Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/6b8434-f454-41c7-92b9-352f7ca011ae/1/vLWu8WB4Y1V2VHFufbsG9r-rAKs.roa
File:                     vLWu8WB4Y1V2VHFufbsG9r-rAKs.roa (raw, json)
Hash identifier:          mMzI3PTp4tWt4jxz/CvcAI7hwyPcP/8l6OAjplICGuM=
Subject key identifier:   BC:B5:AE:F1:60:78:63:55:76:54:71:6E:7D:BB:06:F6:BF:AB:00:AB
Certificate issuer:       /CN=439eec770dfa662b4ea64a022eeb38e83daae228
Certificate serial:       018D214CB4CA914B981467761EE90305B0EC
Authority key identifier: 43:9E:EC:77:0D:FA:66:2B:4E:A6:4A:02:2E:EB:38:E8:3D:AA:E2:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q57sdw36ZitOpkoCLus46D2q4ig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/6b8434-f454-41c7-92b9-352f7ca011ae/1/vLWu8WB4Y1V2VHFufbsG9r-rAKs.roa
Signing time:             Fri 19 Jan 2024 10:38:11 +0000
ROA not before:           Fri 19 Jan 2024 10:38:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203050
IP address blocks:        45.10.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/6b8434-f454-41c7-92b9-352f7ca011ae/1/Q57sdw36ZitOpkoCLus46D2q4ig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/6b8434-f454-41c7-92b9-352f7ca011ae/1/Q57sdw36ZitOpkoCLus46D2q4ig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q57sdw36ZitOpkoCLus46D2q4ig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:21:4c:b4:ca:91:4b:98:14:67:76:1e:e9:03:05:b0:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=439eec770dfa662b4ea64a022eeb38e83daae228
        Validity
            Not Before: Jan 19 10:38:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bcb5aef1607863557654716e7dbb06f6bfab00ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:87:38:6c:fa:a6:b3:47:38:59:87:bd:09:a7:
                    35:c1:ee:12:95:09:6b:10:01:84:a2:a0:d2:a9:31:
                    5f:74:da:41:49:7d:77:17:04:6c:60:8c:34:7d:48:
                    06:01:c9:bc:f6:4f:16:55:2f:b6:ac:32:02:90:ec:
                    7f:48:05:fa:97:f0:5d:9e:9d:d5:8b:24:04:bc:79:
                    4d:83:b6:9f:1b:4d:f0:5b:c5:8b:4c:59:5f:22:cc:
                    8f:3e:28:17:61:2b:f4:6d:c9:6d:e3:11:70:26:35:
                    78:82:4a:1b:5f:9e:35:08:88:fe:55:aa:62:fc:b2:
                    fe:6d:75:ef:94:ae:ce:ee:53:0f:1d:87:2d:69:8c:
                    2b:2f:d2:d2:3f:73:a9:c4:82:2e:0b:bc:89:84:7c:
                    17:9f:8a:1f:cc:86:55:f1:9c:4b:6c:25:20:b1:65:
                    d6:e5:31:a4:49:20:f5:bf:34:91:02:64:a9:96:a4:
                    bc:58:ca:e3:1d:db:9f:13:52:4f:62:b7:2e:4d:db:
                    0e:1e:6e:91:79:cf:fe:06:f8:5d:32:3c:62:40:dd:
                    70:11:df:e6:d6:08:5f:f5:cc:7c:97:72:e0:79:f6:
                    90:e4:81:d6:d9:ce:cd:59:64:80:8b:33:c8:22:cd:
                    87:35:00:b9:95:45:eb:7e:27:d6:e4:20:27:0e:c2:
                    1d:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:B5:AE:F1:60:78:63:55:76:54:71:6E:7D:BB:06:F6:BF:AB:00:AB
            X509v3 Authority Key Identifier:
