Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/2ea594-a2ca-4ffa-89ee-8921b0559e90/1/dSI7ZsGMvf0dLZElMRrhAW9af_o.roa
File:                     dSI7ZsGMvf0dLZElMRrhAW9af_o.roa (raw, json)
Hash identifier:          ER7tjJUH9chUakUTkkPBm3l5SybAGxkGFw1hSCtwO1A=
Subject key identifier:   75:22:3B:66:C1:8C:BD:FD:1D:2D:91:25:31:1A:E1:01:6F:5A:7F:FA
Certificate issuer:       /CN=744dd3afd7cce7ce00a9eac67e0bca99beb729aa
Certificate serial:       018CCA2BB0A5D7922E0A00A259AB3E7A2241
Authority key identifier: 74:4D:D3:AF:D7:CC:E7:CE:00:A9:EA:C6:7E:0B:CA:99:BE:B7:29:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dE3Tr9fM584AqerGfgvKmb63Kao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/2ea594-a2ca-4ffa-89ee-8921b0559e90/1/dSI7ZsGMvf0dLZElMRrhAW9af_o.roa
Signing time:             Tue 02 Jan 2024 12:35:10 +0000
ROA not before:           Tue 02 Jan 2024 12:35:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197922
IP address blocks:        45.81.84.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/2ea594-a2ca-4ffa-89ee-8921b0559e90/1/dE3Tr9fM584AqerGfgvKmb63Kao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/2ea594-a2ca-4ffa-89ee-8921b0559e90/1/dE3Tr9fM584AqerGfgvKmb63Kao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dE3Tr9fM584AqerGfgvKmb63Kao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:b0:a5:d7:92:2e:0a:00:a2:59:ab:3e:7a:22:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=744dd3afd7cce7ce00a9eac67e0bca99beb729aa
        Validity
            Not Before: Jan  2 12:35:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75223b66c18cbdfd1d2d9125311ae1016f5a7ffa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:39:b1:80:21:92:0c:f8:2c:b0:6b:b2:1f:1f:
                    db:6d:17:a0:b5:dd:6d:ab:76:6f:6d:24:bc:2d:77:
                    50:09:d5:bc:23:83:93:96:4e:d9:4c:50:7b:8a:ca:
                    5a:77:d6:f4:7f:81:e2:27:e1:8e:61:ce:ad:d2:11:
                    3c:ae:ca:4e:47:3f:62:90:3b:b5:90:99:94:f2:e0:
                    21:fb:2b:27:ac:f0:28:d8:76:51:e3:57:1c:0a:75:
                    35:e6:f4:02:16:86:5e:15:b5:18:b2:4d:16:7c:7c:
                    43:99:52:e9:78:81:0d:c9:eb:12:e3:ff:8f:5c:18:
                    48:79:0e:32:13:4a:6d:30:8c:83:e1:d5:6c:07:ad:
                    51:4b:a1:ba:61:8f:cc:d5:31:a3:6c:d0:c7:14:19:
                    e7:17:8d:4f:03:3e:c0:b9:52:15:14:22:78:0f:e7:
                    bf:6a:34:a7:73:10:b2:52:d3:18:bd:2c:f7:17:2e:
                    0c:dc:40:52:65:83:e4:0a:a4:5e:6f:cc:ac:95:d6:
                    ff:f9:2f:e9:b5:b0:30:d8:aa:ed:ea:7a:96:04:1f:
                    6c:45:81:1e:1e:cb:fe:ac:68:79:b0:7b:a2:8d:bd:
                    d5:17:9f:75:98:36:e3:f0:d3:60:96:07:21:21:97:
                    00:22:5f:a3:42:81:5f:23:ce:e3:db:a5:d2:31:c1:
                    10:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:22:3B:66:C1:8C:BD:FD:1D:2D:91:25:31:1A:E1:01:6F:5A:7F:FA
            X509v3 Authority Key Identifier:
