Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/dxG_lnXEA_BmYObUwnk8YKqzsgE.roa
File:                     dxG_lnXEA_BmYObUwnk8YKqzsgE.roa (raw, json)
Hash identifier:          Uzqvc37wHw9m3JIGWlVr5GsfYeKOtXkY+1s2hzz50gs=
Subject key identifier:   77:11:BF:96:75:C4:03:F0:66:60:E6:D4:C2:79:3C:60:AA:B3:B2:01
Certificate issuer:       /CN=ce37ca3abca5e14ac11bc7f3c1562a64d6391d22
Certificate serial:       018CC348EC6CC1FAF1EC17F6FE8D6458017D
Authority key identifier: CE:37:CA:3A:BC:A5:E1:4A:C1:1B:C7:F3:C1:56:2A:64:D6:39:1D:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zjfKOryl4UrBG8fzwVYqZNY5HSI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/dxG_lnXEA_BmYObUwnk8YKqzsgE.roa
Signing time:             Mon 01 Jan 2024 04:29:45 +0000
ROA not before:           Mon 01 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208411
IP address blocks:        45.137.252.0/22 maxlen: 22
                          45.137.252.0/24 maxlen: 24
                          45.137.253.0/24 maxlen: 24
                          45.137.255.0/24 maxlen: 24
                          45.137.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/zjfKOryl4UrBG8fzwVYqZNY5HSI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/zjfKOryl4UrBG8fzwVYqZNY5HSI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zjfKOryl4UrBG8fzwVYqZNY5HSI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ec:6c:c1:fa:f1:ec:17:f6:fe:8d:64:58:01:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce37ca3abca5e14ac11bc7f3c1562a64d6391d22
        Validity
            Not Before: Jan  1 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7711bf9675c403f06660e6d4c2793c60aab3b201
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:9d:d6:d8:60:68:4c:b0:8c:a3:a9:06:f1:32:
                    a1:b8:e0:0e:b6:fe:b5:cc:fe:f0:51:16:ce:48:c6:
                    68:a4:f5:79:88:24:17:d4:7b:9d:95:a5:b3:b3:77:
                    a8:24:44:b9:58:42:f3:cf:fd:fd:fb:bc:81:92:4a:
                    1a:19:f6:1e:a3:9e:c2:56:d8:1b:f6:0a:e2:58:7c:
                    78:25:4a:ae:6d:0c:e1:61:80:0c:b2:8b:c0:a5:32:
                    7f:8e:b9:a9:c5:28:06:3c:30:27:2f:8e:fc:02:f2:
                    e8:26:1a:2b:aa:11:61:5c:c2:3a:26:8e:77:4e:95:
                    c2:75:1f:ff:5e:86:43:ee:0b:1f:de:a1:a5:38:bf:
                    d5:50:96:bf:22:1e:df:3f:09:56:11:f8:7b:a2:72:
                    3e:f5:fa:03:67:61:21:a1:21:38:57:26:47:66:0a:
                    bc:de:fd:ab:b6:1f:bb:93:4f:cf:82:18:c4:60:71:
                    0d:51:dc:99:4a:43:b7:ca:53:48:3b:4e:b9:f6:b4:
                    a7:b0:c7:38:5b:60:b3:bd:f8:12:1c:14:1d:4a:07:
                    49:9b:7e:be:ab:92:38:3e:d9:d4:8b:fc:41:38:d1:
                    5e:a1:13:fc:d3:40:b8:22:29:31:f2:7f:4f:8e:3a:
                    50:c5:64:d3:5f:59:25:6b:11:5d:be:69:c1:a5:50:
                    6e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:11:BF:96:75:C4:03:F0:66:60:E6:D4:C2:79:3C:60:AA:B3:B2:01
