Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/wA43Py4ooYJWrbwBF7sbEZles9o.roa
File:                     wA43Py4ooYJWrbwBF7sbEZles9o.roa (raw, json)
Hash identifier:          UrFuGsV02jbZFHvMrwQnaVpOfvdOCxCAtaycNxt8mpE=
Subject key identifier:   C0:0E:37:3F:2E:28:A1:82:56:AD:BC:01:17:BB:1B:11:99:5E:B3:DA
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       018CC2DB37F5771D3B829A6F119676B89308
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/wA43Py4ooYJWrbwBF7sbEZles9o.roa
Signing time:             Mon 01 Jan 2024 02:29:55 +0000
ROA not before:           Mon 01 Jan 2024 02:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203758
IP address blocks:        45.65.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:37:f5:77:1d:3b:82:9a:6f:11:96:76:b8:93:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: Jan  1 02:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c00e373f2e28a18256adbc0117bb1b11995eb3da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8b:28:e5:84:f7:01:fd:4d:ef:06:03:d1:b7:
                    a6:ca:05:db:38:50:4a:74:26:8f:75:b8:9a:75:20:
                    30:58:c9:90:08:1d:2c:45:3e:8b:4d:3c:7d:41:3d:
                    a0:a9:bc:0f:c3:58:98:62:83:97:d4:3f:43:2b:60:
                    51:c3:37:27:3f:68:c2:c2:2d:2d:24:7d:24:62:aa:
                    85:33:6d:6b:55:71:18:04:1f:8f:59:89:89:ab:a2:
                    54:03:f0:7d:2e:f4:eb:c6:a9:27:4e:be:6c:e2:84:
                    3b:2f:76:1b:4a:cc:5e:64:40:8a:b0:a1:4b:66:1d:
                    4e:91:42:27:2f:df:c6:8a:28:60:1a:43:74:61:0e:
                    4e:0f:c0:e2:2b:20:94:49:d7:56:6c:65:15:8b:2d:
                    73:2e:d8:33:4f:5d:f8:e4:5c:ed:5a:1c:c8:ac:e6:
                    f4:56:c9:48:ef:2b:e9:da:b7:c3:a2:68:9b:90:8e:
                    3e:8a:8c:27:7f:f4:94:9b:93:8b:cc:84:a3:59:ca:
                    bc:9f:7e:0d:f1:57:8f:6b:a4:93:5c:b0:b4:c4:76:
                    ab:8b:c6:05:c9:90:2c:1e:c1:85:54:6d:f2:cf:d8:
                    38:ca:16:17:2b:97:93:ef:47:08:cc:78:60:0e:c3:
                    c2:14:f6:ca:de:4e:76:08:fa:25:8f:5f:80:56:40:
                    cd:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:0E:37:3F:2E:28:A1:82:56:AD:BC:01:17:BB:1B:11:99:5E:B3:DA
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/wA43Py4ooYJWrbwBF7sbEZles9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:03:2b:90:15:47:68:6a:df:d7:e1:ab:58:b6:e7:31:77:58:
         58:88:72:8c:f1:72:52:49:c6:86:d5:03:e9:40:41:25:ee:06:
         9a:f3:55:30:fe:75:b3:83:d2:63:b0:3d:6e:94:f2:d5:0d:0a:
         1e:4c:f6:da:5e:9d:cc:ba:09:ea:8c:4a:2a:d3:75:78:b9:de:
         2e:bb:b4:e2:eb:c9:f4:c5:c8:a2:6f:99:e0:a7:f9:23:db:00:
         a0:e4:aa:5e:e6:bc:ad:d0:be:fd:8b:71:76:79:27:72:6c:36:
         7d:93:76:36:ae:0a:44:9c:dc:d4:3c:5a:e6:8b:af:1b:4f:1c:
         a5:80:37:84:97:47:87:f5:96:2f:6f:4a:5f:0d:74:3d:f0:45:
         2a:51:1e:f3:35:e5:54:df:af:59:1e:3b:0b:98:40:33:ab:0d:
         f0:4d:54:b5:04:67:af:81:2a:4c:97:b4:cf:92:64:8e:6a:a9:
         95:1b:29:59:9f:7f:ef:f8:f3:2f:76:29:5b:9b:20:ca:af:cd:
         30:3c:01:10:08:96:db:1f:cb:cc:32:fb:08:87:fc:94:a4:16:
         78:91:9e:ae:66:b2:6d:e8:fb:cf:8b:5e:fa:f7:a4:92:4d:96:
         06:6f:73:03:89:83:76:8c:65:54:b8:42:ac:3b:4c:cc:b9:f8:
         c4:40:6a:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zf1dx07gppvEZZ2uJMIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2RhMjAxOTkwOWQ5ZmMzNzgyOWZkOWVjMjlkOTQ4ZWNm
ZjdjOTIwHhcNMjQwMTAxMDIyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDBlMzczZjJlMjhhMTgyNTZhZGJjMDExN2JiMWIxMTk5NWViM2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4so5YT3Af1N7wYD0bemygXbOFBK
dCaPdbiadSAwWMmQCB0sRT6LTTx9QT2gqbwPw1iYYoOX1D9DK2BRwzcnP2jCwi0t
JH0kYqqFM21rVXEYBB+PWYmJq6JUA/B9LvTrxqknTr5s4oQ7L3YbSsxeZECKsKFL
Zh1OkUInL9/GiihgGkN0YQ5OD8DiKyCUSddWbGUViy1zLtgzT1345FztWhzIrOb0
VslI7yvp2rfDomibkI4+iownf/SUm5OLzISjWcq8n34N8VePa6STXLC0xHari8YF
yZAsHsGFVG3yz9g4yhYXK5eT70cIzHhgDsPCFPbK3k52CPolj1+AVkDNpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMAONz8uKKGCVq28ARe7GxGZXrPaMB8GA1UdIwQY
MBaAFNk9ogGZCdn8N4Kf2ewp2Ujs/3ySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgt
ZjVhZGRkZGYxZWM1LzEvd0E0M1B5NG9vWUpXcmJ3QkY3c2JFWmxlczlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgtZjVhZGRkZGYxZWM1
LzEvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUFyMA0G
CSqGSIb3DQEBCwUAA4IBAQB6AyuQFUdoat/X4atYtucxd1hYiHKM8XJSScaG1QPp
QEEl7gaa81Uw/nWzg9JjsD1ulPLVDQoeTPbaXp3MugnqjEoq03V4ud4uu7Ti68n0
xciib5ngp/kj2wCg5Kpe5ryt0L79i3F2eSdybDZ9k3Y2rgpEnNzUPFrmi68bTxyl
gDeEl0eH9ZYvb0pfDXQ98EUqUR7zNeVU369ZHjsLmEAzqw3wTVS1BGevgSpMl7TP
kmSOaqmVGylZn3/v+PMvdilbmyDKr80wPAEQCJbbH8vMMvsIh/yUpBZ4kZ6uZrJt
6PvPi17696SSTZYGb3MDiYN2jGVUuEKsO0zMufjEQGo5
-----END CERTIFICATE-----