Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/fb8145-f6d8-42c3-a97d-80d35e9d39ea/1/k3APirf-yXbvoguI_S1X58Q-1XE.roa
File:                     k3APirf-yXbvoguI_S1X58Q-1XE.roa (raw, json)
Hash identifier:          rXDIg7VH50Q2nKwsqXYFa0GjfGFOdpiEAncwtrlgiFU=
Subject key identifier:   93:70:0F:8A:B7:FE:C9:76:EF:A2:0B:88:FD:2D:57:E7:C4:3E:D5:71
Certificate issuer:       /CN=2d55c4dd7f212fc4896bd0c971860c05b30eeb8d
Certificate serial:       018CC26D3B14812A6FDB583A1BC16C786925
Authority key identifier: 2D:55:C4:DD:7F:21:2F:C4:89:6B:D0:C9:71:86:0C:05:B3:0E:EB:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LVXE3X8hL8SJa9DJcYYMBbMO640.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/fb8145-f6d8-42c3-a97d-80d35e9d39ea/1/k3APirf-yXbvoguI_S1X58Q-1XE.roa
Signing time:             Mon 01 Jan 2024 00:29:47 +0000
ROA not before:           Mon 01 Jan 2024 00:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211127
IP address blocks:        45.142.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/fb8145-f6d8-42c3-a97d-80d35e9d39ea/1/LVXE3X8hL8SJa9DJcYYMBbMO640.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/fb8145-f6d8-42c3-a97d-80d35e9d39ea/1/LVXE3X8hL8SJa9DJcYYMBbMO640.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LVXE3X8hL8SJa9DJcYYMBbMO640.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3b:14:81:2a:6f:db:58:3a:1b:c1:6c:78:69:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d55c4dd7f212fc4896bd0c971860c05b30eeb8d
        Validity
            Not Before: Jan  1 00:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93700f8ab7fec976efa20b88fd2d57e7c43ed571
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e6:92:25:52:ec:76:7a:09:70:f1:be:7b:eb:
                    4e:e6:29:ec:13:f5:f8:64:58:e4:03:89:e8:fa:2c:
                    67:61:6c:33:e7:35:2e:e1:6f:4f:36:17:40:5a:52:
                    62:69:37:22:fb:e6:c6:0f:17:6b:21:c3:1a:9d:58:
                    3d:2a:b2:83:85:07:45:03:c5:05:50:65:b9:eb:0d:
                    ad:00:8e:d2:a2:c7:be:39:67:2e:60:aa:ef:b9:44:
                    21:ab:b7:a9:43:46:ac:e6:76:49:37:56:83:4f:a7:
                    07:d8:c4:9f:46:cd:14:f4:40:e5:d0:52:6f:50:3b:
                    70:ee:67:24:fc:59:e5:f7:e2:e7:86:cd:27:bf:c6:
                    27:83:f9:c5:d2:d7:fc:b8:56:4a:02:f6:9e:67:c4:
                    1e:91:73:91:22:af:9d:02:24:4f:86:6f:9e:a5:5e:
                    e2:a2:63:ed:76:f8:02:2a:c8:d2:6a:e0:a4:91:cb:
                    49:6d:48:92:db:f5:72:48:57:73:bc:53:ca:e7:d9:
                    3d:8c:0a:ca:05:eb:5b:e6:54:36:9e:ce:a6:68:f2:
                    c8:0a:43:6a:9b:ec:ab:e8:3c:6d:98:5a:70:38:3e:
                    7e:c1:32:8b:17:62:68:c9:3d:80:37:56:89:d3:d4:
                    bb:70:9e:13:9a:11:7b:fd:7c:80:77:8d:7b:bd:dd:
                    e1:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:70:0F:8A:B7:FE:C9:76:EF:A2:0B:88:FD:2D:57:E7:C4:3E:D5:71
            X509v3 Authority Key Identifier:
                keyid:2D:55:C4:DD:7F:21:2F:C4:89:6B:D0:C9:71:86:0C:05:B3:0E:EB:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LVXE3X8hL8SJa9DJcYYMBbMO640.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/fb8145-f6d8-42c3-a97d-80d35e9d39ea/1/k3APirf-yXbvoguI_S1X58Q-1XE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/fb8145-f6d8-42c3-a97d-80d35e9d39ea/1/LVXE3X8hL8SJa9DJcYYMBbMO640.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:53:cd:8f:92:59:c5:a1:d5:f5:88:78:b4:af:aa:52:bb:f2:
         b7:5c:b0:70:92:0c:43:ec:bd:b9:aa:99:2c:13:bf:d9:04:91:
         fe:91:9e:3f:e9:01:7f:6f:95:88:37:97:0f:49:f4:b7:85:75:
         22:22:bc:12:c3:e9:3f:ac:6e:af:a6:78:52:7d:79:e4:c2:b3:
         2c:34:ae:13:ce:c4:df:77:d3:ff:69:5b:f1:95:0d:3d:58:35:
         c6:a4:84:dd:e8:6c:1e:1b:72:9f:ac:e8:67:64:08:1d:cf:92:
         1d:d8:b1:6f:30:2e:4a:c4:25:ed:ea:05:41:c4:20:a8:68:52:
         af:be:c4:6c:f6:e4:44:1c:1e:73:b5:19:85:c0:dc:0d:ad:2c:
         ea:1a:cc:89:ba:46:43:9e:17:67:b0:2c:e8:b0:a7:78:ab:89:
         6c:b3:03:d3:72:91:9f:6f:1a:f6:37:47:e1:cd:cf:32:aa:cf:
         e1:bd:fb:b7:6f:0c:2b:e9:bd:87:c3:5f:16:da:43:51:2b:17:
         72:a1:dd:b8:20:b6:23:25:bc:63:e4:d4:3d:2a:7e:b0:64:96:
         cb:d5:9a:9d:fb:0e:59:e3:78:d1:f3:5e:14:3a:c5:da:0b:98:
         42:e1:c9:73:a2:63:c3:c4:30:d3:fa:5e:6e:14:f8:ec:da:ea:
         9b:7a:a5:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTsUgSpv21g6G8FseGklMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNTVjNGRkN2YyMTJmYzQ4OTZiZDBjOTcxODYwYzA1YjMw
ZWViOGQwHhcNMjQwMTAxMDAyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzcwMGY4YWI3ZmVjOTc2ZWZhMjBiODhmZDJkNTdlN2M0M2VkNTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOaSJVLsdnoJcPG+e+tO5insE/X4
ZFjkA4no+ixnYWwz5zUu4W9PNhdAWlJiaTci++bGDxdrIcManVg9KrKDhQdFA8UF
UGW56w2tAI7Sose+OWcuYKrvuUQhq7epQ0as5nZJN1aDT6cH2MSfRs0U9EDl0FJv
UDtw7mck/Fnl9+Lnhs0nv8Yng/nF0tf8uFZKAvaeZ8QekXORIq+dAiRPhm+epV7i
omPtdvgCKsjSauCkkctJbUiS2/VySFdzvFPK59k9jArKBetb5lQ2ns6maPLICkNq
m+yr6DxtmFpwOD5+wTKLF2JoyT2AN1aJ09S7cJ4TmhF7/XyAd417vd3hWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJNwD4q3/sl276ILiP0tV+fEPtVxMB8GA1UdIwQY
MBaAFC1VxN1/IS/EiWvQyXGGDAWzDuuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFZYRTNYOGhMOFNKYTlESmNZWU1CYk1PNjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9mYjgxNDUtZjZkOC00MmMzLWE5N2Qt
ODBkMzVlOWQzOWVhLzEvazNBUGlyZi15WGJ2b2d1SV9TMVg1OFEtMVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9mYjgxNDUtZjZkOC00MmMzLWE5N2QtODBkMzVlOWQzOWVh
LzEvTFZYRTNYOGhMOFNKYTlESmNZWU1CYk1PNjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY4NMA0G
CSqGSIb3DQEBCwUAA4IBAQAuU82PklnFodX1iHi0r6pSu/K3XLBwkgxD7L25qpks
E7/ZBJH+kZ4/6QF/b5WIN5cPSfS3hXUiIrwSw+k/rG6vpnhSfXnkwrMsNK4TzsTf
d9P/aVvxlQ09WDXGpITd6GweG3KfrOhnZAgdz5Id2LFvMC5KxCXt6gVBxCCoaFKv
vsRs9uREHB5ztRmFwNwNrSzqGsyJukZDnhdnsCzosKd4q4lsswPTcpGfbxr2N0fh
zc8yqs/hvfu3bwwr6b2Hw18W2kNRKxdyod24ILYjJbxj5NQ9Kn6wZJbL1Zqd+w5Z
43jR814UOsXaC5hC4clzomPDxDDT+l5uFPjs2uqbeqUu
-----END CERTIFICATE-----