Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/jlOkZVRB3C8k53JmRxGo_2rI_XA.roa
File:                     jlOkZVRB3C8k53JmRxGo_2rI_XA.roa (raw, json)
Hash identifier:          r0ACkVn/wNxSNUEU1BDKM51uK62Xv9JVXHhp2OrPRK4=
Subject key identifier:   8E:53:A4:65:54:41:DC:2F:24:E7:72:66:47:11:A8:FF:6A:C8:FD:70
Certificate issuer:       /CN=bfd81ca90cc5224586afebab1c78b1790268d5c1
Certificate serial:       018CC8715409701FCC99A1F1FE101A0CB5F9
Authority key identifier: BF:D8:1C:A9:0C:C5:22:45:86:AF:EB:AB:1C:78:B1:79:02:68:D5:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v9gcqQzFIkWGr-urHHixeQJo1cE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/jlOkZVRB3C8k53JmRxGo_2rI_XA.roa
Signing time:             Tue 02 Jan 2024 04:31:59 +0000
ROA not before:           Tue 02 Jan 2024 04:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202492
IP address blocks:        45.149.218.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/v9gcqQzFIkWGr-urHHixeQJo1cE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/v9gcqQzFIkWGr-urHHixeQJo1cE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v9gcqQzFIkWGr-urHHixeQJo1cE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:54:09:70:1f:cc:99:a1:f1:fe:10:1a:0c:b5:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfd81ca90cc5224586afebab1c78b1790268d5c1
        Validity
            Not Before: Jan  2 04:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e53a4655441dc2f24e772664711a8ff6ac8fd70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:e7:0c:fd:31:30:c3:c3:37:ef:93:59:74:16:
                    3b:68:89:2d:24:66:91:23:f9:7f:f6:4c:8f:fa:4d:
                    85:7b:07:c3:9f:62:80:a0:02:80:48:eb:d9:87:ab:
                    24:36:ea:e9:7d:40:f5:b6:85:e0:ef:68:d9:09:e1:
                    84:2b:52:f3:a6:2a:3d:f7:49:9f:b3:33:0f:18:40:
                    fd:e1:a3:20:f9:a4:d8:bf:72:af:3d:ad:c9:f9:6b:
                    f9:f1:39:fc:ea:a4:1d:dd:e1:f2:28:4c:f1:7c:91:
                    c5:1b:af:7d:b7:db:2e:9b:f1:ee:3e:76:90:bf:b5:
                    66:0c:32:63:ab:b5:30:da:2c:5f:37:af:15:8f:17:
                    57:48:ec:f2:b1:68:3b:74:d6:c5:de:b9:29:d8:87:
                    5f:c8:79:e5:9f:3d:69:3a:a4:af:08:3c:4d:46:ef:
                    e0:ba:1e:6b:e2:a8:28:5f:ed:ce:ff:c9:2e:b2:81:
                    55:5c:69:50:1e:14:21:8b:e8:61:7f:b4:9c:74:5c:
                    73:77:ed:31:9a:5a:ab:41:b9:f1:33:b8:ff:4d:97:
                    1a:10:dd:09:03:01:33:2a:2a:1a:7e:a8:46:b6:ba:
                    36:a5:5a:2f:b3:f1:c1:63:3f:0f:e3:82:93:51:2f:
                    c8:7d:aa:13:5d:6d:dd:63:ef:0a:97:35:2a:df:bd:
                    87:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:53:A4:65:54:41:DC:2F:24:E7:72:66:47:11:A8:FF:6A:C8:FD:70
            X509v3 Authority Key Identifier:
