Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/3JQrmr1hDhSmSD4TAGtbOJNnw4Q.roa
File:                     3JQrmr1hDhSmSD4TAGtbOJNnw4Q.roa (raw, json)
Hash identifier:          LGkt+mPWeDmPLc65nzj9Z+mKD9jBBrMNONVa39chgqc=
Subject key identifier:   DC:94:2B:9A:BD:61:0E:14:A6:48:3E:13:00:6B:5B:38:93:67:C3:84
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80173D5592DDE46E7405A449E12E678
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/3JQrmr1hDhSmSD4TAGtbOJNnw4Q.roa
Signing time:             Tue 02 Jan 2024 02:29:47 +0000
ROA not before:           Tue 02 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210732
IP address blocks:        45.154.99.0/24 maxlen: 24
                          2a0c:b641:4d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:73:d5:59:2d:de:46:e7:40:5a:44:9e:12:e6:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc942b9abd610e14a6483e13006b5b389367c384
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:1a:c3:88:39:30:1f:33:76:cb:ed:38:d8:93:
                    1e:95:01:47:07:3b:69:71:5f:a3:32:0b:24:5a:fb:
                    fb:c7:eb:8c:1f:d3:38:01:4a:23:de:12:71:01:13:
                    3f:11:48:4d:bb:8b:8e:22:d6:7a:b0:f8:99:21:cd:
                    93:4f:fd:95:24:87:a5:9d:51:3c:67:b2:3a:81:4a:
                    ea:46:c3:54:c5:14:bd:04:44:36:43:dd:a9:dd:e8:
                    d2:c5:9a:10:29:3b:91:0a:2e:be:d0:e1:83:63:91:
                    00:2e:9b:65:91:83:a4:18:67:dd:dd:7e:8e:a0:d8:
                    dc:25:1e:75:d3:0b:4e:0d:68:be:bd:3d:78:f5:eb:
                    37:c0:e5:42:07:38:13:19:2b:7d:b5:90:7d:90:0b:
                    e7:d6:83:61:6e:82:67:e1:35:81:1e:ea:c3:99:99:
                    ca:f3:7b:2d:0a:cc:e0:e8:37:de:15:74:cc:69:de:
                    c1:43:b0:14:3c:ce:03:dd:1c:8c:cc:a5:b2:83:f1:
                    9a:84:8c:68:5d:6b:d5:99:7a:2e:cd:85:b3:ea:cf:
                    ea:fa:69:b7:2c:cd:82:4e:10:7a:1b:4c:53:69:ac:
                    18:26:20:81:bc:0b:21:03:c7:c3:5b:f2:79:3c:8c:
                    94:70:ec:a9:fb:88:20:e3:96:58:3b:aa:9c:51:8b:
                    cb:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:94:2B:9A:BD:61:0E:14:A6:48:3E:13:00:6B:5B:38:93:67:C3:84
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/3JQrmr1hDhSmSD4TAGtbOJNnw4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.99.0/24
                IPv6:
                  2a0c:b641:4d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         61:3a:05:c4:d6:fe:c5:4d:15:d0:98:cf:08:c2:b0:30:36:06:
         b7:a9:26:ec:70:3b:70:01:1a:8a:91:f0:b9:e6:66:68:00:c7:
         78:f9:da:0e:28:9e:8a:ad:1f:df:fa:34:3e:36:35:b4:bc:6c:
         84:f1:7a:78:04:c0:82:eb:4e:e0:52:83:b7:29:b6:3c:dd:59:
         97:29:d5:7a:71:21:0f:b4:7f:26:24:25:4b:5e:a0:b4:36:30:
         57:90:c2:08:2e:9d:47:2f:85:8e:c6:15:f9:b1:f1:6a:92:ce:
         cc:51:b7:2c:dd:2f:88:8c:d3:60:d7:17:ee:36:78:be:9a:59:
         08:65:2c:cc:23:8c:95:d4:3f:fb:1a:6e:19:f7:e2:44:e5:5e:
         b4:ac:ec:75:ff:1f:2e:0a:7a:a6:9b:4f:a0:7c:a4:ae:64:75:
         f0:af:ec:fc:05:9b:80:e9:11:42:f6:a2:08:99:52:81:77:46:
         31:34:68:01:93:e4:47:94:8f:a3:5e:12:b3:d2:da:49:42:74:
         bd:c1:c0:56:55:c5:b3:67:14:0f:bc:25:4e:d6:09:28:ec:4a:
         cc:a4:ef:f9:87:77:b7:0b:ae:bd:c0:6b:d2:2d:67:01:50:86:
         2e:d4:1c:f2:07:b5:5f:b9:21:9e:51:2e:55:a4:73:83:74:3d:
         fa:de:60:6c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAXPVWS3eRudAWkSeEuZ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzk0MmI5YWJkNjEwZTE0YTY0ODNlMTMwMDZiNWIzODkzNjdjMzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhrDiDkwHzN2y+042JMelQFHBztp
cV+jMgskWvv7x+uMH9M4AUoj3hJxARM/EUhNu4uOItZ6sPiZIc2TT/2VJIelnVE8
Z7I6gUrqRsNUxRS9BEQ2Q92p3ejSxZoQKTuRCi6+0OGDY5EALptlkYOkGGfd3X6O
oNjcJR510wtODWi+vT149es3wOVCBzgTGSt9tZB9kAvn1oNhboJn4TWBHurDmZnK
83stCszg6DfeFXTMad7BQ7AUPM4D3RyMzKWyg/GahIxoXWvVmXouzYWz6s/q+mm3
LM2CThB6G0xTaawYJiCBvAshA8fDW/J5PIyUcOyp+4gg45ZYO6qcUYvLZwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNyUK5q9YQ4Upkg+EwBrWziTZ8OEMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvM0pRcm1yMWhEaFNtU0Q0VEFHdGJPSk5udzRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALZpjMA8E
AgACMAkDBwQqDLZBBNAwDQYJKoZIhvcNAQELBQADggEBAGE6BcTW/sVNFdCYzwjC
sDA2BrepJuxwO3ABGoqR8LnmZmgAx3j52g4onoqtH9/6ND42NbS8bITxengEwILr
TuBSg7cptjzdWZcp1XpxIQ+0fyYkJUteoLQ2MFeQwggunUcvhY7GFfmx8WqSzsxR
tyzdL4iM02DXF+42eL6aWQhlLMwjjJXUP/sabhn34kTlXrSs7HX/Hy4KeqabT6B8
pK5kdfCv7PwFm4DpEUL2ogiZUoF3RjE0aAGT5EeUj6NeErPS2klCdL3BwFZVxbNn
FA+8JU7WCSjsSsyk7/mHd7cLrr3Aa9ItZwFQhi7UHPIHtV+5IZ5RLlWkc4N0Pfre
YGw=
-----END CERTIFICATE-----