Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/gob95Uf2rEzQKKUgmkddK7fHL3o.roa
File:                     gob95Uf2rEzQKKUgmkddK7fHL3o.roa (raw, json)
Hash identifier:          hrpXTK9SFc5bL9KWfEvWU/gGdarm7OVSPstXvV4ze5o=
Subject key identifier:   82:86:FD:E5:47:F6:AC:4C:D0:28:A5:20:9A:47:5D:2B:B7:C7:2F:7A
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8015C52C41F062629361DD8965A132C
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/gob95Uf2rEzQKKUgmkddK7fHL3o.roa
Signing time:             Tue 02 Jan 2024 02:29:41 +0000
ROA not before:           Tue 02 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204372
IP address blocks:        45.13.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5c:52:c4:1f:06:26:29:36:1d:d8:96:5a:13:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8286fde547f6ac4cd028a5209a475d2bb7c72f7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c4:6e:45:1a:26:cb:ae:ea:d6:4b:7c:80:50:
                    97:33:d0:d0:73:0c:34:69:8f:0d:42:33:4c:11:e0:
                    ea:d2:3c:a5:1b:37:90:a2:2a:ce:f0:36:04:ad:0c:
                    81:01:9b:50:92:57:49:ad:cc:0d:42:e7:a9:09:af:
                    9a:90:4b:af:50:67:82:dd:3b:49:28:46:e5:f5:36:
                    51:6d:82:b1:28:9f:26:e8:60:35:5c:74:14:d9:22:
                    8f:29:9f:88:ea:5f:ed:a6:bd:b3:26:27:f4:12:d1:
                    01:62:fa:65:7c:91:be:ef:8e:59:34:e1:60:12:f2:
                    df:42:4f:21:0d:eb:5f:28:36:ee:1b:c7:85:91:09:
                    bb:b9:80:19:56:b4:0d:fb:ff:d6:33:68:47:29:8b:
                    35:9e:6c:46:c2:62:d0:c0:5d:e1:cb:f4:2c:a9:dd:
                    a0:d3:d5:5a:da:46:ab:eb:71:e9:d7:bd:e2:21:12:
                    68:0a:3e:60:35:6c:05:2f:66:46:15:eb:e4:e5:58:
                    03:ca:a4:17:47:7c:d7:8f:b4:a3:a2:77:f3:c0:42:
                    80:95:4f:c8:cd:19:25:d2:bd:26:62:31:c8:33:30:
                    72:34:dc:95:52:0f:e1:25:c1:7c:c9:51:3f:65:8b:
                    fa:08:cf:0b:00:b1:b0:0e:c6:c5:e0:3d:0b:63:6b:
                    44:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:86:FD:E5:47:F6:AC:4C:D0:28:A5:20:9A:47:5D:2B:B7:C7:2F:7A
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/gob95Uf2rEzQKKUgmkddK7fHL3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:ee:93:45:70:a1:b7:21:2f:5a:55:10:0b:86:0e:1c:ff:69:
         5b:81:5f:c4:f7:9c:1c:fd:0c:d4:8e:70:0d:44:9f:9e:4f:6c:
         ce:63:44:3b:f3:42:df:ba:3c:6b:71:a9:43:cc:e9:2e:93:ed:
         39:f1:d6:50:87:ec:5d:69:50:df:62:12:ab:00:41:25:f4:fd:
         ea:6a:bb:d5:c7:f7:09:a3:d3:d5:cb:bf:95:6b:ba:cf:f1:2e:
         c9:47:ba:26:3b:5b:48:be:a7:c2:32:58:25:90:63:1a:26:1b:
         63:98:a5:eb:fd:d8:13:b4:94:65:5f:91:5b:ee:64:5f:57:8f:
         a0:7f:0a:8a:d6:8d:29:98:d4:5e:df:5b:04:3b:0f:b4:1c:94:
         31:1a:46:8c:ed:01:ba:2f:65:27:41:1b:d4:08:a6:24:72:0a:
         52:23:46:56:cd:12:d6:0f:d5:7f:fe:32:2d:a8:e4:b6:4c:ef:
         04:38:0e:75:2c:53:2f:80:c2:b6:58:8e:dd:06:03:3a:c5:a1:
         f6:f1:da:4f:74:cc:f0:4b:e0:be:e5:59:f1:b6:d6:33:80:cd:
         32:7e:b6:21:33:d3:f2:c7:ca:20:23:7b:4c:ae:8c:32:6f:05:
         bb:7d:49:58:dc:55:2f:bf:53:ef:da:a0:17:ce:b4:54:3f:63:
         ae:cc:ea:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVxSxB8GJik2HdiWWhMsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mjg2ZmRlNTQ3ZjZhYzRjZDAyOGE1MjA5YTQ3NWQyYmI3YzcyZjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcRuRRomy67q1kt8gFCXM9DQcww0
aY8NQjNMEeDq0jylGzeQoirO8DYErQyBAZtQkldJrcwNQuepCa+akEuvUGeC3TtJ
KEbl9TZRbYKxKJ8m6GA1XHQU2SKPKZ+I6l/tpr2zJif0EtEBYvplfJG+745ZNOFg
EvLfQk8hDetfKDbuG8eFkQm7uYAZVrQN+//WM2hHKYs1nmxGwmLQwF3hy/Qsqd2g
09Va2kar63Hp173iIRJoCj5gNWwFL2ZGFevk5VgDyqQXR3zXj7SjonfzwEKAlU/I
zRkl0r0mYjHIMzByNNyVUg/hJcF8yVE/ZYv6CM8LALGwDsbF4D0LY2tE+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIKG/eVH9qxM0CilIJpHXSu3xy96MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvZ29iOTVVZjJyRXpRS0tVZ21rZGRLN2ZITDNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ11MA0G
CSqGSIb3DQEBCwUAA4IBAQAD7pNFcKG3IS9aVRALhg4c/2lbgV/E95wc/QzUjnAN
RJ+eT2zOY0Q780LfujxrcalDzOkuk+058dZQh+xdaVDfYhKrAEEl9P3qarvVx/cJ
o9PVy7+Va7rP8S7JR7omO1tIvqfCMlglkGMaJhtjmKXr/dgTtJRlX5Fb7mRfV4+g
fwqK1o0pmNRe31sEOw+0HJQxGkaM7QG6L2UnQRvUCKYkcgpSI0ZWzRLWD9V//jIt
qOS2TO8EOA51LFMvgMK2WI7dBgM6xaH28dpPdMzwS+C+5VnxttYzgM0yfrYhM9Py
x8ogI3tMrowybwW7fUlY3FUvv1Pv2qAXzrRUP2OuzOq+
-----END CERTIFICATE-----