Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c79d13-9ea2-4eed-8dd2-cedab463ee5b/1/t23W_9O-c-6e8muA8-MlF0Olhts.roa
File:                     t23W_9O-c-6e8muA8-MlF0Olhts.roa (raw, json)
Hash identifier:          AB6yxw6hPa2FcCPu58eFUo3Dj3N2/iZ3r4THFJ6ByYk=
Subject key identifier:   B7:6D:D6:FF:D3:BE:73:EE:9E:F2:6B:80:F3:E3:25:17:43:A5:86:DB
Certificate issuer:       /CN=5d826672e68f3da5db50ed81badb8d33bdccd2ba
Certificate serial:       018CC87023ED8841FE2E84977266DD8A0F6F
Authority key identifier: 5D:82:66:72:E6:8F:3D:A5:DB:50:ED:81:BA:DB:8D:33:BD:CC:D2:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XYJmcuaPPaXbUO2ButuNM73M0ro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/c79d13-9ea2-4eed-8dd2-cedab463ee5b/1/t23W_9O-c-6e8muA8-MlF0Olhts.roa
Signing time:             Tue 02 Jan 2024 04:30:41 +0000
ROA not before:           Tue 02 Jan 2024 04:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35297
IP address blocks:        45.157.204.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/c79d13-9ea2-4eed-8dd2-cedab463ee5b/1/XYJmcuaPPaXbUO2ButuNM73M0ro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/c79d13-9ea2-4eed-8dd2-cedab463ee5b/1/XYJmcuaPPaXbUO2ButuNM73M0ro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XYJmcuaPPaXbUO2ButuNM73M0ro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:23:ed:88:41:fe:2e:84:97:72:66:dd:8a:0f:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d826672e68f3da5db50ed81badb8d33bdccd2ba
        Validity
            Not Before: Jan  2 04:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b76dd6ffd3be73ee9ef26b80f3e3251743a586db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:b4:7b:2a:90:c3:91:27:4f:59:26:5f:cc:25:
                    23:f8:ee:06:2b:69:68:5d:65:b9:c4:fb:ed:29:4a:
                    cb:74:f0:7d:6c:47:c9:e3:80:9f:4f:91:de:ca:19:
                    27:e5:23:f9:96:6f:6b:8f:ce:ff:92:f0:54:33:74:
                    6e:40:f7:f3:7e:93:7f:2a:d1:6c:fd:aa:bb:2b:f2:
                    ce:50:cf:a8:76:07:9c:65:32:d5:46:61:33:24:28:
                    5f:a5:4e:c5:13:90:9c:e0:9f:c9:a0:9b:f2:29:c4:
                    b0:ee:b2:63:d8:08:95:94:b0:8b:7c:08:3b:01:9d:
                    3c:6c:d9:fd:3e:4a:e1:15:1c:a4:1b:39:87:34:1a:
                    e5:33:cf:47:90:99:d5:84:6e:bc:51:0a:26:1d:ac:
                    aa:4a:25:8f:0e:70:19:6a:3b:c5:c3:39:ed:27:3c:
                    ec:6e:1b:8b:12:cb:f9:d5:aa:eb:b2:f0:13:85:3b:
                    ac:58:15:ba:2c:cc:b9:0d:41:cf:a7:70:39:8c:05:
                    43:ec:30:7b:9c:ff:84:dc:97:9f:36:cb:78:59:0a:
                    18:20:29:bb:fe:51:25:e9:34:ec:25:3d:0a:e5:a4:
                    c0:85:c4:d2:c0:b2:fd:8d:1b:41:aa:e8:8f:6e:5b:
                    5c:13:24:86:1d:8d:c8:a3:b0:e0:d2:96:9d:07:f0:
                    bd:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:6D:D6:FF:D3:BE:73:EE:9E:F2:6B:80:F3:E3:25:17:43:A5:86:DB
            X509v3 Authority Key Identifier:
