Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/2XRARHGpCYriLKMH36V5faj0kog.roa
File:                     2XRARHGpCYriLKMH36V5faj0kog.roa (raw, json)
Hash identifier:          Tgl0hcB+5lBtAj734AWlKnV56RvhvIw9O5VUNt+r6hM=
Subject key identifier:   D9:74:40:44:71:A9:09:8A:E2:2C:A3:07:DF:A5:79:7D:A8:F4:92:88
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56DFB6D8761045EFB6517B00DD4AC1D
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/2XRARHGpCYriLKMH36V5faj0kog.roa
Signing time:             Mon 01 Jan 2024 14:29:28 +0000
ROA not before:           Mon 01 Jan 2024 14:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16321
IP address blocks:        45.156.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fb:6d:87:61:04:5e:fb:65:17:b0:0d:d4:ac:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d974404471a9098ae22ca307dfa5797da8f49288
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:62:cd:61:8d:a5:9d:10:d9:74:02:2f:7e:87:
                    c6:8d:fa:d7:7c:e1:df:9d:2f:71:d4:8b:46:4f:2f:
                    06:c2:71:37:9c:88:55:19:31:a0:49:00:b3:32:62:
                    7a:d2:d4:eb:70:14:a0:43:05:ff:ba:37:d9:de:51:
                    cc:ec:55:77:7a:71:51:1d:d9:6e:74:44:93:7c:7b:
                    8d:e1:6d:64:ac:01:33:f4:14:47:c9:c3:2f:68:b5:
                    c5:d5:d5:f9:dd:35:72:85:a1:97:16:a6:07:a6:e2:
                    5b:cc:61:00:0e:d8:ed:76:22:77:e1:e7:dd:4f:c1:
                    1e:da:85:c0:65:4e:3c:78:7c:d6:21:d5:2c:c6:80:
                    45:50:be:3d:ca:e2:0c:8d:27:f0:f9:a2:90:6d:07:
                    af:83:1a:9b:94:e4:8a:f8:00:49:fe:a2:8e:31:f2:
                    f7:ed:ae:6d:53:3b:9b:bc:6a:51:e7:c3:6c:43:c8:
                    c2:34:64:a9:76:e8:b9:a8:6f:86:9c:ff:7d:8b:21:
                    fe:3e:81:94:48:02:e8:7d:4a:d8:f7:80:a1:d6:b4:
                    b1:99:23:80:e0:42:81:57:c5:27:6c:db:c9:40:4b:
                    95:cb:77:ed:dd:5e:9c:5d:8e:21:11:38:74:35:ce:
                    f6:a4:bd:b6:ee:49:8b:b6:d1:ed:ca:4a:ea:4e:8c:
                    f1:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:74:40:44:71:A9:09:8A:E2:2C:A3:07:DF:A5:79:7D:A8:F4:92:88
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/2XRARHGpCYriLKMH36V5faj0kog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bc:7e:7e:d3:65:57:9a:b7:99:fb:a2:af:1d:4d:08:ec:73:59:
         94:e7:5f:9c:43:81:f3:1e:81:aa:ee:2e:f7:f4:a7:77:d6:b1:
         3e:90:67:94:8f:c5:91:ad:b6:cf:51:ff:fe:1c:91:c9:28:d4:
         80:77:f4:fb:d9:2d:e9:c8:ef:f7:c9:88:e4:2f:da:37:f9:bb:
         98:7f:7c:f6:6e:41:ea:e8:eb:98:44:98:d4:22:4e:01:03:13:
         1d:98:32:0f:33:c1:06:fd:5b:e7:78:ea:61:66:ab:24:c8:8d:
         5f:e1:07:5e:23:fe:92:a0:9b:05:28:31:3e:80:4c:33:cc:69:
         42:ff:36:26:10:86:f7:7c:17:0b:90:3f:3d:94:73:14:81:0f:
         ee:ea:be:5b:66:26:30:b8:b2:d3:3f:fd:b6:51:ac:dc:5a:d1:
         34:c8:9e:66:b0:24:9a:f8:8f:6a:ae:6a:b8:b9:6e:92:84:e5:
         55:42:9f:ca:c0:03:27:e1:22:85:e8:93:62:09:68:e3:f4:bc:
         dd:2a:11:2e:d8:e2:dd:fb:72:4c:4a:ed:99:85:fe:a2:43:12:
         de:e6:59:c7:ba:2e:eb:e3:0d:74:f0:bb:9c:83:a9:d4:92:5e:
         97:95:87:70:1d:7e:12:ed:3e:f6:67:19:ea:61:4c:33:a8:82:
         45:e3:c8:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbftth2EEXvtlF7AN1KwdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTc0NDA0NDcxYTkwOThhZTIyY2EzMDdkZmE1Nzk3ZGE4ZjQ5Mjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGLNYY2lnRDZdAIvfofGjfrXfOHf
nS9x1ItGTy8GwnE3nIhVGTGgSQCzMmJ60tTrcBSgQwX/ujfZ3lHM7FV3enFRHdlu
dESTfHuN4W1krAEz9BRHycMvaLXF1dX53TVyhaGXFqYHpuJbzGEADtjtdiJ34efd
T8Ee2oXAZU48eHzWIdUsxoBFUL49yuIMjSfw+aKQbQevgxqblOSK+ABJ/qKOMfL3
7a5tUzubvGpR58NsQ8jCNGSpdui5qG+GnP99iyH+PoGUSALofUrY94Ch1rSxmSOA
4EKBV8UnbNvJQEuVy3ft3V6cXY4hETh0Nc72pL227kmLttHtykrqTozxEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNl0QERxqQmK4iyjB9+leX2o9JKIMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvMlhSQVJIR3BDWXJpTEtNSDM2VjVmYWowa29nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZzUMA0G
CSqGSIb3DQEBCwUAA4IBAQC8fn7TZVeat5n7oq8dTQjsc1mU51+cQ4HzHoGq7i73
9Kd31rE+kGeUj8WRrbbPUf/+HJHJKNSAd/T72S3pyO/3yYjkL9o3+buYf3z2bkHq
6OuYRJjUIk4BAxMdmDIPM8EG/VvneOphZqskyI1f4QdeI/6SoJsFKDE+gEwzzGlC
/zYmEIb3fBcLkD89lHMUgQ/u6r5bZiYwuLLTP/22UazcWtE0yJ5msCSa+I9qrmq4
uW6ShOVVQp/KwAMn4SKF6JNiCWjj9LzdKhEu2OLd+3JMSu2Zhf6iQxLe5lnHui7r
4w108Lucg6nUkl6XlYdwHX4S7T72ZxnqYUwzqIJF48hH
-----END CERTIFICATE-----