Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/0b4e73-a154-4059-b622-8fd5caba54e9/1/K2fndFZcTwkaVHlE7QASxrVLA_I.roa
File:                     K2fndFZcTwkaVHlE7QASxrVLA_I.roa (raw, json)
Hash identifier:          kQN+ab1bSKuO00jeDjeooBXmeIm0Pxy69bXYbxukd0I=
Subject key identifier:   2B:67:E7:74:56:5C:4F:09:1A:54:79:44:ED:00:12:C6:B5:4B:03:F2
Certificate issuer:       /CN=a0e3128fd09dc18e66ee4212a7e64f3e4e74a814
Certificate serial:       018CC5DBEDED12A7D4370DEC140F5975475F
Authority key identifier: A0:E3:12:8F:D0:9D:C1:8E:66:EE:42:12:A7:E6:4F:3E:4E:74:A8:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oOMSj9CdwY5m7kISp-ZPPk50qBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/0b4e73-a154-4059-b622-8fd5caba54e9/1/K2fndFZcTwkaVHlE7QASxrVLA_I.roa
Signing time:             Mon 01 Jan 2024 16:29:34 +0000
ROA not before:           Mon 01 Jan 2024 16:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12843
IP address blocks:        45.14.124.0/22 maxlen: 22
                          2a0e:e80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/0b4e73-a154-4059-b622-8fd5caba54e9/1/oOMSj9CdwY5m7kISp-ZPPk50qBQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/0b4e73-a154-4059-b622-8fd5caba54e9/1/oOMSj9CdwY5m7kISp-ZPPk50qBQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oOMSj9CdwY5m7kISp-ZPPk50qBQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:ed:ed:12:a7:d4:37:0d:ec:14:0f:59:75:47:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0e3128fd09dc18e66ee4212a7e64f3e4e74a814
        Validity
            Not Before: Jan  1 16:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b67e774565c4f091a547944ed0012c6b54b03f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:50:89:6e:26:b6:d6:17:79:3b:f1:38:1d:27:
                    f9:c4:4d:f0:ef:a6:af:f7:68:ab:35:17:bb:c3:22:
                    45:de:ab:bf:64:cd:52:aa:e0:c1:d5:68:c0:e4:6b:
                    77:cc:d6:7f:04:df:eb:6e:90:0c:1d:07:f1:2b:f4:
                    64:31:b8:29:f4:b0:13:5d:6c:77:d0:70:92:f9:82:
                    ed:66:ad:33:1f:aa:d0:d4:2f:05:37:f7:c8:ba:17:
                    fa:b0:68:a6:25:6e:46:3f:df:a2:ef:66:c8:b1:48:
                    b3:b3:cd:32:bb:5b:5c:c5:ca:f3:e9:d9:7d:d4:39:
                    47:11:11:d6:a9:fa:89:c8:ae:a9:89:f1:c8:80:e5:
                    02:68:9d:b2:ed:d9:df:f6:57:4e:ac:9c:08:3b:c4:
                    c2:09:8c:ef:aa:3f:b4:16:24:31:02:36:28:22:09:
                    33:9b:42:84:74:bf:03:b3:45:e2:59:f2:e5:15:30:
                    63:a2:ee:22:1a:e6:a9:4f:30:d4:9d:2a:c1:e8:6f:
                    08:fb:4d:60:0d:51:19:1e:54:0b:ce:76:35:cc:44:
                    34:b7:9e:67:06:df:17:e5:e9:10:3b:77:a4:73:ad:
                    06:84:77:86:5a:47:31:ef:86:c2:e4:b5:d7:c7:da:
                    53:62:df:ff:25:68:81:8e:c7:6a:93:f6:eb:94:68:
                    6a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:67:E7:74:56:5C:4F:09:1A:54:79:44:ED:00:12:C6:B5:4B:03:F2
            X509v3 Authority Key Identifier:
                keyid:A0:E3:12:8F:D0:9D:C1:8E:66:EE:42:12:A7:E6:4F:3E:4E:74:A8:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oOMSj9CdwY5m7kISp-ZPPk50qBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0b4e73-a154-4059-b622-8fd5caba54e9/1/K2fndFZcTwkaVHlE7QASxrVLA_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0b4e73-a154-4059-b622-8fd5caba54e9/1/oOMSj9CdwY5m7kISp-ZPPk50qBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.124.0/22
                IPv6:
                  2a0e:e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         b1:7d:46:06:de:a4:2f:14:eb:54:ef:5c:9f:36:29:af:a8:d2:
         b1:f4:14:12:69:8a:79:b8:9e:a1:3f:50:1b:b6:59:c0:3e:18:
         c1:d6:ef:a6:51:52:2e:3f:29:1f:87:51:12:97:4b:ca:4a:6a:
         45:6e:3a:06:a0:df:bb:bc:cc:88:8f:a1:74:ba:c4:d0:59:1c:
         ab:c7:4c:5b:ae:18:72:20:95:0a:87:aa:54:84:c9:d4:c9:59:
         ba:6a:9e:91:83:2d:23:91:59:42:a6:90:3a:f2:d9:04:dd:10:
         91:da:2c:46:c2:b2:6f:a8:e0:3e:3e:4b:f2:2c:58:bf:c1:95:
         68:4a:8b:3d:76:9f:48:c7:68:f8:d6:2d:20:02:f0:7a:c5:f5:
         46:a2:3c:fb:2a:9f:5e:98:53:ab:cb:ad:7b:f0:57:9d:12:44:
         8a:76:c3:48:34:5b:ac:bd:aa:9e:81:44:93:ba:87:83:3b:a3:
         b8:c4:35:06:63:22:0e:23:54:8e:1a:18:63:ff:df:c2:3c:56:
         8f:b4:dc:e1:e4:1f:db:d7:7d:8c:82:9f:34:03:86:4c:70:18:
         45:c2:63:32:d2:77:57:bf:9f:f7:6c:1f:ef:97:09:3e:71:6c:
         ac:4f:29:36:66:49:ab:5a:69:8f:12:38:8c:4e:e6:33:a7:74:
         6f:1a:26:1e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF2+3tEqfUNw3sFA9ZdUdfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZTMxMjhmZDA5ZGMxOGU2NmVlNDIxMmE3ZTY0ZjNlNGU3
NGE4MTQwHhcNMjQwMTAxMTYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjY3ZTc3NDU2NWM0ZjA5MWE1NDc5NDRlZDAwMTJjNmI1NGIwM2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFCJbia21hd5O/E4HSf5xE3w76av
92irNRe7wyJF3qu/ZM1SquDB1WjA5Gt3zNZ/BN/rbpAMHQfxK/RkMbgp9LATXWx3
0HCS+YLtZq0zH6rQ1C8FN/fIuhf6sGimJW5GP9+i72bIsUizs80yu1tcxcrz6dl9
1DlHERHWqfqJyK6pifHIgOUCaJ2y7dnf9ldOrJwIO8TCCYzvqj+0FiQxAjYoIgkz
m0KEdL8Ds0XiWfLlFTBjou4iGuapTzDUnSrB6G8I+01gDVEZHlQLznY1zEQ0t55n
Bt8X5ekQO3ekc60GhHeGWkcx74bC5LXXx9pTYt//JWiBjsdqk/brlGhq4wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCtn53RWXE8JGlR5RO0AEsa1SwPyMB8GA1UdIwQY
MBaAFKDjEo/QncGOZu5CEqfmTz5OdKgUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb09NU2o5Q2R3WTVtN2tJU3AtWlBQazUwcUJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wYjRlNzMtYTE1NC00MDU5LWI2MjIt
OGZkNWNhYmE1NGU5LzEvSzJmbmRGWmNUd2thVkhsRTdRQVN4clZMQV9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wYjRlNzMtYTE1NC00MDU5LWI2MjItOGZkNWNhYmE1NGU5
LzEvb09NU2o5Q2R3WTVtN2tJU3AtWlBQazUwcUJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLQ58MA0E
AgACMAcDBQMqDg6AMA0GCSqGSIb3DQEBCwUAA4IBAQCxfUYG3qQvFOtU71yfNimv
qNKx9BQSaYp5uJ6hP1AbtlnAPhjB1u+mUVIuPykfh1ESl0vKSmpFbjoGoN+7vMyI
j6F0usTQWRyrx0xbrhhyIJUKh6pUhMnUyVm6ap6Rgy0jkVlCppA68tkE3RCR2ixG
wrJvqOA+PkvyLFi/wZVoSos9dp9Ix2j41i0gAvB6xfVGojz7Kp9emFOry6178Fed
EkSKdsNINFusvaqegUSTuoeDO6O4xDUGYyIOI1SOGhhj/9/CPFaPtNzh5B/b132M
gp80A4ZMcBhFwmMy0ndXv5/3bB/vlwk+cWysTyk2ZkmrWmmPEjiMTuYzp3RvGiYe
-----END CERTIFICATE-----