                keyid:5D:82:66:72:E6:8F:3D:A5:DB:50:ED:81:BA:DB:8D:33:BD:CC:D2:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYJmcuaPPaXbUO2ButuNM73M0ro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c79d13-9ea2-4eed-8dd2-cedab463ee5b/1/t23W_9O-c-6e8muA8-MlF0Olhts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c79d13-9ea2-4eed-8dd2-cedab463ee5b/1/XYJmcuaPPaXbUO2ButuNM73M0ro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:95:f0:54:e7:ad:dc:a9:32:de:5b:08:d0:0e:1d:c6:48:f0:
         6f:a2:b3:06:d9:70:0f:81:41:5d:af:8c:e5:08:c9:90:57:6b:
         df:be:a6:8c:fb:19:9c:7a:e3:c2:d8:39:f2:bd:d0:ee:f7:d9:
         dd:46:79:af:ee:8d:86:17:08:42:5e:3d:33:7a:93:6b:11:d3:
         31:60:7b:d6:7f:7c:02:43:56:c4:c9:7a:01:ac:7b:15:21:49:
         b1:16:c4:ee:d1:cb:36:6a:5f:7c:95:1d:c9:eb:44:53:b6:96:
         2e:98:4a:28:86:51:ee:d7:33:63:80:e9:fb:8a:69:89:6b:7f:
         1c:e2:80:4f:cf:5c:20:7d:be:1d:c2:a8:0e:c6:fd:eb:8b:45:
         1e:75:9a:de:b3:c9:e7:0e:da:83:46:5f:62:66:02:24:1e:e6:
         a8:75:21:a4:46:20:71:19:09:fd:b9:d8:7d:e2:15:39:4e:5c:
         6d:2c:66:07:11:c6:f7:50:7b:89:4d:6b:90:91:f6:3b:04:b6:
         55:4a:0e:21:0c:ab:a5:79:10:8d:07:e5:cd:85:99:ec:08:5a:
         f9:5b:e0:82:7f:7d:19:e7:ef:e4:be:99:cc:0e:95:a8:b2:2a:
         2a:50:d9:ad:6e:ea:58:7d:5b:3e:22:9b:43:58:0f:24:4f:21:
         79:b0:d5:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcCPtiEH+LoSXcmbdig9vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkODI2NjcyZTY4ZjNkYTVkYjUwZWQ4MWJhZGI4ZDMzYmRj
Y2QyYmEwHhcNMjQwMTAyMDQzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzZkZDZmZmQzYmU3M2VlOWVmMjZiODBmM2UzMjUxNzQzYTU4NmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibR7KpDDkSdPWSZfzCUj+O4GK2lo
XWW5xPvtKUrLdPB9bEfJ44CfT5Heyhkn5SP5lm9rj87/kvBUM3RuQPfzfpN/KtFs
/aq7K/LOUM+odgecZTLVRmEzJChfpU7FE5Cc4J/JoJvyKcSw7rJj2AiVlLCLfAg7
AZ08bNn9PkrhFRykGzmHNBrlM89HkJnVhG68UQomHayqSiWPDnAZajvFwzntJzzs
bhuLEsv51arrsvAThTusWBW6LMy5DUHPp3A5jAVD7DB7nP+E3JefNst4WQoYICm7
/lEl6TTsJT0K5aTAhcTSwLL9jRtBquiPbltcEySGHY3Io7Dg0padB/C92wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLdt1v/TvnPunvJrgPPjJRdDpYbbMB8GA1UdIwQY
MBaAFF2CZnLmjz2l21DtgbrbjTO9zNK6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFlKbWN1YVBQYVhiVU8yQnV0dU5NNzNNMHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9jNzlkMTMtOWVhMi00ZWVkLThkZDIt
Y2VkYWI0NjNlZTViLzEvdDIzV185Ty1jLTZlOG11QTgtTWxGME9saHRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9jNzlkMTMtOWVhMi00ZWVkLThkZDItY2VkYWI0NjNlZTVi
LzEvWFlKbWN1YVBQYVhiVU8yQnV0dU5NNzNNMHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ3MMA0G
CSqGSIb3DQEBCwUAA4IBAQAPlfBU563cqTLeWwjQDh3GSPBvorMG2XAPgUFdr4zl
CMmQV2vfvqaM+xmceuPC2DnyvdDu99ndRnmv7o2GFwhCXj0zepNrEdMxYHvWf3wC
Q1bEyXoBrHsVIUmxFsTu0cs2al98lR3J60RTtpYumEoohlHu1zNjgOn7immJa38c
4oBPz1wgfb4dwqgOxv3ri0UedZres8nnDtqDRl9iZgIkHuaodSGkRiBxGQn9udh9
4hU5TlxtLGYHEcb3UHuJTWuQkfY7BLZVSg4hDKuleRCNB+XNhZnsCFr5W+CCf30Z
5+/kvpnMDpWosioqUNmtbupYfVs+IptDWA8kTyF5sNVk
-----END CERTIFICATE-----