Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/_DB9Hz7nSSMH4CKNpvnwxz7mEZ8.roa
File:                     _DB9Hz7nSSMH4CKNpvnwxz7mEZ8.roa (raw, json)
Hash identifier:          ZFddUTUu6vRZ1XTISNow9F9hB953r6KdGd/vjUt7+0c=
Subject key identifier:   FC:30:7D:1F:3E:E7:49:23:07:E0:22:8D:A6:F9:F0:C7:3E:E6:11:9F
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       018CC348B01DDBE4DD8A073FF62EBB8B7CE2
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/_DB9Hz7nSSMH4CKNpvnwxz7mEZ8.roa
Signing time:             Mon 01 Jan 2024 04:29:29 +0000
ROA not before:           Mon 01 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     262287
IP address blocks:        45.131.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b0:1d:db:e4:dd:8a:07:3f:f6:2e:bb:8b:7c:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan  1 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc307d1f3ee7492307e0228da6f9f0c73ee6119f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:3c:6a:04:ec:0e:3e:de:f6:2c:7e:36:5b:4a:
                    3f:18:ad:7e:56:0b:54:f3:2a:a1:42:08:75:88:54:
                    e7:de:f4:1c:08:c8:1b:67:dd:41:20:53:55:43:8e:
                    68:92:fe:e9:c3:b0:b1:b7:38:f1:ce:21:de:c2:d0:
                    1c:6f:c0:84:77:25:bd:56:b0:0d:a5:df:ce:78:f5:
                    5b:18:a8:0b:ec:43:a9:59:ad:5a:2b:fa:99:26:db:
                    4a:a2:57:f5:e5:24:8a:17:f4:1a:ac:a6:d9:26:6b:
                    4e:31:57:2a:26:b7:c5:db:b6:23:4b:ae:fe:ce:0e:
                    33:2a:93:c0:17:96:56:db:db:3b:d2:9d:a7:1f:7f:
                    2b:a9:d7:41:ad:15:75:82:10:ac:66:90:39:60:fc:
                    5b:62:e7:42:9d:b6:0d:7e:cd:be:6f:99:c6:3d:6f:
                    7f:7c:ec:e5:b6:e9:66:5d:ba:53:76:03:03:5e:01:
                    19:6a:b5:fe:69:49:ec:f6:03:08:d1:d2:bb:14:59:
                    7a:54:a8:2c:92:f7:0c:b9:5e:78:ce:d3:97:13:ba:
                    25:ef:f4:bb:dd:3d:69:c8:1d:84:ac:da:46:46:10:
                    c4:48:12:28:fe:a2:b8:35:71:2d:fc:c1:b0:7a:d8:
                    90:50:17:8f:4b:c5:50:57:20:e2:a5:34:40:d0:aa:
                    83:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:30:7D:1F:3E:E7:49:23:07:E0:22:8D:A6:F9:F0:C7:3E:E6:11:9F
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/_DB9Hz7nSSMH4CKNpvnwxz7mEZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:5b:68:aa:a2:f3:d7:f0:36:95:6e:93:52:99:ec:7e:5e:f9:
         88:69:3b:99:c7:a3:bd:3c:af:70:d0:59:21:7c:14:9a:09:42:
         c5:df:cc:bc:ae:8d:c7:46:10:3f:45:f6:e2:d6:fd:ab:42:4f:
         2d:ac:7e:e2:b8:1b:84:3d:2c:f6:0b:aa:40:da:fa:3c:eb:a4:
         72:2c:68:37:f5:cc:46:cf:54:c2:2e:54:96:5d:7f:1e:19:e8:
         a3:31:66:c0:20:c1:97:26:a0:27:77:7b:00:34:83:54:3a:ca:
         48:5a:0c:bc:d1:03:cc:67:b9:3a:1b:82:a4:77:a0:8b:70:f0:
         dc:ef:a4:8e:25:d2:da:86:81:c6:63:2c:ad:0a:fa:58:a1:35:
         8f:95:22:e8:ca:50:2c:5a:90:52:6d:51:12:98:e6:e8:33:d6:
         82:0f:2b:61:80:75:a8:db:73:19:e0:62:a4:eb:ed:2a:6a:e7:
         fa:d9:06:32:b7:c2:7f:37:99:1c:bc:38:6a:dc:a4:1c:7e:6f:
         67:35:cc:f7:4c:fc:cd:a6:47:f8:81:26:6f:c6:49:0d:63:6e:
         1b:4b:3a:6f:5a:0d:cb:30:b6:2d:43:f1:79:d1:bc:89:84:e6:
         75:f4:a9:33:b1:1f:a3:82:31:26:9c:46:f4:32:43:9d:97:eb:
         7b:c6:a5:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLAd2+Tdigc/9i67i3ziMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjQwMTAxMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzMwN2QxZjNlZTc0OTIzMDdlMDIyOGRhNmY5ZjBjNzNlZTYxMTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzxqBOwOPt72LH42W0o/GK1+VgtU
8yqhQgh1iFTn3vQcCMgbZ91BIFNVQ45okv7pw7CxtzjxziHewtAcb8CEdyW9VrAN
pd/OePVbGKgL7EOpWa1aK/qZJttKolf15SSKF/QarKbZJmtOMVcqJrfF27YjS67+
zg4zKpPAF5ZW29s70p2nH38rqddBrRV1ghCsZpA5YPxbYudCnbYNfs2+b5nGPW9/
fOzltulmXbpTdgMDXgEZarX+aUns9gMI0dK7FFl6VKgskvcMuV54ztOXE7ol7/S7
3T1pyB2ErNpGRhDESBIo/qK4NXEt/MGwetiQUBePS8VQVyDipTRA0KqDxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwwfR8+50kjB+Aijab58Mc+5hGfMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvX0RCOUh6N25TU01INENLTnB2bnd4ejdtRVo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYPBMA0G
CSqGSIb3DQEBCwUAA4IBAQArW2iqovPX8DaVbpNSmex+XvmIaTuZx6O9PK9w0Fkh
fBSaCULF38y8ro3HRhA/Rfbi1v2rQk8trH7iuBuEPSz2C6pA2vo866RyLGg39cxG
z1TCLlSWXX8eGeijMWbAIMGXJqAnd3sANINUOspIWgy80QPMZ7k6G4Kkd6CLcPDc
76SOJdLahoHGYyytCvpYoTWPlSLoylAsWpBSbVESmOboM9aCDythgHWo23MZ4GKk
6+0qauf62QYyt8J/N5kcvDhq3KQcfm9nNcz3TPzNpkf4gSZvxkkNY24bSzpvWg3L
MLYtQ/F50byJhOZ19KkzsR+jgjEmnEb0MkOdl+t7xqXX
-----END CERTIFICATE-----