Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/5b4185-b080-498e-8cc7-6a6af5b74d38/1/11V1TiZjt3gwnepqFrfCNQP9F6E.roa
File:                     11V1TiZjt3gwnepqFrfCNQP9F6E.roa (raw, json)
Hash identifier:          qKcoeeGCs3bNUivoLEu67M9cKuiWNH0MKz0q99e+eDk=
Subject key identifier:   D7:55:75:4E:26:63:B7:78:30:9D:EA:6A:16:B7:C2:35:03:FD:17:A1
Certificate issuer:       /CN=d2323101b29596ff442d3749373b8e9983354670
Certificate serial:       018CC8702D70546D33B433A583E3A41D3D7E
Authority key identifier: D2:32:31:01:B2:95:96:FF:44:2D:37:49:37:3B:8E:99:83:35:46:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0jIxAbKVlv9ELTdJNzuOmYM1RnA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/5b4185-b080-498e-8cc7-6a6af5b74d38/1/11V1TiZjt3gwnepqFrfCNQP9F6E.roa
Signing time:             Tue 02 Jan 2024 04:30:44 +0000
ROA not before:           Tue 02 Jan 2024 04:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198310
IP address blocks:        45.152.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/5b4185-b080-498e-8cc7-6a6af5b74d38/1/0jIxAbKVlv9ELTdJNzuOmYM1RnA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/5b4185-b080-498e-8cc7-6a6af5b74d38/1/0jIxAbKVlv9ELTdJNzuOmYM1RnA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0jIxAbKVlv9ELTdJNzuOmYM1RnA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:2d:70:54:6d:33:b4:33:a5:83:e3:a4:1d:3d:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2323101b29596ff442d3749373b8e9983354670
        Validity
            Not Before: Jan  2 04:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d755754e2663b778309dea6a16b7c23503fd17a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:9a:92:2d:e2:ea:64:c4:86:ea:63:18:c0:8a:
                    bc:c4:76:b7:29:ba:6d:ca:ec:d6:bd:cc:28:ce:1c:
                    66:7b:d1:c5:53:81:59:a2:1d:17:72:ce:70:33:26:
                    90:88:16:75:34:6a:e4:6c:1a:78:55:d9:cf:18:23:
                    39:3c:99:18:0f:52:42:bd:75:a8:01:90:de:f7:01:
                    1d:5f:03:bd:e5:a4:2b:26:95:07:95:c1:7f:e8:47:
                    b0:39:65:e3:fe:93:90:58:a3:61:4c:a4:fa:4d:2a:
                    06:fb:d6:4f:c0:14:74:79:63:5e:71:46:97:83:2c:
                    e7:8d:5d:44:0c:90:e8:88:18:e1:35:25:39:7f:e7:
                    e1:69:20:ea:fe:9c:5f:96:f4:4a:2a:f7:d3:70:47:
                    0e:19:ee:d0:88:23:ad:51:6c:76:cc:d6:6f:6b:43:
                    f2:6a:5f:65:d1:35:9f:4c:67:a9:c7:0c:31:54:34:
                    47:f4:57:df:03:fd:d0:25:ae:b4:ea:3a:36:22:1b:
                    6e:c5:b6:45:d0:03:44:ed:ea:c6:86:16:30:15:c5:
                    60:2c:92:a6:71:fa:be:05:fe:0e:79:8c:f7:d7:6c:
                    3b:1d:f7:ea:eb:0e:fb:ff:6c:b4:71:06:aa:89:78:
                    62:df:5d:84:98:a1:9a:0f:a3:32:46:da:87:33:34:
                    24:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:55:75:4E:26:63:B7:78:30:9D:EA:6A:16:B7:C2:35:03:FD:17:A1
            X509v3 Authority Key Identifier:
                keyid:D2:32:31:01:B2:95:96:FF:44:2D:37:49:37:3B:8E:99:83:35:46:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0jIxAbKVlv9ELTdJNzuOmYM1RnA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/5b4185-b080-498e-8cc7-6a6af5b74d38/1/11V1TiZjt3gwnepqFrfCNQP9F6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/5b4185-b080-498e-8cc7-6a6af5b74d38/1/0jIxAbKVlv9ELTdJNzuOmYM1RnA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:13:e0:31:32:83:86:c7:06:71:ab:e4:32:aa:d7:1a:fd:39:
         ee:38:e8:9c:5e:a3:ec:22:ad:8d:2b:d8:5d:4a:4e:46:2f:6c:
         a2:37:06:f5:b1:72:48:96:58:ee:01:9d:43:b1:56:f3:25:3c:
         f5:89:b5:f5:f5:a5:88:a3:a8:05:bb:a5:77:98:f7:b8:1e:9f:
         13:f7:36:cd:f9:28:3b:71:16:3f:a7:e3:e1:2f:e6:b4:c5:bd:
         c4:90:3a:06:ae:1f:98:c9:2e:fc:3f:40:02:87:f2:e3:d8:e0:
         e8:d2:1f:86:d1:2b:91:b8:6c:29:b0:fc:f2:3f:93:9f:7e:4c:
         f0:f3:39:df:00:e3:0b:55:69:88:d6:11:1a:3c:24:9c:ce:a2:
         bb:64:fc:b8:e1:7b:25:4a:49:af:d7:3d:12:c7:60:06:32:25:
         00:35:f6:97:62:41:8c:92:b7:92:4c:63:10:34:c5:60:57:39:
         a9:06:da:1c:cf:15:7c:bf:c3:8c:a7:0f:36:e2:33:4e:11:fe:
         08:3c:1a:5f:e9:3d:70:5d:3d:06:31:f4:24:69:7b:ee:0a:7b:
         94:c6:6b:3d:88:df:5f:ff:35:eb:ef:66:47:9a:a9:43:d7:85:
         0f:d3:f0:fe:fc:d4:78:26:c4:8c:31:34:bf:9a:67:75:2e:0b:
         59:e3:ed:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcC1wVG0ztDOlg+OkHT1+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMzIzMTAxYjI5NTk2ZmY0NDJkMzc0OTM3M2I4ZTk5ODMz
NTQ2NzAwHhcNMjQwMTAyMDQzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzU1NzU0ZTI2NjNiNzc4MzA5ZGVhNmExNmI3YzIzNTAzZmQxN2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJqSLeLqZMSG6mMYwIq8xHa3Kbpt
yuzWvcwozhxme9HFU4FZoh0Xcs5wMyaQiBZ1NGrkbBp4VdnPGCM5PJkYD1JCvXWo
AZDe9wEdXwO95aQrJpUHlcF/6EewOWXj/pOQWKNhTKT6TSoG+9ZPwBR0eWNecUaX
gyznjV1EDJDoiBjhNSU5f+fhaSDq/pxflvRKKvfTcEcOGe7QiCOtUWx2zNZva0Py
al9l0TWfTGepxwwxVDRH9FffA/3QJa606jo2IhtuxbZF0ANE7erGhhYwFcVgLJKm
cfq+Bf4OeYz312w7Hffq6w77/2y0cQaqiXhi312EmKGaD6MyRtqHMzQkuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNdVdU4mY7d4MJ3qaha3wjUD/RehMB8GA1UdIwQY
MBaAFNIyMQGylZb/RC03STc7jpmDNUZwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGpJeEFiS1ZsdjlFTFRkSk56dU9tWU0xUm5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS81YjQxODUtYjA4MC00OThlLThjYzct
NmE2YWY1Yjc0ZDM4LzEvMTFWMVRpWmp0M2d3bmVwcUZyZkNOUVA5RjZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS81YjQxODUtYjA4MC00OThlLThjYzctNmE2YWY1Yjc0ZDM4
LzEvMGpJeEFiS1ZsdjlFTFRkSk56dU9tWU0xUm5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZgbMA0G
CSqGSIb3DQEBCwUAA4IBAQCUE+AxMoOGxwZxq+Qyqtca/TnuOOicXqPsIq2NK9hd
Sk5GL2yiNwb1sXJIlljuAZ1DsVbzJTz1ibX19aWIo6gFu6V3mPe4Hp8T9zbN+Sg7
cRY/p+PhL+a0xb3EkDoGrh+YyS78P0ACh/Lj2ODo0h+G0SuRuGwpsPzyP5Offkzw
8znfAOMLVWmI1hEaPCSczqK7ZPy44XslSkmv1z0Sx2AGMiUANfaXYkGMkreSTGMQ
NMVgVzmpBtoczxV8v8OMpw824jNOEf4IPBpf6T1wXT0GMfQkaXvuCnuUxms9iN9f
/zXr72ZHmqlD14UP0/D+/NR4JsSMMTS/mmd1LgtZ4+0q
-----END CERTIFICATE-----