Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/c6e972-4ed1-4526-a320-3b7c126725d5/1/ca6D7Ik7BY6xC9hpINS_53jfUSY.roa
File:                     ca6D7Ik7BY6xC9hpINS_53jfUSY.roa (raw, json)
Hash identifier:          DRFnt97GfPuZhSr8X9rawq3gMqrYp0wKSI4KVanZ9co=
Subject key identifier:   71:AE:83:EC:89:3B:05:8E:B1:0B:D8:69:20:D4:BF:E7:78:DF:51:26
Certificate issuer:       /CN=a3020ae96b5f0c5b7339e6154dcec6f16cb63f5a
Certificate serial:       018CC8DFB0BB72E216867ADF1114249460CA
Authority key identifier: A3:02:0A:E9:6B:5F:0C:5B:73:39:E6:15:4D:CE:C6:F1:6C:B6:3F:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/owIK6WtfDFtzOeYVTc7G8Wy2P1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/c6e972-4ed1-4526-a320-3b7c126725d5/1/ca6D7Ik7BY6xC9hpINS_53jfUSY.roa
Signing time:             Tue 02 Jan 2024 06:32:32 +0000
ROA not before:           Tue 02 Jan 2024 06:32:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208873
IP address blocks:        45.81.158.0/23 maxlen: 23
                          45.81.156.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/c6e972-4ed1-4526-a320-3b7c126725d5/1/owIK6WtfDFtzOeYVTc7G8Wy2P1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/c6e972-4ed1-4526-a320-3b7c126725d5/1/owIK6WtfDFtzOeYVTc7G8Wy2P1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/owIK6WtfDFtzOeYVTc7G8Wy2P1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:b0:bb:72:e2:16:86:7a:df:11:14:24:94:60:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3020ae96b5f0c5b7339e6154dcec6f16cb63f5a
        Validity
            Not Before: Jan  2 06:32:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71ae83ec893b058eb10bd86920d4bfe778df5126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:b6:3d:7c:10:3a:b7:92:9e:f7:15:00:29:7b:
                    6c:7a:4a:fb:21:c8:1c:1b:97:8f:77:09:61:6d:e7:
                    28:45:98:84:e7:95:88:97:73:26:76:f1:e6:37:28:
                    b4:02:70:44:a8:b4:e8:56:c6:2d:7a:56:cc:54:66:
                    d3:53:50:5a:36:0a:85:9b:16:05:e9:4f:39:73:4f:
                    23:8d:1e:8f:c3:59:9b:2e:92:a1:e8:36:21:1c:6d:
                    ca:c1:c4:eb:48:c7:df:9c:cb:91:89:ea:72:9e:e0:
                    04:0e:6a:93:3b:a3:c2:6f:0d:bc:95:35:bf:dd:85:
                    3a:23:19:00:66:31:d6:8c:d0:17:c8:78:58:f5:fc:
                    ea:06:d4:98:46:3e:e0:59:d2:6a:83:e3:8a:da:9b:
                    d3:32:f2:9e:2e:6b:a7:62:b4:72:d5:d3:88:b5:fa:
                    6f:d6:22:21:8b:4c:b7:22:05:fe:7f:c4:6c:b5:96:
                    e6:e4:31:ad:df:66:11:ae:3b:22:07:31:c5:31:fc:
                    45:76:f1:a0:e9:e0:39:92:dc:4e:5f:ff:3d:29:01:
                    89:88:0e:af:d1:6e:ef:92:c9:39:2b:56:15:6f:4f:
                    cf:35:ad:2a:76:66:4b:32:ef:de:4f:36:b1:9a:69:
                    f7:ad:9a:f9:68:ec:a1:f6:52:09:a7:22:dd:e5:33:
                    d4:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:AE:83:EC:89:3B:05:8E:B1:0B:D8:69:20:D4:BF:E7:78:DF:51:26
            X509v3 Authority Key Identifier:
