Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/72806a-0394-4ad5-8e04-b5b8d02448b8/1/DkMhjhcdFBU_UX27HKMTHjO86DQ.roa
File:                     DkMhjhcdFBU_UX27HKMTHjO86DQ.roa (raw, json)
Hash identifier:          XHkv/mIUMbpzQvVlhpbQ9zPXPIL5Q9RBZZ7aahs8AxU=
Subject key identifier:   0E:43:21:8E:17:1D:14:15:3F:51:7D:BB:1C:A3:13:1E:33:BC:E8:34
Certificate issuer:       /CN=8da60e9000c75a75d67e37fe07b14e07b22c5887
Certificate serial:       018CC726BC32B3448272CB125D1554B855D4
Authority key identifier: 8D:A6:0E:90:00:C7:5A:75:D6:7E:37:FE:07:B1:4E:07:B2:2C:58:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jaYOkADHWnXWfjf-B7FOB7IsWIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/72806a-0394-4ad5-8e04-b5b8d02448b8/1/DkMhjhcdFBU_UX27HKMTHjO86DQ.roa
Signing time:             Mon 01 Jan 2024 22:30:53 +0000
ROA not before:           Mon 01 Jan 2024 22:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208327
IP address blocks:        45.145.92.0/22 maxlen: 22
                          2a0c:4d80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/72806a-0394-4ad5-8e04-b5b8d02448b8/1/jaYOkADHWnXWfjf-B7FOB7IsWIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/72806a-0394-4ad5-8e04-b5b8d02448b8/1/jaYOkADHWnXWfjf-B7FOB7IsWIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jaYOkADHWnXWfjf-B7FOB7IsWIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:bc:32:b3:44:82:72:cb:12:5d:15:54:b8:55:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8da60e9000c75a75d67e37fe07b14e07b22c5887
        Validity
            Not Before: Jan  1 22:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e43218e171d14153f517dbb1ca3131e33bce834
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a1:f6:78:18:ec:78:4a:c8:d3:42:83:04:3a:
                    6e:ae:06:6c:96:9b:59:90:79:f9:08:b9:79:ea:e8:
                    0f:3e:59:5c:8c:e5:99:b9:9f:93:2e:5c:e7:eb:de:
                    32:ee:d6:ba:7c:3b:0b:ce:54:c0:2c:fe:00:53:3e:
                    3e:78:9d:6c:07:ce:69:6f:55:fc:8c:e1:2a:39:aa:
                    bb:aa:a7:bf:ba:44:3d:14:9c:2f:a6:c5:95:a1:d7:
                    bf:4d:f7:5e:21:cb:66:6f:5d:da:28:5c:8b:75:5a:
                    35:15:a2:58:71:b8:b3:ea:21:70:bf:bd:83:65:3e:
                    4e:42:72:be:2d:7c:f7:a8:0e:dd:f1:39:58:07:43:
                    c4:64:4b:34:ac:88:75:ff:1f:f3:05:35:44:2a:eb:
                    e7:16:b6:bf:42:d1:63:e9:1c:95:07:b9:fb:86:97:
                    2b:b8:02:ac:ea:0f:32:b6:38:bf:4a:5d:31:a6:b7:
                    22:32:09:78:7b:13:88:fd:97:6c:44:75:7b:b4:a6:
                    d9:73:20:5b:45:9c:1a:4b:b4:5d:c3:87:40:a6:78:
                    fd:73:63:7f:33:a9:d2:bc:3e:68:70:d7:55:90:0f:
                    59:b4:a6:1e:9e:ce:5e:db:59:f0:ce:15:82:52:bc:
                    ec:2a:6e:31:80:16:a8:b2:02:32:d1:42:2e:36:91:
                    fd:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:43:21:8E:17:1D:14:15:3F:51:7D:BB:1C:A3:13:1E:33:BC:E8:34
            X509v3 Authority Key Identifier:
                keyid:8D:A6:0E:90:00:C7:5A:75:D6:7E:37:FE:07:B1:4E:07:B2:2C:58:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jaYOkADHWnXWfjf-B7FOB7IsWIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/72806a-0394-4ad5-8e04-b5b8d02448b8/1/DkMhjhcdFBU_UX27HKMTHjO86DQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/72806a-0394-4ad5-8e04-b5b8d02448b8/1/jaYOkADHWnXWfjf-B7FOB7IsWIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.92.0/22
                IPv6:
                  2a0c:4d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:89:0b:3d:7d:b8:c1:71:ac:ca:2c:08:fd:60:35:2e:89:30:
         a5:f6:e9:71:50:d2:44:8c:e6:3e:4e:cf:b1:79:ce:cc:32:b7:
         e4:45:4d:da:92:a6:36:d9:21:5c:c3:a2:53:92:83:5f:fa:ac:
         24:62:29:c8:32:44:23:f0:03:18:79:ed:0c:75:2e:f3:24:35:
         01:bf:8a:c4:ef:c1:48:33:60:da:11:52:90:cc:b8:aa:20:aa:
         de:65:c4:1f:10:39:65:b3:cf:11:44:b0:ca:3c:95:85:c2:c9:
         31:47:55:35:52:a2:c6:31:45:30:7f:94:89:b2:82:9b:05:6d:
         47:d3:94:32:92:d9:b6:85:28:3d:99:d5:96:2d:f7:32:8b:7c:
         de:4a:3e:6c:71:46:be:e5:46:94:8c:55:83:67:8e:b7:54:c4:
         d7:fd:2c:3d:34:1b:10:6e:50:6a:2f:d7:99:4e:e4:b9:4c:66:
         34:08:33:65:e3:f3:3c:91:e9:d8:cf:62:3a:9b:37:65:65:d7:
         39:f5:1c:59:2d:41:c4:f7:46:44:b2:15:88:78:27:e0:16:38:
         1c:a6:49:33:a8:d8:99:98:3b:68:8f:56:8f:5c:86:fa:1c:3f:
         48:3a:ad:b8:de:ee:b2:a5:71:98:4c:7b:59:24:bd:d5:1f:2f:
         a2:37:1f:fd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJrwys0SCcssSXRVUuFXUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYTYwZTkwMDBjNzVhNzVkNjdlMzdmZTA3YjE0ZTA3YjIy
YzU4ODcwHhcNMjQwMTAxMjIzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTQzMjE4ZTE3MWQxNDE1M2Y1MTdkYmIxY2EzMTMxZTMzYmNlODM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqH2eBjseErI00KDBDpurgZslptZ
kHn5CLl56ugPPllcjOWZuZ+TLlzn694y7ta6fDsLzlTALP4AUz4+eJ1sB85pb1X8
jOEqOaq7qqe/ukQ9FJwvpsWVode/TfdeIctmb13aKFyLdVo1FaJYcbiz6iFwv72D
ZT5OQnK+LXz3qA7d8TlYB0PEZEs0rIh1/x/zBTVEKuvnFra/QtFj6RyVB7n7hpcr
uAKs6g8ytji/Sl0xprciMgl4exOI/ZdsRHV7tKbZcyBbRZwaS7Rdw4dApnj9c2N/
M6nSvD5ocNdVkA9ZtKYens5e21nwzhWCUrzsKm4xgBaosgIy0UIuNpH9SwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA5DIY4XHRQVP1F9uxyjEx4zvOg0MB8GA1UdIwQY
MBaAFI2mDpAAx1p11n43/gexTgeyLFiHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamFZT2tBREhXblhXZmpmLUI3Rk9CN0lzV0ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS83MjgwNmEtMDM5NC00YWQ1LThlMDQt
YjViOGQwMjQ0OGI4LzEvRGtNaGpoY2RGQlVfVVgyN0hLTVRIak84NkRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS83MjgwNmEtMDM5NC00YWQ1LThlMDQtYjViOGQwMjQ0OGI4
LzEvamFZT2tBREhXblhXZmpmLUI3Rk9CN0lzV0ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZFcMA0E
AgACMAcDBQMqDE2AMA0GCSqGSIb3DQEBCwUAA4IBAQAxiQs9fbjBcazKLAj9YDUu
iTCl9ulxUNJEjOY+Ts+xec7MMrfkRU3akqY22SFcw6JTkoNf+qwkYinIMkQj8AMY
ee0MdS7zJDUBv4rE78FIM2DaEVKQzLiqIKreZcQfEDlls88RRLDKPJWFwskxR1U1
UqLGMUUwf5SJsoKbBW1H05Qyktm2hSg9mdWWLfcyi3zeSj5scUa+5UaUjFWDZ463
VMTX/Sw9NBsQblBqL9eZTuS5TGY0CDNl4/M8kenYz2I6mzdlZdc59RxZLUHE90ZE
shWIeCfgFjgcpkkzqNiZmDtoj1aPXIb6HD9IOq243u6ypXGYTHtZJL3VHy+iNx/9
-----END CERTIFICATE-----