Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/KDiIHfei2fYIwn1eRMCSjJqTi5k.roa
File:                     KDiIHfei2fYIwn1eRMCSjJqTi5k.roa (raw, json)
Hash identifier:          IC7aZtCOHeJ5weDJxM2Eni1tz42ir4zvTEdTUZtO1pY=
Subject key identifier:   28:38:88:1D:F7:A2:D9:F6:08:C2:7D:5E:44:C0:92:8C:9A:93:8B:99
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       018EA34B00D82851CBFDC00D94EF4957B7CD
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/KDiIHfei2fYIwn1eRMCSjJqTi5k.roa
Signing time:             Wed 03 Apr 2024 09:29:45 +0000
ROA not before:           Wed 03 Apr 2024 09:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204729
IP address blocks:        45.43.153.0/24 maxlen: 24
                          104.249.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a3:4b:00:d8:28:51:cb:fd:c0:0d:94:ef:49:57:b7:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Apr  3 09:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2838881df7a2d9f608c27d5e44c0928c9a938b99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:93:1e:80:65:29:d5:a1:4f:12:e3:07:02:2c:
                    7d:6a:7b:2c:23:c5:e4:a2:e7:30:fc:23:fb:3c:10:
                    1f:65:26:32:04:51:3a:01:fd:e1:d1:51:ab:cf:4d:
                    44:74:b3:7a:98:fe:c7:db:66:24:e4:f3:aa:71:ed:
                    46:40:0f:cd:68:cc:e0:67:ed:f3:c9:d2:e7:93:94:
                    81:83:eb:fb:46:11:b5:19:d1:b6:d2:10:1f:b0:e8:
                    ea:90:f9:a1:87:07:f3:2b:0d:82:79:14:4c:f6:c1:
                    d6:6e:b9:23:4f:c6:4d:4e:18:23:5a:7e:ce:c8:f2:
                    22:0c:fc:34:f2:bc:86:1b:e1:45:2e:e8:52:d8:e2:
                    1c:ff:23:99:5e:32:b2:c5:b3:b3:ef:ac:8a:13:95:
                    51:9d:99:cb:f0:de:40:ec:a5:17:1f:d2:f3:14:79:
                    d8:ab:b8:1a:d0:29:19:36:fa:16:87:87:22:e1:b1:
                    43:bf:f4:02:24:4b:4f:cc:f1:26:91:12:f0:33:9f:
                    2a:6e:b7:d7:d7:5b:3f:d1:69:1a:f8:44:b6:c5:d3:
                    4f:75:f3:7f:ca:af:42:1c:45:6d:75:52:64:c5:ea:
                    9a:c3:d3:53:c6:ee:1d:54:1f:81:7a:cc:34:20:57:
                    b5:82:6a:58:80:2b:43:ab:77:e3:cf:a0:ae:52:ab:
                    e4:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:38:88:1D:F7:A2:D9:F6:08:C2:7D:5E:44:C0:92:8C:9A:93:8B:99
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/KDiIHfei2fYIwn1eRMCSjJqTi5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.153.0/24
                  104.249.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:65:2b:c8:da:a5:d2:25:e9:1d:47:b7:47:23:9a:d4:d1:99:
         15:2b:1c:e1:db:83:30:9a:c6:1a:8e:57:0e:d0:62:0d:0c:46:
         f8:6d:e4:4f:62:e1:e8:ca:0f:08:21:ca:bf:89:df:fe:1e:0a:
         95:29:7d:14:fb:f0:eb:4f:94:4b:f3:f1:c6:7a:e2:da:0d:b1:
         75:cb:13:37:ab:de:74:99:62:34:a5:5b:b6:88:7f:be:d0:84:
         77:0e:49:6b:a7:44:e4:93:32:84:b9:25:69:16:d6:2e:f7:65:
         5e:ea:55:b9:a8:c1:e4:6a:03:65:26:59:dc:6e:d2:7b:a3:58:
         d1:0a:8b:bd:a1:4e:78:56:c6:40:70:72:08:6d:72:4e:f0:f0:
         cd:5b:84:50:07:f1:1e:a0:a7:f6:26:c9:28:ad:3f:c2:1b:a6:
         91:ad:dd:5e:ae:20:58:03:d2:38:d1:72:b4:57:95:e0:8b:f6:
         3c:0d:5e:f6:73:75:56:7f:29:7a:45:ac:62:de:94:0c:cb:cc:
         1f:9f:5d:0e:e5:68:83:6c:ec:52:fa:13:2a:55:6e:a9:c1:1f:
         b3:f2:e6:ff:09:8d:0f:e6:d9:90:e8:fe:cb:eb:f8:8f:f5:27:
         fb:93:de:39:3f:71:8a:3b:5f:0f:67:d7:34:c2:af:20:fa:a9:
         b9:38:a3:8a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6jSwDYKFHL/cANlO9JV7fNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwNDAzMDkyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODM4ODgxZGY3YTJkOWY2MDhjMjdkNWU0NGMwOTI4YzlhOTM4Yjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJMegGUp1aFPEuMHAix9anssI8Xk
oucw/CP7PBAfZSYyBFE6Af3h0VGrz01EdLN6mP7H22Yk5POqce1GQA/NaMzgZ+3z
ydLnk5SBg+v7RhG1GdG20hAfsOjqkPmhhwfzKw2CeRRM9sHWbrkjT8ZNThgjWn7O
yPIiDPw08ryGG+FFLuhS2OIc/yOZXjKyxbOz76yKE5VRnZnL8N5A7KUXH9LzFHnY
q7ga0CkZNvoWh4ci4bFDv/QCJEtPzPEmkRLwM58qbrfX11s/0Wka+ES2xdNPdfN/
yq9CHEVtdVJkxeqaw9NTxu4dVB+Besw0IFe1gmpYgCtDq3fjz6CuUqvkAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCg4iB33otn2CMJ9XkTAkoyak4uZMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvS0RpSUhmZWkyZllJd24xZVJNQ1NqSnFUaTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALSuZAwQA
aPkoMA0GCSqGSIb3DQEBCwUAA4IBAQAWZSvI2qXSJekdR7dHI5rU0ZkVKxzh24Mw
msYajlcO0GINDEb4beRPYuHoyg8IIcq/id/+HgqVKX0U+/DrT5RL8/HGeuLaDbF1
yxM3q950mWI0pVu2iH++0IR3Dklrp0TkkzKEuSVpFtYu92Ve6lW5qMHkagNlJlnc
btJ7o1jRCou9oU54VsZAcHIIbXJO8PDNW4RQB/EeoKf2JskorT/CG6aRrd1eriBY
A9I40XK0V5Xgi/Y8DV72c3VWfyl6Raxi3pQMy8wfn10O5WiDbOxS+hMqVW6pwR+z
8ub/CY0P5tmQ6P7L6/iP9Sf7k945P3GKO18PZ9c0wq8g+qm5OKOK
-----END CERTIFICATE-----