Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/1tklf3q6JYrprvDP8U4tXu2XofU.roa
File:                     1tklf3q6JYrprvDP8U4tXu2XofU.roa (raw, json)
Hash identifier:          vIbgNbl2Dhnrb9gVF06kLMGNdY+MdjXldDcqh0XeS7M=
Subject key identifier:   D6:D9:25:7F:7A:BA:25:8A:E9:AE:F0:CF:F1:4E:2D:5E:ED:97:A1:F5
Certificate issuer:       /CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Certificate serial:       018CC8DE4BD1EE3A219F835D46D75E6E54A7
Authority key identifier: 1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/1tklf3q6JYrprvDP8U4tXu2XofU.roa
Signing time:             Tue 02 Jan 2024 06:31:00 +0000
ROA not before:           Tue 02 Jan 2024 06:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213296
IP address blocks:        45.80.228.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:4b:d1:ee:3a:21:9f:83:5d:46:d7:5e:6e:54:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
        Validity
            Not Before: Jan  2 06:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6d9257f7aba258ae9aef0cff14e2d5eed97a1f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:de:fc:be:58:c4:10:38:ab:d8:43:81:c2:7d:
                    ea:83:82:d9:ca:3f:5e:96:45:b5:59:b6:41:b7:8d:
                    7b:84:ae:a3:a6:dc:cd:08:43:77:ab:3e:06:53:1d:
                    c0:12:85:1e:c8:a8:3d:ec:4c:6b:24:fe:7f:7d:0e:
                    08:d8:88:8a:0e:88:6a:ba:d6:d3:6a:c1:20:0d:10:
                    d9:f9:52:fb:2a:1c:a8:80:36:94:9e:da:96:3a:67:
                    99:73:9b:8f:8a:0b:03:9a:7d:76:d8:90:1c:c4:98:
                    76:70:fe:52:a3:14:fe:14:e5:29:00:4f:ab:8a:46:
                    33:38:2a:c1:df:ec:5b:78:f8:29:2d:9f:5a:ee:a7:
                    07:20:c9:8a:d4:2c:8e:db:76:77:05:9a:f2:99:69:
                    cb:de:02:61:c2:ea:a3:13:f1:77:a0:54:1f:3d:af:
                    3c:e3:c3:41:71:be:08:98:6a:5c:b6:4d:9c:1a:3b:
                    5d:c2:0f:e9:47:72:7a:17:b3:c9:52:dc:c0:6f:14:
                    bb:dc:83:e6:f1:ad:91:1a:95:e6:3a:12:c5:cd:77:
                    09:ea:59:40:b7:15:53:8a:07:53:cb:cf:d6:c5:c7:
                    2e:7a:a5:50:57:0b:42:b0:6a:56:f1:52:4b:42:96:
                    4d:42:7d:2f:d0:3d:d3:a7:52:bc:42:c6:3f:b6:c8:
                    11:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:D9:25:7F:7A:BA:25:8A:E9:AE:F0:CF:F1:4E:2D:5E:ED:97:A1:F5
            X509v3 Authority Key Identifier:
                keyid:1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/1tklf3q6JYrprvDP8U4tXu2XofU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bc:52:61:ab:15:ed:8e:3d:03:0e:7f:96:7f:fd:69:0e:22:a7:
         40:db:db:35:03:9a:7c:f5:e9:36:d5:cb:c2:e5:47:7b:41:75:
         04:61:94:33:fe:b0:e0:e6:4f:e7:6e:07:14:07:4f:ac:5b:e9:
         25:bd:7c:d1:d7:7d:19:fe:b5:bd:5e:0e:6b:9e:c7:a2:27:eb:
         40:4e:88:5c:04:4e:1f:f6:8a:be:62:f4:b6:f1:bf:b5:60:b6:
         36:80:a5:07:ff:4c:dc:98:03:a6:da:ff:3b:9d:86:59:11:4a:
         a7:96:b9:5b:3f:df:3e:3c:ae:b5:c6:ae:53:65:ab:9e:bd:ad:
         3b:31:20:71:9a:63:51:a4:0b:89:cf:bb:19:74:3a:e2:85:00:
         44:d5:bb:6e:95:5b:c9:c7:bb:a0:6a:c3:4d:54:bc:5e:5c:83:
         a8:3d:f5:f6:f4:5b:bb:eb:67:b8:fc:b4:05:70:6e:a8:5d:d9:
         8f:24:25:28:cc:e6:73:3f:31:0b:5f:05:82:43:39:a9:bb:01:
         bd:0f:0f:0b:06:f2:b8:f3:21:a7:f7:09:ef:a6:d7:99:32:30:
         83:5c:ae:12:0f:a6:8f:8e:ff:7d:fb:f3:9f:61:fd:47:5d:a1:
         2e:ce:81:75:c5:02:7c:23:69:eb:62:3b:38:a2:71:7c:5b:fb:
         2c:9e:af:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3kvR7john4NdRtdeblSnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWZkYzdmYjM5ZWJiYmVkNGVlNTRmNzAzZDNhYzYxNTNk
ZGVlNjkwHhcNMjQwMTAyMDYzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmQ5MjU3ZjdhYmEyNThhZTlhZWYwY2ZmMTRlMmQ1ZWVkOTdhMWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAld78vljEEDir2EOBwn3qg4LZyj9e
lkW1WbZBt417hK6jptzNCEN3qz4GUx3AEoUeyKg97ExrJP5/fQ4I2IiKDohqutbT
asEgDRDZ+VL7KhyogDaUntqWOmeZc5uPigsDmn122JAcxJh2cP5SoxT+FOUpAE+r
ikYzOCrB3+xbePgpLZ9a7qcHIMmK1CyO23Z3BZrymWnL3gJhwuqjE/F3oFQfPa88
48NBcb4ImGpctk2cGjtdwg/pR3J6F7PJUtzAbxS73IPm8a2RGpXmOhLFzXcJ6llA
txVTigdTy8/WxccueqVQVwtCsGpW8VJLQpZNQn0v0D3Tp1K8QsY/tsgRnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbZJX96uiWK6a7wz/FOLV7tl6H1MB8GA1UdIwQY
MBaAFB6f3H+znru+1O5U9wPTrGFT3e5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgt
NjkxZmY1YjQ0YjAxLzEvMXRrbGYzcTZKWXJwcnZEUDhVNHRYdTJYb2ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgtNjkxZmY1YjQ0YjAx
LzEvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVDkMA0G
CSqGSIb3DQEBCwUAA4IBAQC8UmGrFe2OPQMOf5Z//WkOIqdA29s1A5p89ek21cvC
5Ud7QXUEYZQz/rDg5k/nbgcUB0+sW+klvXzR130Z/rW9Xg5rnseiJ+tATohcBE4f
9oq+YvS28b+1YLY2gKUH/0zcmAOm2v87nYZZEUqnlrlbP98+PK61xq5TZaueva07
MSBxmmNRpAuJz7sZdDrihQBE1btulVvJx7ugasNNVLxeXIOoPfX29Fu762e4/LQF
cG6oXdmPJCUozOZzPzELXwWCQzmpuwG9Dw8LBvK48yGn9wnvpteZMjCDXK4SD6aP
jv99+/OfYf1HXaEuzoF1xQJ8I2nrYjs4onF8W/ssnq8+
-----END CERTIFICATE-----