Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/gVt2e3FGMEWFk_1jAdm_KaqLPXI.roa
File:                     gVt2e3FGMEWFk_1jAdm_KaqLPXI.roa (raw, json)
Hash identifier:          EW54MjhTD58f+Wdy4v9Mxgzsy2ZsQg0knSpAXEWw7/s=
Subject key identifier:   81:5B:76:7B:71:46:30:45:85:93:FD:63:01:D9:BF:29:AA:8B:3D:72
Certificate issuer:       /CN=0a30b635d357468d7f932d3e1f59d5373cf9f465
Certificate serial:       018CC5DC6AEB4E77AF0CFAE10BE1AE348527
Authority key identifier: 0A:30:B6:35:D3:57:46:8D:7F:93:2D:3E:1F:59:D5:37:3C:F9:F4:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CjC2NdNXRo1_ky0-H1nVNzz59GU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/gVt2e3FGMEWFk_1jAdm_KaqLPXI.roa
Signing time:             Mon 01 Jan 2024 16:30:06 +0000
ROA not before:           Mon 01 Jan 2024 16:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30781
IP address blocks:        45.12.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/CjC2NdNXRo1_ky0-H1nVNzz59GU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/CjC2NdNXRo1_ky0-H1nVNzz59GU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CjC2NdNXRo1_ky0-H1nVNzz59GU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:6a:eb:4e:77:af:0c:fa:e1:0b:e1:ae:34:85:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a30b635d357468d7f932d3e1f59d5373cf9f465
        Validity
            Not Before: Jan  1 16:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=815b767b714630458593fd6301d9bf29aa8b3d72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:58:c3:f3:44:18:83:b6:c8:dd:92:a5:8f:1c:
                    40:d0:c6:98:af:66:c5:56:fd:21:e8:70:fc:d1:cf:
                    88:4d:da:d9:b2:54:60:b4:e1:a4:12:71:f9:00:91:
                    3d:2c:86:70:7c:f0:2e:7f:1e:58:5d:b5:a6:ae:77:
                    60:ff:5d:82:c4:5c:f4:38:54:12:eb:43:48:d8:ee:
                    7c:f5:68:06:4b:29:2a:7e:b8:fe:ea:8f:1a:de:ad:
                    ab:7a:f6:db:aa:fd:8c:0a:83:a5:3f:9d:e0:a3:68:
                    d7:12:9a:4a:05:d9:28:6e:95:7c:cd:9b:84:37:e4:
                    91:1e:a2:67:7f:c6:c4:f3:01:ac:6d:78:24:be:4e:
                    53:6c:bf:78:5b:fc:36:97:40:21:89:ff:32:d8:d8:
                    25:20:f2:e3:d1:91:31:17:3f:75:97:13:88:a4:60:
                    0c:f7:91:fd:c0:d6:46:60:70:25:ff:fb:dc:3c:b6:
                    30:ab:53:1d:a2:c2:4b:ff:18:10:1f:42:6d:2d:ce:
                    1a:bf:e4:0e:53:41:3a:3c:32:17:62:b5:39:4a:cc:
                    a8:cf:76:0c:86:e7:44:1e:6b:e3:0e:2b:29:e4:13:
                    1c:95:1d:a4:7c:ff:94:46:ea:fc:26:14:c0:0d:bd:
                    0a:86:7d:42:1a:38:dc:95:6f:9c:b1:da:70:b3:25:
                    bc:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:5B:76:7B:71:46:30:45:85:93:FD:63:01:D9:BF:29:AA:8B:3D:72
            X509v3 Authority Key Identifier:
