Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/259fbe-2855-4e19-918f-62c1b1ff3a26/1/DM2KA5zRfnaPEr4Qr_TrW7YUr4M.roa
File:                     DM2KA5zRfnaPEr4Qr_TrW7YUr4M.roa (raw, json)
Hash identifier:          xb00kHYFD5++nkNBOgV3mJFsQZZCX6UZj986u7+h618=
Subject key identifier:   0C:CD:8A:03:9C:D1:7E:76:8F:12:BE:10:AF:F4:EB:5B:B6:14:AF:83
Certificate issuer:       /CN=00911779c767d2364e86f4e27ef8c5fe9bb01090
Certificate serial:       018CC424496EEED50D7C9451D4D251FF46DF
Authority key identifier: 00:91:17:79:C7:67:D2:36:4E:86:F4:E2:7E:F8:C5:FE:9B:B0:10:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AJEXecdn0jZOhvTifvjF_puwEJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/259fbe-2855-4e19-918f-62c1b1ff3a26/1/DM2KA5zRfnaPEr4Qr_TrW7YUr4M.roa
Signing time:             Mon 01 Jan 2024 08:29:21 +0000
ROA not before:           Mon 01 Jan 2024 08:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60406
IP address blocks:        5.45.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/259fbe-2855-4e19-918f-62c1b1ff3a26/1/AJEXecdn0jZOhvTifvjF_puwEJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/259fbe-2855-4e19-918f-62c1b1ff3a26/1/AJEXecdn0jZOhvTifvjF_puwEJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AJEXecdn0jZOhvTifvjF_puwEJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 17:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:49:6e:ee:d5:0d:7c:94:51:d4:d2:51:ff:46:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00911779c767d2364e86f4e27ef8c5fe9bb01090
        Validity
            Not Before: Jan  1 08:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ccd8a039cd17e768f12be10aff4eb5bb614af83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:36:07:11:96:04:a3:98:d3:ea:c6:b6:79:3a:
                    16:57:2e:c2:2d:43:16:eb:90:38:60:0f:c0:42:bd:
                    24:d3:dd:15:6d:1b:13:62:40:25:36:24:82:8b:1f:
                    e2:ac:ad:98:ae:b8:e8:33:95:71:c1:85:eb:b0:36:
                    3b:eb:5b:9d:21:9e:3d:73:1e:60:28:f6:5b:95:da:
                    17:12:52:95:1d:3f:81:32:ca:b9:0a:35:1f:e3:c1:
                    03:60:0e:db:6b:e0:eb:db:37:1d:47:2b:b3:a9:b8:
                    20:ad:f0:e0:2d:0c:e1:53:8a:2b:e2:b7:ff:af:00:
                    a1:9a:8a:41:a0:78:1e:2f:f1:c3:8a:66:93:fd:5e:
                    6f:63:01:ca:dd:45:05:3c:e5:b6:23:bc:8f:83:51:
                    98:0b:38:55:af:26:ac:01:f3:8b:20:1b:15:f2:78:
                    4c:5c:b5:15:9f:81:cc:4c:e1:9c:f9:fc:1e:15:b3:
                    4c:0b:f8:03:35:12:ba:78:7d:5a:f4:d5:dd:44:c7:
                    fe:e7:ff:72:5f:31:b5:14:15:9a:0a:3a:79:5f:39:
                    79:3c:04:82:a6:25:82:65:1c:51:83:d9:59:ad:31:
                    46:08:06:c1:75:52:96:17:74:14:84:bd:31:d9:60:
                    af:a5:c1:a4:24:94:7d:ad:e2:19:8a:98:04:3e:b6:
                    e5:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:CD:8A:03:9C:D1:7E:76:8F:12:BE:10:AF:F4:EB:5B:B6:14:AF:83
            X509v3 Authority Key Identifier:
