Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/f440de-1592-458c-aaa3-7c47241c0a84/1/D0GxtAQGtf0PtTuC9BvY0X3CfPI.roa
File:                     D0GxtAQGtf0PtTuC9BvY0X3CfPI.roa (raw, json)
Hash identifier:          io9awGDaSI2F3j3lYq6dyEBMZ2N1UBN3ar287HiAHyE=
Subject key identifier:   0F:41:B1:B4:04:06:B5:FD:0F:B5:3B:82:F4:1B:D8:D1:7D:C2:7C:F2
Certificate issuer:       /CN=a4a37beb7fd65caa9afc46d9f24273cd27c0f960
Certificate serial:       018CC3495AEE1D0F64F5F097C6978BDDF071
Authority key identifier: A4:A3:7B:EB:7F:D6:5C:AA:9A:FC:46:D9:F2:42:73:CD:27:C0:F9:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pKN763_WXKqa_EbZ8kJzzSfA-WA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/f440de-1592-458c-aaa3-7c47241c0a84/1/D0GxtAQGtf0PtTuC9BvY0X3CfPI.roa
Signing time:             Mon 01 Jan 2024 04:30:13 +0000
ROA not before:           Mon 01 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20810
IP address blocks:        45.138.56.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/f440de-1592-458c-aaa3-7c47241c0a84/1/pKN763_WXKqa_EbZ8kJzzSfA-WA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/f440de-1592-458c-aaa3-7c47241c0a84/1/pKN763_WXKqa_EbZ8kJzzSfA-WA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pKN763_WXKqa_EbZ8kJzzSfA-WA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5a:ee:1d:0f:64:f5:f0:97:c6:97:8b:dd:f0:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4a37beb7fd65caa9afc46d9f24273cd27c0f960
        Validity
            Not Before: Jan  1 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f41b1b40406b5fd0fb53b82f41bd8d17dc27cf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:93:28:68:d4:e3:4c:57:30:17:76:cf:b8:09:
                    c4:90:f5:22:f4:b6:d1:77:75:ec:37:d2:b9:a0:2e:
                    55:17:f0:fd:08:35:11:13:31:c8:02:9e:f4:1c:c3:
                    39:86:ba:06:9c:89:f3:aa:d5:b4:12:1e:d4:87:1a:
                    c0:73:19:d7:24:5e:52:53:84:76:3e:d9:0f:3d:4b:
                    f5:05:f9:01:f2:6e:77:b9:b0:e3:89:b2:0e:1b:b4:
                    a3:1a:72:fb:a6:bf:d6:9f:c7:10:85:fd:08:7c:20:
                    b2:4c:29:ac:c2:a2:9c:92:ae:88:e8:c0:9e:82:83:
                    b7:08:15:08:38:16:ef:66:1e:bf:82:57:8f:95:97:
                    6b:90:38:0b:0b:f4:b9:83:6d:98:86:00:24:e4:4d:
                    31:f5:86:6c:17:1e:83:c2:4b:ed:76:f4:20:b0:e9:
                    29:2d:af:43:53:69:0f:46:72:5e:d6:35:b4:6b:c5:
                    c2:77:56:a3:75:af:2c:6d:d1:b3:26:88:19:35:76:
                    23:ab:c1:92:8f:a8:14:35:ba:1d:ce:b7:7d:a3:c2:
                    ec:c9:ce:d7:36:a5:c4:25:7e:fa:a3:b3:a3:be:0c:
                    f3:b6:54:a0:cd:53:0f:f5:46:51:b8:81:45:4f:73:
                    c5:93:70:d0:2e:40:a3:a4:f3:91:16:74:96:86:79:
                    99:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:41:B1:B4:04:06:B5:FD:0F:B5:3B:82:F4:1B:D8:D1:7D:C2:7C:F2
            X509v3 Authority Key Identifier:
                keyid:A4:A3:7B:EB:7F:D6:5C:AA:9A:FC:46:D9:F2:42:73:CD:27:C0:F9:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pKN763_WXKqa_EbZ8kJzzSfA-WA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/f440de-1592-458c-aaa3-7c47241c0a84/1/D0GxtAQGtf0PtTuC9BvY0X3CfPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/f440de-1592-458c-aaa3-7c47241c0a84/1/pKN763_WXKqa_EbZ8kJzzSfA-WA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:03:01:b4:ff:00:77:40:50:0f:c1:3f:63:26:5c:a0:8a:f6:
         52:e9:02:9a:7f:59:a5:f5:6f:63:97:8e:35:67:73:0f:32:16:
         b0:67:61:86:87:fc:5e:62:74:0e:dd:30:45:a1:94:1a:13:f0:
         ef:c5:52:36:9b:76:9b:45:72:13:58:30:46:0b:8b:c0:44:ce:
         5a:1d:f0:8b:62:3d:4a:7d:b4:af:e1:ca:a9:4a:81:f9:9c:fd:
         0f:ed:43:02:d3:60:54:be:67:b2:e9:08:18:89:51:5a:42:af:
         83:fc:1c:f1:a3:fd:04:0b:dc:fa:ba:40:17:09:99:b8:2b:dd:
         da:a4:9b:a7:a4:cb:61:c7:ab:8d:5c:50:79:85:23:7e:8d:c5:
         da:7b:df:19:77:5c:b7:e8:20:3e:2c:a6:c9:b9:25:67:7b:6f:
         ee:08:3d:e0:32:29:b5:58:77:08:ec:e3:3e:de:21:93:87:f3:
         ac:b8:ed:a5:52:1b:17:d0:34:db:48:f8:7f:50:e1:5c:79:9f:
         7e:05:10:4c:e7:82:e2:61:d0:3d:31:96:9e:58:e1:cc:0b:57:
         12:20:14:74:ec:38:ab:a8:96:ab:2f:cb:6d:02:8f:29:18:8f:
         38:f6:62:1f:60:11:18:a2:e7:99:a2:47:2e:e0:f5:bc:e2:5b:
         d3:3e:7f:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVruHQ9k9fCXxpeL3fBxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YTM3YmViN2ZkNjVjYWE5YWZjNDZkOWYyNDI3M2NkMjdj
MGY5NjAwHhcNMjQwMTAxMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjQxYjFiNDA0MDZiNWZkMGZiNTNiODJmNDFiZDhkMTdkYzI3Y2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpMoaNTjTFcwF3bPuAnEkPUi9LbR
d3XsN9K5oC5VF/D9CDUREzHIAp70HMM5hroGnInzqtW0Eh7UhxrAcxnXJF5SU4R2
PtkPPUv1BfkB8m53ubDjibIOG7SjGnL7pr/Wn8cQhf0IfCCyTCmswqKckq6I6MCe
goO3CBUIOBbvZh6/glePlZdrkDgLC/S5g22YhgAk5E0x9YZsFx6DwkvtdvQgsOkp
La9DU2kPRnJe1jW0a8XCd1ajda8sbdGzJogZNXYjq8GSj6gUNbodzrd9o8Lsyc7X
NqXEJX76o7OjvgzztlSgzVMP9UZRuIFFT3PFk3DQLkCjpPORFnSWhnmZKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9BsbQEBrX9D7U7gvQb2NF9wnzyMB8GA1UdIwQY
MBaAFKSje+t/1lyqmvxG2fJCc80nwPlgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEtONzYzX1dYS3FhX0ViWjhrSnp6U2ZBLVdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9mNDQwZGUtMTU5Mi00NThjLWFhYTMt
N2M0NzI0MWMwYTg0LzEvRDBHeHRBUUd0ZjBQdFR1QzlCdlkwWDNDZlBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9mNDQwZGUtMTU5Mi00NThjLWFhYTMtN2M0NzI0MWMwYTg0
LzEvcEtONzYzX1dYS3FhX0ViWjhrSnp6U2ZBLVdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYo4MA0G
CSqGSIb3DQEBCwUAA4IBAQB+AwG0/wB3QFAPwT9jJlygivZS6QKaf1ml9W9jl441
Z3MPMhawZ2GGh/xeYnQO3TBFoZQaE/DvxVI2m3abRXITWDBGC4vARM5aHfCLYj1K
fbSv4cqpSoH5nP0P7UMC02BUvmey6QgYiVFaQq+D/Bzxo/0EC9z6ukAXCZm4K93a
pJunpMthx6uNXFB5hSN+jcXae98Zd1y36CA+LKbJuSVne2/uCD3gMim1WHcI7OM+
3iGTh/OsuO2lUhsX0DTbSPh/UOFceZ9+BRBM54LiYdA9MZaeWOHMC1cSIBR07Dir
qJarL8ttAo8pGI849mIfYBEYoueZokcu4PW84lvTPn+1
-----END CERTIFICATE-----