Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/D3WzhW5e32dB73n1YltMIVN53XA.roa
File:                     D3WzhW5e32dB73n1YltMIVN53XA.roa (raw, json)
Hash identifier:          u53XDFNLJuSm8BYKMNAiXEFkzp9jSaLpIdYX3GZzy7g=
Subject key identifier:   0F:75:B3:85:6E:5E:DF:67:41:EF:79:F5:62:5B:4C:21:53:79:DD:70
Certificate issuer:       /CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
Certificate serial:       018CC5012AFDE1C7D9A9F34C7BD1C0173375
Authority key identifier: 9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/D3WzhW5e32dB73n1YltMIVN53XA.roa
Signing time:             Mon 01 Jan 2024 12:30:37 +0000
ROA not before:           Mon 01 Jan 2024 12:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5650
IP address blocks:        45.81.160.0/24 maxlen: 24
                          2.56.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2a:fd:e1:c7:d9:a9:f3:4c:7b:d1:c0:17:33:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
        Validity
            Not Before: Jan  1 12:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f75b3856e5edf6741ef79f5625b4c215379dd70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a5:22:a2:7d:d2:86:e8:7f:a0:3a:a1:71:6f:
                    2e:8b:cc:59:19:2b:94:05:be:8c:15:e5:93:ed:82:
                    ad:76:ba:64:c7:52:87:d6:d9:d3:35:d9:f9:dc:f7:
                    27:cd:84:22:c6:3c:70:68:cd:19:ee:44:49:3e:04:
                    6d:dd:6c:eb:0e:ec:61:e3:aa:3b:2d:7f:23:6e:f9:
                    be:88:48:38:37:09:ea:94:73:e0:0e:86:62:56:79:
                    67:cb:1a:89:93:a4:ed:a0:98:38:53:a8:c5:6a:7f:
                    c8:b2:47:23:a6:e2:a9:f2:6f:c1:de:67:6d:10:5c:
                    c7:32:b2:8d:1a:6a:36:26:90:a5:e3:26:ec:cb:f0:
                    d4:81:71:15:43:43:55:4d:31:db:f9:56:78:c7:4e:
                    95:a3:93:13:a5:ba:2b:fa:62:9f:83:db:a0:9a:29:
                    b2:91:0d:a5:31:a6:54:e5:77:30:e8:52:23:49:09:
                    9f:63:13:2b:34:ca:3e:3e:90:7e:00:4f:65:75:97:
                    f7:71:79:4c:a7:94:5d:84:76:c8:63:c7:30:68:1d:
                    59:61:ae:d3:df:79:a0:0e:34:be:06:4d:07:66:7d:
                    1a:fe:f0:30:19:71:58:bc:e7:20:15:94:01:eb:f9:
                    a2:da:36:ff:16:c5:14:1f:6f:79:80:95:d2:4f:fd:
                    82:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:75:B3:85:6E:5E:DF:67:41:EF:79:F5:62:5B:4C:21:53:79:DD:70
            X509v3 Authority Key Identifier:
                keyid:9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/D3WzhW5e32dB73n1YltMIVN53XA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.32.0/22
                  45.81.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:72:af:e7:89:c6:5c:15:9e:52:97:15:fb:6e:36:cf:03:8f:
         d0:bb:b1:26:4e:46:55:cf:0f:7a:29:20:3e:07:e7:5e:53:65:
         c6:22:74:e0:ed:b4:9c:23:e8:da:53:e2:00:f8:f1:37:42:cb:
         0c:b2:22:d1:38:9d:aa:ef:6f:7d:22:0a:c5:b5:86:69:1f:88:
         55:8f:b0:ff:9b:75:50:48:72:74:28:eb:70:d0:ec:6d:6f:8c:
         6c:6b:df:ba:09:05:4a:92:11:da:f4:c4:6c:3a:5b:9d:2b:2b:
         c9:3d:b9:94:5f:06:ef:f4:06:da:6d:2d:15:89:4e:f4:55:7d:
         59:3f:fb:5c:9f:f3:57:69:17:13:d6:93:f0:d6:99:2d:2f:91:
         fc:c8:7e:1b:f5:85:b3:9e:6f:c1:2d:78:4d:05:1d:fb:55:c4:
         55:99:e3:aa:44:72:4d:bb:09:44:05:9f:43:23:17:3b:5d:b9:
         f7:2f:10:0b:30:72:84:a7:39:bf:2f:d6:05:f6:db:b3:0a:71:
         5d:d0:56:74:73:c2:92:fb:e5:a2:48:77:fa:bc:3b:0e:2a:4c:
         d9:7e:d0:d1:c6:ed:85:a2:85:12:54:73:81:bc:d5:51:ff:57:
         91:37:e1:4e:3d:4f:19:14:09:f4:03:55:4e:a4:31:0f:37:5c:
         15:db:71:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFASr94cfZqfNMe9HAFzN1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjI1Y2U1NTBlNGQ5YmRhMDViZDVkNDVjOGI2YmEzNzQz
MGJiYmEwHhcNMjQwMTAxMTIzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjc1YjM4NTZlNWVkZjY3NDFlZjc5ZjU2MjViNGMyMTUzNzlkZDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKUion3Shuh/oDqhcW8ui8xZGSuU
Bb6MFeWT7YKtdrpkx1KH1tnTNdn53PcnzYQixjxwaM0Z7kRJPgRt3WzrDuxh46o7
LX8jbvm+iEg4NwnqlHPgDoZiVnlnyxqJk6TtoJg4U6jFan/IskcjpuKp8m/B3mdt
EFzHMrKNGmo2JpCl4ybsy/DUgXEVQ0NVTTHb+VZ4x06Vo5MTpbor+mKfg9ugmimy
kQ2lMaZU5Xcw6FIjSQmfYxMrNMo+PpB+AE9ldZf3cXlMp5RdhHbIY8cwaB1ZYa7T
33mgDjS+Bk0HZn0a/vAwGXFYvOcgFZQB6/mi2jb/FsUUH295gJXST/2CrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA91s4VuXt9nQe959WJbTCFTed1wMB8GA1UdIwQY
MBaAFJyyXOVQ5Nm9oFvV1FyLa6N0MLu6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYt
YmU0NWYwZDJhYmJiLzEvRDNXemhXNWUzMmRCNzNuMVlsdE1JVk41M1hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYtYmU0NWYwZDJhYmJi
LzEvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCAjggAwQA
LVGgMA0GCSqGSIb3DQEBCwUAA4IBAQAdcq/nicZcFZ5SlxX7bjbPA4/Qu7EmTkZV
zw96KSA+B+deU2XGInTg7bScI+jaU+IA+PE3QssMsiLROJ2q7299IgrFtYZpH4hV
j7D/m3VQSHJ0KOtw0Oxtb4xsa9+6CQVKkhHa9MRsOludKyvJPbmUXwbv9AbabS0V
iU70VX1ZP/tcn/NXaRcT1pPw1pktL5H8yH4b9YWznm/BLXhNBR37VcRVmeOqRHJN
uwlEBZ9DIxc7Xbn3LxALMHKEpzm/L9YF9tuzCnFd0FZ0c8KS++WiSHf6vDsOKkzZ
ftDRxu2FooUSVHOBvNVR/1eRN+FOPU8ZFAn0A1VOpDEPN1wV23Fn
-----END CERTIFICATE-----