                keyid:0A:30:B6:35:D3:57:46:8D:7F:93:2D:3E:1F:59:D5:37:3C:F9:F4:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjC2NdNXRo1_ky0-H1nVNzz59GU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/gVt2e3FGMEWFk_1jAdm_KaqLPXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/CjC2NdNXRo1_ky0-H1nVNzz59GU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:e3:97:33:eb:ea:96:5c:b2:d5:16:2a:09:f5:f5:6c:02:87:
         50:a5:51:95:63:94:54:86:25:60:bc:73:5c:69:f8:c9:24:02:
         d6:f1:2b:24:5e:aa:95:39:84:92:cc:f4:56:06:61:27:4b:79:
         56:a5:f3:1c:8c:45:9c:1d:2d:3f:51:04:af:f2:00:b6:09:ba:
         77:01:f4:cd:11:fb:32:91:b4:c9:5c:d7:a2:3c:13:6d:8f:7e:
         61:9d:ff:37:84:a2:9b:ff:dd:8f:28:20:2a:1a:1e:e2:4c:d1:
         f7:d0:0d:50:f4:66:e8:35:e4:19:a0:ff:56:af:61:10:50:7e:
         34:dc:38:64:78:19:7d:a8:8f:72:94:46:d2:bf:1a:a5:61:8c:
         cb:d9:6a:df:67:4c:30:34:23:66:a3:01:c6:a4:dd:2d:6d:0a:
         b4:2b:3d:e3:9f:7c:f8:88:16:84:f6:28:d3:c0:f0:39:a5:ea:
         df:4f:95:15:3a:38:94:2b:ba:e4:e8:a9:d1:dd:c2:83:8f:c1:
         c7:93:71:f4:07:51:70:a0:a8:33:3c:9b:83:e6:8b:2c:a2:7a:
         06:ab:3c:50:0d:e9:f8:e1:1e:f5:32:25:6c:06:54:b7:a4:61:
         1b:11:82:43:dd:a1:23:d2:a8:ef:88:5e:ff:d3:e6:9c:5a:0e:
         43:7a:31:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3GrrTnevDPrhC+GuNIUnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzBiNjM1ZDM1NzQ2OGQ3ZjkzMmQzZTFmNTlkNTM3M2Nm
OWY0NjUwHhcNMjQwMTAxMTYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTViNzY3YjcxNDYzMDQ1ODU5M2ZkNjMwMWQ5YmYyOWFhOGIzZDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFjD80QYg7bI3ZKljxxA0MaYr2bF
Vv0h6HD80c+ITdrZslRgtOGkEnH5AJE9LIZwfPAufx5YXbWmrndg/12CxFz0OFQS
60NI2O589WgGSykqfrj+6o8a3q2revbbqv2MCoOlP53go2jXEppKBdkobpV8zZuE
N+SRHqJnf8bE8wGsbXgkvk5TbL94W/w2l0Ahif8y2NglIPLj0ZExFz91lxOIpGAM
95H9wNZGYHAl//vcPLYwq1MdosJL/xgQH0JtLc4av+QOU0E6PDIXYrU5Ssyoz3YM
hudEHmvjDisp5BMclR2kfP+URur8JhTADb0Khn1CGjjclW+csdpwsyW8AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIFbdntxRjBFhZP9YwHZvymqiz1yMB8GA1UdIwQY
MBaAFAowtjXTV0aNf5MtPh9Z1Tc8+fRlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pDMk5kTlhSbzFfa3kwLUgxblZOeno1OUdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8xNzg1ZjEtYWUyMy00MGYwLTgzZjIt
NmRlZjM5OGNlNWM5LzEvZ1Z0MmUzRkdNRVdGa18xakFkbV9LYXFMUFhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8xNzg1ZjEtYWUyMy00MGYwLTgzZjItNmRlZjM5OGNlNWM5
LzEvQ2pDMk5kTlhSbzFfa3kwLUgxblZOeno1OUdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQy5MA0G
CSqGSIb3DQEBCwUAA4IBAQAM45cz6+qWXLLVFioJ9fVsAodQpVGVY5RUhiVgvHNc
afjJJALW8SskXqqVOYSSzPRWBmEnS3lWpfMcjEWcHS0/UQSv8gC2Cbp3AfTNEfsy
kbTJXNeiPBNtj35hnf83hKKb/92PKCAqGh7iTNH30A1Q9GboNeQZoP9Wr2EQUH40
3DhkeBl9qI9ylEbSvxqlYYzL2WrfZ0wwNCNmowHGpN0tbQq0Kz3jn3z4iBaE9ijT
wPA5perfT5UVOjiUK7rk6KnR3cKDj8HHk3H0B1FwoKgzPJuD5ossonoGqzxQDen4
4R71MiVsBlS3pGEbEYJD3aEj0qjviF7/0+acWg5DejH6
-----END CERTIFICATE-----