Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/a5aa39-f513-4c88-b477-a19f143ebb89/1/D1V3eqfCi_gBjQrEfM2Vu5Y6g1Y.roa
File:                     D1V3eqfCi_gBjQrEfM2Vu5Y6g1Y.roa (raw, json)
Hash identifier:          GSVUO1UiPoHFczsn7GU9AZVRDGND4CmgVKnMFmB7xZU=
Subject key identifier:   0F:55:77:7A:A7:C2:8B:F8:01:8D:0A:C4:7C:CD:95:BB:96:3A:83:56
Certificate issuer:       /CN=fd40e476f72534d865b2e2676691efc72b36c587
Certificate serial:       018CC4246BA828A74ADDC6DCC1396EC43CF9
Authority key identifier: FD:40:E4:76:F7:25:34:D8:65:B2:E2:67:66:91:EF:C7:2B:36:C5:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_UDkdvclNNhlsuJnZpHvxys2xYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/a5aa39-f513-4c88-b477-a19f143ebb89/1/D1V3eqfCi_gBjQrEfM2Vu5Y6g1Y.roa
Signing time:             Mon 01 Jan 2024 08:29:30 +0000
ROA not before:           Mon 01 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        45.141.216.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/a5aa39-f513-4c88-b477-a19f143ebb89/1/_UDkdvclNNhlsuJnZpHvxys2xYc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/a5aa39-f513-4c88-b477-a19f143ebb89/1/_UDkdvclNNhlsuJnZpHvxys2xYc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_UDkdvclNNhlsuJnZpHvxys2xYc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 07:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6b:a8:28:a7:4a:dd:c6:dc:c1:39:6e:c4:3c:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd40e476f72534d865b2e2676691efc72b36c587
        Validity
            Not Before: Jan  1 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f55777aa7c28bf8018d0ac47ccd95bb963a8356
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:56:b2:0f:b0:54:23:35:41:73:6b:09:4a:b2:
                    c9:9e:a0:56:14:3c:db:dc:5f:34:35:e8:b3:aa:5e:
                    98:44:b2:d1:38:6d:d4:92:91:a9:c2:49:d9:62:92:
                    f2:9e:0e:ff:e2:54:0d:9e:3e:ec:ed:d0:60:0b:bc:
                    a4:01:69:93:7c:ab:55:95:d4:11:97:4b:bc:c4:cb:
                    70:4b:bb:d8:8f:49:6a:eb:25:58:eb:17:a9:22:6c:
                    d4:9a:2b:4c:47:2d:9e:63:9c:ac:ee:d0:fb:6c:bb:
                    1d:8e:b1:f0:99:da:ab:a8:7b:ea:d7:ca:11:b2:88:
                    0b:ba:d7:09:6e:aa:ea:d0:ae:c8:b9:73:49:41:fd:
                    0a:0c:29:c0:eb:bf:18:8b:03:1b:63:1b:ef:f3:83:
                    6b:c5:3a:1a:cf:82:92:48:57:d1:4f:68:bf:4a:7a:
                    91:92:f2:b0:ee:1a:96:c3:3c:02:01:59:4a:65:2d:
                    d4:b3:87:c2:75:5e:dd:5b:0c:2b:71:2f:a7:83:a4:
                    46:be:5f:4e:ee:f8:8c:ec:0e:60:fd:6c:b8:d0:0b:
                    75:1c:25:fd:4b:60:33:be:e5:bf:33:2e:a0:bb:88:
                    68:8b:d4:fd:e2:d6:b1:1d:2c:a8:fc:1f:54:5b:00:
                    8d:4a:fe:9a:65:0d:ec:7d:61:22:e7:37:fb:5f:17:
                    6f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:55:77:7A:A7:C2:8B:F8:01:8D:0A:C4:7C:CD:95:BB:96:3A:83:56
            X509v3 Authority Key Identifier:
                keyid:FD:40:E4:76:F7:25:34:D8:65:B2:E2:67:66:91:EF:C7:2B:36:C5:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_UDkdvclNNhlsuJnZpHvxys2xYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/a5aa39-f513-4c88-b477-a19f143ebb89/1/D1V3eqfCi_gBjQrEfM2Vu5Y6g1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/a5aa39-f513-4c88-b477-a19f143ebb89/1/_UDkdvclNNhlsuJnZpHvxys2xYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:4e:92:01:36:c0:83:44:ab:8a:65:d7:99:82:5e:47:ab:94:
         1d:4f:ae:19:db:3c:ca:e8:f5:f5:6e:ba:87:3a:04:41:ef:0b:
         d6:bd:3d:41:df:c0:7f:79:2e:22:0a:f5:0c:ad:b8:5e:cb:0f:
         5f:99:6d:73:43:34:e7:75:bd:f0:ea:6b:c4:a8:84:8e:26:25:
         56:f3:45:71:4c:4e:36:c2:63:b2:3b:3b:90:5a:97:57:83:c3:
         6d:70:71:f6:0a:64:93:8b:38:21:fc:00:de:6b:d0:7d:ac:7a:
         27:c9:1e:71:d9:db:18:ad:69:d7:1a:bc:b5:96:11:15:82:70:
         1b:df:c0:1d:4b:55:07:62:91:ec:64:c8:42:e5:10:f0:2a:47:
         5b:29:ed:64:2b:60:1a:dd:ff:92:94:bb:30:01:cf:f6:cc:65:
         be:1d:a2:ed:51:8b:be:4d:4a:fc:30:d7:10:25:10:e0:2c:e5:
         c3:29:73:c5:a6:8e:3d:30:80:b0:07:a0:b1:cd:78:df:fc:1c:
         4d:5f:ab:7e:d7:ac:7e:fb:60:90:a2:ce:be:0c:d7:4a:30:fb:
         16:c8:18:54:d7:08:d7:16:7a:e1:12:77:a6:9f:13:af:3f:54:
         fd:0a:9d:b5:45:59:88:46:75:f8:86:6e:3b:85:8e:79:d0:17:
         8c:89:e8:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJGuoKKdK3cbcwTluxDz5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkNDBlNDc2ZjcyNTM0ZDg2NWIyZTI2NzY2OTFlZmM3MmIz
NmM1ODcwHhcNMjQwMTAxMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjU1Nzc3YWE3YzI4YmY4MDE4ZDBhYzQ3Y2NkOTViYjk2M2E4MzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1ayD7BUIzVBc2sJSrLJnqBWFDzb
3F80Neizql6YRLLROG3UkpGpwknZYpLyng7/4lQNnj7s7dBgC7ykAWmTfKtVldQR
l0u8xMtwS7vYj0lq6yVY6xepImzUmitMRy2eY5ys7tD7bLsdjrHwmdqrqHvq18oR
sogLutcJbqrq0K7IuXNJQf0KDCnA678YiwMbYxvv84NrxToaz4KSSFfRT2i/SnqR
kvKw7hqWwzwCAVlKZS3Us4fCdV7dWwwrcS+ng6RGvl9O7viM7A5g/Wy40At1HCX9
S2AzvuW/My6gu4hoi9T94taxHSyo/B9UWwCNSv6aZQ3sfWEi5zf7XxdvxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9Vd3qnwov4AY0KxHzNlbuWOoNWMB8GA1UdIwQY
MBaAFP1A5Hb3JTTYZbLiZ2aR78crNsWHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1VEa2R2Y2xOTmhsc3VKblpwSHZ4eXMyeFljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9hNWFhMzktZjUxMy00Yzg4LWI0Nzct
YTE5ZjE0M2ViYjg5LzEvRDFWM2VxZkNpX2dCalFyRWZNMlZ1NVk2ZzFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9hNWFhMzktZjUxMy00Yzg4LWI0NzctYTE5ZjE0M2ViYjg5
LzEvX1VEa2R2Y2xOTmhsc3VKblpwSHZ4eXMyeFljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLY3YMA0G
CSqGSIb3DQEBCwUAA4IBAQB0TpIBNsCDRKuKZdeZgl5Hq5QdT64Z2zzK6PX1brqH
OgRB7wvWvT1B38B/eS4iCvUMrbheyw9fmW1zQzTndb3w6mvEqISOJiVW80VxTE42
wmOyOzuQWpdXg8NtcHH2CmSTizgh/ADea9B9rHonyR5x2dsYrWnXGry1lhEVgnAb
38AdS1UHYpHsZMhC5RDwKkdbKe1kK2Aa3f+SlLswAc/2zGW+HaLtUYu+TUr8MNcQ
JRDgLOXDKXPFpo49MICwB6CxzXjf/BxNX6t+16x++2CQos6+DNdKMPsWyBhU1wjX
FnrhEnemnxOvP1T9Cp21RVmIRnX4hm47hY550BeMiegX
-----END CERTIFICATE-----