Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/58bnVPsWsH-H9Ul5LAwUSfEMAjY.roa
File:                     58bnVPsWsH-H9Ul5LAwUSfEMAjY.roa (raw, json)
Hash identifier:          Y2r9C5IYn592NyUlUNDr4RvKhX51X1Y9pa7zZYWSSk8=
Subject key identifier:   E7:C6:E7:54:FB:16:B0:7F:87:F5:49:79:2C:0C:14:49:F1:0C:02:36
Certificate issuer:       /CN=d5e6733fa239c5fb0c438c82f7c230f55d478cb1
Certificate serial:       018CC94C0FC51D1C02233E7CB97EBDCBAE72
Authority key identifier: D5:E6:73:3F:A2:39:C5:FB:0C:43:8C:82:F7:C2:30:F5:5D:47:8C:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/58bnVPsWsH-H9Ul5LAwUSfEMAjY.roa
Signing time:             Tue 02 Jan 2024 08:30:54 +0000
ROA not before:           Tue 02 Jan 2024 08:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        45.81.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:0f:c5:1d:1c:02:23:3e:7c:b9:7e:bd:cb:ae:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5e6733fa239c5fb0c438c82f7c230f55d478cb1
        Validity
            Not Before: Jan  2 08:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7c6e754fb16b07f87f549792c0c1449f10c0236
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f6:b7:bb:11:78:36:d2:38:0c:e4:9d:92:02:
                    36:7b:f3:ba:54:f9:4b:9b:8f:bb:8b:a1:cc:91:1a:
                    73:a0:6d:d4:66:f9:d1:b6:ff:57:3b:c3:6a:44:2a:
                    f1:de:5c:9e:fb:2c:cd:ec:f7:99:0f:ae:f6:d0:90:
                    78:7e:d1:20:b1:aa:2c:68:85:82:48:b2:c1:af:39:
                    df:30:8f:74:cc:ae:30:25:1b:32:eb:c1:e3:e2:0c:
                    f7:ad:f5:cb:9e:3b:79:f7:5a:cd:90:5e:03:c3:b2:
                    1d:07:0f:b0:b6:74:93:fd:f4:48:0e:01:61:a1:8f:
                    c4:bc:12:2f:53:77:a8:74:34:b3:b0:38:a4:d2:bc:
                    4d:83:21:84:59:52:ab:8a:29:d3:0c:72:6e:fe:4f:
                    06:5c:00:56:86:75:2b:82:1d:78:15:63:3b:e9:b5:
                    82:88:01:94:54:b4:38:91:58:49:98:12:f5:d4:0a:
                    37:57:0d:02:66:8a:20:c4:1f:e5:71:47:76:41:ad:
                    5c:84:5c:89:71:8a:bf:e2:b8:66:81:45:6d:bd:eb:
                    11:72:c9:71:c0:65:7c:07:85:e9:42:80:e6:68:d2:
                    44:b1:69:22:bc:84:80:00:21:a4:11:15:9e:7a:d8:
                    86:f6:70:09:18:3a:2a:59:1e:c4:ae:f2:cb:00:56:
                    75:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:C6:E7:54:FB:16:B0:7F:87:F5:49:79:2C:0C:14:49:F1:0C:02:36
            X509v3 Authority Key Identifier:
                keyid:D5:E6:73:3F:A2:39:C5:FB:0C:43:8C:82:F7:C2:30:F5:5D:47:8C:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/58bnVPsWsH-H9Ul5LAwUSfEMAjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:a4:cf:8a:b9:76:ad:5f:b0:ef:22:a8:5c:bb:63:f9:47:d1:
         ad:04:66:2b:63:74:e5:d7:54:41:a6:f6:1c:6a:0e:37:65:5e:
         f2:4d:f3:18:fa:2c:df:bd:11:bd:97:60:40:36:55:90:a9:7b:
         4e:bf:a8:b0:1e:bd:99:42:ca:53:37:bf:c4:a5:e4:57:77:68:
         eb:3c:ff:d0:ff:75:9b:55:57:61:63:ed:ea:9d:da:14:14:28:
         4f:72:2e:6a:2c:8a:e8:da:d1:7a:79:85:9f:27:15:73:13:1a:
         a3:0d:f5:21:bc:7d:9c:73:15:8f:3d:97:85:40:20:f8:fe:77:
         2b:99:63:8d:e1:d6:c3:d6:e1:05:00:a6:01:c5:32:d8:44:9e:
         38:33:b0:63:0f:4a:3f:99:ec:ae:c4:ca:4f:97:57:14:87:4a:
         d0:35:ed:da:03:00:e0:1d:15:a3:57:e0:cd:91:99:73:c1:e2:
         be:b6:68:f2:5a:c5:53:ba:f2:23:66:f6:94:02:06:51:b4:e9:
         2f:20:84:a3:fc:a4:67:e6:55:af:f5:07:02:68:e2:ac:e5:26:
         38:5a:dc:1c:37:f8:02:f9:e4:cc:87:f5:d0:6a:06:44:24:b4:
         92:9d:7f:c4:be:6b:37:e5:24:7b:c2:0c:86:11:bf:6d:f6:48:
         ae:48:a9:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTA/FHRwCIz58uX69y65yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZTY3MzNmYTIzOWM1ZmIwYzQzOGM4MmY3YzIzMGY1NWQ0
NzhjYjEwHhcNMjQwMTAyMDgzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2M2ZTc1NGZiMTZiMDdmODdmNTQ5NzkyYzBjMTQ0OWYxMGMwMjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/a3uxF4NtI4DOSdkgI2e/O6VPlL
m4+7i6HMkRpzoG3UZvnRtv9XO8NqRCrx3lye+yzN7PeZD6720JB4ftEgsaosaIWC
SLLBrznfMI90zK4wJRsy68Hj4gz3rfXLnjt591rNkF4Dw7IdBw+wtnST/fRIDgFh
oY/EvBIvU3eodDSzsDik0rxNgyGEWVKriinTDHJu/k8GXABWhnUrgh14FWM76bWC
iAGUVLQ4kVhJmBL11Ao3Vw0CZoogxB/lcUd2Qa1chFyJcYq/4rhmgUVtvesRcslx
wGV8B4XpQoDmaNJEsWkivISAACGkERWeetiG9nAJGDoqWR7ErvLLAFZ1QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOfG51T7FrB/h/VJeSwMFEnxDAI2MB8GA1UdIwQY
MBaAFNXmcz+iOcX7DEOMgvfCMPVdR4yxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWVaelA2STV4ZnNNUTR5Qzk4SXc5VjFIakxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8yNWM5NWUtN2YyNy00ZDY5LTg1NmQt
YTM4YjY3OTVmYjI0LzEvNThiblZQc1dzSC1IOVVsNUxBd1VTZkVNQWpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8yNWM5NWUtN2YyNy00ZDY5LTg1NmQtYTM4YjY3OTVmYjI0
LzEvMWVaelA2STV4ZnNNUTR5Qzk4SXc5VjFIakxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVH/MA0G
CSqGSIb3DQEBCwUAA4IBAQCcpM+KuXatX7DvIqhcu2P5R9GtBGYrY3Tl11RBpvYc
ag43ZV7yTfMY+izfvRG9l2BANlWQqXtOv6iwHr2ZQspTN7/EpeRXd2jrPP/Q/3Wb
VVdhY+3qndoUFChPci5qLIro2tF6eYWfJxVzExqjDfUhvH2ccxWPPZeFQCD4/ncr
mWON4dbD1uEFAKYBxTLYRJ44M7BjD0o/meyuxMpPl1cUh0rQNe3aAwDgHRWjV+DN
kZlzweK+tmjyWsVTuvIjZvaUAgZRtOkvIISj/KRn5lWv9QcCaOKs5SY4WtwcN/gC
+eTMh/XQagZEJLSSnX/Evms35SR7wgyGEb9t9kiuSKlN
-----END CERTIFICATE-----