Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/atzkTyT_cGczjXbTQ3gNYPQB5AI.roa
File:                     atzkTyT_cGczjXbTQ3gNYPQB5AI.roa (raw, json)
Hash identifier:          MnaEPceR9ToCrBTRiEKV9jOBOv20REUlzeK9+u8jeHk=
Subject key identifier:   6A:DC:E4:4F:24:FF:70:67:33:8D:76:D3:43:78:0D:60:F4:01:E4:02
Certificate issuer:       /CN=d5e6733fa239c5fb0c438c82f7c230f55d478cb1
Certificate serial:       018CC94C0FFFBB4B319AD2A1071B3BB4E2B5
Authority key identifier: D5:E6:73:3F:A2:39:C5:FB:0C:43:8C:82:F7:C2:30:F5:5D:47:8C:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/atzkTyT_cGczjXbTQ3gNYPQB5AI.roa
Signing time:             Tue 02 Jan 2024 08:30:54 +0000
ROA not before:           Tue 02 Jan 2024 08:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7029
IP address blocks:        45.81.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:0f:ff:bb:4b:31:9a:d2:a1:07:1b:3b:b4:e2:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5e6733fa239c5fb0c438c82f7c230f55d478cb1
        Validity
            Not Before: Jan  2 08:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6adce44f24ff7067338d76d343780d60f401e402
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d5:14:09:06:5a:52:91:b2:72:ba:8c:1b:60:
                    06:75:23:46:d6:92:07:81:8c:77:cb:38:b1:2b:7a:
                    9f:5d:94:df:eb:c8:3b:24:35:af:24:7a:6d:34:2e:
                    f6:2f:e1:2e:f9:b7:62:c0:cd:8f:26:fd:ad:b2:08:
                    78:c7:92:95:c6:24:37:d1:68:64:37:42:7f:a1:02:
                    e4:21:50:0f:4e:24:05:ee:f7:83:8e:2a:f4:b1:28:
                    de:55:29:40:51:e6:11:66:2f:a4:6b:3f:cd:ee:40:
                    17:ec:cc:d0:68:d4:c3:88:01:aa:dc:2d:0b:82:99:
                    3d:7b:12:97:07:b4:27:d0:1b:49:76:e6:3b:25:65:
                    ef:b0:6d:ee:72:04:ae:32:f1:1f:9e:a2:4d:33:4c:
                    52:12:83:52:04:46:76:f6:ee:6d:23:31:11:0b:72:
                    8c:a5:0c:4c:80:c1:46:a3:48:fa:f8:09:9a:b9:93:
                    42:cd:9c:43:87:5a:bd:30:4b:d3:a6:b0:9a:bc:5b:
                    ac:59:f7:1f:99:11:62:d5:91:52:c7:34:36:dd:b9:
                    1b:91:17:89:d1:f2:ea:fa:ab:82:44:3f:c9:e1:43:
                    7b:89:dc:18:08:a5:ba:98:c7:38:3d:b1:d4:fd:c3:
                    e9:47:96:5d:37:e5:4b:a0:61:c7:33:b6:c7:ec:b1:
                    38:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:DC:E4:4F:24:FF:70:67:33:8D:76:D3:43:78:0D:60:F4:01:E4:02
            X509v3 Authority Key Identifier:
                keyid:D5:E6:73:3F:A2:39:C5:FB:0C:43:8C:82:F7:C2:30:F5:5D:47:8C:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/atzkTyT_cGczjXbTQ3gNYPQB5AI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:6f:04:25:6d:3b:30:33:dd:71:29:c9:12:c7:0c:ff:14:06:
