Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/Atc8hZ_elL1z-Miq0ESa3NzfmzQ.roa
File:                     Atc8hZ_elL1z-Miq0ESa3NzfmzQ.roa (raw, json)
Hash identifier:          JxhK1soh3kVqqi6TQrZBGwRnjBzzv+7cHM1K7ab4kP0=
Subject key identifier:   02:D7:3C:85:9F:DE:94:BD:73:F8:C8:AA:D0:44:9A:DC:DC:DF:9B:34
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018D65BF10BDEF1E256194AAF44D1E6EAC2F
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/Atc8hZ_elL1z-Miq0ESa3NzfmzQ.roa
Signing time:             Thu 01 Feb 2024 17:37:16 +0000
ROA not before:           Thu 01 Feb 2024 17:37:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51167
IP address blocks:        45.13.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:09:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:65:bf:10:bd:ef:1e:25:61:94:aa:f4:4d:1e:6e:ac:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Feb  1 17:37:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02d73c859fde94bd73f8c8aad0449adcdcdf9b34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:bc:2e:e8:04:75:ce:12:eb:c2:96:7f:d1:15:
                    7a:53:fd:11:e1:22:bc:c3:14:62:a7:55:dc:0d:25:
                    01:67:4b:14:19:55:a1:f7:f9:eb:c6:ed:70:9f:51:
                    df:6c:9c:e1:53:7d:a0:03:04:e0:46:8a:6f:46:0a:
                    1a:26:46:5e:71:b2:4c:53:71:75:80:77:67:51:0a:
                    da:59:fe:04:ab:02:63:87:45:25:50:b7:8d:00:05:
                    ee:b8:fd:49:d3:6e:23:27:92:c7:c3:3a:a2:b8:60:
                    42:e4:25:45:25:55:f4:5f:37:46:0b:22:d0:7b:91:
                    60:42:d0:47:fb:54:05:aa:22:94:3f:38:87:fd:58:
                    81:a9:04:d3:82:af:03:6c:75:0b:55:30:ab:1b:13:
                    07:b4:fb:b4:3c:2b:aa:24:ca:ab:e9:c1:f2:94:4a:
                    7d:fb:07:7a:e3:0a:7a:c4:ee:53:2f:0c:fd:e8:9c:
                    13:13:00:eb:70:d6:0b:d7:5a:f2:6a:c7:fe:d6:c2:
                    df:29:e8:af:60:14:5c:0e:b3:37:65:ec:21:2e:36:
                    04:95:0b:32:fd:b2:66:02:6b:b8:7d:4b:b5:42:1d:
                    4a:49:75:ae:91:4a:aa:df:c6:a1:49:1f:72:86:28:
                    06:fb:ba:59:b1:ef:4d:fd:4a:c9:7d:54:8c:43:9c:
                    60:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:D7:3C:85:9F:DE:94:BD:73:F8:C8:AA:D0:44:9A:DC:DC:DF:9B:34
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/Atc8hZ_elL1z-Miq0ESa3NzfmzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:b4:86:ba:ce:b2:31:25:90:3e:b1:32:57:53:50:05:94:05:
         ee:b5:65:e0:05:56:27:7e:8b:a9:79:58:57:2f:97:e5:0b:4a:
         e9:6e:0d:ce:92:05:2b:de:68:5d:95:17:e6:9b:9e:e9:c5:bf:
         79:23:cb:c6:7f:25:f0:43:49:76:e0:52:91:59:ba:12:e8:4f:
         01:c8:25:ba:09:73:1d:92:0b:22:7e:32:35:49:4f:97:e5:7c:
         00:31:a6:1a:7a:63:8a:65:10:20:19:20:a0:e5:ec:b3:ae:f8:
         5e:89:94:f2:44:69:80:34:26:c1:dc:00:f5:42:66:a5:47:fb:
         f7:12:e8:6c:78:22:2d:aa:b4:06:77:fb:6f:40:f9:f5:17:fb:
         d3:ab:c3:e3:39:62:f6:29:e5:6c:10:0d:9e:eb:b9:46:d0:b8:
         ff:a0:7c:67:aa:fc:3e:d2:06:40:92:52:d8:21:6a:57:55:be:
         ae:95:72:0f:59:2c:8d:7f:cf:55:28:aa:06:98:3f:c8:0d:3d:
         20:24:4b:34:6d:b0:71:a0:26:6d:a2:64:4f:74:6f:77:fd:51:
         a6:b9:d8:18:6f:e5:af:89:c6:c3:4d:cf:9b:ea:27:c6:45:d7:
         bf:73:dc:6f:35:1b:7d:3c:69:3b:1e:1e:1d:4a:2e:3c:92:c5:
         0f:55:d5:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1lvxC97x4lYZSq9E0ebqwvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjAxMTczNzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmQ3M2M4NTlmZGU5NGJkNzNmOGM4YWFkMDQ0OWFkY2RjZGY5YjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7wu6AR1zhLrwpZ/0RV6U/0R4SK8
wxRip1XcDSUBZ0sUGVWh9/nrxu1wn1HfbJzhU32gAwTgRopvRgoaJkZecbJMU3F1
gHdnUQraWf4EqwJjh0UlULeNAAXuuP1J024jJ5LHwzqiuGBC5CVFJVX0XzdGCyLQ
e5FgQtBH+1QFqiKUPziH/ViBqQTTgq8DbHULVTCrGxMHtPu0PCuqJMqr6cHylEp9
+wd64wp6xO5TLwz96JwTEwDrcNYL11ryasf+1sLfKeivYBRcDrM3ZewhLjYElQsy
/bJmAmu4fUu1Qh1KSXWukUqq38ahSR9yhigG+7pZse9N/UrJfVSMQ5xgZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFALXPIWf3pS9c/jIqtBEmtzc35s0MB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvQXRjOGhaX2VsTDF6LU1pcTBFU2EzTnpmbXpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ3AMA0G
CSqGSIb3DQEBCwUAA4IBAQCCtIa6zrIxJZA+sTJXU1AFlAXutWXgBVYnfoupeVhX
L5flC0rpbg3OkgUr3mhdlRfmm57pxb95I8vGfyXwQ0l24FKRWboS6E8ByCW6CXMd
kgsifjI1SU+X5XwAMaYaemOKZRAgGSCg5eyzrvheiZTyRGmANCbB3AD1QmalR/v3
EuhseCItqrQGd/tvQPn1F/vTq8PjOWL2KeVsEA2e67lG0Lj/oHxnqvw+0gZAklLY
IWpXVb6ulXIPWSyNf89VKKoGmD/IDT0gJEs0bbBxoCZtomRPdG93/VGmudgYb+Wv
icbDTc+b6ifGRde/c9xvNRt9PGk7Hh4dSi48ksUPVdWh
-----END CERTIFICATE-----