Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/pTPJ6GuNhhTs0aoKJXcl2ijQh0s.roa
File:                     pTPJ6GuNhhTs0aoKJXcl2ijQh0s.roa (raw, json)
Hash identifier:          aUz9ZM/ONFaENhwkPzdstIZwD6RklmNVXu0Dbwo8kUQ=
Subject key identifier:   A5:33:C9:E8:6B:8D:86:14:EC:D1:AA:0A:25:77:25:DA:28:D0:87:4B
Certificate issuer:       /CN=f2a253cdf507a03e1f579d202d8df11d68f5c3d7
Certificate serial:       018CC94E6D3F9CFB5B810CF395895B0AF079
Authority key identifier: F2:A2:53:CD:F5:07:A0:3E:1F:57:9D:20:2D:8D:F1:1D:68:F5:C3:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8qJTzfUHoD4fV50gLY3xHWj1w9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/pTPJ6GuNhhTs0aoKJXcl2ijQh0s.roa
Signing time:             Tue 02 Jan 2024 08:33:29 +0000
ROA not before:           Tue 02 Jan 2024 08:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36231
IP address blocks:        45.88.228.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/8qJTzfUHoD4fV50gLY3xHWj1w9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/8qJTzfUHoD4fV50gLY3xHWj1w9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8qJTzfUHoD4fV50gLY3xHWj1w9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6d:3f:9c:fb:5b:81:0c:f3:95:89:5b:0a:f0:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2a253cdf507a03e1f579d202d8df11d68f5c3d7
        Validity
            Not Before: Jan  2 08:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a533c9e86b8d8614ecd1aa0a257725da28d0874b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:fb:d3:31:a1:59:5e:e2:5f:e3:4b:5d:b4:57:
                    88:53:b5:37:7b:d2:63:7a:8a:c7:55:78:43:cd:6f:
                    1a:17:d0:a5:13:4d:ab:6b:8c:f7:6b:62:cd:65:36:
                    f1:e0:6d:fe:7c:82:e1:48:e6:03:94:a7:71:c7:88:
                    2a:1f:7b:92:54:45:f1:0c:7e:f3:70:bc:fe:fc:ff:
                    8b:f2:42:59:30:18:f7:a5:ac:03:98:1a:f8:0a:c5:
                    e6:49:2a:a6:8e:a8:61:9b:1f:1c:ad:ab:d6:7a:f1:
                    ef:aa:61:1c:a8:2d:3a:9f:8b:4c:47:76:9e:0c:17:
                    4e:70:3e:19:5d:a5:8d:e1:06:0c:aa:80:1f:f3:e3:
                    53:43:b4:a9:8b:56:c4:af:77:2a:9e:06:7f:6b:77:
                    ee:a2:a8:25:25:de:9b:b4:06:72:20:e2:61:6a:7b:
                    77:2a:08:c4:e5:f3:35:a0:65:ff:c5:6e:16:9c:ba:
                    87:e2:46:28:92:31:37:e9:cd:b5:88:8c:37:40:8d:
                    eb:bc:b8:c2:eb:60:e0:b3:aa:cb:1d:86:ca:4f:40:
                    6a:c6:e0:5e:f5:d7:c3:3f:3e:22:90:ce:97:30:36:
                    00:80:c3:70:a2:df:3d:5f:f0:c1:fe:4c:53:9d:eb:
                    99:67:61:77:e0:8d:ea:de:ff:10:0a:9a:7a:9b:6b:
                    2d:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:33:C9:E8:6B:8D:86:14:EC:D1:AA:0A:25:77:25:DA:28:D0:87:4B
            X509v3 Authority Key Identifier:
