Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/8fce7f-77de-4278-bafe-ddc32521d790/1/hzxdgNStWLUojQXWp0W2RGtLr-Q.roa
File:                     hzxdgNStWLUojQXWp0W2RGtLr-Q.roa (raw, json)
Hash identifier:          L/2X8q6B/L/Ibh/PzVTZOeoPlqfRKsGuWDE6PfkIlv8=
Subject key identifier:   87:3C:5D:80:D4:AD:58:B5:28:8D:05:D6:A7:45:B6:44:6B:4B:AF:E4
Certificate issuer:       /CN=d3698be902c06feab5f5aaf729e0bbc37bbc341c
Certificate serial:       018CC726FF367AD0F9D2F8A5A8B5B0A318E0
Authority key identifier: D3:69:8B:E9:02:C0:6F:EA:B5:F5:AA:F7:29:E0:BB:C3:7B:BC:34:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/02mL6QLAb-q19ar3KeC7w3u8NBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/8fce7f-77de-4278-bafe-ddc32521d790/1/hzxdgNStWLUojQXWp0W2RGtLr-Q.roa
Signing time:             Mon 01 Jan 2024 22:31:10 +0000
ROA not before:           Mon 01 Jan 2024 22:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205986
IP address blocks:        45.155.183.0/24 maxlen: 24
                          45.155.180.0/24 maxlen: 24
                          45.155.181.0/24 maxlen: 24
                          45.155.182.0/24 maxlen: 24
                          45.155.180.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/8fce7f-77de-4278-bafe-ddc32521d790/1/02mL6QLAb-q19ar3KeC7w3u8NBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/8fce7f-77de-4278-bafe-ddc32521d790/1/02mL6QLAb-q19ar3KeC7w3u8NBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/02mL6QLAb-q19ar3KeC7w3u8NBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ff:36:7a:d0:f9:d2:f8:a5:a8:b5:b0:a3:18:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3698be902c06feab5f5aaf729e0bbc37bbc341c
        Validity
            Not Before: Jan  1 22:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=873c5d80d4ad58b5288d05d6a745b6446b4bafe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:30:12:63:b0:6f:e0:e4:66:4e:fd:be:05:ce:
                    d5:ec:4b:43:51:8c:bf:30:c4:c2:ab:ca:f4:ea:be:
                    d8:5a:3d:32:e7:64:14:51:02:4d:d1:6c:0c:09:57:
                    cd:a7:8d:8b:18:95:b3:e7:7c:1c:5e:c9:a7:b8:98:
                    51:a1:d5:f0:f6:36:da:d5:94:29:0d:d2:b9:7e:74:
                    fe:10:4a:90:a5:e7:c3:61:ba:fd:5c:72:cf:1e:9e:
                    d2:1f:48:4f:bf:ba:bc:38:7a:66:99:dd:fc:41:b5:
                    7b:fe:0f:ad:73:6e:42:be:87:2c:6f:f5:c9:e1:65:
                    58:82:76:82:44:31:fc:40:27:7e:bb:d8:50:7e:dd:
                    3c:55:6c:93:a9:9e:3f:83:5e:e8:49:2c:8e:00:2c:
                    88:fd:bb:9a:b1:4a:ab:d6:61:55:df:2b:4d:cd:4f:
                    82:4d:a5:4b:88:c4:68:b9:7b:df:a1:18:c5:0d:cb:
                    a0:87:5e:ec:4c:47:47:1d:87:1c:7e:33:2b:8a:d2:
                    fa:fc:b1:ac:00:45:32:a1:27:c9:6c:d2:07:a2:f7:
                    b5:54:8b:a7:1e:c1:c5:72:7e:bf:9b:e5:1a:5e:d1:
                    a8:86:7a:4e:e9:11:6a:37:29:ba:1c:c4:37:ca:16:
                    68:9f:3d:b4:dd:00:17:d6:5b:3f:74:ef:47:a5:c8:
                    01:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:3C:5D:80:D4:AD:58:B5:28:8D:05:D6:A7:45:B6:44:6B:4B:AF:E4
