Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/45IQt9nv4SpjfbgkCm4DX7ODZWs.roa
File:                     45IQt9nv4SpjfbgkCm4DX7ODZWs.roa (raw, json)
Hash identifier:          sqvE42Vsk8cXIVmy4nlfy8zr/zv9o8hGiGUw1awqqMk=
Subject key identifier:   E3:92:10:B7:D9:EF:E1:2A:63:7D:B8:24:0A:6E:03:5F:B3:83:65:6B
Certificate issuer:       /CN=e801f23ce821c264d67727536ec183537594c5f2
Certificate serial:       018CC49369888ED3A254661777BF4DF3327F
Authority key identifier: E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/45IQt9nv4SpjfbgkCm4DX7ODZWs.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2834
IP address blocks:        193.10.132.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 10:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:69:88:8e:d3:a2:54:66:17:77:bf:4d:f3:32:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e801f23ce821c264d67727536ec183537594c5f2
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e39210b7d9efe12a637db8240a6e035fb383656b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ae:c8:07:f1:6e:f4:ed:a6:7d:f1:7c:a2:d5:
                    b6:4f:8c:99:e1:f5:17:bc:70:6b:aa:2c:9a:fc:42:
                    7d:eb:0f:96:2a:7e:73:05:04:e6:ca:4c:5d:f3:5b:
                    38:b7:15:7c:c4:a5:a1:12:49:08:d4:62:cd:b3:55:
                    0a:a2:12:07:61:fb:27:9e:ed:51:6f:fb:bf:9b:e0:
                    ee:7c:6c:45:77:51:1d:f2:ba:be:76:f2:11:dc:e0:
                    02:a3:a7:b4:9c:19:80:36:e1:7e:cf:45:1b:94:47:
                    61:55:92:9c:6b:f5:1e:65:ab:ba:0f:dc:01:2f:36:
                    0c:b9:8f:13:ba:ef:d5:32:a4:20:10:e4:6c:3e:e9:
                    68:26:2a:26:fb:bf:ca:fc:50:71:92:6c:e3:a8:35:
                    e7:27:ad:0a:a4:85:11:9b:04:2c:28:f3:c8:b8:b1:
                    0c:12:ba:78:fc:e8:96:de:26:bd:2e:7a:72:66:9a:
                    15:24:e6:ad:dc:1a:ee:d3:56:5c:1f:a8:53:f4:35:
                    4a:41:0a:b7:85:cc:9b:d8:bf:20:a5:49:aa:37:a1:
                    ce:a3:84:91:6a:c6:62:73:5a:20:65:25:60:b8:0c:
                    26:03:42:b8:ff:1c:7e:39:b8:e2:90:0a:15:ae:d1:
                    27:ff:a3:5a:1a:1b:e2:7a:d7:8e:0d:15:b4:54:d6:
                    a8:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:92:10:B7:D9:EF:E1:2A:63:7D:B8:24:0A:6E:03:5F:B3:83:65:6B
            X509v3 Authority Key Identifier:
                keyid:E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/45IQt9nv4SpjfbgkCm4DX7ODZWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.10.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bd:28:b6:35:fc:47:aa:14:25:1a:ff:73:ec:1d:56:bc:40:eb:
         d3:8e:34:a4:7d:45:0b:03:41:99:0f:c2:96:be:55:ab:6e:28:
         0e:23:8f:ba:bd:83:c3:7f:92:c5:4f:88:9b:be:87:c9:50:41:
         3b:3a:b6:9f:c2:f3:c2:18:b4:d6:42:c1:a1:8e:ae:8b:8b:ca:
         7b:71:9b:42:a8:f2:81:79:56:ee:fa:72:d1:a9:50:d8:42:cc:
         71:c8:69:e1:a2:ab:fa:06:a1:89:02:71:0e:f7:60:58:c2:ee:
         79:6e:0a:0b:23:ff:b0:f8:9b:12:b3:99:62:d6:a1:54:70:15:
         e8:39:f9:75:ce:f6:0e:a2:fb:cb:ce:b7:0b:a5:c7:26:0b:86:
         e4:f1:7c:95:44:26:26:30:b5:19:21:52:05:0d:b7:66:94:6c:
         c8:61:19:ba:48:32:37:2a:4f:b8:ec:84:99:70:43:0c:45:30:
         54:11:ba:54:ad:77:55:6d:d2:20:1e:e0:a0:c9:6e:70:e4:90:
         48:89:73:f2:11:4d:f7:56:65:0c:a4:b7:01:f3:d0:6c:a5:4e:
         4a:04:51:20:02:7f:f2:0c:90:0a:5d:b4:3e:44:b0:e8:c8:a8:
         e4:af:f2:70:f2:46:6c:43:db:63:ef:34:cd:c1:29:f0:af:3f:
         f6:61:a2:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2mIjtOiVGYXd79N8zJ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MDFmMjNjZTgyMWMyNjRkNjc3Mjc1MzZlYzE4MzUzNzU5
NGM1ZjIwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzkyMTBiN2Q5ZWZlMTJhNjM3ZGI4MjQwYTZlMDM1ZmIzODM2NTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAma7IB/Fu9O2mffF8otW2T4yZ4fUX
vHBrqiya/EJ96w+WKn5zBQTmykxd81s4txV8xKWhEkkI1GLNs1UKohIHYfsnnu1R
b/u/m+DufGxFd1Ed8rq+dvIR3OACo6e0nBmANuF+z0UblEdhVZKca/UeZau6D9wB
LzYMuY8Tuu/VMqQgEORsPuloJiom+7/K/FBxkmzjqDXnJ60KpIURmwQsKPPIuLEM
Erp4/OiW3ia9LnpyZpoVJOat3Bru01ZcH6hT9DVKQQq3hcyb2L8gpUmqN6HOo4SR
asZic1ogZSVguAwmA0K4/xx+ObjikAoVrtEn/6NaGhvieteODRW0VNaoOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOSELfZ7+EqY324JApuA1+zg2VrMB8GA1UdIwQY
MBaAFOgB8jzoIcJk1ncnU27Bg1N1lMXyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAt
NDY0ZWIxODNiNTY4LzEvNDVJUXQ5bnY0U3BqZmJna0NtNERYN09EWldzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAtNDY0ZWIxODNiNTY4
LzEvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwQqEMA0G
CSqGSIb3DQEBCwUAA4IBAQC9KLY1/EeqFCUa/3PsHVa8QOvTjjSkfUULA0GZD8KW
vlWrbigOI4+6vYPDf5LFT4ibvofJUEE7OrafwvPCGLTWQsGhjq6Li8p7cZtCqPKB
eVbu+nLRqVDYQsxxyGnhoqv6BqGJAnEO92BYwu55bgoLI/+w+JsSs5li1qFUcBXo
Ofl1zvYOovvLzrcLpccmC4bk8XyVRCYmMLUZIVIFDbdmlGzIYRm6SDI3Kk+47ISZ
cEMMRTBUEbpUrXdVbdIgHuCgyW5w5JBIiXPyEU33VmUMpLcB89BspU5KBFEgAn/y
DJAKXbQ+RLDoyKjkr/Jw8kZsQ9tj7zTNwSnwrz/2YaJo
-----END CERTIFICATE-----