Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/18ExEuhgE1dnoSNKPswq_ZlYsDo.roa
File:                     18ExEuhgE1dnoSNKPswq_ZlYsDo.roa (raw, json)
Hash identifier:          5wIPAnaPNUsiUR5H4Xkc3bJKUI4fU0xbi+o78m6ZXrE=
Subject key identifier:   D7:C1:31:12:E8:60:13:57:67:A1:23:4A:3E:CC:2A:FD:99:58:B0:3A
Certificate issuer:       /CN=c12ac9b14fd261a8d2763aad417432bebc49a0d6
Certificate serial:       018CC8DCF6B436FB29D9B0045C29D2FEC0B6
Authority key identifier: C1:2A:C9:B1:4F:D2:61:A8:D2:76:3A:AD:41:74:32:BE:BC:49:A0:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wSrJsU_SYajSdjqtQXQyvrxJoNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/18ExEuhgE1dnoSNKPswq_ZlYsDo.roa
Signing time:             Tue 02 Jan 2024 06:29:33 +0000
ROA not before:           Tue 02 Jan 2024 06:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206706
IP address blocks:        45.143.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/wSrJsU_SYajSdjqtQXQyvrxJoNY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/wSrJsU_SYajSdjqtQXQyvrxJoNY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wSrJsU_SYajSdjqtQXQyvrxJoNY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 08:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:f6:b4:36:fb:29:d9:b0:04:5c:29:d2:fe:c0:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c12ac9b14fd261a8d2763aad417432bebc49a0d6
        Validity
            Not Before: Jan  2 06:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7c13112e860135767a1234a3ecc2afd9958b03a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f0:2c:fc:e3:96:fb:4d:2d:44:81:70:b9:a0:
                    cc:e2:24:06:a3:0c:ce:1a:af:a4:5c:2b:78:97:fc:
                    7a:29:a7:97:c9:42:27:4a:b8:76:3d:e5:78:72:bf:
                    5a:08:1f:b9:02:42:53:f0:f8:7e:7d:b4:41:9b:a0:
                    fc:4d:a5:37:c9:db:aa:7f:9d:43:72:aa:3d:30:d6:
                    bc:39:44:b5:07:59:8a:aa:c5:e2:16:72:64:a9:ef:
                    83:78:43:58:f4:f0:34:fc:7c:55:56:47:d9:44:74:
                    d5:77:49:f6:43:00:cd:e5:4a:7f:f3:62:e5:70:b9:
                    1c:71:43:8c:8c:93:1b:ea:9b:1d:1e:5c:b1:4a:3d:
                    e2:31:f6:4f:da:16:35:88:91:33:6f:8e:1c:49:6c:
                    2b:73:0f:b0:2f:49:ea:2f:55:3c:5f:ad:ca:7c:13:
                    92:94:df:d7:b8:4a:20:9d:68:ff:c9:19:ad:d2:b9:
                    2d:74:5e:b4:8a:77:6d:9d:b7:8d:fc:dc:6b:3c:0e:
                    8f:58:9b:37:7a:77:b5:82:18:83:eb:d1:42:84:29:
                    74:99:b2:b3:44:1f:42:08:6a:71:98:cf:d5:e2:cb:
                    6f:ed:09:bd:ef:7c:90:56:c9:bf:94:d3:ab:04:6b:
                    a6:79:35:9a:b7:3c:b3:f1:02:f9:f2:60:43:08:3a:
                    02:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:C1:31:12:E8:60:13:57:67:A1:23:4A:3E:CC:2A:FD:99:58:B0:3A
            X509v3 Authority Key Identifier:
                keyid:C1:2A:C9:B1:4F:D2:61:A8:D2:76:3A:AD:41:74:32:BE:BC:49:A0:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wSrJsU_SYajSdjqtQXQyvrxJoNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/18ExEuhgE1dnoSNKPswq_ZlYsDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/wSrJsU_SYajSdjqtQXQyvrxJoNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:85:77:4b:92:57:f8:b5:a2:f7:eb:3e:8e:1b:69:e9:59:d0:
         e6:cc:f0:8a:51:42:f4:bc:84:82:21:d2:ba:c5:c4:57:b3:32:
         80:1f:0d:61:e9:0c:d3:9f:bf:c1:b0:f9:5a:51:9f:37:8f:32:
         a8:5b:ab:3c:18:94:71:70:57:1d:02:f8:46:55:ac:f2:a6:41:
         6a:0c:8f:2d:62:1e:14:91:6c:56:78:cb:af:59:3a:55:48:f4:
         c9:84:d2:b5:fa:82:bd:b8:ee:3a:c9:8d:14:45:7d:7b:75:f4:
         67:ac:79:33:ac:58:35:7d:4e:97:57:97:bb:6a:22:2c:91:13:
         3d:29:f3:4e:47:84:0d:60:33:73:03:57:12:24:b8:85:47:87:
         90:8c:e8:85:74:27:3b:5b:51:5b:24:30:a0:c7:19:79:67:8b:
         5c:91:2c:b7:51:b3:67:de:b4:be:96:49:a3:0a:52:8c:2b:51:
         98:0c:7c:f4:58:6d:a2:fe:65:86:b6:a8:ef:ed:04:8b:9c:84:
         0e:9f:25:d9:02:95:58:65:86:eb:0c:02:bf:23:b1:b5:43:ab:
         1d:37:ce:95:5e:97:a5:2e:2f:8c:f7:61:c6:2e:4a:e9:79:46:
         87:7c:c0:4a:f6:ee:d4:ef:6c:10:ac:3f:d4:a5:e3:ed:d2:99:
         e5:a1:b7:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3Pa0Nvsp2bAEXCnS/sC2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMmFjOWIxNGZkMjYxYThkMjc2M2FhZDQxNzQzMmJlYmM0
OWEwZDYwHhcNMjQwMTAyMDYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2MxMzExMmU4NjAxMzU3NjdhMTIzNGEzZWNjMmFmZDk5NThiMDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfAs/OOW+00tRIFwuaDM4iQGowzO
Gq+kXCt4l/x6KaeXyUInSrh2PeV4cr9aCB+5AkJT8Ph+fbRBm6D8TaU3yduqf51D
cqo9MNa8OUS1B1mKqsXiFnJkqe+DeENY9PA0/HxVVkfZRHTVd0n2QwDN5Up/82Ll
cLkccUOMjJMb6psdHlyxSj3iMfZP2hY1iJEzb44cSWwrcw+wL0nqL1U8X63KfBOS
lN/XuEognWj/yRmt0rktdF60indtnbeN/NxrPA6PWJs3ene1ghiD69FChCl0mbKz
RB9CCGpxmM/V4stv7Qm973yQVsm/lNOrBGumeTWatzyz8QL58mBDCDoC0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNfBMRLoYBNXZ6EjSj7MKv2ZWLA6MB8GA1UdIwQY
MBaAFMEqybFP0mGo0nY6rUF0Mr68SaDWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1NySnNVX1NZYWpTZGpxdFFYUXl2cnhKb05ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83MDExZGQtYzJkOS00MzQxLTkyMzYt
MjE2N2NmMDFjZjRhLzEvMThFeEV1aGdFMWRub1NOS1Bzd3FfWmxZc0RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS83MDExZGQtYzJkOS00MzQxLTkyMzYtMjE2N2NmMDFjZjRh
LzEvd1NySnNVX1NZYWpTZGpxdFFYUXl2cnhKb05ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY8fMA0G
CSqGSIb3DQEBCwUAA4IBAQAjhXdLklf4taL36z6OG2npWdDmzPCKUUL0vISCIdK6
xcRXszKAHw1h6QzTn7/BsPlaUZ83jzKoW6s8GJRxcFcdAvhGVazypkFqDI8tYh4U
kWxWeMuvWTpVSPTJhNK1+oK9uO46yY0URX17dfRnrHkzrFg1fU6XV5e7aiIskRM9
KfNOR4QNYDNzA1cSJLiFR4eQjOiFdCc7W1FbJDCgxxl5Z4tckSy3UbNn3rS+lkmj
ClKMK1GYDHz0WG2i/mWGtqjv7QSLnIQOnyXZApVYZYbrDAK/I7G1Q6sdN86VXpel
Li+M92HGLkrpeUaHfMBK9u7U72wQrD/UpePt0pnlobeM
-----END CERTIFICATE-----