                keyid:00:91:17:79:C7:67:D2:36:4E:86:F4:E2:7E:F8:C5:FE:9B:B0:10:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AJEXecdn0jZOhvTifvjF_puwEJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/259fbe-2855-4e19-918f-62c1b1ff3a26/1/DM2KA5zRfnaPEr4Qr_TrW7YUr4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/259fbe-2855-4e19-918f-62c1b1ff3a26/1/AJEXecdn0jZOhvTifvjF_puwEJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.45.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:b1:7b:3b:82:f1:11:c5:04:89:1d:c9:a8:39:48:0f:d6:6f:
         7c:0e:e4:4c:06:54:2f:c6:dd:d9:4c:51:d2:92:a1:7d:46:55:
         57:dd:a2:1f:37:72:9a:90:53:08:f8:6f:32:2d:8f:47:1a:eb:
         c3:3c:9a:bb:29:b0:92:85:d5:44:11:54:dc:e3:72:07:df:de:
         94:ae:ce:54:e1:5f:68:90:16:91:32:38:f1:a2:87:83:46:b5:
         ac:59:d2:21:78:08:3b:37:23:4c:d4:15:ec:c6:e4:e4:b1:50:
         67:f7:6f:bd:16:31:93:54:2e:f8:ca:09:5a:0d:85:71:ad:9b:
         53:02:d3:0d:2d:05:71:e8:f4:b2:c0:51:15:df:e4:95:83:18:
         7e:3e:62:c3:2a:77:0f:e0:4b:38:31:f0:7b:58:4f:63:57:6d:
         92:cc:ea:bc:76:44:08:a4:27:fe:ce:25:af:0d:07:3e:18:eb:
         f5:ae:33:2e:34:e5:7c:0b:a1:e2:66:43:b1:12:aa:61:cb:19:
         87:d3:49:38:88:4c:db:0c:12:57:47:33:50:dd:32:a5:9e:24:
         db:70:af:6a:40:a8:10:01:67:76:ca:88:15:c9:c6:70:17:ba:
         1b:39:0c:1b:57:f5:de:2e:2c:ea:1a:41:5b:95:52:e6:d4:a1:
         88:9a:b8:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJElu7tUNfJRR1NJR/0bfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwOTExNzc5Yzc2N2QyMzY0ZTg2ZjRlMjdlZjhjNWZlOWJi
MDEwOTAwHhcNMjQwMTAxMDgyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2NkOGEwMzljZDE3ZTc2OGYxMmJlMTBhZmY0ZWI1YmI2MTRhZjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjYHEZYEo5jT6sa2eToWVy7CLUMW
65A4YA/AQr0k090VbRsTYkAlNiSCix/irK2YrrjoM5VxwYXrsDY761udIZ49cx5g
KPZbldoXElKVHT+BMsq5CjUf48EDYA7ba+Dr2zcdRyuzqbggrfDgLQzhU4or4rf/
rwChmopBoHgeL/HDimaT/V5vYwHK3UUFPOW2I7yPg1GYCzhVryasAfOLIBsV8nhM
XLUVn4HMTOGc+fweFbNMC/gDNRK6eH1a9NXdRMf+5/9yXzG1FBWaCjp5Xzl5PASC
piWCZRxRg9lZrTFGCAbBdVKWF3QUhL0x2WCvpcGkJJR9reIZipgEPrblPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzNigOc0X52jxK+EK/061u2FK+DMB8GA1UdIwQY
MBaAFACRF3nHZ9I2Tob04n74xf6bsBCQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUpFWGVjZG4walpPaHZUaWZ2akZfcHV3RUpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8yNTlmYmUtMjg1NS00ZTE5LTkxOGYt
NjJjMWIxZmYzYTI2LzEvRE0yS0E1elJmbmFQRXI0UXJfVHJXN1lVcjRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8yNTlmYmUtMjg1NS00ZTE5LTkxOGYtNjJjMWIxZmYzYTI2
LzEvQUpFWGVjZG4walpPaHZUaWZ2akZfcHV3RUpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABS29MA0G
CSqGSIb3DQEBCwUAA4IBAQBQsXs7gvERxQSJHcmoOUgP1m98DuRMBlQvxt3ZTFHS
kqF9RlVX3aIfN3KakFMI+G8yLY9HGuvDPJq7KbCShdVEEVTc43IH396Urs5U4V9o
kBaRMjjxooeDRrWsWdIheAg7NyNM1BXsxuTksVBn92+9FjGTVC74yglaDYVxrZtT
AtMNLQVx6PSywFEV3+SVgxh+PmLDKncP4Es4MfB7WE9jV22SzOq8dkQIpCf+ziWv
DQc+GOv1rjMuNOV8C6HiZkOxEqphyxmH00k4iEzbDBJXRzNQ3TKlniTbcK9qQKgQ
AWd2yogVycZwF7obOQwbV/XeLizqGkFblVLm1KGImriy
-----END CERTIFICATE-----