                keyid:A3:02:0A:E9:6B:5F:0C:5B:73:39:E6:15:4D:CE:C6:F1:6C:B6:3F:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/owIK6WtfDFtzOeYVTc7G8Wy2P1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/c6e972-4ed1-4526-a320-3b7c126725d5/1/ca6D7Ik7BY6xC9hpINS_53jfUSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/c6e972-4ed1-4526-a320-3b7c126725d5/1/owIK6WtfDFtzOeYVTc7G8Wy2P1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:21:42:c8:41:dd:7e:e3:8a:91:04:1e:8a:9b:cd:ea:1d:52:
         7d:2d:a8:cf:00:11:ca:a0:94:b6:a7:90:f6:02:d2:39:6f:0c:
         da:05:f7:f4:d1:f7:ab:e6:3e:bf:55:ad:5c:ae:10:ca:60:46:
         a6:a8:31:16:0c:85:2d:50:f6:c5:5f:56:a6:e8:63:47:36:85:
         67:74:58:53:92:8e:96:ed:6e:1e:a1:0f:49:38:96:44:73:8f:
         16:c6:04:de:5f:16:bc:57:f7:3e:8d:47:52:d1:58:78:4f:f7:
         04:3f:6c:3a:d1:a8:1d:cd:15:ca:f5:14:45:9b:07:2e:da:08:
         67:fb:56:a9:47:35:2c:57:04:01:3f:2e:19:77:d5:b3:ad:c1:
         19:82:3c:75:c7:66:e0:46:db:ed:8a:a7:55:59:59:a2:2b:c8:
         13:19:2c:97:9f:63:b6:20:35:15:28:32:57:66:89:69:55:a4:
         60:14:95:41:1a:f6:e6:d0:ff:d4:06:96:72:01:1e:11:28:b8:
         b9:4b:84:20:f3:02:d9:0e:61:f7:79:e0:b3:96:d7:ed:7c:0d:
         05:e5:ba:73:0f:8a:08:f3:18:f1:e3:36:c7:74:b3:d6:60:d6:
         3a:e0:2e:39:c9:21:28:45:27:b0:eb:3e:f9:36:6b:31:ca:22:
         f0:d8:39:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI37C7cuIWhnrfERQklGDKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMDIwYWU5NmI1ZjBjNWI3MzM5ZTYxNTRkY2VjNmYxNmNi
NjNmNWEwHhcNMjQwMTAyMDYzMjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWFlODNlYzg5M2IwNThlYjEwYmQ4NjkyMGQ0YmZlNzc4ZGY1MTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3bY9fBA6t5Ke9xUAKXtsekr7Icgc
G5ePdwlhbecoRZiE55WIl3MmdvHmNyi0AnBEqLToVsYtelbMVGbTU1BaNgqFmxYF
6U85c08jjR6Pw1mbLpKh6DYhHG3KwcTrSMffnMuRiepynuAEDmqTO6PCbw28lTW/
3YU6IxkAZjHWjNAXyHhY9fzqBtSYRj7gWdJqg+OK2pvTMvKeLmunYrRy1dOItfpv
1iIhi0y3IgX+f8RstZbm5DGt32YRrjsiBzHFMfxFdvGg6eA5ktxOX/89KQGJiA6v
0W7vksk5K1YVb0/PNa0qdmZLMu/eTzaxmmn3rZr5aOyh9lIJpyLd5TPUyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGug+yJOwWOsQvYaSDUv+d431EmMB8GA1UdIwQY
MBaAFKMCCulrXwxbcznmFU3OxvFstj9aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3dJSzZXdGZERnR6T2VZVlRjN0c4V3kyUDFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9jNmU5NzItNGVkMS00NTI2LWEzMjAt
M2I3YzEyNjcyNWQ1LzEvY2E2RDdJazdCWTZ4QzlocElOU181M2pmVVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9jNmU5NzItNGVkMS00NTI2LWEzMjAtM2I3YzEyNjcyNWQ1
LzEvb3dJSzZXdGZERnR6T2VZVlRjN0c4V3kyUDFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVGcMA0G
CSqGSIb3DQEBCwUAA4IBAQAQIULIQd1+44qRBB6Km83qHVJ9LajPABHKoJS2p5D2
AtI5bwzaBff00fer5j6/Va1crhDKYEamqDEWDIUtUPbFX1am6GNHNoVndFhTko6W
7W4eoQ9JOJZEc48WxgTeXxa8V/c+jUdS0Vh4T/cEP2w60agdzRXK9RRFmwcu2ghn
+1apRzUsVwQBPy4Zd9WzrcEZgjx1x2bgRtvtiqdVWVmiK8gTGSyXn2O2IDUVKDJX
ZolpVaRgFJVBGvbm0P/UBpZyAR4RKLi5S4Qg8wLZDmH3eeCzltftfA0F5bpzD4oI
8xjx4zbHdLPWYNY64C45ySEoRSew6z75NmsxyiLw2Dk6
-----END CERTIFICATE-----