            X509v3 Authority Key Identifier:
                keyid:D3:69:8B:E9:02:C0:6F:EA:B5:F5:AA:F7:29:E0:BB:C3:7B:BC:34:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/02mL6QLAb-q19ar3KeC7w3u8NBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/8fce7f-77de-4278-bafe-ddc32521d790/1/hzxdgNStWLUojQXWp0W2RGtLr-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/8fce7f-77de-4278-bafe-ddc32521d790/1/02mL6QLAb-q19ar3KeC7w3u8NBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:d5:0e:e0:dd:87:da:3b:05:bc:25:ca:d3:bb:3a:ee:2c:d9:
         9c:3b:6b:34:bb:97:e0:68:76:66:18:a6:5a:41:e6:ba:18:4b:
         47:f9:99:87:d4:d9:a5:cd:5a:38:ce:57:b7:2a:6a:ba:f3:1a:
         76:a0:40:f6:ae:60:38:bf:97:c5:5d:a3:f8:24:c1:bf:c6:23:
         92:40:af:9a:96:7a:76:50:ab:83:20:cc:a2:58:90:dd:47:d5:
         03:69:5c:6e:6f:8c:34:ff:a3:e6:76:5e:27:e7:1e:89:45:c1:
         17:ae:fd:85:1b:fd:d6:f7:19:ee:bf:0f:52:5a:9a:d6:06:63:
         8a:53:6d:06:85:78:29:97:c1:95:56:f9:92:8b:05:fe:eb:3e:
         eb:b4:66:b7:8d:23:3f:ec:73:86:c7:0d:54:7d:3b:21:c0:5d:
         e8:d4:83:26:28:39:9f:53:bc:37:61:9f:eb:1e:01:a5:dc:52:
         0a:b7:ca:78:01:01:df:39:3e:f9:c1:a8:02:9c:39:63:6f:a5:
         cf:ba:a5:b0:22:e1:15:85:f6:b5:bc:65:f9:08:19:09:9e:9c:
         1e:54:3d:5a:43:9b:b9:af:d7:46:d7:f8:8b:87:8e:c0:af:37:
         84:f0:46:f8:59:f5:b8:8e:a2:66:cb:d8:c6:f4:20:2b:11:38:
         c2:cf:32:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJv82etD50vilqLWwoxjgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNjk4YmU5MDJjMDZmZWFiNWY1YWFmNzI5ZTBiYmMzN2Ji
YzM0MWMwHhcNMjQwMTAxMjIzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzNjNWQ4MGQ0YWQ1OGI1Mjg4ZDA1ZDZhNzQ1YjY0NDZiNGJhZmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTASY7Bv4ORmTv2+Bc7V7EtDUYy/
MMTCq8r06r7YWj0y52QUUQJN0WwMCVfNp42LGJWz53wcXsmnuJhRodXw9jba1ZQp
DdK5fnT+EEqQpefDYbr9XHLPHp7SH0hPv7q8OHpmmd38QbV7/g+tc25Cvocsb/XJ
4WVYgnaCRDH8QCd+u9hQft08VWyTqZ4/g17oSSyOACyI/buasUqr1mFV3ytNzU+C
TaVLiMRouXvfoRjFDcugh17sTEdHHYccfjMritL6/LGsAEUyoSfJbNIHove1VIun
HsHFcn6/m+UaXtGohnpO6RFqNym6HMQ3yhZonz203QAX1ls/dO9HpcgBIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIc8XYDUrVi1KI0F1qdFtkRrS6/kMB8GA1UdIwQY
MBaAFNNpi+kCwG/qtfWq9yngu8N7vDQcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDJtTDZRTEFiLXExOWFyM0tlQzd3M3U4TkJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC84ZmNlN2YtNzdkZS00Mjc4LWJhZmUt
ZGRjMzI1MjFkNzkwLzEvaHp4ZGdOU3RXTFVvalFYV3AwVzJSR3RMci1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC84ZmNlN2YtNzdkZS00Mjc4LWJhZmUtZGRjMzI1MjFkNzkw
LzEvMDJtTDZRTEFiLXExOWFyM0tlQzd3M3U4TkJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZu0MA0G
CSqGSIb3DQEBCwUAA4IBAQC31Q7g3YfaOwW8JcrTuzruLNmcO2s0u5fgaHZmGKZa
Qea6GEtH+ZmH1NmlzVo4zle3Kmq68xp2oED2rmA4v5fFXaP4JMG/xiOSQK+alnp2
UKuDIMyiWJDdR9UDaVxub4w0/6Pmdl4n5x6JRcEXrv2FG/3W9xnuvw9SWprWBmOK
U20GhXgpl8GVVvmSiwX+6z7rtGa3jSM/7HOGxw1UfTshwF3o1IMmKDmfU7w3YZ/r
HgGl3FIKt8p4AQHfOT75wagCnDljb6XPuqWwIuEVhfa1vGX5CBkJnpweVD1aQ5u5
r9dG1/iLh47ArzeE8Eb4WfW4jqJmy9jG9CArETjCzzJD
-----END CERTIFICATE-----