Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/zceKhWfIkYJkef-a-Wa-Z7d685w.roa
File:                     zceKhWfIkYJkef-a-Wa-Z7d685w.roa (raw, json)
Hash identifier:          r16CpOyv3Cy8P+YPR20F3WqEqbwV3DgVTExR/KRBElU=
Subject key identifier:   CD:C7:8A:85:67:C8:91:82:64:79:FF:9A:F9:66:BE:67:B7:7A:F3:9C
Certificate issuer:       /CN=0a30b635d357468d7f932d3e1f59d5373cf9f465
Certificate serial:       018CC5DC6D594EA9838CED396D0A3EB37138
Authority key identifier: 0A:30:B6:35:D3:57:46:8D:7F:93:2D:3E:1F:59:D5:37:3C:F9:F4:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CjC2NdNXRo1_ky0-H1nVNzz59GU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/zceKhWfIkYJkef-a-Wa-Z7d685w.roa
Signing time:             Mon 01 Jan 2024 16:30:06 +0000
ROA not before:           Mon 01 Jan 2024 16:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212815
IP address blocks:        45.12.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/CjC2NdNXRo1_ky0-H1nVNzz59GU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/CjC2NdNXRo1_ky0-H1nVNzz59GU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CjC2NdNXRo1_ky0-H1nVNzz59GU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:6d:59:4e:a9:83:8c:ed:39:6d:0a:3e:b3:71:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a30b635d357468d7f932d3e1f59d5373cf9f465
        Validity
            Not Before: Jan  1 16:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdc78a8567c891826479ff9af966be67b77af39c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:f3:a4:f8:3a:4d:2a:8c:e6:2d:27:34:db:5c:
                    1d:b3:f8:b5:28:81:26:04:33:0e:71:4d:2e:87:31:
                    ac:3b:69:5c:0a:6a:40:3e:bb:89:fd:1f:b7:46:32:
                    4c:15:1b:b1:e3:36:d0:00:49:64:36:ae:69:e2:1a:
                    c1:e0:8c:64:37:1a:f2:f5:d3:37:bf:27:4f:d1:70:
                    33:49:1e:d6:eb:51:a0:8e:cc:00:db:0c:ae:db:bf:
                    30:4d:0f:48:b9:9c:87:45:68:0b:18:49:12:ed:ef:
                    ed:9e:3d:73:32:4a:58:26:b8:07:74:e5:f4:de:8b:
                    fb:31:ab:9f:01:57:93:48:c1:06:85:64:f5:ce:2d:
                    00:0a:f2:ea:3f:23:49:63:d1:fa:40:89:81:2f:70:
                    70:07:b6:36:e2:1a:24:4f:39:d5:45:75:20:f3:b5:
                    f7:2e:b0:8c:d8:9d:9f:a4:7d:63:43:60:56:10:92:
                    05:35:32:07:6c:08:dc:8b:0a:55:7b:ed:4e:db:40:
                    4d:49:33:5d:5a:88:02:e8:8c:68:62:c6:34:a0:c0:
                    90:ff:0b:81:19:87:a3:94:37:ee:9b:cd:f1:d2:fb:
                    2a:40:32:29:71:ef:5d:a8:d1:ea:50:90:9a:83:33:
                    bf:b1:52:c0:66:fc:b7:cd:4b:9d:fa:b7:f9:b7:7e:
                    29:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:C7:8A:85:67:C8:91:82:64:79:FF:9A:F9:66:BE:67:B7:7A:F3:9C
            X509v3 Authority Key Identifier:
