Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/d57810-446f-4cf5-bf50-20222a04d353/1/l9S2Pocj4w_fSTZYPUZFOp7ToEA.roa
File:                     l9S2Pocj4w_fSTZYPUZFOp7ToEA.roa (raw, json)
Hash identifier:          7Erk0LaIkCro4C3VJ5O52PfA4eXgEprIxXO9cPB75Es=
Subject key identifier:   97:D4:B6:3E:87:23:E3:0F:DF:49:36:58:3D:46:45:3A:9E:D3:A0:40
Certificate issuer:       /CN=6e3c363a880fc71f322d170f747ec52a2a9cc0d5
Certificate serial:       018CCA2BDC295318B30AC2954624536C4698
Authority key identifier: 6E:3C:36:3A:88:0F:C7:1F:32:2D:17:0F:74:7E:C5:2A:2A:9C:C0:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bjw2OogPxx8yLRcPdH7FKiqcwNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/d57810-446f-4cf5-bf50-20222a04d353/1/l9S2Pocj4w_fSTZYPUZFOp7ToEA.roa
Signing time:             Tue 02 Jan 2024 12:35:21 +0000
ROA not before:           Tue 02 Jan 2024 12:35:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204272
IP address blocks:        45.155.144.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/d57810-446f-4cf5-bf50-20222a04d353/1/bjw2OogPxx8yLRcPdH7FKiqcwNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/d57810-446f-4cf5-bf50-20222a04d353/1/bjw2OogPxx8yLRcPdH7FKiqcwNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bjw2OogPxx8yLRcPdH7FKiqcwNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:dc:29:53:18:b3:0a:c2:95:46:24:53:6c:46:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e3c363a880fc71f322d170f747ec52a2a9cc0d5
        Validity
            Not Before: Jan  2 12:35:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97d4b63e8723e30fdf4936583d46453a9ed3a040
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:65:98:66:45:0f:1c:cb:9e:39:86:be:65:91:
                    14:e4:41:55:03:f5:1f:53:aa:05:10:14:63:d5:83:
                    94:d7:2b:f4:fa:1f:74:e6:8e:07:ab:b0:01:98:c3:
                    74:0c:4d:55:19:73:a2:38:29:df:cd:45:20:62:5f:
                    7b:77:e2:34:9b:7d:f8:ed:89:53:d1:12:3d:30:6b:
                    5e:f5:58:e6:77:37:64:62:a6:30:e1:84:17:ff:5f:
                    e9:11:a1:cb:73:9d:15:26:88:06:11:28:4f:56:33:
                    c4:ad:be:e5:49:11:99:c2:ef:07:77:54:2c:5f:79:
                    b9:12:98:0d:95:4a:88:f6:b4:fc:d7:14:de:a0:8e:
                    44:70:55:e6:07:ef:f0:dc:5b:05:b6:7b:b2:65:6c:
                    99:84:d8:6b:1c:84:c6:bd:13:d1:64:47:d1:bd:58:
                    8e:04:a9:3e:6f:81:5d:60:6a:96:a5:0b:d3:ea:5c:
                    c4:39:f2:ce:a2:92:ce:33:73:bb:91:e8:d4:8f:6b:
                    dc:b1:0b:9d:f0:b9:56:82:10:6f:27:41:9a:77:22:
                    87:a2:d1:d1:f1:9e:60:78:72:9b:4f:cd:9f:5e:44:
                    cf:4d:e5:96:db:30:6a:ca:ad:5a:55:7c:43:d9:55:
                    09:b7:dc:b5:44:0e:84:10:ee:c5:70:79:92:4c:0e:
                    6d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:D4:B6:3E:87:23:E3:0F:DF:49:36:58:3D:46:45:3A:9E:D3:A0:40
            X509v3 Authority Key Identifier:
