Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/L-0dfd52kruky9GH0M3bYnymR-U.roa
File:                     L-0dfd52kruky9GH0M3bYnymR-U.roa (raw, json)
Hash identifier:          pUSBwlTxJ1RQafini+6Cg16/4wUBvdy49Ziyr5zX/xY=
Subject key identifier:   2F:ED:1D:7D:DE:76:92:BB:A4:CB:D1:87:D0:CD:DB:62:7C:A6:47:E5
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018E3E1015071F71E54376895ADE267CF961
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/L-0dfd52kruky9GH0M3bYnymR-U.roa
Signing time:             Thu 14 Mar 2024 17:43:45 +0000
ROA not before:           Thu 14 Mar 2024 17:43:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397423
IP address blocks:        45.157.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3e:10:15:07:1f:71:e5:43:76:89:5a:de:26:7c:f9:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Mar 14 17:43:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fed1d7dde7692bba4cbd187d0cddb627ca647e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:6d:74:73:0f:c0:d2:a9:98:fa:33:25:a8:63:
                    4d:2f:db:7c:72:50:c1:36:5f:ce:1d:c8:90:6a:a7:
                    67:55:a6:65:44:e1:d5:3a:0a:ff:0e:84:bf:56:99:
                    40:7c:b3:3e:6f:ce:a4:62:57:b0:ab:c9:23:13:04:
                    ed:48:04:7f:81:e0:7a:d7:c0:e0:e6:ce:41:12:d7:
                    00:dc:1f:78:f2:04:9c:18:dc:c5:e3:70:3b:43:88:
                    f6:16:ed:a1:e6:cb:c4:50:b0:c4:a6:67:77:61:6e:
                    a3:5b:ba:ee:a3:2e:4f:71:7e:5c:45:4d:22:48:bc:
                    82:f5:2e:fb:89:50:1d:8d:c0:a2:5e:5f:0b:00:4e:
                    6f:ce:b6:34:df:e7:97:be:84:c8:c5:dc:03:e1:cc:
                    0c:dc:00:38:30:e6:57:a2:08:05:23:e5:84:7c:9d:
                    6d:d3:cc:22:78:f9:84:cc:aa:4f:e4:48:59:a4:e2:
                    81:9b:37:43:90:56:bb:82:f3:14:5c:4e:18:6b:14:
                    3a:87:6f:52:28:d2:29:56:f0:90:a6:93:4a:09:00:
                    b7:42:fd:7f:9e:94:bc:00:eb:eb:c2:0f:ae:04:4f:
                    ff:6e:1b:1a:70:23:51:fa:fc:09:48:7a:74:91:68:
                    98:5f:32:9e:b0:cd:04:4c:de:6e:ca:83:05:f6:4c:
                    16:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:ED:1D:7D:DE:76:92:BB:A4:CB:D1:87:D0:CD:DB:62:7C:A6:47:E5
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/L-0dfd52kruky9GH0M3bYnymR-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:cf:7a:02:8a:2f:4d:4e:eb:66:d1:39:6c:41:97:72:a8:e6:
         f3:ad:f8:9f:90:70:d3:44:46:4b:a1:2c:94:59:84:d1:1d:6e:
         c6:de:d0:27:8f:38:39:8e:0d:4f:ae:f1:d5:9d:35:79:1c:a8:
         a4:7f:31:5e:38:75:9a:a4:03:23:1b:86:72:28:c9:14:65:bd:
         86:a1:71:1d:20:85:f6:7a:37:3e:43:1e:22:66:4e:41:62:43:
         3b:9e:a8:07:17:44:ab:98:af:3f:7c:3b:99:3e:3d:34:c8:31:
         e2:68:77:37:3c:58:64:71:a5:f7:44:c0:4d:62:5c:6b:ed:c6:
         05:03:ab:98:2d:4e:7c:5b:71:1f:1f:19:b1:48:3d:d9:8e:c6:
         73:8a:39:31:ba:16:4b:46:e1:b4:6b:e6:d6:61:1d:01:41:8c:
         51:da:e6:9c:8b:da:c1:23:02:52:3e:16:25:53:87:b8:74:a0:
         b8:2e:2e:73:8a:ba:9f:83:3c:7c:5f:8c:7b:b7:75:91:0d:28:
         c0:10:36:78:2f:18:8f:de:2b:2e:40:17:e9:0f:c1:ab:22:9e:
         bb:a6:34:e7:ff:b9:ca:fe:57:ad:bb:37:40:fb:18:4f:65:bf:
         9a:6a:50:75:c9:c4:f0:95:75:e0:dc:23:f5:ff:a6:58:ea:89:
         27:78:51:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4+EBUHH3HlQ3aJWt4mfPlhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwMzE0MTc0MzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmVkMWQ3ZGRlNzY5MmJiYTRjYmQxODdkMGNkZGI2MjdjYTY0N2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy210cw/A0qmY+jMlqGNNL9t8clDB
Nl/OHciQaqdnVaZlROHVOgr/DoS/VplAfLM+b86kYlewq8kjEwTtSAR/geB618Dg
5s5BEtcA3B948gScGNzF43A7Q4j2Fu2h5svEULDEpmd3YW6jW7ruoy5PcX5cRU0i
SLyC9S77iVAdjcCiXl8LAE5vzrY03+eXvoTIxdwD4cwM3AA4MOZXoggFI+WEfJ1t
08wiePmEzKpP5EhZpOKBmzdDkFa7gvMUXE4YaxQ6h29SKNIpVvCQppNKCQC3Qv1/
npS8AOvrwg+uBE//bhsacCNR+vwJSHp0kWiYXzKesM0ETN5uyoMF9kwWqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/tHX3edpK7pMvRh9DN22J8pkflMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvTC0wZGZkNTJrcnVreTlHSDBNM2JZbnltUi1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ3SMA0G
CSqGSIb3DQEBCwUAA4IBAQAXz3oCii9NTutm0TlsQZdyqObzrfifkHDTREZLoSyU
WYTRHW7G3tAnjzg5jg1PrvHVnTV5HKikfzFeOHWapAMjG4ZyKMkUZb2GoXEdIIX2
ejc+Qx4iZk5BYkM7nqgHF0SrmK8/fDuZPj00yDHiaHc3PFhkcaX3RMBNYlxr7cYF
A6uYLU58W3EfHxmxSD3ZjsZzijkxuhZLRuG0a+bWYR0BQYxR2uaci9rBIwJSPhYl
U4e4dKC4Li5zirqfgzx8X4x7t3WRDSjAEDZ4LxiP3isuQBfpD8GrIp67pjTn/7nK
/letuzdA+xhPZb+aalB1ycTwlXXg3CP1/6ZY6okneFE7
-----END CERTIFICATE-----