87:21:04:6f:84:
         8c:c4:0c:2d:ab:65:27:63:95:b7:f0:4a:b4:8f:26:af:ff:03:
         cf:19:fc:3e:e9:7f:39:aa:a6:99:7a:4a:13:00:0a:6f:ec:a8:
         87:89:f7:de:fb:ad:ab:e0:1a:7b:cb:19:53:7f:59:fb:82:55:
         c9:c1:b6:81:bc:07:a5:ac:80:42:46:0c:fc:4b:50:f2:7d:4b:
         75:da:13:a6:48:d2:2c:f0:46:5f:ec:ee:01:61:12:4b:52:6d:
         5c:a1:49:a9:92:d1:e8:fd:cc:39:ac:8c:ee:f6:81:58:b3:73:
         93:99:ae:df:00:4b:3b:4e:38:28:76:80:c3:be:e5:05:c7:38:
         db:72:ca:11:25:e7:0d:62:2d:a9:a6:68:56:a2:d4:07:ee:18:
         88:77:24:eb:2b:49:9b:5b:0b:f2:93:25:bf:09:b4:ae:fd:92:
         4a:ff:8c:6d:79:8b:74:fb:58:cb:c4:39:b4:dd:16:51:a0:f6:
         10:20:8d:71:51:b6:9f:9b:67:3c:ce:18:ea:8c:1a:40:e4:28:
         9c:93:a4:7b:49:e5:e9:3c:0d:63:00:1f:32:17:7c:0f:73:34:
         33:be:33:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAVgIp+/Y/D+Yss8AZjtaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMGIwNWY0MGE2OTE2Mzk0NzgyMzAyZDFiNTY2MDczNzI1
N2E0OGIwHhcNMjQwMTAxMTIzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODMwOGQ4NzE3ZTg2YWY3ZThkNzUyZDNlMjE2MmYyODQwMTgzMWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6ImGNBrn4BEeHA3sdDsb/LcJblI
eWtnztO46NqVOTQhXTToPK/VTiCHzO537SQ6MHEF7uzNibD0yhSufwlVwMrJcaIo
3Dez2+clxEkKMzBHJAcKdcYnBSlzQmIDpHr+URoIuCli5EhnohNDE5UH+eEOBXnp
ljTOIGr//Btdivx0nuaJ+/vR4k+EZ3KcJ7pFQ06d5ckoll79zy0Cb+sa4uNtb/Jj
oVl51mwSzGApj0nxRGMins0e2duniRLoTV13xNG55AEd8MX85BPnQAnqSdQcDIrB
3oBUb3m/bnWK+nkLoDHO9KEAYRgBPsQg7mLAmyfgQo4Bd7xM8KezLWeTswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgwjYcX6Gr36NdS0+IWLyhAGDH6MB8GA1UdIwQY
MBaAFDoLBfQKaRY5R4IwLRtWYHNyV6SLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGIt
YjIwZTI4ZjUxODhmLzEvMkRDTmh4Zm9hdmZvMTFMVDRoWXZLRUFZTWZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGItYjIwZTI4ZjUxODhm
LzEvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ4PMA0G
CSqGSIb3DQEBCwUAA4IBAQA/X01lYxPg4A15OaolaF+RtWO21w9U2VvybAvjLe8u
hyEEb4SMxAwtq2UnY5W38Eq0jyav/wPPGfw+6X85qqaZekoTAApv7KiHiffe+62r
4Bp7yxlTf1n7glXJwbaBvAelrIBCRgz8S1DyfUt12hOmSNIs8EZf7O4BYRJLUm1c
oUmpktHo/cw5rIzu9oFYs3OTma7fAEs7TjgodoDDvuUFxzjbcsoRJecNYi2ppmhW
otQH7hiIdyTrK0mbWwvykyW/CbSu/ZJK/4xteYt0+1jLxDm03RZRoPYQII1xUbaf
m2c8zhjqjBpA5Cick6R7SeXpPA1jAB8yF3wPczQzvjO+
-----END CERTIFICATE-----