Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/duJCRd5EZB8LdtlN9MpJjWilgEs.roa
File:                     duJCRd5EZB8LdtlN9MpJjWilgEs.roa (raw, json)
Hash identifier:          dA6x9sr495m0qzgawrIw1GdIe9oaBeIt0HtLZdCZBTg=
Subject key identifier:   76:E2:42:45:DE:44:64:1F:0B:76:D9:4D:F4:CA:49:8D:68:A5:80:4B
Certificate issuer:       /CN=509df728d1b46634054972d2945fda58073b5762
Certificate serial:       018CC26D5145DD28507572A90D3DD5C7C856
Authority key identifier: 50:9D:F7:28:D1:B4:66:34:05:49:72:D2:94:5F:DA:58:07:3B:57:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/duJCRd5EZB8LdtlN9MpJjWilgEs.roa
Signing time:             Mon 01 Jan 2024 00:29:53 +0000
ROA not before:           Mon 01 Jan 2024 00:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208972
IP address blocks:        45.12.55.0/24 maxlen: 24
                          45.12.54.0/24 maxlen: 24
                          2a0a:4944::/30 maxlen: 48
                          2a0a:4940::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:51:45:dd:28:50:75:72:a9:0d:3d:d5:c7:c8:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=509df728d1b46634054972d2945fda58073b5762
        Validity
            Not Before: Jan  1 00:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76e24245de44641f0b76d94df4ca498d68a5804b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:68:2f:36:0c:35:e9:98:73:ac:29:f6:25:44:
                    c1:19:50:d7:aa:1d:3e:52:03:e1:fe:ab:65:b0:35:
                    46:2a:e0:66:fb:88:d4:01:31:52:c0:3b:d2:e6:60:
                    f5:05:e5:94:99:b4:e9:6e:b6:dc:10:4c:db:d8:15:
                    fc:23:3f:12:81:48:33:37:a8:09:f0:02:49:6c:d5:
                    ff:2b:e6:e5:06:30:59:ec:cf:e1:86:cf:aa:9b:73:
                    36:41:07:bd:9a:4f:9f:03:13:2f:9a:d8:2f:5d:19:
                    1c:d4:2e:e5:1c:62:f0:4d:00:00:a9:e6:e8:23:e3:
                    94:54:bc:28:1c:6d:65:84:d1:bc:d3:82:e5:fb:a7:
                    17:f4:4e:a7:f3:88:eb:84:7c:87:1a:fe:04:d5:d8:
                    1d:0f:43:41:ba:70:9b:9e:e3:4c:7e:c9:12:e4:13:
                    27:4e:ae:82:bd:38:54:23:75:da:30:c1:ac:71:03:
                    b4:60:22:8e:0a:08:85:11:7c:ff:0b:19:91:93:15:
                    3f:39:03:91:48:bf:8e:89:4f:91:5b:c2:55:f7:b3:
                    fc:ce:a7:9e:33:68:dd:90:2d:d4:a1:47:6f:4f:76:
                    c8:b3:c5:d0:f9:e5:a9:8e:13:a2:2d:d9:fe:94:6f:
                    5f:cc:4b:5a:62:8d:23:9f:19:15:ec:95:0b:93:9a:
                    b5:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:E2:42:45:DE:44:64:1F:0B:76:D9:4D:F4:CA:49:8D:68:A5:80:4B
            X509v3 Authority Key Identifier:
                keyid:50:9D:F7:28:D1:B4:66:34:05:49:72:D2:94:5F:DA:58:07:3B:57:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/duJCRd5EZB8LdtlN9MpJjWilgEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.54.0/23
