Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/OTjUxtS7gQCgl4u5TD_sgDSmQqA.roa
File:                     OTjUxtS7gQCgl4u5TD_sgDSmQqA.roa (raw, json)
Hash identifier:          VTRei/43uySJsxfkuR3TXVDP9oBTAo/bmdI59gxOGfw=
Subject key identifier:   39:38:D4:C6:D4:BB:81:00:A0:97:8B:B9:4C:3F:EC:80:34:A6:42:A0
Certificate issuer:       /CN=e7c07db9880133c5cdce005bca111b552cd14c53
Certificate serial:       018EF685C66B60E7FBF0004849E9CAC7A8B2
Authority key identifier: E7:C0:7D:B9:88:01:33:C5:CD:CE:00:5B:CA:11:1B:55:2C:D1:4C:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/58B9uYgBM8XNzgBbyhEbVSzRTFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/OTjUxtS7gQCgl4u5TD_sgDSmQqA.roa
Signing time:             Fri 19 Apr 2024 13:22:25 +0000
ROA not before:           Fri 19 Apr 2024 13:22:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202539
IP address blocks:        45.12.200.0/24 maxlen: 24
                          2001:67c:1160::/48 maxlen: 48
                          2a0e:bf00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/58B9uYgBM8XNzgBbyhEbVSzRTFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/58B9uYgBM8XNzgBbyhEbVSzRTFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/58B9uYgBM8XNzgBbyhEbVSzRTFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f6:85:c6:6b:60:e7:fb:f0:00:48:49:e9:ca:c7:a8:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7c07db9880133c5cdce005bca111b552cd14c53
        Validity
            Not Before: Apr 19 13:22:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3938d4c6d4bb8100a0978bb94c3fec8034a642a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:53:40:fc:ab:c2:79:2a:78:36:a6:72:68:64:
                    f9:2a:f4:9a:44:34:37:24:32:45:2a:15:be:f7:48:
                    78:e0:f8:22:df:c4:6f:74:8d:16:c4:ba:7d:05:e2:
                    e4:97:ca:c8:45:8d:1b:df:a8:6b:c7:b1:c8:77:99:
                    29:ea:4b:93:79:bc:61:73:2b:bf:b0:dd:4b:9f:5f:
                    2a:8b:89:fc:b8:fc:4f:7f:74:8b:19:a5:f4:f2:17:
                    f0:6d:39:44:1d:9a:44:6a:7a:fd:eb:81:b1:30:b4:
                    19:61:2a:16:92:ae:1a:d3:b2:8b:84:8b:4c:c3:e9:
                    eb:5d:56:5a:f2:d5:6a:f7:b0:63:66:d3:31:ee:fc:
                    af:f9:a4:c8:5c:91:85:f7:d7:c2:27:6c:50:13:e5:
                    aa:42:4e:04:4e:40:41:c0:05:00:ad:9a:e2:04:8c:
                    69:1d:58:fb:dc:1d:f6:72:da:44:8f:e8:32:4f:80:
                    45:c8:ad:99:1d:3c:58:25:2c:76:23:57:59:51:82:
                    56:0f:65:b4:39:06:3e:46:4d:c9:98:bb:ab:a4:cc:
                    dc:15:ba:0d:75:bb:d4:f2:ee:18:b0:6b:89:ea:39:
                    86:5f:82:d5:97:5d:f4:e9:c4:d6:8e:4a:1d:97:39:
                    9e:a2:3e:77:51:3e:22:a2:b6:63:72:38:c4:bf:a7:
                    6c:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:38:D4:C6:D4:BB:81:00:A0:97:8B:B9:4C:3F:EC:80:34:A6:42:A0
            X509v3 Authority Key Identifier:
