Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/5D1ijzSr1RJAyhjYoIdvc6kwvww.roa
File:                     5D1ijzSr1RJAyhjYoIdvc6kwvww.roa (raw, json)
Hash identifier:          AA9zBsCYpM6R4QqwsAPOWl0poYFsaEF8B10fxt1EMUg=
Subject key identifier:   E4:3D:62:8F:34:AB:D5:12:40:CA:18:D8:A0:87:6F:73:A9:30:BF:0C
Certificate issuer:       /CN=7d5695786f8450d1041dc88ad892cbb570d5972b
Certificate serial:       018EBF6E2DC7CA1A5EAA8F4511D10AFCA3D3
Authority key identifier: 7D:56:95:78:6F:84:50:D1:04:1D:C8:8A:D8:92:CB:B5:70:D5:97:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/5D1ijzSr1RJAyhjYoIdvc6kwvww.roa
Signing time:             Mon 08 Apr 2024 20:37:32 +0000
ROA not before:           Mon 08 Apr 2024 20:37:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56322
IP address blocks:        45.11.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bf:6e:2d:c7:ca:1a:5e:aa:8f:45:11:d1:0a:fc:a3:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d5695786f8450d1041dc88ad892cbb570d5972b
        Validity
            Not Before: Apr  8 20:37:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e43d628f34abd51240ca18d8a0876f73a930bf0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:3e:ec:8d:75:78:68:99:8e:37:b5:15:b8:f3:
                    f0:a1:76:c9:ad:44:63:b7:5f:d7:4e:5b:f0:75:6f:
                    19:f9:9a:da:fe:14:50:06:f9:f6:07:09:fb:ba:72:
                    17:1e:11:39:eb:78:8a:21:d1:9c:ee:8e:f0:aa:f9:
                    97:2a:20:cf:cb:04:d8:1d:51:48:21:86:a2:b8:6e:
                    45:30:9f:86:d5:7b:6f:ed:9a:61:76:a0:60:7b:6b:
                    14:85:49:fd:a5:75:1f:0f:32:63:9a:e0:3d:70:39:
                    af:2d:f1:ab:10:cb:98:4b:c6:5f:c3:90:cd:5b:a4:
                    15:3e:ad:e8:a0:da:56:16:09:19:a1:67:24:b9:7c:
                    0d:ea:fb:e2:31:f2:c6:ee:fb:75:35:df:4f:6b:78:
                    0a:e4:c6:4e:42:58:0d:e1:de:b2:67:09:3d:59:d4:
                    eb:be:26:4e:b3:95:95:9b:ab:fc:df:b6:c4:45:f6:
                    21:8c:65:49:c3:57:4a:b3:e6:fd:b5:17:f8:04:83:
                    a1:4b:be:64:f7:27:04:52:c3:22:68:b5:55:0a:c4:
                    76:16:a5:21:66:23:f4:96:92:88:ea:ca:47:56:60:
                    40:fb:cc:35:df:19:47:80:47:bb:4b:ea:2f:e0:0c:
                    6b:55:41:07:5a:26:f3:5b:c9:72:8e:54:cd:be:66:
                    85:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:3D:62:8F:34:AB:D5:12:40:CA:18:D8:A0:87:6F:73:A9:30:BF:0C
            X509v3 Authority Key Identifier:
                keyid:7D:56:95:78:6F:84:50:D1:04:1D:C8:8A:D8:92:CB:B5:70:D5:97:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/5D1ijzSr1RJAyhjYoIdvc6kwvww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:ac:f4:42:b8:f2:00:0b:34:bb:4c:33:60:30:9e:e9:f7:03:
         be:b9:e3:31:fa:df:ca:9b:0a:bb:04:48:d5:1a:74:23:93:b5:
         16:91:f8:a1:7d:c7:b0:bd:49:3e:70:52:10:de:2d:10:1e:25:
         c7:b2:0d:3e:8c:c9:96:4d:ee:df:b9:e4:45:3c:8a:e3:99:4b:
         3a:0c:16:1a:cc:f2:21:3d:bf:03:be:d3:bb:10:63:83:1f:eb:
         c1:a4:0c:8a:9d:05:8e:fe:d0:ff:c8:bf:26:f9:c8:69:91:f3:
         db:be:5f:0a:73:6c:94:e8:b0:d3:76:cd:ff:54:dd:9b:b0:79:
         f9:1b:f1:34:6f:d4:d1:20:5a:39:65:fe:cf:e8:28:ce:ce:1c:
         f6:c7:d1:32:de:1b:11:41:a6:62:49:ae:7f:bd:58:53:75:c6:
         21:7d:63:39:f9:ab:cd:5a:4b:77:3e:37:cb:4d:87:94:57:00:
         34:40:1f:3e:ee:9e:c1:9a:0f:01:bc:04:ab:b4:92:66:2f:23:
         68:0b:90:79:dc:d7:4d:de:a4:d9:ed:5c:71:da:0b:a5:70:4b:
         68:a1:da:8c:48:df:f6:92:9e:a2:0b:37:1d:c3:87:ea:fd:85:
         80:7b:3a:ec:d3:18:ac:3d:44:8a:32:c1:6f:27:2d:1b:ef:3a:
         8b:28:97:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6/bi3Hyhpeqo9FEdEK/KPTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTY5NTc4NmY4NDUwZDEwNDFkYzg4YWQ4OTJjYmI1NzBk
NTk3MmIwHhcNMjQwNDA4MjAzNzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDNkNjI4ZjM0YWJkNTEyNDBjYTE4ZDhhMDg3NmY3M2E5MzBiZjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhT7sjXV4aJmON7UVuPPwoXbJrURj
t1/XTlvwdW8Z+Zra/hRQBvn2Bwn7unIXHhE563iKIdGc7o7wqvmXKiDPywTYHVFI
IYaiuG5FMJ+G1Xtv7ZphdqBge2sUhUn9pXUfDzJjmuA9cDmvLfGrEMuYS8Zfw5DN
W6QVPq3ooNpWFgkZoWckuXwN6vviMfLG7vt1Nd9Pa3gK5MZOQlgN4d6yZwk9WdTr
viZOs5WVm6v837bERfYhjGVJw1dKs+b9tRf4BIOhS75k9ycEUsMiaLVVCsR2FqUh
ZiP0lpKI6spHVmBA+8w13xlHgEe7S+ov4AxrVUEHWibzW8lyjlTNvmaFHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQ9Yo80q9USQMoY2KCHb3OpML8MMB8GA1UdIwQY
MBaAFH1WlXhvhFDRBB3IitiSy7Vw1ZcrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZhVmVHLUVVTkVFSGNpSzJKTEx0WERWbHlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8zMTdhYTctZTJhZC00YTg1LWIzZDIt
NjNiMzM4MDhhNmE4LzEvNUQxaWp6U3IxUkpBeWhqWW9JZHZjNmt3dnd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8zMTdhYTctZTJhZC00YTg1LWIzZDItNjNiMzM4MDhhNmE4
LzEvZlZhVmVHLUVVTkVFSGNpSzJKTEx0WERWbHlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQusMA0G
CSqGSIb3DQEBCwUAA4IBAQCHrPRCuPIACzS7TDNgMJ7p9wO+ueMx+t/Kmwq7BEjV
GnQjk7UWkfihfcewvUk+cFIQ3i0QHiXHsg0+jMmWTe7fueRFPIrjmUs6DBYazPIh
Pb8DvtO7EGODH+vBpAyKnQWO/tD/yL8m+chpkfPbvl8Kc2yU6LDTds3/VN2bsHn5
G/E0b9TRIFo5Zf7P6CjOzhz2x9Ey3hsRQaZiSa5/vVhTdcYhfWM5+avNWkt3PjfL
TYeUVwA0QB8+7p7Bmg8BvASrtJJmLyNoC5B53NdN3qTZ7Vxx2gulcEtoodqMSN/2
kp6iCzcdw4fq/YWAezrs0xisPUSKMsFvJy0b7zqLKJeG
-----END CERTIFICATE-----