Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/hwyE9cy7FqEc8VS1Rvv-XAyDvkg.roa
File:                     hwyE9cy7FqEc8VS1Rvv-XAyDvkg.roa (raw, json)
Hash identifier:          c0PzPVLA479ekHYGUakjUxIAUuAP8mNUWUlWRIksplA=
Subject key identifier:   87:0C:84:F5:CC:BB:16:A1:1C:F1:54:B5:46:FB:FE:5C:0C:83:BE:48
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       018CC794ECA6DA9B9195887A77E3C11057F4
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/hwyE9cy7FqEc8VS1Rvv-XAyDvkg.roa
Signing time:             Tue 02 Jan 2024 00:31:15 +0000
ROA not before:           Tue 02 Jan 2024 00:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49505
IP address blocks:        45.140.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:ec:a6:da:9b:91:95:88:7a:77:e3:c1:10:57:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 00:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=870c84f5ccbb16a11cf154b546fbfe5c0c83be48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a4:c1:df:ab:a0:d7:f0:88:c0:f1:fa:6f:63:
                    5b:18:fe:4a:44:bb:9a:a0:07:78:dd:a4:d2:22:88:
                    10:c0:66:23:6a:a1:5a:a6:46:e2:2a:22:89:b1:6d:
                    2d:f3:a2:7d:2f:9f:71:33:ac:6e:9e:f5:f3:04:f0:
                    45:34:21:17:52:7a:bf:63:44:bc:9c:94:6f:e3:62:
                    26:e7:b5:ab:be:c2:b5:d0:4e:5b:52:59:37:88:5c:
                    69:c7:ef:5b:52:05:70:de:a3:9d:8b:db:f7:31:cf:
                    e2:2b:0a:0c:f5:70:0f:4c:52:2e:fb:00:71:a5:84:
                    13:97:7f:1c:39:80:58:a8:f3:6d:56:a6:45:23:9b:
                    77:2d:5f:32:7a:ac:8a:fa:17:4b:69:23:cd:09:84:
                    d7:fe:b9:42:b3:cd:18:de:17:e3:bd:8b:da:82:57:
                    6b:4b:9a:ce:9a:6f:ec:2c:0e:08:96:f8:f8:b8:74:
                    2a:22:89:6c:4b:44:dc:4d:dd:9c:ad:0d:4e:5c:64:
                    57:61:32:43:a0:94:9c:66:0f:e0:4e:1f:2b:9a:fa:
                    19:83:df:a5:57:0a:0b:d2:92:18:bc:e3:f7:91:14:
                    9b:3c:13:e2:76:77:e0:b7:03:41:17:d5:c1:4f:4b:
                    04:db:1f:85:a7:1f:52:c2:d7:8a:c5:6c:8f:4c:4f:
                    13:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:0C:84:F5:CC:BB:16:A1:1C:F1:54:B5:46:FB:FE:5C:0C:83:BE:48
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/hwyE9cy7FqEc8VS1Rvv-XAyDvkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:e8:b3:7b:d1:38:8b:3c:46:7f:08:c6:08:f1:ad:41:11:2b:
         b5:e6:14:69:9f:86:41:a2:57:ae:77:24:8b:b4:65:a4:fa:37:
         83:2c:0e:4d:4b:9b:47:bf:db:19:b3:f1:da:22:29:6b:02:f3:
         0f:84:98:22:55:9e:88:74:c4:8b:46:02:eb:1c:86:74:e7:5b:
         f4:02:31:75:e1:e3:3f:a8:f0:27:22:3c:e1:fc:18:a3:54:36:
         af:a9:74:f5:6e:c0:06:1b:a3:7b:74:9f:f4:ed:4c:9a:90:ef:
         7d:46:ac:67:30:6f:33:f1:8d:d6:6b:d6:a8:2a:f7:4d:e0:3f:
         1d:df:e6:24:31:f2:0b:59:d6:4a:6e:17:e7:f5:87:b3:3e:1b:
         f1:9c:6a:fe:49:0b:0b:ac:14:ae:d6:20:14:39:98:65:15:dc:
         4a:a1:0e:03:02:56:87:2f:e5:14:04:9c:52:8e:c3:77:29:38:
         36:e7:af:22:ad:bd:dc:b7:ef:a1:20:30:d3:8e:02:5f:19:61:
         ef:a7:80:79:14:83:c7:b9:3a:58:de:91:5a:22:59:cd:cb:c6:
         c8:de:99:0c:f2:95:7e:1f:3e:84:05:58:c2:33:46:00:de:43:
         5d:0d:c1:b2:6f:69:54:d9:03:cd:d9:e0:98:6a:60:d5:1c:53:
         eb:13:0a:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlOym2puRlYh6d+PBEFf0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjQwMTAyMDAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzBjODRmNWNjYmIxNmExMWNmMTU0YjU0NmZiZmU1YzBjODNiZTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6TB36ug1/CIwPH6b2NbGP5KRLua
oAd43aTSIogQwGYjaqFapkbiKiKJsW0t86J9L59xM6xunvXzBPBFNCEXUnq/Y0S8
nJRv42Im57WrvsK10E5bUlk3iFxpx+9bUgVw3qOdi9v3Mc/iKwoM9XAPTFIu+wBx
pYQTl38cOYBYqPNtVqZFI5t3LV8yeqyK+hdLaSPNCYTX/rlCs80Y3hfjvYvagldr
S5rOmm/sLA4Ilvj4uHQqIolsS0TcTd2crQ1OXGRXYTJDoJScZg/gTh8rmvoZg9+l
VwoL0pIYvOP3kRSbPBPidnfgtwNBF9XBT0sE2x+Fpx9SwteKxWyPTE8THQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcMhPXMuxahHPFUtUb7/lwMg75IMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvaHd5RTljeTdGcUVjOFZTMVJ2di1YQXlEdmtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYwGMA0G
CSqGSIb3DQEBCwUAA4IBAQCl6LN70TiLPEZ/CMYI8a1BESu15hRpn4ZBoleudySL
tGWk+jeDLA5NS5tHv9sZs/HaIilrAvMPhJgiVZ6IdMSLRgLrHIZ051v0AjF14eM/
qPAnIjzh/BijVDavqXT1bsAGG6N7dJ/07UyakO99RqxnMG8z8Y3Wa9aoKvdN4D8d
3+YkMfILWdZKbhfn9YezPhvxnGr+SQsLrBSu1iAUOZhlFdxKoQ4DAlaHL+UUBJxS
jsN3KTg2568irb3ct++hIDDTjgJfGWHvp4B5FIPHuTpY3pFaIlnNy8bI3pkM8pV+
Hz6EBVjCM0YA3kNdDcGyb2lU2QPN2eCYamDVHFPrEwpO
-----END CERTIFICATE-----