Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/LdjFyuhEfiUIoBxN0x28Gn7JUvU.roa
File:                     LdjFyuhEfiUIoBxN0x28Gn7JUvU.roa (raw, json)
Hash identifier:          MeAKo6TlpIPil3Zgic5J4M2Qzg/M5HxO1ToJlxSXRjs=
Subject key identifier:   2D:D8:C5:CA:E8:44:7E:25:08:A0:1C:4D:D3:1D:BC:1A:7E:C9:52:F5
Certificate issuer:       /CN=c12ac9b14fd261a8d2763aad417432bebc49a0d6
Certificate serial:       018DD228D6ADC3AC45CDC81484E34AAD46F0
Authority key identifier: C1:2A:C9:B1:4F:D2:61:A8:D2:76:3A:AD:41:74:32:BE:BC:49:A0:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wSrJsU_SYajSdjqtQXQyvrxJoNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/LdjFyuhEfiUIoBxN0x28Gn7JUvU.roa
Signing time:             Thu 22 Feb 2024 18:51:48 +0000
ROA not before:           Thu 22 Feb 2024 18:51:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210162
IP address blocks:        45.143.28.0/24 maxlen: 24
                          45.143.29.0/24 maxlen: 24
                          45.143.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/wSrJsU_SYajSdjqtQXQyvrxJoNY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/wSrJsU_SYajSdjqtQXQyvrxJoNY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wSrJsU_SYajSdjqtQXQyvrxJoNY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 14:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d2:28:d6:ad:c3:ac:45:cd:c8:14:84:e3:4a:ad:46:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c12ac9b14fd261a8d2763aad417432bebc49a0d6
        Validity
            Not Before: Feb 22 18:51:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2dd8c5cae8447e2508a01c4dd31dbc1a7ec952f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:cc:99:2b:18:10:12:b3:4e:47:7e:69:2b:1b:
                    1a:c9:29:61:81:34:de:f2:8c:89:51:b9:0b:06:1f:
                    eb:b6:b0:80:db:97:06:e7:74:6d:e1:b6:27:a1:cf:
                    6d:4a:e2:e8:8a:f7:d1:b6:66:08:09:f9:fa:96:c9:
                    cc:cb:24:bf:ac:1e:05:73:7d:c5:03:6b:73:e8:89:
                    b5:e9:a2:c4:95:a6:e7:4a:ce:d2:99:13:67:4b:bd:
                    d9:6d:ee:1e:b5:48:9d:cf:3a:f9:18:d1:ac:34:56:
                    b4:a0:93:c8:01:30:fc:8b:de:1f:b9:3b:34:ab:f2:
                    8b:71:84:95:3d:bc:4f:c2:0c:bd:c9:7c:21:1c:f7:
                    72:59:dc:1d:71:4d:33:ff:b1:a3:5b:12:0c:60:7b:
                    bc:64:b9:ec:ae:b8:60:e3:be:97:15:31:3d:3f:83:
                    07:30:74:e4:0c:dd:0e:3c:ce:cd:b7:6a:72:3e:e0:
                    2b:0e:fd:9e:5e:4b:15:8d:13:d0:e7:32:c9:cb:d8:
                    07:35:50:83:9e:34:72:b2:ed:3a:1c:68:d6:38:79:
                    c2:ce:cd:3f:1c:4c:31:a3:b4:55:d9:52:8b:88:8f:
                    74:7e:95:36:78:f0:2f:c3:c6:92:2d:84:c6:83:d9:
                    c1:4f:31:a7:b6:bf:28:db:5e:29:7b:5d:97:af:e0:
                    cb:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:D8:C5:CA:E8:44:7E:25:08:A0:1C:4D:D3:1D:BC:1A:7E:C9:52:F5
            X509v3 Authority Key Identifier:
