Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/A58uA4UggZjWMMcwTNxIoAeG8WA.roa
File:                     A58uA4UggZjWMMcwTNxIoAeG8WA.roa (raw, json)
Hash identifier:          VhVPxhDHTsyaUfY3BSA6ikrrqbi5cR3O4RLfyVEz7+s=
Subject key identifier:   03:9F:2E:03:85:20:81:98:D6:30:C7:30:4C:DC:48:A0:07:86:F1:60
Certificate issuer:       /CN=843d1afcf13bd2117d47df683e40a63287004cfe
Certificate serial:       018CC6B8CC829E398B8E358755F82B82570E
Authority key identifier: 84:3D:1A:FC:F1:3B:D2:11:7D:47:DF:68:3E:40:A6:32:87:00:4C:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hD0a_PE70hF9R99oPkCmMocATP4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/A58uA4UggZjWMMcwTNxIoAeG8WA.roa
Signing time:             Mon 01 Jan 2024 20:30:48 +0000
ROA not before:           Mon 01 Jan 2024 20:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215937
IP address blocks:        45.142.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/hD0a_PE70hF9R99oPkCmMocATP4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/hD0a_PE70hF9R99oPkCmMocATP4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hD0a_PE70hF9R99oPkCmMocATP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:cc:82:9e:39:8b:8e:35:87:55:f8:2b:82:57:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=843d1afcf13bd2117d47df683e40a63287004cfe
        Validity
            Not Before: Jan  1 20:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=039f2e0385208198d630c7304cdc48a00786f160
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:50:ba:a2:17:07:3f:0c:78:9c:14:2c:a2:1b:
                    cf:e7:34:b0:75:4c:bd:00:3c:5c:78:ac:26:52:40:
                    06:54:1c:91:d4:17:17:0b:2e:54:3f:f7:b2:2d:26:
                    43:9b:12:ea:cb:d1:d8:88:67:14:e5:aa:9f:12:d7:
                    84:f0:38:39:9d:84:e5:fb:81:0f:b0:6a:56:fd:9a:
                    91:74:02:5e:06:2e:c8:95:8d:b4:2a:e9:b8:a8:60:
                    63:a4:14:22:f8:c4:b6:90:01:a9:42:0a:79:82:59:
                    7a:be:52:54:94:08:56:b5:e6:9d:23:ef:6c:15:74:
                    07:70:5e:33:a1:da:a0:41:a6:5f:2b:a1:0d:b0:3c:
                    2a:fd:33:1c:56:bd:4e:32:04:c2:7d:55:ab:82:19:
                    bb:d5:f0:e2:b5:66:c1:38:87:88:a8:b5:6f:c2:d3:
                    0a:cd:2e:fa:ba:7a:71:54:22:88:b0:9e:3a:6f:54:
                    56:eb:b8:91:89:e3:6b:a1:8c:10:e0:f7:a6:98:b8:
                    17:a3:86:7b:e2:c1:d6:53:48:a9:ca:7f:33:8d:c3:
                    b7:a0:d4:cc:78:2f:73:19:a3:3b:00:81:94:59:3e:
                    dc:e6:85:52:cc:da:72:22:98:67:df:55:69:7f:44:
                    15:12:b7:28:27:95:ab:e6:f9:3b:62:64:2e:96:02:
                    c4:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:9F:2E:03:85:20:81:98:D6:30:C7:30:4C:DC:48:A0:07:86:F1:60
            X509v3 Authority Key Identifier:
                keyid:84:3D:1A:FC:F1:3B:D2:11:7D:47:DF:68:3E:40:A6:32:87:00:4C:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hD0a_PE70hF9R99oPkCmMocATP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/A58uA4UggZjWMMcwTNxIoAeG8WA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/hD0a_PE70hF9R99oPkCmMocATP4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         f4:9b:9e:a4:f1:48:57:55:68:fc:0b:3f:92:e7:75:04:16:97:
         6f:76:10:67:d8:d1:6f:81:53:79:84:09:14:59:09:a8:24:19:
         c1:28:c8:13:ed:68:11:bd:76:5d:f4:24:fd:c1:ae:78:67:a6:
         7d:a8:ca:fd:b4:d7:e3:bc:ae:32:c1:49:99:a1:ea:67:78:ba:
         b5:4c:79:d9:ef:0b:72:69:fd:8c:2b:41:1c:93:ab:5d:b9:58:
         53:8f:b1:7f:e5:cc:c5:a9:ae:5f:99:68:31:76:d8:97:c4:74:
         99:b7:bc:f4:0c:b3:17:10:ea:ea:20:3a:d4:d8:31:7e:44:bf:
         b8:aa:9f:6d:6f:1e:bd:8d:25:89:db:8f:5b:3b:d3:2c:9c:5a:
         39:b0:de:1c:be:ff:b6:69:03:8a:71:dc:97:85:11:d5:f5:44:
         d4:96:d8:a7:54:0b:3b:58:db:30:4e:5c:42:5f:9a:0d:d2:10:
         0c:3a:5c:70:f5:a0:13:cb:84:ed:8e:8b:48:fa:f6:d0:e5:89:
         8e:75:00:a9:07:84:65:4f:6e:0b:a1:c6:d4:87:f3:39:4c:98:
         5b:4c:93:05:f6:76:ea:69:db:1d:55:51:bf:26:ce:90:90:40:
         a5:57:c5:e5:93:2a:61:70:dc:49:b7:7f:cb:12:da:4c:ce:1b:
         3a:e1:d4:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuMyCnjmLjjWHVfgrglcOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0M2QxYWZjZjEzYmQyMTE3ZDQ3ZGY2ODNlNDBhNjMyODcw
MDRjZmUwHhcNMjQwMTAxMjAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzlmMmUwMzg1MjA4MTk4ZDYzMGM3MzA0Y2RjNDhhMDA3ODZmMTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFC6ohcHPwx4nBQsohvP5zSwdUy9
ADxceKwmUkAGVByR1BcXCy5UP/eyLSZDmxLqy9HYiGcU5aqfEteE8Dg5nYTl+4EP
sGpW/ZqRdAJeBi7IlY20Kum4qGBjpBQi+MS2kAGpQgp5gll6vlJUlAhWteadI+9s
FXQHcF4zodqgQaZfK6ENsDwq/TMcVr1OMgTCfVWrghm71fDitWbBOIeIqLVvwtMK
zS76unpxVCKIsJ46b1RW67iRieNroYwQ4PemmLgXo4Z74sHWU0ipyn8zjcO3oNTM
eC9zGaM7AIGUWT7c5oVSzNpyIphn31Vpf0QVErcoJ5Wr5vk7YmQulgLETQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAOfLgOFIIGY1jDHMEzcSKAHhvFgMB8GA1UdIwQY
MBaAFIQ9GvzxO9IRfUffaD5ApjKHAEz+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEQwYV9QRTcwaEY5Ujk5b1BrQ21Nb2NBVFA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS8xNzMzMDYtMmRiZC00YWQ4LWJkNTEt
YjFmM2JjYzY3YWFlLzEvQTU4dUE0VWdnWmpXTU1jd1ROeElvQWVHOFdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS8xNzMzMDYtMmRiZC00YWQ4LWJkNTEtYjFmM2JjYzY3YWFl
LzEvaEQwYV9QRTcwaEY5Ujk5b1BrQ21Nb2NBVFA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY5XMA0G
CSqGSIb3DQEBCwUAA4IBAQD0m56k8UhXVWj8Cz+S53UEFpdvdhBn2NFvgVN5hAkU
WQmoJBnBKMgT7WgRvXZd9CT9wa54Z6Z9qMr9tNfjvK4ywUmZoepneLq1THnZ7wty
af2MK0Eck6tduVhTj7F/5czFqa5fmWgxdtiXxHSZt7z0DLMXEOrqIDrU2DF+RL+4
qp9tbx69jSWJ249bO9MsnFo5sN4cvv+2aQOKcdyXhRHV9UTUltinVAs7WNswTlxC
X5oN0hAMOlxw9aATy4TtjotI+vbQ5YmOdQCpB4RlT24LocbUh/M5TJhbTJMF9nbq
adsdVVG/Js6QkEClV8XlkyphcNxJt3/LEtpMzhs64dTs
-----END CERTIFICATE-----