Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/a2EbNZdRZ5M6Jf-Wj3T4J3h2JDM.roa
File:                     a2EbNZdRZ5M6Jf-Wj3T4J3h2JDM.roa (raw, json)
Hash identifier:          wruvIQWmIPBnKptBEw4hgKduG+CI9FfzhnffyTjJnIQ=
Subject key identifier:   6B:61:1B:35:97:51:67:93:3A:25:FF:96:8F:74:F8:27:78:76:24:33
Certificate issuer:       /CN=9cf608ffadf600081ee922298e4b2ae96aff48e8
Certificate serial:       018CC8011629B69C29A04075DE5E9D7D719C
Authority key identifier: 9C:F6:08:FF:AD:F6:00:08:1E:E9:22:29:8E:4B:2A:E9:6A:FF:48:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nPYI_632AAge6SIpjksq6Wr_SOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/a2EbNZdRZ5M6Jf-Wj3T4J3h2JDM.roa
Signing time:             Tue 02 Jan 2024 02:29:23 +0000
ROA not before:           Tue 02 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49800
IP address blocks:        45.131.125.0/24 maxlen: 24
                          45.131.126.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/nPYI_632AAge6SIpjksq6Wr_SOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/nPYI_632AAge6SIpjksq6Wr_SOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nPYI_632AAge6SIpjksq6Wr_SOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:16:29:b6:9c:29:a0:40:75:de:5e:9d:7d:71:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cf608ffadf600081ee922298e4b2ae96aff48e8
        Validity
            Not Before: Jan  2 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b611b35975167933a25ff968f74f82778762433
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:1b:6a:e6:97:d1:65:a9:4c:5b:90:9f:42:f1:
                    59:c0:9c:81:b2:84:78:45:54:69:b2:53:a2:68:46:
                    fe:b6:aa:de:7d:57:2f:cb:ae:fa:c9:b1:8a:36:ad:
                    cb:c3:6a:9d:94:b4:e5:c2:10:50:ac:cb:19:dc:5c:
                    52:4d:bd:7b:d8:8b:a4:e8:b3:f7:6b:80:28:64:3a:
                    c4:d4:47:f6:62:b1:26:c0:3f:6c:47:a3:39:de:38:
                    38:2a:f3:bf:bd:2e:0d:df:2b:4d:d3:cf:77:ed:37:
                    6f:da:a4:76:be:7b:5e:16:a7:ff:c3:53:23:65:bd:
                    40:88:8a:6b:dc:e5:c9:b2:19:44:1e:0d:ec:04:83:
                    a6:43:a9:a6:a2:c1:2b:b5:48:92:d7:1c:72:92:6b:
                    59:71:fb:c1:ee:0d:94:3a:69:67:92:0c:ed:a0:e6:
                    95:3d:e2:7b:9e:6b:c2:b4:8b:7a:68:e0:18:fd:87:
                    a1:20:43:3f:45:94:98:4e:29:62:80:7f:3a:17:37:
                    cb:e3:49:e2:8e:a4:15:7a:47:a6:30:76:05:b7:ee:
                    30:75:e4:9d:23:8d:4e:6a:d3:be:3a:9a:7d:53:0f:
                    85:b5:9b:39:11:c3:37:23:1d:16:46:36:41:6f:c1:
                    d3:29:40:06:55:d9:07:76:ae:df:40:51:e2:a6:60:
                    9c:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:61:1B:35:97:51:67:93:3A:25:FF:96:8F:74:F8:27:78:76:24:33
            X509v3 Authority Key Identifier:
