Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/1c8605-163e-4245-af12-cdbd556e1749/1/4odaYlbeGPHJn-JBDwYQA8Ktekg.roa
File:                     4odaYlbeGPHJn-JBDwYQA8Ktekg.roa (raw, json)
Hash identifier:          95A5GotRPxc6BL62J2GTwGKcuK5jhz/tyCSQv4gzMjY=
Subject key identifier:   E2:87:5A:62:56:DE:18:F1:C9:9F:E2:41:0F:06:10:03:C2:AD:7A:48
Certificate issuer:       /CN=ab975db4378dfca7c2953b86d3b18dc8b218ec6b
Certificate serial:       018CCA2BE94760A1DBC0CFC5932CA6699B3C
Authority key identifier: AB:97:5D:B4:37:8D:FC:A7:C2:95:3B:86:D3:B1:8D:C8:B2:18:EC:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q5ddtDeN_KfClTuG07GNyLIY7Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/1c8605-163e-4245-af12-cdbd556e1749/1/4odaYlbeGPHJn-JBDwYQA8Ktekg.roa
Signing time:             Tue 02 Jan 2024 12:35:24 +0000
ROA not before:           Tue 02 Jan 2024 12:35:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208283
IP address blocks:        45.144.6.0/23 maxlen: 23
                          2a0e:e744::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/1c8605-163e-4245-af12-cdbd556e1749/1/q5ddtDeN_KfClTuG07GNyLIY7Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/1c8605-163e-4245-af12-cdbd556e1749/1/q5ddtDeN_KfClTuG07GNyLIY7Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q5ddtDeN_KfClTuG07GNyLIY7Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:e9:47:60:a1:db:c0:cf:c5:93:2c:a6:69:9b:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab975db4378dfca7c2953b86d3b18dc8b218ec6b
        Validity
            Not Before: Jan  2 12:35:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2875a6256de18f1c99fe2410f061003c2ad7a48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c6:d8:5c:62:d2:c7:b5:f8:3c:a5:f2:c1:ef:
                    93:c7:f0:62:65:67:be:74:ec:c0:9b:f1:25:37:af:
                    dd:b9:f4:44:fc:f1:7a:da:55:ca:58:af:9b:fb:4c:
                    d8:46:93:f0:98:21:c9:eb:44:25:a4:0a:14:97:4a:
                    8c:c0:04:fa:c5:12:20:15:a0:c1:d4:c7:d2:ef:db:
                    0d:07:b0:3f:59:a0:7a:92:70:12:e4:0e:3e:79:9d:
                    c6:4f:f5:7b:25:a2:37:11:67:df:e8:e7:d9:d2:65:
                    5e:e6:48:0f:09:10:80:63:38:dd:a5:26:f5:f2:14:
                    e5:76:99:13:65:42:1c:53:4d:4f:02:34:41:b5:cd:
                    9a:c1:2f:b6:8b:51:39:00:ca:8a:6f:fe:59:58:56:
                    7b:ea:57:64:55:76:5c:85:cb:65:77:b7:ce:f6:60:
                    6c:4c:a2:cb:52:fb:e2:27:75:a3:0c:c2:7e:1e:90:
                    85:49:8d:c9:dd:cd:74:c5:78:d5:b2:02:b8:0e:7c:
                    a9:82:b4:3a:05:b3:55:ab:1c:1d:8e:65:36:80:5d:
                    d5:39:83:b7:17:0e:50:d2:ce:35:5f:25:1f:e0:d7:
                    e7:f7:11:51:4e:06:db:9c:e1:47:32:ee:f0:4a:28:
                    98:cb:67:95:bc:16:89:a5:ad:86:1a:d9:81:3b:67:
                    9c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:87:5A:62:56:DE:18:F1:C9:9F:E2:41:0F:06:10:03:C2:AD:7A:48
            X509v3 Authority Key Identifier:
