Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/lfTJm8Jozkyjdg2vZx6igTpsv2o.roa
File:                     lfTJm8Jozkyjdg2vZx6igTpsv2o.roa (raw, json)
Hash identifier:          1hODlYCb2ErTn+XdAJcw6VNFZhMQAd1nL3ro3sJ3nu8=
Subject key identifier:   95:F4:C9:9B:C2:68:CE:4C:A3:76:0D:AF:67:1E:A2:81:3A:6C:BF:6A
Certificate issuer:       /CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
Certificate serial:       018CC348950305D2132900854D60BC96E996
Authority key identifier: D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/lfTJm8Jozkyjdg2vZx6igTpsv2o.roa
Signing time:             Mon 01 Jan 2024 04:29:23 +0000
ROA not before:           Mon 01 Jan 2024 04:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212517
IP address blocks:        45.159.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:95:03:05:d2:13:29:00:85:4d:60:bc:96:e9:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
        Validity
            Not Before: Jan  1 04:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95f4c99bc268ce4ca3760daf671ea2813a6cbf6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:da:37:8a:bb:65:da:e8:0b:86:5d:fc:e2:7a:
                    b8:e2:f7:ff:da:61:65:01:ad:4c:57:bb:07:e0:d1:
                    37:a8:d6:44:d2:95:ea:4c:b6:d5:23:e6:7d:a6:24:
                    34:f2:e4:5b:ee:bc:03:2b:7b:6a:0d:0a:21:9e:2c:
                    8d:23:31:ab:4a:46:79:ab:94:5e:81:1e:9f:40:7b:
                    ca:e1:2a:6a:8a:e7:45:c5:53:f9:eb:c1:db:40:5f:
                    bf:bc:97:e5:86:cb:85:b3:a2:9e:40:8c:58:44:23:
                    3f:02:ac:54:53:98:d9:31:9f:ee:26:52:37:92:2b:
                    2b:e0:fe:7d:54:91:ee:e9:16:18:ec:7d:2d:b6:ee:
                    ba:95:46:9c:53:2d:38:54:d5:10:99:e5:ce:1b:89:
                    d8:2c:4e:99:c2:62:5a:b5:9b:66:94:d7:d3:24:61:
                    2a:7e:18:d2:ab:46:86:a8:35:99:e6:3b:e5:a2:0a:
                    79:f9:a9:19:e7:0e:7a:b6:36:2b:3a:60:32:2f:e9:
                    55:06:2e:ea:2b:45:9e:02:e8:9f:1c:d7:48:7b:98:
                    c0:d9:8f:c0:61:46:6a:88:6e:51:de:82:93:f5:f2:
                    01:9e:16:6b:79:d1:47:2e:a0:b6:3a:b2:54:79:7b:
                    68:b9:cb:89:8c:59:a4:80:33:01:94:b9:b2:25:49:
                    d2:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:F4:C9:9B:C2:68:CE:4C:A3:76:0D:AF:67:1E:A2:81:3A:6C:BF:6A
            X509v3 Authority Key Identifier:
                keyid:D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/lfTJm8Jozkyjdg2vZx6igTpsv2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:e1:11:48:a4:c3:49:4d:a7:34:03:75:86:a4:a3:ac:71:07:
         8d:3f:ee:eb:ef:87:e1:b8:b9:69:b5:76:1e:f1:6a:87:c2:e4:
         9e:87:15:ba:d7:00:de:73:c0:10:f2:f6:44:f6:6d:e5:cf:82:
         b5:bb:f7:fc:ee:b9:75:00:a7:64:6f:34:e8:72:f3:94:3a:9b:
         46:72:b3:4a:6e:de:26:99:35:e7:ce:2d:63:60:33:4b:89:30:
         89:c9:76:e1:59:eb:b2:f6:56:b9:b1:89:f3:8a:d5:c3:c1:88:
         69:3b:4f:cc:9e:2e:ac:34:44:b0:3b:d5:10:42:3d:57:12:dc:
         c3:81:ef:7a:98:4e:1c:c6:77:3d:43:4f:1b:4f:fc:8b:56:17:
         04:b7:71:09:83:c4:af:20:7e:eb:18:a6:7d:d4:ce:d2:3e:04:
         ee:4c:69:9c:a5:9d:c7:6d:5a:e0:93:22:70:80:99:e9:52:45:
         79:e4:9b:26:65:4c:58:61:70:61:32:bb:a6:eb:67:5e:06:56:
         a6:7a:ce:05:9d:57:97:bf:0e:fc:b1:e4:1c:c8:50:e2:99:02:
         02:cd:77:e2:90:84:33:31:64:76:47:33:c2:e1:77:d4:a5:9b:
         ba:be:95:82:cf:07:ac:37:ba:b5:15:2b:e8:6f:3a:f7:1d:ad:
         ed:1c:f8:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJUDBdITKQCFTWC8lumWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYzM1YmM5YjdmODU1MGJlM2U0NjdjNTRhOWQzYTY2ZTI0
NDNiZDQwHhcNMjQwMTAxMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWY0Yzk5YmMyNjhjZTRjYTM3NjBkYWY2NzFlYTI4MTNhNmNiZjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNo3irtl2ugLhl384nq44vf/2mFl
Aa1MV7sH4NE3qNZE0pXqTLbVI+Z9piQ08uRb7rwDK3tqDQohniyNIzGrSkZ5q5Re
gR6fQHvK4SpqiudFxVP568HbQF+/vJflhsuFs6KeQIxYRCM/AqxUU5jZMZ/uJlI3
kisr4P59VJHu6RYY7H0ttu66lUacUy04VNUQmeXOG4nYLE6ZwmJatZtmlNfTJGEq
fhjSq0aGqDWZ5jvlogp5+akZ5w56tjYrOmAyL+lVBi7qK0WeAuifHNdIe5jA2Y/A
YUZqiG5R3oKT9fIBnhZredFHLqC2OrJUeXtoucuJjFmkgDMBlLmyJUnSIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJX0yZvCaM5Mo3YNr2ceooE6bL9qMB8GA1UdIwQY
MBaAFNPDW8m3+FUL4+RnxUqdOmbiRDvUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTct
Y2RhNWMzNzY2ZjAzLzEvbGZUSm04Sm96a3lqZGcydlp4NmlnVHBzdjJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTctY2RhNWMzNzY2ZjAz
LzEvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ8MMA0G
CSqGSIb3DQEBCwUAA4IBAQCD4RFIpMNJTac0A3WGpKOscQeNP+7r74fhuLlptXYe
8WqHwuSehxW61wDec8AQ8vZE9m3lz4K1u/f87rl1AKdkbzTocvOUOptGcrNKbt4m
mTXnzi1jYDNLiTCJyXbhWeuy9la5sYnzitXDwYhpO0/Mni6sNESwO9UQQj1XEtzD
ge96mE4cxnc9Q08bT/yLVhcEt3EJg8SvIH7rGKZ91M7SPgTuTGmcpZ3HbVrgkyJw
gJnpUkV55JsmZUxYYXBhMrum62deBlames4FnVeXvw78seQcyFDimQICzXfikIQz
MWR2RzPC4XfUpZu6vpWCzwesN7q1FSvobzr3Ha3tHPgq
-----END CERTIFICATE-----