Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/gH9L1NLSe6xmbxOUJsAz53wbr-s.roa
File:                     gH9L1NLSe6xmbxOUJsAz53wbr-s.roa (raw, json)
Hash identifier:          rSC0EdPOGg6mXt6YbNtie2DHx+SG9B3E8rwSOrpeet0=
Subject key identifier:   80:7F:4B:D4:D2:D2:7B:AC:66:6F:13:94:26:C0:33:E7:7C:1B:AF:EB
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       018EA25777CFAEB1B09C00EAC39CB60D4B97
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/gH9L1NLSe6xmbxOUJsAz53wbr-s.roa
Signing time:             Wed 03 Apr 2024 05:03:45 +0000
ROA not before:           Wed 03 Apr 2024 05:03:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        45.133.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a2:57:77:cf:ae:b1:b0:9c:00:ea:c3:9c:b6:0d:4b:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Apr  3 05:03:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=807f4bd4d2d27bac666f139426c033e77c1bafeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d6:75:bc:4c:ce:4d:c8:29:48:cf:3b:3e:76:
                    e7:4c:c0:f5:35:5a:77:24:5e:4f:7e:94:8f:fe:78:
                    4d:a2:59:d7:14:e7:36:17:a1:52:1a:e1:a6:39:ac:
                    38:d8:4f:ed:49:c8:a8:05:a2:80:0a:36:8a:6b:03:
                    04:1f:18:98:1b:09:e9:6d:d1:ca:45:a6:4e:95:ec:
                    af:03:9c:2b:67:ac:8f:50:48:7d:2d:8c:bf:20:d7:
                    46:23:0f:e3:e1:dd:f1:81:db:e8:da:f3:ce:b7:47:
                    48:6d:79:b2:77:42:69:48:2c:2f:03:33:63:d5:19:
                    fb:6b:b6:cf:33:3a:36:5d:a9:59:eb:69:3b:af:8d:
                    46:58:21:d2:32:c2:9d:ab:96:9b:d2:19:98:19:7a:
                    6b:b3:95:27:30:87:14:f7:dc:54:9f:d5:df:62:07:
                    d2:f2:b5:85:e6:e8:f1:ee:f9:b9:16:bc:27:09:74:
                    3b:34:de:c9:eb:0e:06:66:fa:11:79:78:31:42:ff:
                    a2:07:3f:3b:42:b2:20:f5:e8:e5:0b:f1:50:54:00:
                    7f:be:54:cc:cc:27:b4:e3:01:46:f4:d7:15:3e:8f:
                    eb:0d:70:bb:77:98:fb:4d:56:fe:cf:19:22:86:14:
                    4b:a7:36:41:ef:56:35:da:c9:69:21:90:ea:b5:d3:
                    2e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:7F:4B:D4:D2:D2:7B:AC:66:6F:13:94:26:C0:33:E7:7C:1B:AF:EB
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/gH9L1NLSe6xmbxOUJsAz53wbr-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:cd:20:bd:01:b2:73:37:c6:0e:70:8a:50:8c:80:67:85:97:
         c6:50:32:64:04:53:1e:f2:67:f4:d5:5d:64:6c:a6:c0:d0:5f:
         d4:a2:46:2e:14:f2:7d:a7:a0:b1:59:32:4d:12:5d:16:04:3c:
         ad:ac:1a:11:ee:e7:e7:e9:09:29:60:8f:18:9b:ac:db:8d:e6:
         80:dc:5f:28:f5:d3:78:23:f2:0b:20:79:33:20:6f:ce:15:26:
         9a:ba:cc:d7:d5:f2:a1:0e:17:92:eb:55:0a:e1:e5:0d:99:12:
         b5:2a:93:82:e7:e9:d3:76:b0:db:b6:1e:71:f2:78:e6:71:1b:
         3c:f1:01:e2:cb:86:71:1e:3d:87:94:6c:c0:68:12:7b:55:4e:
         64:8d:6e:89:15:43:77:44:5a:c4:8b:10:2d:b2:1c:ec:f1:b1:
         70:18:0f:0a:1b:a2:c1:67:8a:56:de:e9:99:75:8d:00:1a:c6:
         86:87:fa:c3:b9:d2:ff:47:28:9f:e2:83:80:dc:c4:72:12:2e:
         56:4a:a6:01:66:da:48:2d:9f:04:27:9e:f9:74:a0:88:79:f2:
         26:7d:74:5e:fb:cf:26:54:6d:f6:5b:87:55:9d:49:90:30:20:
         55:23:79:c7:cb:32:02:df:91:59:f9:d3:7d:1c:d1:db:01:7f:
         94:b4:e8:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6iV3fPrrGwnADqw5y2DUuXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjQwNDAzMDUwMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDdmNGJkNGQyZDI3YmFjNjY2ZjEzOTQyNmMwMzNlNzdjMWJhZmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtZ1vEzOTcgpSM87PnbnTMD1NVp3
JF5PfpSP/nhNolnXFOc2F6FSGuGmOaw42E/tScioBaKACjaKawMEHxiYGwnpbdHK
RaZOleyvA5wrZ6yPUEh9LYy/INdGIw/j4d3xgdvo2vPOt0dIbXmyd0JpSCwvAzNj
1Rn7a7bPMzo2XalZ62k7r41GWCHSMsKdq5ab0hmYGXprs5UnMIcU99xUn9XfYgfS
8rWF5ujx7vm5FrwnCXQ7NN7J6w4GZvoReXgxQv+iBz87QrIg9ejlC/FQVAB/vlTM
zCe04wFG9NcVPo/rDXC7d5j7TVb+zxkihhRLpzZB71Y12slpIZDqtdMuVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIB/S9TS0nusZm8TlCbAM+d8G6/rMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvZ0g5TDFOTFNlNnhtYnhPVUpzQXo1M3dici1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYWNMA0G
CSqGSIb3DQEBCwUAA4IBAQCXzSC9AbJzN8YOcIpQjIBnhZfGUDJkBFMe8mf01V1k
bKbA0F/UokYuFPJ9p6CxWTJNEl0WBDytrBoR7ufn6QkpYI8Ym6zbjeaA3F8o9dN4
I/ILIHkzIG/OFSaauszX1fKhDheS61UK4eUNmRK1KpOC5+nTdrDbth5x8njmcRs8
8QHiy4ZxHj2HlGzAaBJ7VU5kjW6JFUN3RFrEixAtshzs8bFwGA8KG6LBZ4pW3umZ
dY0AGsaGh/rDudL/Ryif4oOA3MRyEi5WSqYBZtpILZ8EJ575dKCIefImfXRe+88m
VG32W4dVnUmQMCBVI3nHyzIC35FZ+dN9HNHbAX+UtOhB
-----END CERTIFICATE-----