                keyid:6E:3C:36:3A:88:0F:C7:1F:32:2D:17:0F:74:7E:C5:2A:2A:9C:C0:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bjw2OogPxx8yLRcPdH7FKiqcwNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/d57810-446f-4cf5-bf50-20222a04d353/1/l9S2Pocj4w_fSTZYPUZFOp7ToEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/d57810-446f-4cf5-bf50-20222a04d353/1/bjw2OogPxx8yLRcPdH7FKiqcwNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:35:8b:1f:2a:9f:73:c8:42:d5:60:03:36:79:f8:c9:ea:c1:
         43:f2:5d:99:4d:0e:c6:ab:72:b4:d1:6e:9f:26:cb:f1:35:66:
         1a:47:56:35:0d:f3:ad:d3:05:fd:47:ee:e5:5e:bc:45:22:f7:
         59:1f:37:78:20:21:78:13:aa:1a:b4:8d:90:6b:92:c7:98:8d:
         b7:71:27:17:68:b3:1a:0d:37:68:82:8c:4c:3c:35:5c:b3:29:
         5b:0d:3b:f5:22:9c:2b:4e:05:3d:29:66:9c:77:30:2d:6c:d6:
         7c:51:cd:29:b7:e1:19:60:78:d2:78:df:e7:a6:be:9d:00:90:
         fc:71:57:64:db:9e:3f:85:17:30:e8:df:00:66:ef:c4:80:7c:
         24:67:c9:c1:b4:7e:d9:d1:67:87:eb:13:fe:49:f0:35:54:75:
         75:8a:f5:e3:e7:c2:b0:a7:16:84:a6:43:05:ca:b1:61:0c:99:
         23:b8:33:33:4d:8d:e9:6e:c7:0c:05:57:77:06:e6:86:3e:ee:
         8d:cb:b1:67:b0:2d:8b:f9:77:b8:64:9f:81:e9:01:e3:bc:a0:
         65:1f:7a:9b:f9:27:70:4a:a8:08:52:d7:1e:0d:71:c8:11:4f:
         f3:50:75:4c:a7:62:07:2b:96:1d:cc:75:a8:15:ab:d5:ff:09:
         07:1c:0b:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK9wpUxizCsKVRiRTbEaYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlM2MzNjNhODgwZmM3MWYzMjJkMTcwZjc0N2VjNTJhMmE5
Y2MwZDUwHhcNMjQwMTAyMTIzNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2Q0YjYzZTg3MjNlMzBmZGY0OTM2NTgzZDQ2NDUzYTllZDNhMDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA12WYZkUPHMueOYa+ZZEU5EFVA/Uf
U6oFEBRj1YOU1yv0+h905o4Hq7ABmMN0DE1VGXOiOCnfzUUgYl97d+I0m3347YlT
0RI9MGte9VjmdzdkYqYw4YQX/1/pEaHLc50VJogGEShPVjPErb7lSRGZwu8Hd1Qs
X3m5EpgNlUqI9rT81xTeoI5EcFXmB+/w3FsFtnuyZWyZhNhrHITGvRPRZEfRvViO
BKk+b4FdYGqWpQvT6lzEOfLOopLOM3O7kejUj2vcsQud8LlWghBvJ0GadyKHotHR
8Z5geHKbT82fXkTPTeWW2zBqyq1aVXxD2VUJt9y1RA6EEO7FcHmSTA5twwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJfUtj6HI+MP30k2WD1GRTqe06BAMB8GA1UdIwQY
MBaAFG48NjqID8cfMi0XD3R+xSoqnMDVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmp3Mk9vZ1B4eDh5TFJjUGRIN0ZLaXFjd05VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9kNTc4MTAtNDQ2Zi00Y2Y1LWJmNTAt
MjAyMjJhMDRkMzUzLzEvbDlTMlBvY2o0d19mU1RaWVBVWkZPcDdUb0VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9kNTc4MTAtNDQ2Zi00Y2Y1LWJmNTAtMjAyMjJhMDRkMzUz
LzEvYmp3Mk9vZ1B4eDh5TFJjUGRIN0ZLaXFjd05VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZuQMA0G
CSqGSIb3DQEBCwUAA4IBAQB8NYsfKp9zyELVYAM2efjJ6sFD8l2ZTQ7Gq3K00W6f
JsvxNWYaR1Y1DfOt0wX9R+7lXrxFIvdZHzd4ICF4E6oatI2Qa5LHmI23cScXaLMa
DTdogoxMPDVcsylbDTv1IpwrTgU9KWacdzAtbNZ8Uc0pt+EZYHjSeN/npr6dAJD8
cVdk254/hRcw6N8AZu/EgHwkZ8nBtH7Z0WeH6xP+SfA1VHV1ivXj58KwpxaEpkMF
yrFhDJkjuDMzTY3pbscMBVd3BuaGPu6Ny7FnsC2L+Xe4ZJ+B6QHjvKBlH3qb+Sdw
SqgIUtceDXHIEU/zUHVMp2IHK5YdzHWoFavV/wkHHAtF
-----END CERTIFICATE-----