                keyid:AB:97:5D:B4:37:8D:FC:A7:C2:95:3B:86:D3:B1:8D:C8:B2:18:EC:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q5ddtDeN_KfClTuG07GNyLIY7Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c8605-163e-4245-af12-cdbd556e1749/1/4odaYlbeGPHJn-JBDwYQA8Ktekg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c8605-163e-4245-af12-cdbd556e1749/1/q5ddtDeN_KfClTuG07GNyLIY7Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.6.0/23
                IPv6:
                  2a0e:e744::/30

    Signature Algorithm: sha256WithRSAEncryption
         4a:b7:81:d8:96:27:5a:cb:87:bf:d8:e6:8c:88:e9:94:3c:45:
         4a:e6:ea:c5:e3:10:dc:f4:ca:43:b6:ef:41:bf:5a:62:90:6b:
         e4:db:26:91:ae:c6:6c:3a:e0:04:e3:30:6c:ab:f5:d1:ad:6a:
         20:0b:17:78:97:f2:c2:10:bd:9f:80:48:8e:1c:7a:25:f4:ce:
         60:ba:01:2a:6b:c3:03:7b:43:bb:8e:58:64:7a:4e:e2:fb:c1:
         7e:1f:85:7c:18:7f:47:20:df:9a:a8:0d:48:cc:99:91:57:18:
         3f:92:aa:ba:54:61:f4:cb:a3:e5:16:21:42:cc:73:96:7a:8d:
         a0:19:1d:dd:ef:e1:cf:ad:e5:f4:95:cf:46:bc:1e:08:e6:b2:
         e5:e0:a9:6b:bd:fc:cd:b3:52:30:67:ee:44:75:3d:89:2a:c4:
         51:8d:c5:88:bf:40:a2:a0:16:cb:95:c2:a6:45:38:c4:be:7f:
         7d:64:d8:92:63:06:f9:cd:c3:9a:9b:29:43:5d:7d:7a:0c:c8:
         79:f7:25:ab:45:0b:ef:ed:9e:e3:f6:44:68:04:d1:5f:20:4d:
         c8:23:9c:4b:8d:00:34:42:30:7b:cb:92:ed:ed:8a:42:9b:fd:
         0c:4f:80:d5:7a:35:b6:a5:97:46:8b:00:4d:4e:3b:3d:35:3c:
         02:79:74:36
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKK+lHYKHbwM/FkyymaZs8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiOTc1ZGI0Mzc4ZGZjYTdjMjk1M2I4NmQzYjE4ZGM4YjIx
OGVjNmIwHhcNMjQwMTAyMTIzNTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjg3NWE2MjU2ZGUxOGYxYzk5ZmUyNDEwZjA2MTAwM2MyYWQ3YTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcbYXGLSx7X4PKXywe+Tx/BiZWe+
dOzAm/ElN6/dufRE/PF62lXKWK+b+0zYRpPwmCHJ60QlpAoUl0qMwAT6xRIgFaDB
1MfS79sNB7A/WaB6knAS5A4+eZ3GT/V7JaI3EWff6OfZ0mVe5kgPCRCAYzjdpSb1
8hTldpkTZUIcU01PAjRBtc2awS+2i1E5AMqKb/5ZWFZ76ldkVXZchctld7fO9mBs
TKLLUvviJ3WjDMJ+HpCFSY3J3c10xXjVsgK4DnypgrQ6BbNVqxwdjmU2gF3VOYO3
Fw5Q0s41XyUf4Nfn9xFRTgbbnOFHMu7wSiiYy2eVvBaJpa2GGtmBO2ecJwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOKHWmJW3hjxyZ/iQQ8GEAPCrXpIMB8GA1UdIwQY
MBaAFKuXXbQ3jfynwpU7htOxjciyGOxrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTVkZHREZU5fS2ZDbFR1RzA3R055TElZN0dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xYzg2MDUtMTYzZS00MjQ1LWFmMTIt
Y2RiZDU1NmUxNzQ5LzEvNG9kYVlsYmVHUEhKbi1KQkR3WVFBOEt0ZWtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8xYzg2MDUtMTYzZS00MjQ1LWFmMTItY2RiZDU1NmUxNzQ5
LzEvcTVkZHREZU5fS2ZDbFR1RzA3R055TElZN0dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBLZAGMA0E
AgACMAcDBQIqDudEMA0GCSqGSIb3DQEBCwUAA4IBAQBKt4HYliday4e/2OaMiOmU
PEVK5urF4xDc9MpDtu9Bv1pikGvk2yaRrsZsOuAE4zBsq/XRrWogCxd4l/LCEL2f
gEiOHHol9M5gugEqa8MDe0O7jlhkek7i+8F+H4V8GH9HIN+aqA1IzJmRVxg/kqq6
VGH0y6PlFiFCzHOWeo2gGR3d7+HPreX0lc9GvB4I5rLl4KlrvfzNs1IwZ+5EdT2J
KsRRjcWIv0CioBbLlcKmRTjEvn99ZNiSYwb5zcOamylDXX16DMh59yWrRQvv7Z7j
9kRoBNFfIE3II5xLjQA0QjB7y5Lt7YpCm/0MT4DVejW2pZdGiwBNTjs9NTwCeXQ2
-----END CERTIFICATE-----