Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/0ddca2-81b3-4b99-be02-aa03ec66290f/1/VdvBEmsal7uZMZh7zcOVRww7ieY.roa
File:                     VdvBEmsal7uZMZh7zcOVRww7ieY.roa (raw, json)
Hash identifier:          rrvyRqnlPR8CKcQ4g9R4YQdMtvIgCJIbsOczp4vR4ic=
Subject key identifier:   55:DB:C1:12:6B:1A:97:BB:99:31:98:7B:CD:C3:95:47:0C:3B:89:E6
Certificate issuer:       /CN=10d49b73cada01ee851812ec440b7a1ec98648b3
Certificate serial:       018CC2DAD8A0241E85E2AC264C458DEF0FCC
Authority key identifier: 10:D4:9B:73:CA:DA:01:EE:85:18:12:EC:44:0B:7A:1E:C9:86:48:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ENSbc8raAe6FGBLsRAt6HsmGSLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/0ddca2-81b3-4b99-be02-aa03ec66290f/1/VdvBEmsal7uZMZh7zcOVRww7ieY.roa
Signing time:             Mon 01 Jan 2024 02:29:31 +0000
ROA not before:           Mon 01 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208495
IP address blocks:        45.132.132.0/22 maxlen: 22
                          45.132.132.0/24 maxlen: 24
                          45.132.134.0/24 maxlen: 24
                          45.132.133.0/24 maxlen: 24
                          45.132.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/0ddca2-81b3-4b99-be02-aa03ec66290f/1/ENSbc8raAe6FGBLsRAt6HsmGSLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/0ddca2-81b3-4b99-be02-aa03ec66290f/1/ENSbc8raAe6FGBLsRAt6HsmGSLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ENSbc8raAe6FGBLsRAt6HsmGSLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d8:a0:24:1e:85:e2:ac:26:4c:45:8d:ef:0f:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10d49b73cada01ee851812ec440b7a1ec98648b3
        Validity
            Not Before: Jan  1 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55dbc1126b1a97bb9931987bcdc395470c3b89e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:99:13:3b:02:1c:e7:f0:04:65:82:46:92:ac:
                    48:38:f8:08:8d:3d:cf:78:03:01:43:52:83:53:92:
                    e7:13:5c:60:ca:66:62:8e:01:32:96:86:b5:39:c5:
                    04:20:b4:7f:b6:e6:d2:3a:4b:e5:2c:90:8e:b2:55:
                    58:a2:30:77:ce:68:f4:74:96:f3:a1:42:f9:87:de:
                    51:52:41:06:92:37:c2:6d:bd:71:a9:2d:84:2f:78:
                    e6:61:9e:c8:94:cb:9f:75:29:5b:e2:30:89:69:f2:
                    68:e0:0a:2c:75:e3:ba:87:33:3a:e5:64:9f:b8:aa:
                    7a:81:49:05:d7:a6:c8:07:7b:f7:67:cb:d3:e4:b1:
                    bb:a2:c7:81:3f:b8:71:16:74:3e:a7:e2:3f:cb:05:
                    55:be:7c:42:41:57:e1:49:7c:de:43:3e:fd:04:5c:
                    41:19:a3:24:47:f2:7f:f3:11:97:70:10:e1:c6:62:
                    cd:34:7f:bd:55:de:27:b3:50:73:bc:06:ff:fc:8d:
                    e7:88:74:f5:31:39:81:df:0b:da:49:d8:0f:b7:71:
                    d9:ad:bc:3b:5a:a1:75:f4:46:5c:92:54:37:03:73:
                    ec:bf:f6:ff:74:ca:c3:c1:b1:9c:b6:60:06:57:98:
                    fd:3c:fe:ac:3d:42:09:07:e5:28:c6:33:d8:19:fb:
                    a1:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:DB:C1:12:6B:1A:97:BB:99:31:98:7B:CD:C3:95:47:0C:3B:89:E6