                keyid:BF:D8:1C:A9:0C:C5:22:45:86:AF:EB:AB:1C:78:B1:79:02:68:D5:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v9gcqQzFIkWGr-urHHixeQJo1cE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/jlOkZVRB3C8k53JmRxGo_2rI_XA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/v9gcqQzFIkWGr-urHHixeQJo1cE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:f7:e6:d1:06:66:1a:b2:8f:d3:61:a4:8a:d0:3b:5e:14:91:
         8b:73:c0:be:71:23:10:bb:13:99:ee:20:51:3f:77:38:6b:48:
         20:26:38:36:b0:e8:e4:11:5c:69:fe:5c:ca:79:54:90:5e:78:
         c6:b0:87:7f:14:d1:84:68:c7:1e:ad:42:f2:8e:99:10:16:f5:
         a9:c1:b3:ff:3d:59:6f:2e:76:df:0c:f1:71:9d:f6:00:26:30:
         e9:0f:67:0c:53:fd:10:56:45:7e:ee:94:11:55:59:93:a0:6d:
         97:62:db:98:95:2b:67:92:a7:99:22:d1:2e:0c:0a:ec:58:3d:
         1a:81:8d:30:8a:27:5c:59:e4:82:6f:c9:3a:e9:ef:d7:a1:a1:
         de:e3:7e:d2:6c:c4:dd:4d:eb:05:cc:f8:0f:a0:d4:6c:45:2f:
         8a:ff:f2:c9:85:cb:a9:68:96:a9:37:75:3e:be:a5:d5:6b:9f:
         c3:a2:88:78:6d:f5:fd:05:fd:1e:a8:be:9a:84:26:ea:85:d0:
         f5:f2:92:55:0d:93:8e:3f:95:e7:34:b3:91:36:d4:4b:78:25:
         bd:6c:fe:bb:26:cd:0b:ca:4d:41:e7:45:12:43:bb:dc:d8:d0:
         42:99:c6:77:7e:3e:07:8c:5e:0d:49:66:7d:8c:2a:36:7d:d7:
         85:58:62:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcVQJcB/MmaHx/hAaDLX5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZDgxY2E5MGNjNTIyNDU4NmFmZWJhYjFjNzhiMTc5MDI2
OGQ1YzEwHhcNMjQwMTAyMDQzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTUzYTQ2NTU0NDFkYzJmMjRlNzcyNjY0NzExYThmZjZhYzhmZDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOcM/TEww8M375NZdBY7aIktJGaR
I/l/9kyP+k2FewfDn2KAoAKASOvZh6skNurpfUD1toXg72jZCeGEK1Lzpio990mf
szMPGED94aMg+aTYv3KvPa3J+Wv58Tn86qQd3eHyKEzxfJHFG699t9sum/HuPnaQ
v7VmDDJjq7Uw2ixfN68VjxdXSOzysWg7dNbF3rkp2IdfyHnlnz1pOqSvCDxNRu/g
uh5r4qgoX+3O/8kusoFVXGlQHhQhi+hhf7ScdFxzd+0xmlqrQbnxM7j/TZcaEN0J
AwEzKioafqhGtro2pVovs/HBYz8P44KTUS/IfaoTXW3dY+8KlzUq372H7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI5TpGVUQdwvJOdyZkcRqP9qyP1wMB8GA1UdIwQY
MBaAFL/YHKkMxSJFhq/rqxx4sXkCaNXBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjlnY3FRekZJa1dHci11ckhIaXhlUUpvMWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yNWE1OWMtYzJmYy00ZmQ0LTk2Zjct
ODRhZGNiZjVhYzU1LzEvamxPa1pWUkIzQzhrNTNKbVJ4R29fMnJJX1hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yNWE1OWMtYzJmYy00ZmQ0LTk2ZjctODRhZGNiZjVhYzU1
LzEvdjlnY3FRekZJa1dHci11ckhIaXhlUUpvMWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZXaMA0G
CSqGSIb3DQEBCwUAA4IBAQCL9+bRBmYaso/TYaSK0DteFJGLc8C+cSMQuxOZ7iBR
P3c4a0ggJjg2sOjkEVxp/lzKeVSQXnjGsId/FNGEaMcerULyjpkQFvWpwbP/PVlv
LnbfDPFxnfYAJjDpD2cMU/0QVkV+7pQRVVmToG2XYtuYlStnkqeZItEuDArsWD0a
gY0wiidcWeSCb8k66e/XoaHe437SbMTdTesFzPgPoNRsRS+K//LJhcupaJapN3U+
vqXVa5/Dooh4bfX9Bf0eqL6ahCbqhdD18pJVDZOOP5XnNLORNtRLeCW9bP67Js0L
yk1B50USQ7vc2NBCmcZ3fj4HjF4NSWZ9jCo2fdeFWGJx
-----END CERTIFICATE-----