                keyid:C1:2A:C9:B1:4F:D2:61:A8:D2:76:3A:AD:41:74:32:BE:BC:49:A0:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wSrJsU_SYajSdjqtQXQyvrxJoNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/LdjFyuhEfiUIoBxN0x28Gn7JUvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/wSrJsU_SYajSdjqtQXQyvrxJoNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.28.0/23
                  45.143.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:10:8f:24:0f:ee:19:8e:c1:56:e9:36:f5:de:4d:48:71:22:
         c4:6b:14:01:34:5f:3d:2b:f2:37:3a:15:a4:4e:64:b3:05:6c:
         94:9e:d6:dc:86:1b:7e:4f:2b:f3:50:30:84:c1:30:fe:70:f4:
         3f:31:d4:8a:94:cf:2e:f4:63:43:85:96:2d:5f:1e:dc:5a:24:
         19:a5:d1:04:1f:83:87:74:b7:57:a3:a8:cc:6b:c5:4c:c4:9a:
         27:90:9c:20:4c:d2:28:0b:9d:2f:ef:12:0d:02:b5:a8:60:81:
         71:76:8c:b6:5a:d3:c9:e3:1f:03:e2:f5:cd:03:2f:d4:40:6f:
         9a:18:0c:63:14:cd:75:34:07:ca:07:5f:6f:52:a3:c6:d7:6b:
         55:7a:7f:5a:67:e6:f1:b4:90:b3:c5:b8:c9:c2:49:f8:33:a3:
         36:6d:2b:43:e7:d7:4c:3f:ad:86:38:51:aa:d2:b5:44:e8:8c:
         c9:c0:51:24:58:c6:57:63:31:f6:ae:f7:3c:52:0f:2a:ba:c3:
         ec:3b:c0:bc:9f:ac:82:76:1a:6e:d8:fb:9d:ec:3a:ce:0f:40:
         07:1f:d3:8e:16:56:5b:35:48:43:4c:0f:a9:38:89:4b:f7:aa:
         32:0a:c7:ad:58:41:0e:ee:7d:fd:bb:58:6a:c7:54:7f:f4:d6:
         c7:63:71:27
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3SKNatw6xFzcgUhONKrUbwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMmFjOWIxNGZkMjYxYThkMjc2M2FhZDQxNzQzMmJlYmM0
OWEwZDYwHhcNMjQwMjIyMTg1MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGQ4YzVjYWU4NDQ3ZTI1MDhhMDFjNGRkMzFkYmMxYTdlYzk1MmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusyZKxgQErNOR35pKxsaySlhgTTe
8oyJUbkLBh/rtrCA25cG53Rt4bYnoc9tSuLoivfRtmYICfn6lsnMyyS/rB4Fc33F
A2tz6Im16aLElabnSs7SmRNnS73Zbe4etUidzzr5GNGsNFa0oJPIATD8i94fuTs0
q/KLcYSVPbxPwgy9yXwhHPdyWdwdcU0z/7GjWxIMYHu8ZLnsrrhg476XFTE9P4MH
MHTkDN0OPM7Nt2pyPuArDv2eXksVjRPQ5zLJy9gHNVCDnjRysu06HGjWOHnCzs0/
HEwxo7RV2VKLiI90fpU2ePAvw8aSLYTGg9nBTzGntr8o214pe12Xr+DL5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC3YxcroRH4lCKAcTdMdvBp+yVL1MB8GA1UdIwQY
MBaAFMEqybFP0mGo0nY6rUF0Mr68SaDWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1NySnNVX1NZYWpTZGpxdFFYUXl2cnhKb05ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83MDExZGQtYzJkOS00MzQxLTkyMzYt
MjE2N2NmMDFjZjRhLzEvTGRqRnl1aEVmaVVJb0J4TjB4MjhHbjdKVXZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS83MDExZGQtYzJkOS00MzQxLTkyMzYtMjE2N2NmMDFjZjRh
LzEvd1NySnNVX1NZYWpTZGpxdFFYUXl2cnhKb05ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLY8cAwQA
LY8fMA0GCSqGSIb3DQEBCwUAA4IBAQApEI8kD+4ZjsFW6Tb13k1IcSLEaxQBNF89
K/I3OhWkTmSzBWyUntbchht+TyvzUDCEwTD+cPQ/MdSKlM8u9GNDhZYtXx7cWiQZ
pdEEH4OHdLdXo6jMa8VMxJonkJwgTNIoC50v7xINArWoYIFxdoy2WtPJ4x8D4vXN
Ay/UQG+aGAxjFM11NAfKB19vUqPG12tVen9aZ+bxtJCzxbjJwkn4M6M2bStD59dM
P62GOFGq0rVE6IzJwFEkWMZXYzH2rvc8Ug8qusPsO8C8n6yCdhpu2Pud7DrOD0AH
H9OOFlZbNUhDTA+pOIlL96oyCsetWEEO7n39u1hqx1R/9NbHY3En
-----END CERTIFICATE-----