                keyid:E7:C0:7D:B9:88:01:33:C5:CD:CE:00:5B:CA:11:1B:55:2C:D1:4C:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/58B9uYgBM8XNzgBbyhEbVSzRTFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/OTjUxtS7gQCgl4u5TD_sgDSmQqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/8cdd49-c094-4c6a-918c-0aa463cdfca0/1/58B9uYgBM8XNzgBbyhEbVSzRTFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.200.0/24
                IPv6:
                  2001:67c:1160::/48
                  2a0e:bf00::/32

    Signature Algorithm: sha256WithRSAEncryption
         eb:b2:03:43:25:93:e6:ba:90:88:21:2d:71:c0:51:9e:d2:96:
         d1:ca:41:57:dd:cf:00:22:a9:22:71:cf:05:1a:a9:c8:e3:4c:
         7c:f0:7a:e7:77:15:20:ca:f3:f9:08:48:c0:39:ac:12:a6:50:
         32:ac:0d:9f:82:e8:df:fd:a3:0c:14:4e:0f:76:88:92:e3:06:
         2f:eb:b8:db:bd:37:02:3a:e5:dc:6a:ec:18:cb:f1:7d:5c:87:
         dd:36:26:15:0e:56:57:b4:28:7d:5e:97:b2:bc:09:ef:41:cd:
         64:0e:32:8b:87:f8:4f:54:28:9e:d7:bc:7d:8e:2a:75:d3:59:
         75:b3:b2:3c:18:28:c8:47:70:b0:34:76:e4:de:15:4f:b0:48:
         0c:85:6b:20:a9:53:e3:2a:a2:8d:a5:bd:46:8b:80:62:d5:38:
         27:95:bb:7d:ed:68:9c:b9:9c:14:3e:f3:70:e5:5c:60:d0:34:
         52:db:f9:ca:46:78:e5:7f:75:b0:2d:3d:54:95:18:16:c7:d3:
         4d:43:72:42:3d:b4:fc:54:ab:df:31:81:91:e5:7b:3f:41:bc:
         be:8a:3a:3f:91:5c:54:4d:cc:cb:c0:a2:38:72:cb:3b:42:74:
         83:45:24:e7:7a:f0:79:87:6c:85:02:2d:24:dc:dd:bb:8f:a5:
         24:a3:a7:62
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY72hcZrYOf78ABISenKx6iyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3YzA3ZGI5ODgwMTMzYzVjZGNlMDA1YmNhMTExYjU1MmNk
MTRjNTMwHhcNMjQwNDE5MTMyMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTM4ZDRjNmQ0YmI4MTAwYTA5NzhiYjk0YzNmZWM4MDM0YTY0MmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFNA/KvCeSp4NqZyaGT5KvSaRDQ3
JDJFKhW+90h44Pgi38RvdI0WxLp9BeLkl8rIRY0b36hrx7HId5kp6kuTebxhcyu/
sN1Ln18qi4n8uPxPf3SLGaX08hfwbTlEHZpEanr964GxMLQZYSoWkq4a07KLhItM
w+nrXVZa8tVq97BjZtMx7vyv+aTIXJGF99fCJ2xQE+WqQk4ETkBBwAUArZriBIxp
HVj73B32ctpEj+gyT4BFyK2ZHTxYJSx2I1dZUYJWD2W0OQY+Rk3JmLurpMzcFboN
dbvU8u4YsGuJ6jmGX4LVl1306cTWjkodlzmeoj53UT4iorZjcjjEv6dsDwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFDk41MbUu4EAoJeLuUw/7IA0pkKgMB8GA1UdIwQY
MBaAFOfAfbmIATPFzc4AW8oRG1Us0UxTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNThCOXVZZ0JNOFhOemdCYnloRWJWU3pSVEZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi84Y2RkNDktYzA5NC00YzZhLTkxOGMt
MGFhNDYzY2RmY2EwLzEvT1RqVXh0UzdnUUNnbDR1NVREX3NnRFNtUXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi84Y2RkNDktYzA5NC00YzZhLTkxOGMtMGFhNDYzY2RmY2Ew
LzEvNThCOXVZZ0JNOFhOemdCYnloRWJWU3pSVEZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQALQzIMBYE
AgACMBADBwAgAQZ8EWADBQAqDr8AMA0GCSqGSIb3DQEBCwUAA4IBAQDrsgNDJZPm
upCIIS1xwFGe0pbRykFX3c8AIqkicc8FGqnI40x88HrndxUgyvP5CEjAOawSplAy
rA2fgujf/aMMFE4PdoiS4wYv67jbvTcCOuXcauwYy/F9XIfdNiYVDlZXtCh9Xpey
vAnvQc1kDjKLh/hPVCie17x9jip101l1s7I8GCjIR3CwNHbk3hVPsEgMhWsgqVPj
KqKNpb1Gi4Bi1Tgnlbt97WicuZwUPvNw5Vxg0DRS2/nKRnjlf3WwLT1UlRgWx9NN
Q3JCPbT8VKvfMYGR5Xs/Qby+ijo/kVxUTczLwKI4css7QnSDRSTnevB5h2yFAi0k
3N27j6Uko6di
-----END CERTIFICATE-----