                keyid:F2:A2:53:CD:F5:07:A0:3E:1F:57:9D:20:2D:8D:F1:1D:68:F5:C3:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8qJTzfUHoD4fV50gLY3xHWj1w9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/pTPJ6GuNhhTs0aoKJXcl2ijQh0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/8qJTzfUHoD4fV50gLY3xHWj1w9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:41:ad:7f:07:da:f6:80:37:60:81:8f:08:7a:10:2e:80:49:
         5e:b8:e5:85:d0:b0:9c:c0:38:ac:90:1b:7d:36:cc:07:ab:c0:
         c4:62:de:0d:eb:b4:ce:ce:07:5a:03:f8:54:04:6a:70:20:b9:
         6b:1d:be:bb:6f:45:37:67:9b:8d:5a:55:3a:eb:3e:87:0b:9e:
         8e:dd:11:b4:23:a3:c6:9f:34:23:74:50:de:f4:3a:06:db:3a:
         c1:17:00:97:1b:6a:1c:58:23:9a:4d:93:61:06:2f:e6:78:e6:
         93:06:f9:9b:17:fa:88:cc:73:95:52:49:9e:5f:b9:f9:27:e3:
         4a:67:3f:9d:8a:aa:97:25:3a:c7:4e:f9:71:73:2b:43:ea:98:
         2d:08:4e:ca:bf:97:a4:b4:3f:da:fc:60:f6:5f:9f:a7:82:51:
         c5:ca:1f:13:6d:a5:c3:a0:03:b2:4a:2f:1d:21:67:41:17:be:
         4d:d1:1b:32:4d:ac:02:af:63:a8:ff:b9:99:83:71:65:07:19:
         52:dd:10:be:01:c3:f7:81:c9:58:f4:df:dc:0c:f9:85:75:b1:
         95:51:47:1b:17:0f:60:96:d2:91:65:9e:b4:1f:93:c1:a4:46:
         a3:ea:9b:a6:77:ae:a9:98:9b:c1:7b:3e:18:1b:0f:66:48:e1:
         ee:d2:68:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTm0/nPtbgQzzlYlbCvB5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyYTI1M2NkZjUwN2EwM2UxZjU3OWQyMDJkOGRmMTFkNjhm
NWMzZDcwHhcNMjQwMTAyMDgzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTMzYzllODZiOGQ4NjE0ZWNkMWFhMGEyNTc3MjVkYTI4ZDA4NzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfvTMaFZXuJf40tdtFeIU7U3e9Jj
eorHVXhDzW8aF9ClE02ra4z3a2LNZTbx4G3+fILhSOYDlKdxx4gqH3uSVEXxDH7z
cLz+/P+L8kJZMBj3pawDmBr4CsXmSSqmjqhhmx8cravWevHvqmEcqC06n4tMR3ae
DBdOcD4ZXaWN4QYMqoAf8+NTQ7Spi1bEr3cqngZ/a3fuoqglJd6btAZyIOJhant3
KgjE5fM1oGX/xW4WnLqH4kYokjE36c21iIw3QI3rvLjC62Dgs6rLHYbKT0BqxuBe
9dfDPz4ikM6XMDYAgMNwot89X/DB/kxTneuZZ2F34I3q3v8QCpp6m2stXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKUzyehrjYYU7NGqCiV3Jdoo0IdLMB8GA1UdIwQY
MBaAFPKiU831B6A+H1edIC2N8R1o9cPXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHFKVHpmVUhvRDRmVjUwZ0xZM3hIV2oxdzljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8xMGViZWMtMjc4NC00ZGFhLThkZjct
YmU0ZDVkMDlkNzEwLzEvcFRQSjZHdU5oaFRzMGFvS0pYY2wyaWpRaDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8xMGViZWMtMjc4NC00ZGFhLThkZjctYmU0ZDVkMDlkNzEw
LzEvOHFKVHpmVUhvRDRmVjUwZ0xZM3hIV2oxdzljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVjkMA0G
CSqGSIb3DQEBCwUAA4IBAQAuQa1/B9r2gDdggY8IehAugEleuOWF0LCcwDiskBt9
NswHq8DEYt4N67TOzgdaA/hUBGpwILlrHb67b0U3Z5uNWlU66z6HC56O3RG0I6PG
nzQjdFDe9DoG2zrBFwCXG2ocWCOaTZNhBi/meOaTBvmbF/qIzHOVUkmeX7n5J+NK
Zz+diqqXJTrHTvlxcytD6pgtCE7Kv5ektD/a/GD2X5+nglHFyh8TbaXDoAOySi8d
IWdBF75N0RsyTawCr2Oo/7mZg3FlBxlS3RC+AcP3gclY9N/cDPmFdbGVUUcbFw9g
ltKRZZ60H5PBpEaj6pumd66pmJvBez4YGw9mSOHu0mjh
-----END CERTIFICATE-----