Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/zv5g7EfC5EnBRMUeGU5TOmOxU-4.roa
File:                     zv5g7EfC5EnBRMUeGU5TOmOxU-4.roa (raw, json)
Hash identifier:          bZdqahx7CmZOK+bjWhRpl0vfqKxkoEKHLcOvzBedKVM=
Subject key identifier:   CE:FE:60:EC:47:C2:E4:49:C1:44:C5:1E:19:4E:53:3A:63:B1:53:EE
Certificate issuer:       /CN=e9be181aabdb195513a26c67b621e2986818d03d
Certificate serial:       018D8E9902DD8EFB127D3F8C347C22AF272C
Authority key identifier: E9:BE:18:1A:AB:DB:19:55:13:A2:6C:67:B6:21:E2:98:68:18:D0:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/zv5g7EfC5EnBRMUeGU5TOmOxU-4.roa
Signing time:             Fri 09 Feb 2024 16:00:08 +0000
ROA not before:           Fri 09 Feb 2024 16:00:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212667
IP address blocks:        45.15.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/6b4YGqvbGVUTomxntiHimGgY0D0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/6b4YGqvbGVUTomxntiHimGgY0D0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 05:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8e:99:02:dd:8e:fb:12:7d:3f:8c:34:7c:22:af:27:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9be181aabdb195513a26c67b621e2986818d03d
        Validity
            Not Before: Feb  9 16:00:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cefe60ec47c2e449c144c51e194e533a63b153ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ba:71:69:5d:7c:f1:3f:ee:0e:3d:13:08:cc:
                    4a:13:2f:ce:7a:84:fa:bf:ab:27:bb:5c:db:88:a7:
                    2e:57:b1:09:75:82:3f:43:b7:c4:34:05:ca:6d:2c:
                    b4:7a:8d:7c:5c:1b:65:cc:55:40:2e:b9:ed:b7:b8:
                    23:63:e7:fd:9e:1b:7d:4c:56:92:6d:58:32:2f:1a:
                    1d:87:d4:9c:6a:38:82:a5:6e:37:35:f7:89:a4:34:
                    30:97:26:bd:8a:bb:cd:90:c8:d3:6c:73:71:fd:99:
                    91:6b:f4:e7:8b:72:ef:8c:5c:f2:1b:0c:3a:0a:9b:
                    da:6e:19:43:30:2c:dc:4e:28:9e:de:b8:55:c5:85:
                    6a:14:82:24:50:5e:b2:08:df:c4:7a:51:93:3b:0f:
                    df:82:24:12:cf:20:6e:70:aa:ec:85:63:a9:d7:83:
                    a4:25:ab:14:f4:f4:8e:84:e4:67:19:d3:d8:2f:a9:
                    3f:f7:02:44:9e:15:82:31:8c:a1:4f:6b:84:5f:91:
                    5d:66:1d:d5:8c:71:6e:53:78:47:37:e8:46:08:e0:
                    b5:59:47:8f:9b:72:de:3d:f1:f6:3a:d1:45:cb:99:
                    36:5b:4d:b4:c6:fb:37:80:98:54:67:ac:43:f1:f2:
                    10:6a:68:32:3b:e8:ed:c4:e6:f3:98:bb:35:77:db:
                    77:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:FE:60:EC:47:C2:E4:49:C1:44:C5:1E:19:4E:53:3A:63:B1:53:EE
            X509v3 Authority Key Identifier:
                keyid:E9:BE:18:1A:AB:DB:19:55:13:A2:6C:67:B6:21:E2:98:68:18:D0:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b4YGqvbGVUTomxntiHimGgY0D0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/zv5g7EfC5EnBRMUeGU5TOmOxU-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/becd16-a9e9-4cd6-800e-f008dd83e32a/1/6b4YGqvbGVUTomxntiHimGgY0D0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:1d:fb:bb:ab:ad:16:36:28:3f:db:e9:b0:51:08:83:96:12:
         1d:fb:2d:fd:71:d6:84:bf:e5:9b:11:ae:fb:37:7b:11:71:85:
         1b:10:f9:a0:45:a4:13:c6:c3:e8:20:21:36:87:02:26:dd:2a:
         74:03:d1:1b:c2:01:6f:2f:b3:f9:2a:84:e2:21:43:38:4c:76:
         c1:52:8e:05:5f:5b:a2:28:35:f7:fb:ad:84:f5:d4:98:9a:f8:
         23:fc:89:e5:66:d6:3b:cc:76:08:02:a7:76:d2:8c:b0:5e:af:
         53:81:58:4a:2a:41:b9:8c:93:3a:57:7f:a7:40:bf:0e:88:20:
         20:7d:53:08:98:7b:f6:c7:c5:20:8a:e6:de:bd:1b:a0:41:92:
         47:20:37:ca:c3:25:20:48:9e:ad:e2:87:c6:53:da:e0:e3:07:
         3e:ce:38:47:12:f4:ad:59:c9:1a:dd:10:88:87:16:2e:b0:b5:
         6f:71:c9:60:57:80:25:ff:ea:e1:10:43:74:53:3f:95:30:94:
         32:74:53:9a:0a:ca:70:3c:64:29:61:a8:72:25:08:02:88:c0:
         7a:59:8c:d8:17:ef:2f:db:b7:83:43:09:35:dd:6f:94:2b:27:
         78:47:ef:66:8f:5e:51:44:7c:79:3d:b0:fd:5c:7b:be:d4:33:
         aa:7b:68:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2OmQLdjvsSfT+MNHwirycsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YmUxODFhYWJkYjE5NTUxM2EyNmM2N2I2MjFlMjk4Njgx
OGQwM2QwHhcNMjQwMjA5MTYwMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWZlNjBlYzQ3YzJlNDQ5YzE0NGM1MWUxOTRlNTMzYTYzYjE1M2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbpxaV188T/uDj0TCMxKEy/OeoT6
v6snu1zbiKcuV7EJdYI/Q7fENAXKbSy0eo18XBtlzFVALrntt7gjY+f9nht9TFaS
bVgyLxodh9ScajiCpW43NfeJpDQwlya9irvNkMjTbHNx/ZmRa/Tni3LvjFzyGww6
CpvabhlDMCzcTiie3rhVxYVqFIIkUF6yCN/EelGTOw/fgiQSzyBucKrshWOp14Ok
JasU9PSOhORnGdPYL6k/9wJEnhWCMYyhT2uEX5FdZh3VjHFuU3hHN+hGCOC1WUeP
m3LePfH2OtFFy5k2W020xvs3gJhUZ6xD8fIQamgyO+jtxObzmLs1d9t3hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM7+YOxHwuRJwUTFHhlOUzpjsVPuMB8GA1UdIwQY
MBaAFOm+GBqr2xlVE6JsZ7Yh4phoGNA9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmI0WUdxdmJHVlVUb214bnRpSGltR2dZMEQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9iZWNkMTYtYTllOS00Y2Q2LTgwMGUt
ZjAwOGRkODNlMzJhLzEvenY1ZzdFZkM1RW5CUk1VZUdVNVRPbU94VS00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9iZWNkMTYtYTllOS00Y2Q2LTgwMGUtZjAwOGRkODNlMzJh
LzEvNmI0WUdxdmJHVlVUb214bnRpSGltR2dZMEQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ//MA0G
CSqGSIb3DQEBCwUAA4IBAQBiHfu7q60WNig/2+mwUQiDlhId+y39cdaEv+WbEa77
N3sRcYUbEPmgRaQTxsPoICE2hwIm3Sp0A9EbwgFvL7P5KoTiIUM4THbBUo4FX1ui
KDX3+62E9dSYmvgj/InlZtY7zHYIAqd20oywXq9TgVhKKkG5jJM6V3+nQL8OiCAg
fVMImHv2x8UgiubevRugQZJHIDfKwyUgSJ6t4ofGU9rg4wc+zjhHEvStWcka3RCI
hxYusLVvcclgV4Al/+rhEEN0Uz+VMJQydFOaCspwPGQpYahyJQgCiMB6WYzYF+8v
27eDQwk13W+UKyd4R+9mj15RRHx5PbD9XHu+1DOqe2jx
-----END CERTIFICATE-----