                keyid:74:4D:D3:AF:D7:CC:E7:CE:00:A9:EA:C6:7E:0B:CA:99:BE:B7:29:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dE3Tr9fM584AqerGfgvKmb63Kao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/2ea594-a2ca-4ffa-89ee-8921b0559e90/1/dSI7ZsGMvf0dLZElMRrhAW9af_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/2ea594-a2ca-4ffa-89ee-8921b0559e90/1/dE3Tr9fM584AqerGfgvKmb63Kao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:b1:23:5d:14:8a:16:92:69:df:58:ac:42:3c:d7:2a:89:02:
         ed:b3:7b:ea:1d:5a:e1:05:3c:b9:61:03:28:95:15:84:d9:0c:
         eb:df:fa:6e:7f:18:5e:99:5d:0c:0f:81:72:ce:f6:96:a5:63:
         cb:ee:91:21:18:d2:60:df:cc:43:85:ba:67:7c:ff:9b:6a:90:
         cb:ba:66:4f:32:30:b1:f5:a6:ff:0b:27:76:e6:4b:2b:51:a8:
         c6:39:fa:2a:09:14:d4:5c:cc:cd:bf:04:9e:ac:3e:b6:eb:81:
         57:85:72:01:65:2b:c3:72:13:00:1d:f6:bc:dd:e6:ea:ad:ae:
         03:01:be:8c:f8:cd:90:cf:16:51:33:fe:17:c6:34:ee:8b:34:
         f8:76:af:51:0d:91:ed:99:1e:4f:53:1f:1d:ae:88:8f:5b:47:
         22:38:30:85:56:05:cd:72:c0:ab:90:61:24:49:d0:27:5f:2e:
         a7:c2:a9:cb:06:1a:f9:1c:3f:da:57:0e:25:30:ae:7d:32:d0:
         c4:c2:8b:c6:91:f9:f4:53:b7:15:3f:3a:c9:43:07:29:7a:d2:
         aa:b1:36:48:27:fa:e9:d7:83:3c:4c:ad:f2:f9:c0:47:6c:b2:
         02:cd:77:a7:21:a9:d4:f8:a9:09:24:8c:46:c8:7b:bd:96:df:
         4d:8d:e3:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK7Cl15IuCgCiWas+eiJBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NGRkM2FmZDdjY2U3Y2UwMGE5ZWFjNjdlMGJjYTk5YmVi
NzI5YWEwHhcNMjQwMTAyMTIzNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTIyM2I2NmMxOGNiZGZkMWQyZDkxMjUzMTFhZTEwMTZmNWE3ZmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zmxgCGSDPgssGuyHx/bbRegtd1t
q3ZvbSS8LXdQCdW8I4OTlk7ZTFB7ispad9b0f4HiJ+GOYc6t0hE8rspORz9ikDu1
kJmU8uAh+ysnrPAo2HZR41ccCnU15vQCFoZeFbUYsk0WfHxDmVLpeIENyesS4/+P
XBhIeQ4yE0ptMIyD4dVsB61RS6G6YY/M1TGjbNDHFBnnF41PAz7AuVIVFCJ4D+e/
ajSncxCyUtMYvSz3Fy4M3EBSZYPkCqReb8ysldb/+S/ptbAw2Krt6nqWBB9sRYEe
Hsv+rGh5sHuijb3VF591mDbj8NNglgchIZcAIl+jQoFfI87j26XSMcEQkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUiO2bBjL39HS2RJTEa4QFvWn/6MB8GA1UdIwQY
MBaAFHRN06/XzOfOAKnqxn4Lypm+tymqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEUzVHI5Zk01ODRBcWVyR2ZndkttYjYzS2FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8yZWE1OTQtYTJjYS00ZmZhLTg5ZWUt
ODkyMWIwNTU5ZTkwLzEvZFNJN1pzR012ZjBkTFpFbE1ScmhBVzlhZl9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8yZWE1OTQtYTJjYS00ZmZhLTg5ZWUtODkyMWIwNTU5ZTkw
LzEvZEUzVHI5Zk01ODRBcWVyR2ZndkttYjYzS2FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVFUMA0G
CSqGSIb3DQEBCwUAA4IBAQBOsSNdFIoWkmnfWKxCPNcqiQLts3vqHVrhBTy5YQMo
lRWE2Qzr3/pufxhemV0MD4FyzvaWpWPL7pEhGNJg38xDhbpnfP+bapDLumZPMjCx
9ab/Cyd25ksrUajGOfoqCRTUXMzNvwSerD6264FXhXIBZSvDchMAHfa83ebqra4D
Ab6M+M2QzxZRM/4XxjTuizT4dq9RDZHtmR5PUx8droiPW0ciODCFVgXNcsCrkGEk
SdAnXy6nwqnLBhr5HD/aVw4lMK59MtDEwovGkfn0U7cVPzrJQwcpetKqsTZIJ/rp
14M8TK3y+cBHbLICzXenIanU+KkJJIxGyHu9lt9NjeMV
-----END CERTIFICATE-----