                IPv6:
                  2a0a:4940::/29

    Signature Algorithm: sha256WithRSAEncryption
         58:23:94:2f:79:09:70:7a:fe:86:93:54:f4:03:52:8d:28:69:
         8c:21:14:f0:1e:82:be:ae:3f:ed:21:f7:43:fd:a8:a6:ff:86:
         8f:e1:ec:99:71:8f:f7:d0:85:f9:41:5b:fd:60:1e:4a:12:c9:
         5d:10:1d:e7:0e:fd:2d:37:c5:c9:a0:b6:8a:6e:8c:10:f7:cc:
         ee:5b:35:db:20:86:d3:b9:ba:70:a9:2f:00:f6:3c:70:b3:76:
         83:5c:83:a8:ed:b5:f9:77:4f:50:01:a4:0e:9d:35:25:c6:0a:
         83:80:52:1a:39:c9:f8:29:37:72:78:d6:a7:8f:2c:09:b8:52:
         aa:a3:2b:32:a7:a4:c3:84:b5:4e:c4:5d:47:ae:65:d3:3f:e0:
         b5:af:dc:e2:7d:ff:02:76:e7:95:9a:37:8f:01:29:c6:e8:2d:
         32:e2:cf:4a:b2:7a:38:32:41:71:c5:ba:d4:95:38:a6:54:82:
         d9:c8:90:ea:18:f0:38:88:b2:42:65:43:07:95:42:dd:22:7d:
         c5:97:08:34:f4:49:75:f4:22:c4:e7:71:65:ae:da:05:7b:05:
         6a:1c:90:38:c0:62:ef:99:19:b6:82:79:70:4b:f9:ea:7c:45:
         13:dd:82:ea:5f:01:e2:99:18:7d:66:f2:26:90:fd:a4:3e:f5:
         a8:f0:73:94
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbVFF3ShQdXKpDT3Vx8hWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOWRmNzI4ZDFiNDY2MzQwNTQ5NzJkMjk0NWZkYTU4MDcz
YjU3NjIwHhcNMjQwMTAxMDAyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmUyNDI0NWRlNDQ2NDFmMGI3NmQ5NGRmNGNhNDk4ZDY4YTU4MDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2gvNgw16ZhzrCn2JUTBGVDXqh0+
UgPh/qtlsDVGKuBm+4jUATFSwDvS5mD1BeWUmbTpbrbcEEzb2BX8Iz8SgUgzN6gJ
8AJJbNX/K+blBjBZ7M/hhs+qm3M2QQe9mk+fAxMvmtgvXRkc1C7lHGLwTQAAqebo
I+OUVLwoHG1lhNG804Ll+6cX9E6n84jrhHyHGv4E1dgdD0NBunCbnuNMfskS5BMn
Tq6CvThUI3XaMMGscQO0YCKOCgiFEXz/CxmRkxU/OQORSL+OiU+RW8JV97P8zqee
M2jdkC3UoUdvT3bIs8XQ+eWpjhOiLdn+lG9fzEtaYo0jnxkV7JULk5q1jwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHbiQkXeRGQfC3bZTfTKSY1opYBLMB8GA1UdIwQY
MBaAFFCd9yjRtGY0BUly0pRf2lgHO1diMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUozM0tORzBaalFGU1hMU2xGX2FXQWM3VjJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9hY2ZjYjYtZDc4YS00NDhhLWE3NjEt
ZGQzYjRmODM4MWM0LzEvZHVKQ1JkNUVaQjhMZHRsTjlNcEpqV2lsZ0VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9hY2ZjYjYtZDc4YS00NDhhLWE3NjEtZGQzYjRmODM4MWM0
LzEvVUozM0tORzBaalFGU1hMU2xGX2FXQWM3VjJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBLQw2MA0E
AgACMAcDBQMqCklAMA0GCSqGSIb3DQEBCwUAA4IBAQBYI5QveQlwev6Gk1T0A1KN
KGmMIRTwHoK+rj/tIfdD/aim/4aP4eyZcY/30IX5QVv9YB5KEsldEB3nDv0tN8XJ
oLaKbowQ98zuWzXbIIbTubpwqS8A9jxws3aDXIOo7bX5d09QAaQOnTUlxgqDgFIa
Ocn4KTdyeNanjywJuFKqoysyp6TDhLVOxF1HrmXTP+C1r9ziff8CdueVmjePASnG
6C0y4s9Ksno4MkFxxbrUlTimVILZyJDqGPA4iLJCZUMHlULdIn3Flwg09El19CLE
53FlrtoFewVqHJA4wGLvmRm2gnlwS/nqfEUT3YLqXwHimRh9ZvImkP2kPvWo8HOU
-----END CERTIFICATE-----