Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/O3ieVqOXKk_uu_Ckr0OWvLwLeu4.roa
File:                     O3ieVqOXKk_uu_Ckr0OWvLwLeu4.roa (raw, json)
Hash identifier:          tkOzOhbctGRotA39AlzUxx6rWtVpzWwlrSGNKd2f72M=
Subject key identifier:   3B:78:9E:56:A3:97:2A:4F:EE:BB:F0:A4:AF:43:96:BC:BC:0B:7A:EE
Certificate issuer:       /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial:       018CC56DE8087811BE2E1C8712964CE07EEA
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/O3ieVqOXKk_uu_Ckr0OWvLwLeu4.roa
Signing time:             Mon 01 Jan 2024 14:29:23 +0000
ROA not before:           Mon 01 Jan 2024 14:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56980
IP address blocks:        45.133.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e8:08:78:11:be:2e:1c:87:12:96:4c:e0:7e:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
        Validity
            Not Before: Jan  1 14:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b789e56a3972a4feebbf0a4af4396bcbc0b7aee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f5:a0:01:40:38:88:77:09:d0:25:bb:4a:3d:
                    d5:cc:d2:2f:1c:f8:68:a7:56:b0:82:63:f6:fd:f2:
                    70:5e:88:a4:68:31:14:c3:f1:e0:11:ef:75:64:c9:
                    b3:7e:1d:f2:4a:57:07:fe:66:07:e6:6d:04:ce:c1:
                    48:f0:16:ed:c6:4a:b0:8a:38:96:5c:bf:91:25:ef:
                    f6:99:56:24:29:76:2a:d1:d5:8f:c1:ee:4e:fe:80:
                    e1:e6:2f:44:fd:0b:5b:11:b6:cb:5c:a0:e9:d2:ba:
                    04:be:a4:c8:19:e4:79:00:b3:3b:3f:a2:ad:90:02:
                    36:53:f2:1a:00:e9:79:72:eb:d9:87:68:ef:ce:e6:
                    9d:28:0e:66:14:5f:84:e7:72:0d:76:a3:51:50:e0:
                    1b:eb:8f:b9:a0:cb:ec:2f:bc:d4:50:51:29:e3:38:
                    5f:a4:d9:88:90:d1:64:49:18:d4:62:de:87:14:e4:
                    f1:23:21:9d:a8:72:03:23:13:36:fb:3f:5b:5b:39:
                    89:4a:5b:a6:ba:57:ac:dc:b8:96:67:6b:a9:7a:9a:
                    2a:ff:64:d2:e1:be:4d:44:42:1d:55:40:49:35:b6:
                    c3:e0:ae:c1:a9:ab:a7:bd:eb:80:4d:4b:54:4e:33:
                    d9:b8:db:b9:b0:56:b8:cd:7a:c1:d5:29:91:82:99:
                    ec:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:78:9E:56:A3:97:2A:4F:EE:BB:F0:A4:AF:43:96:BC:BC:0B:7A:EE
            X509v3 Authority Key Identifier:
                keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/O3ieVqOXKk_uu_Ckr0OWvLwLeu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:e1:1f:79:22:3f:61:4d:23:b5:a3:01:f8:57:e7:53:49:1f:
         6b:07:1f:e9:bb:ed:9c:3d:8c:43:1f:e9:c7:24:2a:86:7a:92:
         3c:57:d0:1e:27:a3:96:19:73:02:04:00:22:51:6b:15:0a:1a:
         e9:6f:b8:16:20:e3:6e:fe:4f:aa:47:90:65:16:18:48:00:80:
         3a:cc:e0:43:91:cb:65:d8:ae:1d:56:d1:f0:58:b9:d0:60:9e:
         92:3b:2d:31:26:5f:c8:35:73:d1:c5:6b:cd:06:07:41:e9:47:
         2e:a2:3a:a0:55:2e:0e:64:e0:7a:99:f9:75:6d:43:93:8d:70:
         cc:37:01:eb:ec:e1:10:c9:4b:01:11:af:bc:ea:00:8e:b6:90:
         d2:b6:6c:0d:60:02:88:c8:b6:a4:b1:66:9c:4b:50:8c:ba:83:
         fd:56:84:37:e1:5f:1d:11:09:95:48:e6:66:36:f4:f1:f7:dd:
         67:df:b0:94:4f:cc:29:08:ea:08:ac:84:c4:1c:11:15:1e:d3:
         8c:79:26:c8:05:08:fc:a0:31:45:31:84:69:11:e1:14:4b:ad:
         a0:b6:c5:59:06:ec:fd:14:40:4d:80:8b:06:42:5a:39:d7:ef:
         2c:59:23:c0:07:00:9a:75:80:77:e7:7e:d8:ba:ef:d5:c7:95:
         6e:da:26:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbegIeBG+LhyHEpZM4H7qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjQwMTAxMTQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjc4OWU1NmEzOTcyYTRmZWViYmYwYTRhZjQzOTZiY2JjMGI3YWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfWgAUA4iHcJ0CW7Sj3VzNIvHPho
p1awgmP2/fJwXoikaDEUw/HgEe91ZMmzfh3ySlcH/mYH5m0EzsFI8BbtxkqwijiW
XL+RJe/2mVYkKXYq0dWPwe5O/oDh5i9E/QtbEbbLXKDp0roEvqTIGeR5ALM7P6Kt
kAI2U/IaAOl5cuvZh2jvzuadKA5mFF+E53INdqNRUOAb64+5oMvsL7zUUFEp4zhf
pNmIkNFkSRjUYt6HFOTxIyGdqHIDIxM2+z9bWzmJSlumules3LiWZ2upepoq/2TS
4b5NREIdVUBJNbbD4K7BqaunveuATUtUTjPZuNu5sFa4zXrB1SmRgpnszwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDt4nlajlypP7rvwpK9Dlry8C3ruMB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEvTzNpZVZxT1hLa191dV9Da3IwT1d2THdMZXU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYUmMA0G
CSqGSIb3DQEBCwUAA4IBAQAT4R95Ij9hTSO1owH4V+dTSR9rBx/pu+2cPYxDH+nH
JCqGepI8V9AeJ6OWGXMCBAAiUWsVChrpb7gWIONu/k+qR5BlFhhIAIA6zOBDkctl
2K4dVtHwWLnQYJ6SOy0xJl/INXPRxWvNBgdB6UcuojqgVS4OZOB6mfl1bUOTjXDM
NwHr7OEQyUsBEa+86gCOtpDStmwNYAKIyLaksWacS1CMuoP9VoQ34V8dEQmVSOZm
NvTx991n37CUT8wpCOoIrITEHBEVHtOMeSbIBQj8oDFFMYRpEeEUS62gtsVZBuz9
FEBNgIsGQlo51+8sWSPABwCadYB3537Yuu/Vx5Vu2iaa
-----END CERTIFICATE-----