         05:fd:ac:93:ff:6b:78:a7:bf:b1:e4:a6:ae:10:0d:18:13:60:
         4c:cc:e2:9a:b9:50:16:d9:ac:6f:35:a5:9e:4c:ef:ee:49:f0:
         d3:38:f7:ae:ef:1c:37:de:63:97:a3:de:f5:82:cd:54:9a:b8:
         e2:54:84:4a:42:61:5f:86:1b:f6:bd:2f:c5:c1:34:5a:40:3f:
         18:86:52:f9:4e:dc:82:ce:7c:9d:97:89:31:ca:e7:bb:11:b8:
         0e:ac:03:c6:23:a9:37:79:f1:5b:8a:68:47:50:e3:de:fd:e1:
         24:71:76:1d:29:ac:db:9c:9e:99:c0:e2:40:62:db:ad:73:66:
         38:df:2a:3e:bf:e7:4a:1d:1e:25:15:a5:aa:03:ee:95:17:de:
         08:c4:6c:6a:48:03:6d:1d:e0:f7:6c:39:3d:98:20:8b:a3:f5:
         fb:1b:4a:ab:09:74:3b:0b:9a:31:bf:01:aa:5c:2b:00:9d:dd:
         0d:f9:68:f4:3d:11:b8:21:f8:d6:05:8c:24:aa:91:1a:b3:69:
         1e:de:d7:99:fe:5f:6c:f8:c3:56:06:b7:55:ba:51:fe:b5:7a:
         d7:bb:11:53:76:ba:49:28:08:ed:5f:ea:27:68:30:cf:dd:9f:
         3f:b3:6a:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTA//u0sxmtKhBxs7tOK1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZTY3MzNmYTIzOWM1ZmIwYzQzOGM4MmY3YzIzMGY1NWQ0
NzhjYjEwHhcNMjQwMTAyMDgzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWRjZTQ0ZjI0ZmY3MDY3MzM4ZDc2ZDM0Mzc4MGQ2MGY0MDFlNDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttUUCQZaUpGycrqMG2AGdSNG1pIH
gYx3yzixK3qfXZTf68g7JDWvJHptNC72L+Eu+bdiwM2PJv2tsgh4x5KVxiQ30Whk
N0J/oQLkIVAPTiQF7veDjir0sSjeVSlAUeYRZi+kaz/N7kAX7MzQaNTDiAGq3C0L
gpk9exKXB7Qn0BtJduY7JWXvsG3ucgSuMvEfnqJNM0xSEoNSBEZ29u5tIzERC3KM
pQxMgMFGo0j6+AmauZNCzZxDh1q9MEvTprCavFusWfcfmRFi1ZFSxzQ23bkbkReJ
0fLq+quCRD/J4UN7idwYCKW6mMc4PbHU/cPpR5ZdN+VLoGHHM7bH7LE4hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGrc5E8k/3BnM41200N4DWD0AeQCMB8GA1UdIwQY
MBaAFNXmcz+iOcX7DEOMgvfCMPVdR4yxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWVaelA2STV4ZnNNUTR5Qzk4SXc5VjFIakxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8yNWM5NWUtN2YyNy00ZDY5LTg1NmQt
YTM4YjY3OTVmYjI0LzEvYXR6a1R5VF9jR2N6alhiVFEzZ05ZUFFCNUFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8yNWM5NWUtN2YyNy00ZDY5LTg1NmQtYTM4YjY3OTVmYjI0
LzEvMWVaelA2STV4ZnNNUTR5Qzk4SXc5VjFIakxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVH/MA0G
CSqGSIb3DQEBCwUAA4IBAQCObwQlbTswM91xKckSxwz/FAYF/ayT/2t4p7+x5Kau
EA0YE2BMzOKauVAW2axvNaWeTO/uSfDTOPeu7xw33mOXo971gs1UmrjiVIRKQmFf
hhv2vS/FwTRaQD8YhlL5TtyCznydl4kxyue7EbgOrAPGI6k3efFbimhHUOPe/eEk
cXYdKazbnJ6ZwOJAYtutc2Y43yo+v+dKHR4lFaWqA+6VF94IxGxqSANtHeD3bDk9
mCCLo/X7G0qrCXQ7C5oxvwGqXCsAnd0N+Wj0PRG4IfjWBYwkqpEas2ke3teZ/l9s
+MNWBrdVulH+tXrXuxFTdrpJKAjtX+onaDDP3Z8/s2oP
-----END CERTIFICATE-----