Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/e1aytWE2xJwMHVnjkrE0HndSN5k.roa
File:                     e1aytWE2xJwMHVnjkrE0HndSN5k.roa (raw, json)
Hash identifier:          09lTIKGJFBet3UMRNRYZgWrhx8KeCEUzU7xUhdLRPTQ=
Subject key identifier:   7B:56:B2:B5:61:36:C4:9C:0C:1D:59:E3:92:B1:34:1E:77:52:37:99
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       018CC348AB031910B9BE9B5318228F7A1924
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/e1aytWE2xJwMHVnjkrE0HndSN5k.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21267
IP address blocks:        45.85.244.0/23 maxlen: 24
                          45.85.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ab:03:19:10:b9:be:9b:53:18:22:8f:7a:19:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b56b2b56136c49c0c1d59e392b1341e77523799
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:1b:7f:47:c1:c1:e3:d6:ba:9d:16:c3:d9:57:
                    d9:2c:7c:71:40:37:ca:8b:46:d7:d9:3a:95:2c:94:
                    50:ad:30:a5:06:73:0b:d3:ea:3a:95:38:bd:42:b4:
                    3d:7d:0f:b0:1f:1f:d0:37:d6:4d:04:40:eb:f2:ce:
                    7d:6b:e2:b4:81:47:58:04:c7:1e:0e:ed:3c:5b:8d:
                    d9:ae:6f:c6:bf:c0:d4:6a:8c:dc:4f:12:e7:fc:b8:
                    98:39:62:d1:76:bd:c1:8a:63:d1:dd:7c:8f:bd:48:
                    8b:01:fe:ca:68:55:92:61:77:af:32:31:0b:53:50:
                    f0:88:f8:e6:13:40:f4:f8:7f:50:a7:90:1a:f2:53:
                    14:26:56:90:d1:f7:1c:0a:9b:db:56:9f:75:82:d0:
                    bf:9b:ca:74:fa:4d:a0:92:ad:e8:a6:14:4b:a2:68:
                    71:70:ea:9a:37:de:2b:bc:92:1d:2a:1e:53:0b:b9:
                    42:c9:ec:1a:7d:ad:14:a5:89:e4:85:3a:3e:a8:1c:
                    95:af:57:ef:74:a8:c9:09:c9:8b:80:fe:29:41:86:
                    80:60:47:e7:43:c1:08:2f:e4:78:6b:3e:e3:56:de:
                    7a:39:db:f3:7d:3d:82:a6:df:90:02:45:73:da:49:
                    13:44:ae:ef:02:54:e8:54:68:86:57:f5:d3:b7:af:
                    97:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:56:B2:B5:61:36:C4:9C:0C:1D:59:E3:92:B1:34:1E:77:52:37:99
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/e1aytWE2xJwMHVnjkrE0HndSN5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.244.0-45.85.246.255

    Signature Algorithm: sha256WithRSAEncryption
         60:6f:72:5b:8b:5c:49:24:9d:6e:32:94:f5:4a:cb:01:0e:1b:
         b9:fa:68:8f:92:77:80:de:a4:15:3a:25:ae:e5:a2:bd:82:e6:
         00:b1:db:92:b1:76:0d:55:c4:dd:60:f8:6b:49:65:e3:53:22:
         93:fb:0a:e1:09:fb:b1:93:73:97:f1:94:8f:af:3f:32:1a:ce:
         27:f2:b6:87:74:47:47:fc:96:5b:bc:a5:81:9c:b6:4a:06:76:
         59:55:94:d1:25:7c:c5:68:eb:fe:37:dc:8c:13:66:de:15:07:
         71:95:9e:19:2e:26:0b:ba:e8:b7:14:ce:d6:5f:09:37:48:bc:
         ae:b9:8c:19:82:1e:98:ff:41:e3:fb:6d:a3:90:04:63:cb:ad:
         11:d6:b5:74:83:de:29:a4:f9:b3:6e:37:50:c4:d0:a1:87:02:
         82:99:0b:3d:dd:e9:1e:c9:5d:c0:67:92:14:9b:1c:45:60:4f:
         cf:ce:de:72:ef:13:44:7d:61:09:d8:79:87:73:26:22:82:88:
         8b:7b:a8:51:47:b1:53:a6:72:84:ce:e6:74:08:fb:38:89:63:
         e1:6b:ce:85:9c:be:2a:ed:e6:04:6d:60:40:63:39:ee:c7:eb:
         c7:be:d8:1e:fe:9a:d4:f5:fd:83:44:24:f8:27:e8:82:95:60:
         a3:67:25:c1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDSKsDGRC5vptTGCKPehkkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjU2YjJiNTYxMzZjNDljMGMxZDU5ZTM5MmIxMzQxZTc3NTIzNzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuht/R8HB49a6nRbD2VfZLHxxQDfK
i0bX2TqVLJRQrTClBnML0+o6lTi9QrQ9fQ+wHx/QN9ZNBEDr8s59a+K0gUdYBMce
Du08W43Zrm/Gv8DUaozcTxLn/LiYOWLRdr3BimPR3XyPvUiLAf7KaFWSYXevMjEL
U1DwiPjmE0D0+H9Qp5Aa8lMUJlaQ0fccCpvbVp91gtC/m8p0+k2gkq3ophRLomhx
cOqaN94rvJIdKh5TC7lCyewafa0UpYnkhTo+qByVr1fvdKjJCcmLgP4pQYaAYEfn
Q8EIL+R4az7jVt56OdvzfT2Cpt+QAkVz2kkTRK7vAlToVGiGV/XTt6+XcwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHtWsrVhNsScDB1Z45KxNB53UjeZMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvZTFheXRXRTJ4SndNSFZuamtyRTBIbmRTTjVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAItVfQD
BAAtVfYwDQYJKoZIhvcNAQELBQADggEBAGBvcluLXEkknW4ylPVKywEOG7n6aI+S
d4DepBU6Ja7lor2C5gCx25Kxdg1VxN1g+GtJZeNTIpP7CuEJ+7GTc5fxlI+vPzIa
zifytod0R0f8llu8pYGctkoGdllVlNElfMVo6/433IwTZt4VB3GVnhkuJgu66LcU
ztZfCTdIvK65jBmCHpj/QeP7baOQBGPLrRHWtXSD3imk+bNuN1DE0KGHAoKZCz3d
6R7JXcBnkhSbHEVgT8/O3nLvE0R9YQnYeYdzJiKCiIt7qFFHsVOmcoTO5nQI+ziJ
Y+FrzoWcvirt5gRtYEBjOe7H68e+2B7+mtT1/YNEJPgn6IKVYKNnJcE=
-----END CERTIFICATE-----