                keyid:43:9E:EC:77:0D:FA:66:2B:4E:A6:4A:02:2E:EB:38:E8:3D:AA:E2:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q57sdw36ZitOpkoCLus46D2q4ig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/6b8434-f454-41c7-92b9-352f7ca011ae/1/vLWu8WB4Y1V2VHFufbsG9r-rAKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/6b8434-f454-41c7-92b9-352f7ca011ae/1/Q57sdw36ZitOpkoCLus46D2q4ig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:2d:63:71:45:bc:98:0d:b7:5f:e8:9c:63:f6:c0:0c:ec:b1:
         f8:9b:32:2b:a0:cf:70:2c:a1:64:61:b6:cd:7b:e0:35:50:46:
         cb:26:31:87:19:84:57:6a:62:89:80:4f:d6:55:dd:47:a0:14:
         ba:c7:3c:44:5e:b6:5e:c6:02:48:f2:c4:da:e3:87:1d:0b:23:
         be:c1:7c:82:62:f6:ad:3b:68:79:9e:06:4c:1a:9e:b2:9f:da:
         24:5e:ac:f2:f3:12:a5:4d:c8:e1:3f:46:d4:ce:7e:e1:d8:07:
         86:e0:49:a4:39:a8:31:2e:1d:15:c1:a8:d6:ce:26:9b:8d:50:
         a7:c6:ac:cd:92:3d:55:a6:0c:6f:11:77:d1:6c:d1:0b:63:a5:
         20:d9:60:0c:d3:bb:58:c8:4d:86:04:69:7d:e3:08:03:2a:3d:
         e3:12:40:7d:ad:b3:83:8c:67:72:c9:7b:c6:d3:4a:f6:40:15:
         54:1a:0b:fb:50:a1:94:13:6f:e2:6d:7f:f2:99:62:7a:1e:89:
         00:ce:d1:5a:7f:9e:31:35:b0:f2:d4:03:86:df:93:a7:2e:af:
         d1:6f:82:9e:f4:1a:71:a5:c0:22:2d:26:a8:26:8c:0a:4f:ef:
         ad:ec:24:8c:ea:96:66:4c:63:6b:8e:75:a1:c4:fb:24:4d:5d:
         98:a4:0b:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0hTLTKkUuYFGd2HukDBbDsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzOWVlYzc3MGRmYTY2MmI0ZWE2NGEwMjJlZWIzOGU4M2Rh
YWUyMjgwHhcNMjQwMTE5MTAzODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2I1YWVmMTYwNzg2MzU1NzY1NDcxNmU3ZGJiMDZmNmJmYWIwMGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIc4bPqms0c4WYe9Cac1we4SlQlr
EAGEoqDSqTFfdNpBSX13FwRsYIw0fUgGAcm89k8WVS+2rDICkOx/SAX6l/Bdnp3V
iyQEvHlNg7afG03wW8WLTFlfIsyPPigXYSv0bclt4xFwJjV4gkobX541CIj+Vapi
/LL+bXXvlK7O7lMPHYctaYwrL9LSP3OpxIIuC7yJhHwXn4ofzIZV8ZxLbCUgsWXW
5TGkSSD1vzSRAmSplqS8WMrjHdufE1JPYrcuTdsOHm6Rec/+BvhdMjxiQN1wEd/m
1ghf9cx8l3LgefaQ5IHW2c7NWWSAizPIIs2HNQC5lUXrfifW5CAnDsIdaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLy1rvFgeGNVdlRxbn27Bva/qwCrMB8GA1UdIwQY
MBaAFEOe7HcN+mYrTqZKAi7rOOg9quIoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTU3c2R3MzZaaXRPcGtvQ0x1czQ2RDJxNGlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi82Yjg0MzQtZjQ1NC00MWM3LTkyYjkt
MzUyZjdjYTAxMWFlLzEvdkxXdThXQjRZMVYyVkhGdWZic0c5ci1yQUtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi82Yjg0MzQtZjQ1NC00MWM3LTkyYjktMzUyZjdjYTAxMWFl
LzEvUTU3c2R3MzZaaXRPcGtvQ0x1czQ2RDJxNGlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQolMA0G
CSqGSIb3DQEBCwUAA4IBAQAwLWNxRbyYDbdf6Jxj9sAM7LH4mzIroM9wLKFkYbbN
e+A1UEbLJjGHGYRXamKJgE/WVd1HoBS6xzxEXrZexgJI8sTa44cdCyO+wXyCYvat
O2h5ngZMGp6yn9okXqzy8xKlTcjhP0bUzn7h2AeG4EmkOagxLh0VwajWziabjVCn
xqzNkj1VpgxvEXfRbNELY6Ug2WAM07tYyE2GBGl94wgDKj3jEkB9rbODjGdyyXvG
00r2QBVUGgv7UKGUE2/ibX/ymWJ6HokAztFaf54xNbDy1AOG35OnLq/Rb4Ke9Bpx
pcAiLSaoJowKT++t7CSM6pZmTGNrjnWhxPskTV2YpAsh
-----END CERTIFICATE-----