            X509v3 Authority Key Identifier:
                keyid:10:D4:9B:73:CA:DA:01:EE:85:18:12:EC:44:0B:7A:1E:C9:86:48:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ENSbc8raAe6FGBLsRAt6HsmGSLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/0ddca2-81b3-4b99-be02-aa03ec66290f/1/VdvBEmsal7uZMZh7zcOVRww7ieY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/0ddca2-81b3-4b99-be02-aa03ec66290f/1/ENSbc8raAe6FGBLsRAt6HsmGSLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:8c:67:42:0d:d1:6c:c7:20:cc:5d:ea:cc:01:ca:2c:4b:2f:
         2f:a2:cf:c3:c9:59:c7:42:f1:3b:66:81:2e:31:b4:96:da:4e:
         8c:fa:f5:f4:f4:3f:0e:cc:0c:41:6a:2a:d0:ee:79:a1:b8:5b:
         29:39:ce:89:1c:63:06:66:ed:48:f3:f8:33:71:f4:46:2a:da:
         a0:77:ff:49:39:61:07:14:30:34:5f:cc:58:22:fe:6c:73:91:
         ed:5c:ec:5b:d0:3b:38:85:30:be:b0:9a:5e:54:21:46:13:0d:
         d2:6d:99:89:94:1e:b7:07:c3:23:21:1d:cd:7f:92:f1:6c:33:
         2e:c1:e6:74:be:b0:e4:06:fc:71:bb:28:31:e5:3e:20:a3:d7:
         b4:81:e2:f8:76:22:b0:58:c7:e9:12:b5:18:7b:5f:66:57:d1:
         9e:18:ee:57:af:07:d1:54:e7:5b:6c:2f:65:36:6f:cb:44:ae:
         90:81:40:b6:e5:4a:d5:40:f7:64:e7:34:5b:18:7b:28:df:73:
         97:d1:c3:ab:ab:fb:93:a5:09:61:6d:25:8c:3f:5b:71:f5:84:
         03:10:e6:e2:ce:eb:ee:6b:31:91:31:42:e6:41:ba:ef:42:7d:
         95:d2:ae:5e:ab:45:4b:a7:7c:76:9a:7a:60:99:47:03:b5:c6:
         53:27:21:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tigJB6F4qwmTEWN7w/MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwZDQ5YjczY2FkYTAxZWU4NTE4MTJlYzQ0MGI3YTFlYzk4
NjQ4YjMwHhcNMjQwMTAxMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWRiYzExMjZiMWE5N2JiOTkzMTk4N2JjZGMzOTU0NzBjM2I4OWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipkTOwIc5/AEZYJGkqxIOPgIjT3P
eAMBQ1KDU5LnE1xgymZijgEyloa1OcUEILR/tubSOkvlLJCOslVYojB3zmj0dJbz
oUL5h95RUkEGkjfCbb1xqS2EL3jmYZ7IlMufdSlb4jCJafJo4AosdeO6hzM65WSf
uKp6gUkF16bIB3v3Z8vT5LG7oseBP7hxFnQ+p+I/ywVVvnxCQVfhSXzeQz79BFxB
GaMkR/J/8xGXcBDhxmLNNH+9Vd4ns1BzvAb//I3niHT1MTmB3wvaSdgPt3HZrbw7
WqF19EZcklQ3A3Psv/b/dMrDwbGctmAGV5j9PP6sPUIJB+UoxjPYGfuhHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFXbwRJrGpe7mTGYe83DlUcMO4nmMB8GA1UdIwQY
MBaAFBDUm3PK2gHuhRgS7EQLeh7JhkizMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRU5TYmM4cmFBZTZGR0JMc1JBdDZIc21HU0xNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny8wZGRjYTItODFiMy00Yjk5LWJlMDIt
YWEwM2VjNjYyOTBmLzEvVmR2QkVtc2FsN3VaTVpoN3pjT1ZSd3c3aWVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny8wZGRjYTItODFiMy00Yjk5LWJlMDItYWEwM2VjNjYyOTBm
LzEvRU5TYmM4cmFBZTZGR0JMc1JBdDZIc21HU0xNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYSEMA0G
CSqGSIb3DQEBCwUAA4IBAQACjGdCDdFsxyDMXerMAcosSy8vos/DyVnHQvE7ZoEu
MbSW2k6M+vX09D8OzAxBairQ7nmhuFspOc6JHGMGZu1I8/gzcfRGKtqgd/9JOWEH
FDA0X8xYIv5sc5HtXOxb0Ds4hTC+sJpeVCFGEw3SbZmJlB63B8MjIR3Nf5LxbDMu
weZ0vrDkBvxxuygx5T4go9e0geL4diKwWMfpErUYe19mV9GeGO5XrwfRVOdbbC9l
Nm/LRK6QgUC25UrVQPdk5zRbGHso33OX0cOrq/uTpQlhbSWMP1tx9YQDEObizuvu
azGRMULmQbrvQn2V0q5eq0VLp3x2mnpgmUcDtcZTJyFm
-----END CERTIFICATE-----