            X509v3 Authority Key Identifier:
                keyid:CE:37:CA:3A:BC:A5:E1:4A:C1:1B:C7:F3:C1:56:2A:64:D6:39:1D:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zjfKOryl4UrBG8fzwVYqZNY5HSI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/dxG_lnXEA_BmYObUwnk8YKqzsgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/zjfKOryl4UrBG8fzwVYqZNY5HSI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:ed:3f:16:84:d9:ef:6f:3f:27:b3:8d:d2:dc:8b:99:5b:20:
         4b:83:b1:c9:d7:16:bc:da:d9:d5:7a:04:d3:7f:89:f5:53:81:
         dc:fd:88:32:fb:b1:cc:06:74:bc:53:61:d3:10:fe:25:d6:77:
         1f:a7:61:8b:03:ee:09:46:72:2e:7a:31:41:2e:dd:ce:7f:bb:
         35:13:20:55:9d:83:a9:a4:c8:9d:85:74:d3:aa:08:87:ea:00:
         19:4c:57:d3:cc:29:b1:6b:18:6a:c3:01:c6:50:b9:19:e2:e3:
         41:cb:e5:b2:70:b9:9f:9d:e1:76:5d:60:00:e8:7c:6e:08:a8:
         d9:50:7e:da:3c:bb:64:71:a8:a1:83:83:66:c2:07:69:35:aa:
         fe:73:68:64:c6:4f:55:2c:06:51:4a:e1:6e:b9:87:03:af:a1:
         5b:8a:01:88:1b:9e:e6:7a:5c:65:ea:61:fb:ce:3f:85:56:13:
         c5:a4:1b:4a:18:8e:20:3b:2a:9f:59:3a:5c:0c:70:7c:13:4a:
         f3:29:f3:bc:f0:df:2f:48:eb:c5:8d:8e:f5:71:3e:5c:70:4a:
         12:db:ef:68:a3:3a:27:9b:17:e2:5f:2c:b0:e7:65:c2:9e:85:
         7a:33:f4:c3:5c:a5:25:cd:90:a8:6f:c6:f2:5b:36:be:23:20:
         ac:13:32:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOxswfrx7Bf2/o1kWAF9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlMzdjYTNhYmNhNWUxNGFjMTFiYzdmM2MxNTYyYTY0ZDYz
OTFkMjIwHhcNMjQwMTAxMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzExYmY5Njc1YzQwM2YwNjY2MGU2ZDRjMjc5M2M2MGFhYjNiMjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJ3W2GBoTLCMo6kG8TKhuOAOtv61
zP7wURbOSMZopPV5iCQX1HudlaWzs3eoJES5WELzz/39+7yBkkoaGfYeo57CVtgb
9griWHx4JUqubQzhYYAMsovApTJ/jrmpxSgGPDAnL478AvLoJhorqhFhXMI6Jo53
TpXCdR//XoZD7gsf3qGlOL/VUJa/Ih7fPwlWEfh7onI+9foDZ2EhoSE4VyZHZgq8
3v2rth+7k0/PghjEYHENUdyZSkO3ylNIO0659rSnsMc4W2CzvfgSHBQdSgdJm36+
q5I4PtnUi/xBONFeoRP800C4Iikx8n9PjjpQxWTTX1klaxFdvmnBpVBuKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHcRv5Z1xAPwZmDm1MJ5PGCqs7IBMB8GA1UdIwQY
MBaAFM43yjq8peFKwRvH88FWKmTWOR0iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvempmS09yeWw0VXJCRzhmendWWXFaTlk1SFNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9iZTY2YmYtNTYxYy00ZDU1LTgyNmQt
MDM4MDM1ZDgwYzBiLzEvZHhHX2xuWEVBX0JtWU9iVXduazhZS3F6c2dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9iZTY2YmYtNTYxYy00ZDU1LTgyNmQtMDM4MDM1ZDgwYzBi
LzEvempmS09yeWw0VXJCRzhmendWWXFaTlk1SFNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYn8MA0G
CSqGSIb3DQEBCwUAA4IBAQBh7T8WhNnvbz8ns43S3IuZWyBLg7HJ1xa82tnVegTT
f4n1U4Hc/Ygy+7HMBnS8U2HTEP4l1ncfp2GLA+4JRnIuejFBLt3Of7s1EyBVnYOp
pMidhXTTqgiH6gAZTFfTzCmxaxhqwwHGULkZ4uNBy+WycLmfneF2XWAA6HxuCKjZ
UH7aPLtkcaihg4NmwgdpNar+c2hkxk9VLAZRSuFuuYcDr6FbigGIG57melxl6mH7
zj+FVhPFpBtKGI4gOyqfWTpcDHB8E0rzKfO88N8vSOvFjY71cT5ccEoS2+9oozon
mxfiXyyw52XCnoV6M/TDXKUlzZCob8byWza+IyCsEzL+
-----END CERTIFICATE-----