Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/OcggvNUkloeZ0brN8F1Pd_fLZ1I.roa
File:                     OcggvNUkloeZ0brN8F1Pd_fLZ1I.roa (raw, json)
Hash identifier:          oSzQardrSUsxDIC9Bpby58d4LfbXvsW4BCsxhNMuLeY=
Subject key identifier:   39:C8:20:BC:D5:24:96:87:99:D1:BA:CD:F0:5D:4F:77:F7:CB:67:52
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018E56655559B01232E700A87B08D1EA51E4
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/OcggvNUkloeZ0brN8F1Pd_fLZ1I.roa
Signing time:             Tue 19 Mar 2024 11:07:45 +0000
ROA not before:           Tue 19 Mar 2024 11:07:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212669
IP address blocks:        45.81.114.0/24 maxlen: 24
                          45.138.181.0/24 maxlen: 24
                          45.151.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:56:65:55:59:b0:12:32:e7:00:a8:7b:08:d1:ea:51:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Mar 19 11:07:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39c820bcd524968799d1bacdf05d4f77f7cb6752
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:3e:c9:40:a9:e0:67:5c:89:9d:66:7f:08:11:
                    ad:65:09:94:8f:f6:24:82:00:1d:2b:4b:40:96:a3:
                    66:63:38:e1:b5:fe:73:7a:6d:a7:3e:16:32:22:43:
                    42:d3:b6:dc:3a:ce:11:2f:54:5c:2f:96:da:32:db:
                    09:e7:cb:0d:a2:3a:ee:cf:04:46:c2:19:b7:8e:4e:
                    c5:e0:fc:f0:6c:30:56:6a:12:1a:d2:e0:bf:d1:1c:
                    f6:f0:e6:9e:7f:86:58:95:24:56:2a:d6:c7:2f:29:
                    81:57:9d:ca:c5:e1:1f:6c:5b:71:6f:6d:00:19:3b:
                    f3:0b:70:dd:96:7b:df:77:fc:af:30:bd:a5:fb:36:
                    da:fc:35:a6:4e:c0:23:90:ff:61:a0:4f:dd:19:db:
                    ac:ab:dd:b2:85:a5:d8:ff:9e:5e:50:b9:a3:e5:ee:
                    6d:63:fb:cc:b2:47:f8:53:84:c8:25:89:a7:9f:dc:
                    0b:d8:14:5e:de:1e:f8:49:bf:3d:ec:48:12:d8:30:
                    87:42:7d:f9:0b:77:c0:69:7d:58:1c:98:bb:1d:bf:
                    4b:23:fc:b6:e6:2a:06:f2:43:ee:65:15:65:b5:b2:
                    d5:c2:4b:d2:7e:4c:ae:ac:73:8f:c2:2e:59:28:1c:
                    e9:8a:63:0f:22:ed:ec:ee:3c:99:99:c1:28:95:c2:
                    79:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:C8:20:BC:D5:24:96:87:99:D1:BA:CD:F0:5D:4F:77:F7:CB:67:52
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/OcggvNUkloeZ0brN8F1Pd_fLZ1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.114.0/24
                  45.138.181.0/24
                  45.151.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:da:e4:b9:6e:d3:a1:e4:63:1e:4f:f9:90:58:52:b5:ae:9b:
         bc:0f:ff:43:c3:00:d3:78:ce:f7:4e:06:2b:47:f5:02:c9:67:
         d4:bf:0b:08:c1:69:c4:88:2c:b6:1e:b5:2c:91:f8:14:a1:91:
         39:11:55:38:ae:ae:99:6e:f3:74:f4:a9:fe:59:13:a0:84:c7:
         54:26:c9:f4:37:cb:10:1a:15:95:a3:d6:19:f9:94:05:cc:1f:
         95:38:b6:21:59:56:a4:6f:0f:a5:90:82:e2:ca:fb:a1:fd:24:
         82:7a:d1:b6:6d:d6:0a:b7:9c:9b:ec:e8:07:a5:2d:55:68:da:
         d5:e1:43:3f:a4:a7:bc:db:72:42:82:13:f5:5a:8c:6a:46:61:
         6f:a4:7a:4a:54:a1:bd:45:2c:31:e7:9b:a8:75:94:6f:16:ef:
         6a:00:04:6e:f8:99:1d:d4:cb:a2:c0:73:76:54:06:d3:25:50:
         b3:88:cf:fd:04:92:33:0e:94:23:8c:38:46:48:f9:5f:12:ec:
         85:61:5d:91:ce:79:db:41:0b:6e:da:22:3e:40:79:99:df:94:
         00:14:95:45:cd:21:f8:91:c5:3d:05:b2:7f:3a:73:8d:20:72:
         86:b0:e2:40:42:6a:72:67:a8:1d:4a:f0:86:9c:03:4e:33:16:
         b5:ef:f3:b6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY5WZVVZsBIy5wCoewjR6lHkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMzE5MTEwNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWM4MjBiY2Q1MjQ5Njg3OTlkMWJhY2RmMDVkNGY3N2Y3Y2I2NzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjT7JQKngZ1yJnWZ/CBGtZQmUj/Yk
ggAdK0tAlqNmYzjhtf5zem2nPhYyIkNC07bcOs4RL1RcL5baMtsJ58sNojruzwRG
whm3jk7F4PzwbDBWahIa0uC/0Rz28Oaef4ZYlSRWKtbHLymBV53KxeEfbFtxb20A
GTvzC3Ddlnvfd/yvML2l+zba/DWmTsAjkP9hoE/dGdusq92yhaXY/55eULmj5e5t
Y/vMskf4U4TIJYmnn9wL2BRe3h74Sb897EgS2DCHQn35C3fAaX1YHJi7Hb9LI/y2
5ioG8kPuZRVltbLVwkvSfkyurHOPwi5ZKBzpimMPIu3s7jyZmcEolcJ5AwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDnIILzVJJaHmdG6zfBdT3f3y2dSMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvT2NnZ3ZOVWtsb2VaMGJyTjhGMVBkX2ZMWjFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVFyAwQA
LYq1AwQALZcAMA0GCSqGSIb3DQEBCwUAA4IBAQBx2uS5btOh5GMeT/mQWFK1rpu8
D/9DwwDTeM73TgYrR/UCyWfUvwsIwWnEiCy2HrUskfgUoZE5EVU4rq6ZbvN09Kn+
WROghMdUJsn0N8sQGhWVo9YZ+ZQFzB+VOLYhWVakbw+lkILiyvuh/SSCetG2bdYK
t5yb7OgHpS1VaNrV4UM/pKe823JCghP1WoxqRmFvpHpKVKG9RSwx55uodZRvFu9q
AARu+Jkd1MuiwHN2VAbTJVCziM/9BJIzDpQjjDhGSPlfEuyFYV2RznnbQQtu2iI+
QHmZ35QAFJVFzSH4kcU9BbJ/OnONIHKGsOJAQmpyZ6gdSvCGnANOMxa17/O2
-----END CERTIFICATE-----