Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/mD66CUPpa6fsPoCDyP6CvtcpkA8.roa
File:                     mD66CUPpa6fsPoCDyP6CvtcpkA8.roa (raw, json)
Hash identifier:          b/hiKqSoELzwGmHW4n0KuWP1KzdByy5kXCN+pKVhC7g=
Subject key identifier:   98:3E:BA:09:43:E9:6B:A7:EC:3E:80:83:C8:FE:82:BE:D7:29:90:0F
Certificate issuer:       /CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Certificate serial:       018CCA2B9FA3F1B47B598FA8734D55AE8290
Authority key identifier: 2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/mD66CUPpa6fsPoCDyP6CvtcpkA8.roa
Signing time:             Tue 02 Jan 2024 12:35:05 +0000
ROA not before:           Tue 02 Jan 2024 12:35:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        45.82.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:9f:a3:f1:b4:7b:59:8f:a8:73:4d:55:ae:82:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
        Validity
            Not Before: Jan  2 12:35:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=983eba0943e96ba7ec3e8083c8fe82bed729900f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9f:4a:7c:d2:ed:ca:a0:f2:c9:c6:22:88:92:
                    f9:c4:25:7a:32:ad:85:c1:f2:1d:f0:e7:92:5d:a4:
                    a8:3a:b8:34:a7:53:0e:9a:93:e9:80:33:84:93:45:
                    2c:23:1a:46:00:84:ec:25:9f:33:39:1b:67:68:c7:
                    61:e9:fb:2a:48:5c:ea:70:55:e2:86:4a:97:e4:9b:
                    ea:20:96:5f:c2:da:df:65:4a:56:8d:3f:1b:99:c4:
                    3a:35:5e:5e:86:02:3f:4f:d1:46:4d:80:2b:eb:26:
                    c2:c7:ea:dc:30:91:e7:95:bd:89:b6:14:e7:84:30:
                    14:6f:a2:65:22:80:80:78:f6:57:b1:02:9a:9c:65:
                    c2:72:ca:d0:53:5d:9c:c5:6f:60:ad:2f:3a:98:2d:
                    12:35:c9:e5:3a:c3:12:6a:0d:27:82:8e:de:96:2f:
                    da:dc:6f:cc:58:28:b2:fa:11:ee:37:1d:4a:17:5b:
                    9d:89:d6:7c:99:25:0a:4e:81:19:7b:a3:cc:a0:6b:
                    bd:8b:4a:8b:72:c0:50:30:00:fe:ee:a0:c3:c7:14:
                    f6:b5:4c:ab:7d:56:64:78:99:58:0a:36:22:da:88:
                    5c:fa:bc:53:00:33:5e:1b:ce:cb:f8:dc:7f:87:31:
                    e9:0a:5a:f3:5c:ae:bc:8a:5a:69:eb:15:0a:fb:c7:
                    e3:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:3E:BA:09:43:E9:6B:A7:EC:3E:80:83:C8:FE:82:BE:D7:29:90:0F
            X509v3 Authority Key Identifier:
                keyid:2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/mD66CUPpa6fsPoCDyP6CvtcpkA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:e6:96:40:d5:23:a0:77:b3:f8:2b:b1:81:bd:6e:b1:b3:9b:
         61:b1:f7:50:04:4b:13:c2:96:78:2c:cf:f8:fa:e5:ee:c8:6e:
         4e:77:9a:98:55:77:6d:82:86:cf:16:65:f8:20:82:c8:7b:a7:
         c3:c3:ec:52:8c:78:98:94:5c:de:11:b3:c5:06:df:f9:fd:0d:
         07:cf:d4:fd:a8:2f:64:77:46:69:40:bc:f3:36:e3:b6:4d:68:
         6f:07:fd:03:f4:1c:7f:12:ac:ef:87:89:d1:c3:73:fb:af:18:
         86:4d:7b:a6:c8:80:e8:fc:0c:28:f1:80:00:58:b0:bd:68:ae:
         d9:cc:ef:a4:83:8e:3b:a5:78:35:0e:e2:1a:d4:d5:16:4a:5e:
         1c:de:a8:53:1e:ca:65:ed:a5:05:9b:fa:d6:0a:a2:b1:7f:7a:
         68:9c:a9:d8:8e:11:05:d8:23:4b:a3:a2:f2:d8:10:4f:c4:31:
         de:f0:9f:c1:05:f3:31:38:44:bf:98:96:2b:89:0a:26:37:6e:
         fd:45:60:8d:4b:af:43:89:c9:3f:72:61:c8:ee:7c:7d:b0:67:
         f1:65:48:c0:45:76:46:7e:4a:77:32:b8:40:7b:2e:1d:3e:a4:
         a2:91:e8:ba:11:c1:88:f4:46:c6:ba:42:93:f5:11:c8:f1:28:
         5f:13:9d:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK5+j8bR7WY+oc01VroKQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMTE2NGE5YjUwMTNkNjJmMDUxMzQ0ZjZkZjkxZjEzYmM3
ZWNiMGYwHhcNMjQwMTAyMTIzNTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODNlYmEwOTQzZTk2YmE3ZWMzZTgwODNjOGZlODJiZWQ3Mjk5MDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZ9KfNLtyqDyycYiiJL5xCV6Mq2F
wfId8OeSXaSoOrg0p1MOmpPpgDOEk0UsIxpGAITsJZ8zORtnaMdh6fsqSFzqcFXi
hkqX5JvqIJZfwtrfZUpWjT8bmcQ6NV5ehgI/T9FGTYAr6ybCx+rcMJHnlb2JthTn
hDAUb6JlIoCAePZXsQKanGXCcsrQU12cxW9grS86mC0SNcnlOsMSag0ngo7eli/a
3G/MWCiy+hHuNx1KF1udidZ8mSUKToEZe6PMoGu9i0qLcsBQMAD+7qDDxxT2tUyr
fVZkeJlYCjYi2ohc+rxTADNeG87L+Nx/hzHpClrzXK68ilpp6xUK+8fjxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJg+uglD6Wun7D6Ag8j+gr7XKZAPMB8GA1UdIwQY
MBaAFC4RZKm1AT1i8FE0T235HxO8fssPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEt
ZmQ3ZjE3YmIxYTVjLzEvbUQ2NkNVUHBhNmZzUG9DRHlQNkN2dGNwa0E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEtZmQ3ZjE3YmIxYTVj
LzEvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVJRMA0G
CSqGSIb3DQEBCwUAA4IBAQAu5pZA1SOgd7P4K7GBvW6xs5thsfdQBEsTwpZ4LM/4
+uXuyG5Od5qYVXdtgobPFmX4IILIe6fDw+xSjHiYlFzeEbPFBt/5/Q0Hz9T9qC9k
d0ZpQLzzNuO2TWhvB/0D9Bx/Eqzvh4nRw3P7rxiGTXumyIDo/Awo8YAAWLC9aK7Z
zO+kg447pXg1DuIa1NUWSl4c3qhTHspl7aUFm/rWCqKxf3ponKnYjhEF2CNLo6Ly
2BBPxDHe8J/BBfMxOES/mJYriQomN279RWCNS69Dick/cmHI7nx9sGfxZUjARXZG
fkp3MrhAey4dPqSikei6EcGI9EbGukKT9RHI8ShfE506
-----END CERTIFICATE-----