Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/ee2d10-ebb0-41ba-9981-3f06829e0f5c/1/C0DhL11wBySQ6tOOPckifcoQRrc.roa
File:                     C0DhL11wBySQ6tOOPckifcoQRrc.roa (raw, json)
Hash identifier:          70c7Et/x+IJ168myLvfl36wU0NL0WFr5tosmWpRkfk0=
Subject key identifier:   0B:40:E1:2F:5D:70:07:24:90:EA:D3:8E:3D:C9:22:7D:CA:10:46:B7
Certificate issuer:       /CN=3490424c688ff519fb9e204d8f1588553455b151
Certificate serial:       018EC791EA4B742A58D245E78E075DA48FDE
Authority key identifier: 34:90:42:4C:68:8F:F5:19:FB:9E:20:4D:8F:15:88:55:34:55:B1:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJBCTGiP9Rn7niBNjxWIVTRVsVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/ee2d10-ebb0-41ba-9981-3f06829e0f5c/1/C0DhL11wBySQ6tOOPckifcoQRrc.roa
Signing time:             Wed 10 Apr 2024 10:33:32 +0000
ROA not before:           Wed 10 Apr 2024 10:33:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212256
IP address blocks:        45.132.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/ee2d10-ebb0-41ba-9981-3f06829e0f5c/1/NJBCTGiP9Rn7niBNjxWIVTRVsVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/ee2d10-ebb0-41ba-9981-3f06829e0f5c/1/NJBCTGiP9Rn7niBNjxWIVTRVsVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJBCTGiP9Rn7niBNjxWIVTRVsVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c7:91:ea:4b:74:2a:58:d2:45:e7:8e:07:5d:a4:8f:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3490424c688ff519fb9e204d8f1588553455b151
        Validity
            Not Before: Apr 10 10:33:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b40e12f5d70072490ead38e3dc9227dca1046b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:36:aa:fe:e1:a3:5b:78:32:70:41:05:20:ab:
                    23:ec:31:76:b5:38:18:a7:1b:90:16:e4:b5:17:01:
                    cf:93:0e:2e:7b:3e:f3:1d:bc:b9:9d:f0:8a:c9:09:
                    db:3b:5d:8c:e3:20:62:4a:2b:33:63:73:02:68:d5:
                    e3:85:a3:a5:da:e3:fa:0b:0a:99:09:0c:b2:19:65:
                    48:cd:80:5c:bb:87:e7:bf:d8:d4:9f:e5:40:80:07:
                    38:02:c0:78:55:fe:2d:11:c7:82:c3:58:de:5f:93:
                    eb:13:12:ad:91:4f:2d:ed:2a:b5:09:50:31:e8:66:
                    c2:b4:4e:4b:0b:02:3e:21:fe:44:d2:ee:39:71:87:
                    d8:a9:00:d3:7f:5a:70:2a:76:46:e5:58:c2:8e:0c:
                    0a:be:79:3b:af:55:f6:03:62:8f:7f:2f:ab:2f:e1:
                    29:5d:35:f2:19:2e:c4:78:aa:df:fe:7f:bf:8f:7a:
                    f3:b0:b6:83:3a:70:a0:9b:e8:b6:cd:6a:42:4d:a9:
                    a8:34:b5:df:35:a4:4d:80:22:ba:10:89:16:af:58:
                    7f:d4:c1:7b:da:ef:80:74:32:4c:82:b8:68:06:eb:
                    1b:01:ef:ca:dd:aa:ff:bd:a9:bd:29:85:6e:6b:7e:
                    5d:ab:4b:19:73:a5:cf:bc:6b:41:76:ed:3e:e6:88:
                    40:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:40:E1:2F:5D:70:07:24:90:EA:D3:8E:3D:C9:22:7D:CA:10:46:B7
            X509v3 Authority Key Identifier:
                keyid:34:90:42:4C:68:8F:F5:19:FB:9E:20:4D:8F:15:88:55:34:55:B1:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJBCTGiP9Rn7niBNjxWIVTRVsVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ee2d10-ebb0-41ba-9981-3f06829e0f5c/1/C0DhL11wBySQ6tOOPckifcoQRrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ee2d10-ebb0-41ba-9981-3f06829e0f5c/1/NJBCTGiP9Rn7niBNjxWIVTRVsVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:d9:8c:c7:ef:7d:e7:3e:77:b0:57:db:be:07:40:cf:56:da:
         12:7f:b9:23:80:1f:c8:62:aa:38:a7:9c:e4:61:dd:d0:78:8e:
         09:04:c2:12:7e:01:cf:ba:fa:e6:bf:b4:39:28:51:68:67:89:
         a8:ec:e3:0e:35:48:29:9c:c2:e6:fb:22:7c:c7:1b:61:2d:0f:
         f8:c2:71:95:26:b2:68:0e:9a:b3:98:04:53:38:f5:14:63:95:
         b0:4e:c4:a5:eb:32:e0:91:74:92:49:7a:55:4c:09:29:a8:9c:
         8b:40:fa:3c:14:85:30:db:f0:a3:d1:a8:73:8a:54:f8:5d:b8:
         d8:d9:9b:96:64:ed:84:e4:c4:91:dd:ea:2f:49:b3:6f:15:11:
         51:38:2a:23:f5:2f:8d:c8:6a:39:92:78:0a:da:9e:64:61:ec:
         7a:b6:7e:58:41:41:5d:41:4f:59:a1:62:57:5e:e5:2b:12:e0:
         0c:1c:a6:6f:a2:b8:8e:c5:e8:21:d1:2e:49:28:94:51:88:65:
         1c:d0:8d:43:ab:20:1d:dc:e1:f8:e6:47:14:f5:62:90:5d:ad:
         03:2a:b1:60:3b:4e:a3:ad:b6:66:ee:a8:95:7a:92:cc:4d:7b:
         1b:10:2e:6f:4d:b0:50:8b:95:22:b6:cb:93:e8:ea:c3:70:ab:
         56:0c:ae:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7HkepLdCpY0kXnjgddpI/eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OTA0MjRjNjg4ZmY1MTlmYjllMjA0ZDhmMTU4ODU1MzQ1
NWIxNTEwHhcNMjQwNDEwMTAzMzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjQwZTEyZjVkNzAwNzI0OTBlYWQzOGUzZGM5MjI3ZGNhMTA0NmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDaq/uGjW3gycEEFIKsj7DF2tTgY
pxuQFuS1FwHPkw4uez7zHby5nfCKyQnbO12M4yBiSiszY3MCaNXjhaOl2uP6CwqZ
CQyyGWVIzYBcu4fnv9jUn+VAgAc4AsB4Vf4tEceCw1jeX5PrExKtkU8t7Sq1CVAx
6GbCtE5LCwI+If5E0u45cYfYqQDTf1pwKnZG5VjCjgwKvnk7r1X2A2KPfy+rL+Ep
XTXyGS7EeKrf/n+/j3rzsLaDOnCgm+i2zWpCTamoNLXfNaRNgCK6EIkWr1h/1MF7
2u+AdDJMgrhoBusbAe/K3ar/vam9KYVua35dq0sZc6XPvGtBdu0+5ohAGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAtA4S9dcAckkOrTjj3JIn3KEEa3MB8GA1UdIwQY
MBaAFDSQQkxoj/UZ+54gTY8ViFU0VbFRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkpCQ1RHaVA5Um43bmlCTmp4V0lWVFJWc1ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9lZTJkMTAtZWJiMC00MWJhLTk5ODEt
M2YwNjgyOWUwZjVjLzEvQzBEaEwxMXdCeVNRNnRPT1Bja2lmY29RUnJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9lZTJkMTAtZWJiMC00MWJhLTk5ODEtM2YwNjgyOWUwZjVj
LzEvTkpCQ1RHaVA5Um43bmlCTmp4V0lWVFJWc1ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYTUMA0G
CSqGSIb3DQEBCwUAA4IBAQCg2YzH733nPnewV9u+B0DPVtoSf7kjgB/IYqo4p5zk
Yd3QeI4JBMISfgHPuvrmv7Q5KFFoZ4mo7OMONUgpnMLm+yJ8xxthLQ/4wnGVJrJo
DpqzmARTOPUUY5WwTsSl6zLgkXSSSXpVTAkpqJyLQPo8FIUw2/Cj0ahzilT4XbjY
2ZuWZO2E5MSR3eovSbNvFRFROCoj9S+NyGo5kngK2p5kYex6tn5YQUFdQU9ZoWJX
XuUrEuAMHKZvoriOxegh0S5JKJRRiGUc0I1DqyAd3OH45kcU9WKQXa0DKrFgO06j
rbZm7qiVepLMTXsbEC5vTbBQi5UitsuT6OrDcKtWDK6K
-----END CERTIFICATE-----