Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/K2ZAmDE64gAPDuDD8CdihOxtXkA.roa
File:                     K2ZAmDE64gAPDuDD8CdihOxtXkA.roa (raw, json)
Hash identifier:          3kY0s57YeZQKS9rm2vR9x2k1NCcnbOdB6e1RqxrDNW8=
Subject key identifier:   2B:66:40:98:31:3A:E2:00:0F:0E:E0:C3:F0:27:62:84:EC:6D:5E:40
Certificate issuer:       /CN=a1d71853324eb060fbafc988233860499c96c53a
Certificate serial:       018CC80179904657F8483F6365D334AB169D
Authority key identifier: A1:D7:18:53:32:4E:B0:60:FB:AF:C9:88:23:38:60:49:9C:96:C5:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/K2ZAmDE64gAPDuDD8CdihOxtXkA.roa
Signing time:             Tue 02 Jan 2024 02:29:49 +0000
ROA not before:           Tue 02 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        45.148.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:79:90:46:57:f8:48:3f:63:65:d3:34:ab:16:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1d71853324eb060fbafc988233860499c96c53a
        Validity
            Not Before: Jan  2 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b664098313ae2000f0ee0c3f0276284ec6d5e40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d1:53:13:c2:1d:b1:58:18:1a:7b:be:0e:8a:
                    f6:c4:79:dc:1c:82:c6:3b:85:94:d6:a1:9e:ee:f0:
                    28:de:07:44:87:dd:9a:83:a4:0f:26:71:83:39:99:
                    dd:41:59:f6:ae:4b:c0:b1:7c:e3:5d:7a:f7:8b:85:
                    f7:7e:b5:c7:fa:45:0d:e4:25:4d:1c:1d:b8:64:29:
                    18:1a:63:c6:a5:9a:87:77:b9:25:5d:3f:69:be:f3:
                    89:03:6e:fb:53:fd:b9:9b:5f:0d:c9:21:e3:ed:cb:
                    84:c7:84:0c:f4:3b:0b:0f:74:64:7d:38:da:9c:f8:
                    f7:a6:c5:e8:ce:93:20:8b:53:c0:c7:4b:1a:18:8f:
                    6f:2c:ad:30:a4:12:6f:36:79:46:1f:b3:3a:fe:4d:
                    89:ef:80:7b:52:8b:bc:27:83:58:ab:7d:7e:1f:b5:
                    c1:d6:a8:fa:a2:5a:53:61:df:33:39:a9:02:51:d6:
                    81:df:97:d1:22:22:95:cf:98:a1:de:68:5c:45:5e:
                    0a:a3:ba:63:80:b5:c8:e4:e6:d2:9b:00:ab:4b:ce:
                    49:ed:28:89:c0:bf:23:33:b9:1a:76:4b:56:a1:28:
                    7f:94:5c:63:2a:2e:2b:d2:b0:17:cf:52:ea:f2:c4:
                    25:a9:c9:92:9e:cf:0c:59:95:a2:87:79:bb:93:c3:
                    95:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:66:40:98:31:3A:E2:00:0F:0E:E0:C3:F0:27:62:84:EC:6D:5E:40
            X509v3 Authority Key Identifier:
                keyid:A1:D7:18:53:32:4E:B0:60:FB:AF:C9:88:23:38:60:49:9C:96:C5:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/odcYUzJOsGD7r8mIIzhgSZyWxTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/K2ZAmDE64gAPDuDD8CdihOxtXkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7656db-94a5-45be-9435-7061356bef1b/1/odcYUzJOsGD7r8mIIzhgSZyWxTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:c4:27:c8:7c:4b:ee:81:d4:30:57:b4:6d:e3:a4:b7:f5:54:
         d6:73:61:10:0e:c4:1f:c3:2e:69:14:67:15:ae:7a:2e:99:ac:
         49:51:89:be:d7:47:38:a0:5c:5c:34:8b:5f:6d:8b:aa:db:4a:
         39:7d:55:c9:6f:2d:eb:65:d3:5d:da:96:56:74:c7:d4:41:e7:
         61:ce:7d:de:66:11:a3:5b:92:10:d0:2f:b9:83:0d:ba:3d:03:
         82:c3:7f:f5:cb:3d:52:fa:fe:c9:0e:f1:b5:d2:8b:1b:94:5b:
         1f:99:96:ac:7a:4e:87:ad:6d:8c:94:f6:5b:c3:29:b1:84:87:
         3e:c8:4c:d3:26:a6:80:ba:ed:70:a1:49:5f:6f:aa:ee:91:e4:
         3f:76:ab:c7:02:8a:2e:03:5a:51:41:5d:e0:e1:63:1f:89:8c:
         6e:cf:0e:0e:28:ab:f3:52:4d:78:07:04:25:fb:b1:92:24:5e:
         a6:5f:9d:ef:44:b9:ea:17:c8:aa:ee:bf:a2:e8:c1:08:b2:14:
         3e:a5:e3:e4:e9:06:87:11:b4:2b:62:e0:35:be:b9:be:7d:c7:
         00:1d:f8:a3:f6:9d:44:02:96:c7:a5:81:d5:dc:76:03:17:e9:
         f8:d7:30:5c:a4:6b:89:86:13:80:98:37:47:dc:db:48:d8:40:
         1b:0a:16:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAXmQRlf4SD9jZdM0qxadMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZDcxODUzMzI0ZWIwNjBmYmFmYzk4ODIzMzg2MDQ5OWM5
NmM1M2EwHhcNMjQwMTAyMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjY2NDA5ODMxM2FlMjAwMGYwZWUwYzNmMDI3NjI4NGVjNmQ1ZTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNFTE8IdsVgYGnu+Dor2xHncHILG
O4WU1qGe7vAo3gdEh92ag6QPJnGDOZndQVn2rkvAsXzjXXr3i4X3frXH+kUN5CVN
HB24ZCkYGmPGpZqHd7klXT9pvvOJA277U/25m18NySHj7cuEx4QM9DsLD3RkfTja
nPj3psXozpMgi1PAx0saGI9vLK0wpBJvNnlGH7M6/k2J74B7Uou8J4NYq31+H7XB
1qj6olpTYd8zOakCUdaB35fRIiKVz5ih3mhcRV4Ko7pjgLXI5ObSmwCrS85J7SiJ
wL8jM7kadktWoSh/lFxjKi4r0rAXz1Lq8sQlqcmSns8MWZWih3m7k8OVpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCtmQJgxOuIADw7gw/AnYoTsbV5AMB8GA1UdIwQY
MBaAFKHXGFMyTrBg+6/JiCM4YEmclsU6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2RjWVV6Sk9zR0Q3cjhtSUl6aGdTWnlXeFRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy83NjU2ZGItOTRhNS00NWJlLTk0MzUt
NzA2MTM1NmJlZjFiLzEvSzJaQW1ERTY0Z0FQRHVERDhDZGloT3h0WGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy83NjU2ZGItOTRhNS00NWJlLTk0MzUtNzA2MTM1NmJlZjFi
LzEvb2RjWVV6Sk9zR0Q3cjhtSUl6aGdTWnlXeFRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZSHMA0G
CSqGSIb3DQEBCwUAA4IBAQBkxCfIfEvugdQwV7Rt46S39VTWc2EQDsQfwy5pFGcV
rnoumaxJUYm+10c4oFxcNItfbYuq20o5fVXJby3rZdNd2pZWdMfUQedhzn3eZhGj
W5IQ0C+5gw26PQOCw3/1yz1S+v7JDvG10osblFsfmZasek6HrW2MlPZbwymxhIc+
yEzTJqaAuu1woUlfb6rukeQ/dqvHAoouA1pRQV3g4WMfiYxuzw4OKKvzUk14BwQl
+7GSJF6mX53vRLnqF8iq7r+i6MEIshQ+pePk6QaHEbQrYuA1vrm+fccAHfij9p1E
ApbHpYHV3HYDF+n41zBcpGuJhhOAmDdH3NtI2EAbChYo
-----END CERTIFICATE-----