                keyid:9C:F6:08:FF:AD:F6:00:08:1E:E9:22:29:8E:4B:2A:E9:6A:FF:48:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nPYI_632AAge6SIpjksq6Wr_SOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/a2EbNZdRZ5M6Jf-Wj3T4J3h2JDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/nPYI_632AAge6SIpjksq6Wr_SOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.125.0-45.131.127.255

    Signature Algorithm: sha256WithRSAEncryption
         d8:4d:74:0e:88:58:1a:42:7f:2f:c7:5b:0d:2a:95:a0:0b:39:
         e9:1f:93:75:a7:16:9f:4d:f1:4d:52:1f:d0:20:3e:74:0c:39:
         d6:f2:cc:16:11:1a:0c:b4:50:54:f6:a7:58:52:84:46:87:a5:
         1a:65:a8:8f:9c:82:ba:ce:ec:04:d4:9a:6e:5c:93:80:f2:8c:
         e5:7e:c5:34:a3:45:a8:5c:14:6a:2d:7c:5c:c4:2f:ce:2e:a4:
         8a:e1:ff:07:75:80:43:69:d3:02:9f:65:01:6e:21:bf:ef:e3:
         bd:63:d6:eb:83:aa:af:4d:6f:b3:d7:fc:de:bd:f9:ff:df:b3:
         89:4f:e5:8f:2a:9f:b7:37:e3:c9:10:95:fc:42:5f:cb:60:f7:
         be:0c:3a:79:2e:78:29:3f:22:4d:11:3a:66:d6:73:b8:77:18:
         50:02:76:15:c1:b8:4c:d0:39:52:8f:7b:dd:60:99:2d:f9:b2:
         69:02:d1:b6:f2:ee:4d:74:b5:0e:40:1f:54:9a:43:ae:e5:69:
         29:68:88:8c:25:61:dc:84:dd:bc:87:d8:b6:93:d3:c0:76:b1:
         f8:2e:6b:89:31:3a:1f:37:b0:1a:36:81:92:86:37:0e:36:82:
         07:86:e0:33:81:51:98:f9:c2:05:2e:f9:c9:6b:7d:be:34:c7:
         b9:18:b0:86
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIARYptpwpoEB13l6dfXGcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljZjYwOGZmYWRmNjAwMDgxZWU5MjIyOThlNGIyYWU5NmFm
ZjQ4ZTgwHhcNMjQwMTAyMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjYxMWIzNTk3NTE2NzkzM2EyNWZmOTY4Zjc0ZjgyNzc4NzYyNDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhtq5pfRZalMW5CfQvFZwJyBsoR4
RVRpslOiaEb+tqrefVcvy676ybGKNq3Lw2qdlLTlwhBQrMsZ3FxSTb172Iuk6LP3
a4AoZDrE1Ef2YrEmwD9sR6M53jg4KvO/vS4N3ytN08937Tdv2qR2vnteFqf/w1Mj
Zb1AiIpr3OXJshlEHg3sBIOmQ6mmosErtUiS1xxykmtZcfvB7g2UOmlnkgztoOaV
PeJ7nmvCtIt6aOAY/YehIEM/RZSYTiligH86FzfL40nijqQVekemMHYFt+4wdeSd
I41OatO+Opp9Uw+FtZs5EcM3Ix0WRjZBb8HTKUAGVdkHdq7fQFHipmCcYQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGthGzWXUWeTOiX/lo90+Cd4diQzMB8GA1UdIwQY
MBaAFJz2CP+t9gAIHukiKY5LKulq/0joMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblBZSV82MzJBQWdlNlNJcGprc3E2V3JfU09nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kNDVmMTEtNjdjMi00N2E1LTk5NmMt
ODkxZWI1NDhiODkxLzEvYTJFYk5aZFJaNU02SmYtV2ozVDRKM2gySkRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kNDVmMTEtNjdjMi00N2E1LTk5NmMtODkxZWI1NDhiODkx
LzEvblBZSV82MzJBQWdlNlNJcGprc3E2V3JfU09nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtg30D
BActgwAwDQYJKoZIhvcNAQELBQADggEBANhNdA6IWBpCfy/HWw0qlaALOekfk3Wn
Fp9N8U1SH9AgPnQMOdbyzBYRGgy0UFT2p1hShEaHpRplqI+cgrrO7ATUmm5ck4Dy
jOV+xTSjRahcFGotfFzEL84upIrh/wd1gENp0wKfZQFuIb/v471j1uuDqq9Nb7PX
/N69+f/fs4lP5Y8qn7c348kQlfxCX8tg974MOnkueCk/Ik0ROmbWc7h3GFACdhXB
uEzQOVKPe91gmS35smkC0bby7k10tQ5AH1SaQ67laSloiIwlYdyE3byH2LaT08B2
sfgua4kxOh83sBo2gZKGNw42ggeG4DOBUZj5wgUu+clrfb40x7kYsIY=
-----END CERTIFICATE-----