Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/2rKhfOtmJwC6iklG8GDqXWNT6KU.roa
File:                     2rKhfOtmJwC6iklG8GDqXWNT6KU.roa (raw, json)
Hash identifier:          sfZahddaVNy/2DOVmEFD38klTEjVU8k7cRw6FquvKKo=
Subject key identifier:   DA:B2:A1:7C:EB:66:27:00:BA:8A:49:46:F0:60:EA:5D:63:53:E8:A5
Certificate issuer:       /CN=ee31367df6d1861071c92bae726523326f45ba2a
Certificate serial:       018CC80164650E57F5A423B6312A80CD635B
Authority key identifier: EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/2rKhfOtmJwC6iklG8GDqXWNT6KU.roa
Signing time:             Tue 02 Jan 2024 02:29:43 +0000
ROA not before:           Tue 02 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34854
IP address blocks:        45.92.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:64:65:0e:57:f5:a4:23:b6:31:2a:80:cd:63:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee31367df6d1861071c92bae726523326f45ba2a
        Validity
            Not Before: Jan  2 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dab2a17ceb662700ba8a4946f060ea5d6353e8a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:af:ac:50:06:78:d9:be:8e:0b:39:52:23:28:
                    10:f9:47:15:93:78:06:2f:4e:85:0c:76:0d:ae:7e:
                    e4:c0:66:09:88:35:a7:4d:d8:7d:ca:df:ce:41:82:
                    0f:a1:13:58:31:c9:fe:c5:f9:5e:11:4e:8f:1b:cf:
                    85:4f:62:14:29:46:76:7b:d9:5c:f1:bc:96:96:44:
                    59:7e:81:da:af:dd:fb:27:27:03:f5:6d:97:c7:41:
                    a5:1f:b4:f3:ef:7f:88:3e:41:51:43:c7:a4:82:d4:
                    54:ae:03:76:65:c9:32:f1:28:37:f6:fd:e0:ec:24:
                    60:38:b0:62:13:5e:b0:f6:89:8a:b9:c9:57:e6:4c:
                    1a:f7:c0:80:2c:c1:ee:19:eb:0d:6b:f3:43:de:80:
                    07:32:45:e8:cd:96:64:05:5d:1e:aa:50:4c:97:a6:
                    80:b7:8f:77:b3:f1:a2:bc:42:39:a3:58:ea:17:af:
                    f5:20:36:86:fc:f7:02:e3:a7:f4:f3:7f:42:aa:4b:
                    a5:9d:ff:2a:46:22:66:ae:5d:ca:ad:36:57:1a:9d:
                    27:f5:83:da:dd:a8:c1:55:71:ac:a4:58:9b:a8:d0:
                    c0:81:83:5b:17:a8:a0:1e:63:fe:29:16:28:0d:00:
                    1b:be:cf:5e:71:c3:d3:a3:a0:89:3f:94:79:89:9f:
                    35:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:B2:A1:7C:EB:66:27:00:BA:8A:49:46:F0:60:EA:5D:63:53:E8:A5
            X509v3 Authority Key Identifier:
                keyid:EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/2rKhfOtmJwC6iklG8GDqXWNT6KU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:1b:10:6a:83:b6:3c:d2:df:2d:4a:64:f3:61:38:eb:b5:08:
         92:d2:8c:3d:0c:ff:9b:b0:92:fe:ec:c9:60:49:cb:ac:44:2a:
         02:73:9f:42:2a:29:15:f8:38:ce:ea:a9:4c:b1:71:8c:e4:52:
         49:02:41:5a:06:0c:c6:e0:6a:7f:44:44:1b:fb:c1:e7:17:ab:
         b6:cc:52:3f:b5:ea:c4:b6:de:6b:19:b2:e7:72:91:4d:a5:c8:
         53:b3:96:74:ca:47:41:99:3b:dd:29:95:3f:a5:85:47:fc:62:
         c0:ad:5a:a3:ff:7c:c1:64:1e:df:40:ca:ba:39:bb:9f:bc:c8:
         80:e0:02:1a:60:a6:cf:5a:9c:17:d4:df:ca:83:a6:c0:c4:42:
         ea:84:1a:0d:95:ab:49:ab:c6:15:e8:3b:85:16:15:e5:b5:2e:
         6b:b1:d8:d8:bd:c0:ea:b7:f2:fc:13:36:24:30:ad:19:fa:94:
         e3:84:62:d6:98:4e:4b:62:eb:a8:96:8c:4d:4b:31:0f:22:7c:
         95:00:2a:1d:28:e2:d1:45:1d:13:54:cb:f3:d9:36:66:50:48:
         b0:6d:68:e6:48:a6:84:64:e1:1b:84:17:e4:86:9f:06:4b:b7:
         18:40:29:6e:9c:b8:41:8f:0d:9a:83:a4:fd:29:07:b6:92:e0:
         81:93:3f:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWRlDlf1pCO2MSqAzWNbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMzEzNjdkZjZkMTg2MTA3MWM5MmJhZTcyNjUyMzMyNmY0
NWJhMmEwHhcNMjQwMTAyMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWIyYTE3Y2ViNjYyNzAwYmE4YTQ5NDZmMDYwZWE1ZDYzNTNlOGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6+sUAZ42b6OCzlSIygQ+UcVk3gG
L06FDHYNrn7kwGYJiDWnTdh9yt/OQYIPoRNYMcn+xfleEU6PG8+FT2IUKUZ2e9lc
8byWlkRZfoHar937JycD9W2Xx0GlH7Tz73+IPkFRQ8ekgtRUrgN2Zcky8Sg39v3g
7CRgOLBiE16w9omKuclX5kwa98CALMHuGesNa/ND3oAHMkXozZZkBV0eqlBMl6aA
t493s/GivEI5o1jqF6/1IDaG/PcC46f0839Cqkulnf8qRiJmrl3KrTZXGp0n9YPa
3ajBVXGspFibqNDAgYNbF6igHmP+KRYoDQAbvs9eccPTo6CJP5R5iZ81QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNqyoXzrZicAuopJRvBg6l1jU+ilMB8GA1UdIwQY
MBaAFO4xNn320YYQcckrrnJlIzJvRboqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2It
MTE1OWRiZmJlZDU0LzEvMnJLaGZPdG1Kd0M2aWtsRzhHRHFYV05UNktVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2ItMTE1OWRiZmJlZDU0
LzEvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVwoMA0G
CSqGSIb3DQEBCwUAA4IBAQASGxBqg7Y80t8tSmTzYTjrtQiS0ow9DP+bsJL+7Mlg
ScusRCoCc59CKikV+DjO6qlMsXGM5FJJAkFaBgzG4Gp/REQb+8HnF6u2zFI/terE
tt5rGbLncpFNpchTs5Z0ykdBmTvdKZU/pYVH/GLArVqj/3zBZB7fQMq6ObufvMiA
4AIaYKbPWpwX1N/Kg6bAxELqhBoNlatJq8YV6DuFFhXltS5rsdjYvcDqt/L8EzYk
MK0Z+pTjhGLWmE5LYuuoloxNSzEPInyVACodKOLRRR0TVMvz2TZmUEiwbWjmSKaE
ZOEbhBfkhp8GS7cYQClunLhBjw2ag6T9KQe2kuCBkz/0
-----END CERTIFICATE-----