Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/z2xuoMmNOeExmNpY8SNR_pfV4WE.roa
File:                     z2xuoMmNOeExmNpY8SNR_pfV4WE.roa (raw, json)
Hash identifier:          ThEFR4xMgfCPhXPtUOG0hfFz4oN+BwIs+HfTptLFXXs=
Subject key identifier:   CF:6C:6E:A0:C9:8D:39:E1:31:98:DA:58:F1:23:51:FE:97:D5:E1:61
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       018CC64B68D06E0D08A552C8FEA2F1C99B2F
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/z2xuoMmNOeExmNpY8SNR_pfV4WE.roa
Signing time:             Mon 01 Jan 2024 18:31:19 +0000
ROA not before:           Mon 01 Jan 2024 18:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134835
IP address blocks:        45.153.11.0/24 maxlen: 24
                          45.153.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 06:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:68:d0:6e:0d:08:a5:52:c8:fe:a2:f1:c9:9b:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Jan  1 18:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf6c6ea0c98d39e13198da58f12351fe97d5e161
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2b:ed:9c:a0:1f:4a:4b:4e:16:c5:c3:f8:0d:
                    db:81:de:cb:79:52:99:1e:32:3d:31:fb:1f:92:97:
                    9b:f1:40:2f:17:76:56:fa:16:69:c7:49:23:8d:98:
                    41:0a:d9:60:b2:14:35:41:f0:d3:84:00:77:61:59:
                    d7:a4:e9:d3:8f:a8:bf:fb:0a:f3:c9:81:9b:74:a5:
                    53:fb:f3:39:aa:2d:2e:87:25:b0:68:a1:a0:c7:a9:
                    26:56:86:1a:e7:a1:ed:b4:e9:4a:81:a6:81:c0:b6:
                    12:b5:27:01:e1:02:da:8c:62:6b:63:44:55:06:3c:
                    53:43:34:bf:97:3f:4e:f5:49:37:ce:ce:bc:06:3a:
                    a2:10:76:3e:02:62:c9:9e:f7:b5:22:f0:a0:2e:8a:
                    0c:93:99:de:7f:ae:9f:07:50:61:89:c6:60:95:28:
                    72:53:ba:76:d8:59:9a:08:52:ab:1b:b1:04:1f:f0:
                    c1:29:08:14:49:57:fe:17:a4:e6:14:25:1e:be:3e:
                    df:ce:93:16:38:88:63:56:a7:50:16:d9:86:28:cd:
                    fe:0f:29:8f:76:5b:13:54:c7:82:7c:32:0d:41:16:
                    2c:f3:7a:2c:da:ca:c9:df:94:3d:b2:68:2c:69:c0:
                    8d:83:02:63:21:d7:db:1b:9e:a9:f1:5f:51:ea:71:
                    11:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:6C:6E:A0:C9:8D:39:E1:31:98:DA:58:F1:23:51:FE:97:D5:E1:61
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/z2xuoMmNOeExmNpY8SNR_pfV4WE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:f5:5c:b0:e7:75:e4:01:4c:d6:42:16:53:82:11:f5:8d:d1:
         69:2e:99:7d:40:73:0b:d4:11:2d:3b:be:3d:95:0e:9a:7d:f3:
         a1:8b:04:b7:2d:85:9e:c2:2c:fe:ac:f6:ba:f9:16:4b:16:8c:
         fd:ec:22:2a:f5:d1:0b:5c:2e:86:10:8c:c3:a4:5f:4c:d5:e5:
         bf:d1:4f:38:e2:38:6d:d1:e0:fe:76:c5:25:cb:2a:15:a8:97:
         c5:42:1c:b2:04:10:78:ff:11:62:35:89:b7:d2:03:bd:34:5a:
         02:ee:6e:4b:39:cb:32:66:d5:87:b4:fe:b5:28:2b:d2:f4:e8:
         16:16:83:25:ff:b9:c7:97:44:dc:7e:6a:0c:df:72:2b:f5:1b:
         9e:6a:ea:41:9a:dc:69:97:c3:c9:ce:dd:08:7d:54:8d:69:0e:
         93:42:b9:28:02:25:fd:9f:ab:4b:28:ca:9f:31:2d:de:ad:23:
         53:70:2d:35:23:b0:71:7d:04:ab:41:88:ba:9c:19:84:3d:62:
         a3:bb:57:5c:74:53:70:83:a5:0e:4f:d8:97:21:e7:55:c1:ab:
         f3:16:ac:5d:c4:0a:9f:7d:85:9f:64:fc:6c:51:6f:74:43:48:
         a5:31:6e:39:22:a1:cc:0f:55:ae:aa:bc:e1:5b:8f:69:38:40:
         5c:d0:6c:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS2jQbg0IpVLI/qLxyZsvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2I0ODc4NDhmZmY2MzUzM2Q4N2MzMjRlY2M1MWMyYzNl
YTJhZGIwHhcNMjQwMTAxMTgzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjZjNmVhMGM5OGQzOWUxMzE5OGRhNThmMTIzNTFmZTk3ZDVlMTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyvtnKAfSktOFsXD+A3bgd7LeVKZ
HjI9Mfsfkpeb8UAvF3ZW+hZpx0kjjZhBCtlgshQ1QfDThAB3YVnXpOnTj6i/+wrz
yYGbdKVT+/M5qi0uhyWwaKGgx6kmVoYa56HttOlKgaaBwLYStScB4QLajGJrY0RV
BjxTQzS/lz9O9Uk3zs68BjqiEHY+AmLJnve1IvCgLooMk5nef66fB1BhicZglShy
U7p22FmaCFKrG7EEH/DBKQgUSVf+F6TmFCUevj7fzpMWOIhjVqdQFtmGKM3+DymP
dlsTVMeCfDINQRYs83os2srJ35Q9smgsacCNgwJjIdfbG56p8V9R6nERpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM9sbqDJjTnhMZjaWPEjUf6X1eFhMB8GA1UdIwQY
MBaAFDR7SHhI//Y1M9h8Mk7MUcLD6irbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2It
MjMwYjNiNzJhMTc1LzEvejJ4dW9NbU5PZUV4bU5wWThTTlJfcGZWNFdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2ItMjMwYjNiNzJhMTc1
LzEvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZkKMA0G
CSqGSIb3DQEBCwUAA4IBAQCC9Vyw53XkAUzWQhZTghH1jdFpLpl9QHML1BEtO749
lQ6affOhiwS3LYWewiz+rPa6+RZLFoz97CIq9dELXC6GEIzDpF9M1eW/0U844jht
0eD+dsUlyyoVqJfFQhyyBBB4/xFiNYm30gO9NFoC7m5LOcsyZtWHtP61KCvS9OgW
FoMl/7nHl0TcfmoM33Ir9RueaupBmtxpl8PJzt0IfVSNaQ6TQrkoAiX9n6tLKMqf
MS3erSNTcC01I7BxfQSrQYi6nBmEPWKju1dcdFNwg6UOT9iXIedVwavzFqxdxAqf
fYWfZPxsUW90Q0ilMW45IqHMD1WuqrzhW49pOEBc0GwZ
-----END CERTIFICATE-----