Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/2c57e5-402b-4896-929f-54341cd13a9d/1/dtvptpDCOpV-jND-4qEjIuCDBrc.roa
File:                     dtvptpDCOpV-jND-4qEjIuCDBrc.roa (raw, json)
Hash identifier:          EWqwGk5Kknk/kp8QcH5BlPEYyTah2RvsxsGEznSR3Aw=
Subject key identifier:   76:DB:E9:B6:90:C2:3A:95:7E:8C:D0:FE:E2:A1:23:22:E0:83:06:B7
Certificate issuer:       /CN=edee25a78a816bde362c40c86e39b947d0ee2ff3
Certificate serial:       018CC3B729245D26203DCFB62B2D381B2F54
Authority key identifier: ED:EE:25:A7:8A:81:6B:DE:36:2C:40:C8:6E:39:B9:47:D0:EE:2F:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7e4lp4qBa942LEDIbjm5R9DuL_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/2c57e5-402b-4896-929f-54341cd13a9d/1/dtvptpDCOpV-jND-4qEjIuCDBrc.roa
Signing time:             Mon 01 Jan 2024 06:30:09 +0000
ROA not before:           Mon 01 Jan 2024 06:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201800
IP address blocks:        45.159.104.0/22 maxlen: 24
                          188.68.188.0/24 maxlen: 24
                          188.68.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/2c57e5-402b-4896-929f-54341cd13a9d/1/7e4lp4qBa942LEDIbjm5R9DuL_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/2c57e5-402b-4896-929f-54341cd13a9d/1/7e4lp4qBa942LEDIbjm5R9DuL_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7e4lp4qBa942LEDIbjm5R9DuL_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 09:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:29:24:5d:26:20:3d:cf:b6:2b:2d:38:1b:2f:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edee25a78a816bde362c40c86e39b947d0ee2ff3
        Validity
            Not Before: Jan  1 06:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76dbe9b690c23a957e8cd0fee2a12322e08306b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:2c:0c:3f:13:0d:7e:c2:ed:45:58:48:55:2d:
                    9f:e5:a5:f5:7a:05:56:7b:8b:11:b7:43:94:67:16:
                    b4:67:59:dc:15:9b:93:00:66:9b:78:7d:8a:ae:f0:
                    20:9b:f4:02:22:53:55:c1:ab:0e:4f:f3:0d:f2:20:
                    1b:97:9f:fb:77:ac:62:5c:21:7d:da:b4:c8:39:85:
                    6e:30:f6:41:80:69:e4:d9:87:a1:73:a7:40:8f:e6:
                    41:6d:c3:e0:d4:ec:80:58:6a:07:cc:c7:29:b3:75:
                    9d:27:80:f4:41:2e:12:a2:ed:ba:20:0a:40:5f:93:
                    34:a9:6a:40:45:f4:03:c4:c6:c1:7b:a0:e6:3f:90:
                    95:24:94:ed:ee:e9:9a:38:ce:91:9e:76:09:fe:88:
                    9d:b1:f6:02:b3:4b:5b:f6:47:10:73:1f:36:99:3c:
                    3c:1a:42:12:0d:0b:ac:6d:38:81:83:80:23:03:f3:
                    d2:8b:78:7a:c7:a6:72:8a:b6:0d:75:9b:23:d7:39:
                    d0:47:31:f7:84:20:30:68:31:cd:e1:72:6e:d1:bb:
                    ba:73:ff:73:1d:2c:5f:4c:7c:64:8f:5f:9a:e0:16:
                    9b:3b:c0:b6:fe:95:7f:e2:25:c4:b4:c2:39:46:f2:
                    8b:f4:ef:fe:fe:e5:44:fe:a0:54:d4:b2:14:de:52:
                    e1:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:DB:E9:B6:90:C2:3A:95:7E:8C:D0:FE:E2:A1:23:22:E0:83:06:B7
            X509v3 Authority Key Identifier:
                keyid:ED:EE:25:A7:8A:81:6B:DE:36:2C:40:C8:6E:39:B9:47:D0:EE:2F:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e4lp4qBa942LEDIbjm5R9DuL_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/2c57e5-402b-4896-929f-54341cd13a9d/1/dtvptpDCOpV-jND-4qEjIuCDBrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/2c57e5-402b-4896-929f-54341cd13a9d/1/7e4lp4qBa942LEDIbjm5R9DuL_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.104.0/22
                  188.68.188.0/24
                  188.68.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:e4:ea:b5:ef:c0:16:49:af:44:ba:18:04:d9:48:52:17:57:
         6c:df:67:53:8f:39:16:a9:b5:29:f9:ab:42:e0:a6:c3:6f:f4:
         b6:65:b1:dc:66:65:d5:6e:c3:fb:09:a0:46:46:20:51:65:4c:
         45:79:58:bf:04:68:2a:1f:9f:75:ee:a0:26:07:92:80:23:87:
         b0:38:a9:95:8f:73:b8:b4:da:81:d8:fc:90:10:36:cc:02:f6:
         33:94:eb:d7:03:a2:82:21:26:21:f8:3f:d1:c3:5c:5a:87:91:
         c7:2a:d5:95:a4:5c:d9:16:40:28:aa:42:47:13:63:94:1e:68:
         a2:1d:e8:25:80:a2:2a:aa:d3:2a:92:0d:d6:03:c1:06:32:f2:
         54:c7:7c:30:b8:75:43:12:d1:56:e2:e5:dc:ff:65:90:08:ab:
         f9:b9:5d:2a:2a:53:72:46:66:5f:59:c7:5c:49:ea:68:91:71:
         13:57:6c:22:93:05:62:d2:3a:7f:ee:86:ce:d4:30:d2:21:fa:
         24:23:37:ea:23:45:ef:9d:61:41:7a:4a:22:81:75:93:d9:4a:
         91:d6:92:18:df:18:5d:2f:ef:c4:0d:bb:64:b7:2a:80:89:e4:
         1d:26:60:74:07:b1:87:fb:d2:dd:40:2e:99:8a:3b:17:6d:90:
         5c:70:31:65
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDtykkXSYgPc+2Ky04Gy9UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkZWUyNWE3OGE4MTZiZGUzNjJjNDBjODZlMzliOTQ3ZDBl
ZTJmZjMwHhcNMjQwMTAxMDYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmRiZTliNjkwYzIzYTk1N2U4Y2QwZmVlMmExMjMyMmUwODMwNmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiywMPxMNfsLtRVhIVS2f5aX1egVW
e4sRt0OUZxa0Z1ncFZuTAGabeH2KrvAgm/QCIlNVwasOT/MN8iAbl5/7d6xiXCF9
2rTIOYVuMPZBgGnk2Yehc6dAj+ZBbcPg1OyAWGoHzMcps3WdJ4D0QS4Sou26IApA
X5M0qWpARfQDxMbBe6DmP5CVJJTt7umaOM6RnnYJ/oidsfYCs0tb9kcQcx82mTw8
GkISDQusbTiBg4AjA/PSi3h6x6ZyirYNdZsj1znQRzH3hCAwaDHN4XJu0bu6c/9z
HSxfTHxkj1+a4BabO8C2/pV/4iXEtMI5RvKL9O/+/uVE/qBU1LIU3lLhGwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHbb6baQwjqVfozQ/uKhIyLggwa3MB8GA1UdIwQY
MBaAFO3uJaeKgWveNixAyG45uUfQ7i/zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2U0bHA0cUJhOTQyTEVESWJqbTVSOUR1TF9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8yYzU3ZTUtNDAyYi00ODk2LTkyOWYt
NTQzNDFjZDEzYTlkLzEvZHR2cHRwRENPcFYtak5ELTRxRWpJdUNEQnJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8yYzU3ZTUtNDAyYi00ODk2LTkyOWYtNTQzNDFjZDEzYTlk
LzEvN2U0bHA0cUJhOTQyTEVESWJqbTVSOUR1TF9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLZ9oAwQA
vES8AwQAvES/MA0GCSqGSIb3DQEBCwUAA4IBAQCg5Oq178AWSa9EuhgE2UhSF1ds
32dTjzkWqbUp+atC4KbDb/S2ZbHcZmXVbsP7CaBGRiBRZUxFeVi/BGgqH5917qAm
B5KAI4ewOKmVj3O4tNqB2PyQEDbMAvYzlOvXA6KCISYh+D/Rw1xah5HHKtWVpFzZ
FkAoqkJHE2OUHmiiHeglgKIqqtMqkg3WA8EGMvJUx3wwuHVDEtFW4uXc/2WQCKv5
uV0qKlNyRmZfWcdcSepokXETV2wikwVi0jp/7obO1DDSIfokIzfqI0XvnWFBekoi
gXWT2UqR1pIY3xhdL+/EDbtktyqAieQdJmB0B7GH+9LdQC6ZijsXbZBccDFl
-----END CERTIFICATE-----