                keyid:0A:30:B6:35:D3:57:46:8D:7F:93:2D:3E:1F:59:D5:37:3C:F9:F4:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjC2NdNXRo1_ky0-H1nVNzz59GU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/zceKhWfIkYJkef-a-Wa-Z7d685w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/CjC2NdNXRo1_ky0-H1nVNzz59GU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:d0:25:dc:42:e2:eb:46:57:8d:75:d5:e5:20:fd:1f:d6:cf:
         3b:b2:4e:c2:ef:42:e6:2d:44:1b:f7:50:4c:f5:4f:b5:f8:77:
         f0:06:e8:0d:d1:6a:9c:4b:7a:bd:ff:25:c5:a8:ff:63:91:53:
         63:fe:79:ee:61:c6:a0:f2:40:3f:d0:35:34:0e:17:41:76:98:
         ff:88:8b:c5:5a:b3:f7:43:a3:a9:a7:f3:40:12:59:61:16:03:
         60:b1:f3:79:4a:7d:15:b3:a3:49:bc:96:c7:28:12:fe:c8:dd:
         62:3b:b6:3e:0b:1f:6c:12:bf:82:64:a2:ea:42:20:f3:35:d8:
         91:20:a3:ec:c5:30:d2:e0:ca:4b:dd:eb:31:75:03:f4:ba:a8:
         94:ab:e2:e6:c4:5e:e0:ee:0e:7e:6f:23:5a:21:c1:86:d2:ee:
         01:9c:98:5d:6f:4b:1a:62:5b:bb:69:52:b1:2d:52:d7:32:e9:
         f9:8e:b4:d7:18:9b:1e:4e:9c:a9:e0:e5:1f:79:58:51:76:0a:
         28:0e:f7:e0:6e:d8:2e:36:0f:47:08:c5:55:fd:84:a6:07:16:
         55:20:5a:94:98:42:25:cd:cf:f8:52:4a:48:e4:66:7f:9f:b6:
         47:59:3f:5d:75:31:28:2b:45:d9:0c:d5:e7:6f:eb:88:93:f3:
         2c:8f:44:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3G1ZTqmDjO05bQo+s3E4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzBiNjM1ZDM1NzQ2OGQ3ZjkzMmQzZTFmNTlkNTM3M2Nm
OWY0NjUwHhcNMjQwMTAxMTYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGM3OGE4NTY3Yzg5MTgyNjQ3OWZmOWFmOTY2YmU2N2I3N2FmMzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/Ok+DpNKozmLSc021wds/i1KIEm
BDMOcU0uhzGsO2lcCmpAPruJ/R+3RjJMFRux4zbQAElkNq5p4hrB4IxkNxry9dM3
vydP0XAzSR7W61GgjswA2wyu278wTQ9IuZyHRWgLGEkS7e/tnj1zMkpYJrgHdOX0
3ov7MaufAVeTSMEGhWT1zi0ACvLqPyNJY9H6QImBL3BwB7Y24hokTznVRXUg87X3
LrCM2J2fpH1jQ2BWEJIFNTIHbAjciwpVe+1O20BNSTNdWogC6IxoYsY0oMCQ/wuB
GYejlDfum83x0vsqQDIpce9dqNHqUJCagzO/sVLAZvy3zUud+rf5t34p9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM3HioVnyJGCZHn/mvlmvme3evOcMB8GA1UdIwQY
MBaAFAowtjXTV0aNf5MtPh9Z1Tc8+fRlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pDMk5kTlhSbzFfa3kwLUgxblZOeno1OUdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8xNzg1ZjEtYWUyMy00MGYwLTgzZjIt
NmRlZjM5OGNlNWM5LzEvemNlS2hXZklrWUprZWYtYS1XYS1aN2Q2ODV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8xNzg1ZjEtYWUyMy00MGYwLTgzZjItNmRlZjM5OGNlNWM5
LzEvQ2pDMk5kTlhSbzFfa3kwLUgxblZOeno1OUdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQy5MA0G
CSqGSIb3DQEBCwUAA4IBAQBx0CXcQuLrRleNddXlIP0f1s87sk7C70LmLUQb91BM
9U+1+HfwBugN0WqcS3q9/yXFqP9jkVNj/nnuYcag8kA/0DU0DhdBdpj/iIvFWrP3
Q6Opp/NAEllhFgNgsfN5Sn0Vs6NJvJbHKBL+yN1iO7Y+Cx9sEr+CZKLqQiDzNdiR
IKPsxTDS4MpL3esxdQP0uqiUq+LmxF7g7g5+byNaIcGG0u4BnJhdb0saYlu7aVKx
LVLXMun5jrTXGJseTpyp4OUfeVhRdgooDvfgbtguNg9HCMVV/YSmBxZVIFqUmEIl
zc/4UkpI5GZ/n7ZHWT9ddTEoK0XZDNXnb+uIk/Msj0Tv
-----END CERTIFICATE-----