Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/hKxRHcDzhC2IM07uB70p4o8hHn4.roa
File:                     hKxRHcDzhC2IM07uB70p4o8hHn4.roa (raw, json)
Hash identifier:          kq6FMj3mveUu3gSufYev+NdGDgK92RwcjMeQklH3IJ8=
Subject key identifier:   84:AC:51:1D:C0:F3:84:2D:88:33:4E:EE:07:BD:29:E2:8F:21:1E:7E
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       018CC7947C13312D8B274779C7883F615FFE
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/hKxRHcDzhC2IM07uB70p4o8hHn4.roa
Signing time:             Tue 02 Jan 2024 00:30:46 +0000
ROA not before:           Tue 02 Jan 2024 00:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        45.145.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:7c:13:31:2d:8b:27:47:79:c7:88:3f:61:5f:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jan  2 00:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84ac511dc0f3842d88334eee07bd29e28f211e7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a0:76:55:ba:b7:a8:36:32:02:be:f0:e5:19:
                    33:2c:90:84:12:88:68:0f:ea:d4:88:6d:c5:3e:1a:
                    2f:3a:bd:f3:e5:76:c7:a2:69:87:9a:9e:54:19:8e:
                    17:d1:ce:76:19:4d:67:d5:65:31:ed:53:35:89:fe:
                    ae:86:96:c4:73:1a:c1:76:a7:9d:13:ba:a5:8a:6a:
                    c7:9c:84:87:9c:43:b4:87:97:6d:c1:19:71:46:fe:
                    29:a4:c6:c3:a3:ed:5a:c1:40:40:a9:ca:4d:2a:76:
                    54:eb:1f:59:9f:55:37:95:c8:59:08:ef:eb:1e:cc:
                    68:0b:59:63:2f:cb:11:2f:8d:ac:59:8a:e0:3d:c3:
                    a1:a4:b9:9a:9b:23:b2:ff:92:dd:0a:5d:d7:6c:54:
                    85:35:da:33:62:c0:c6:42:e2:56:f0:69:6e:ca:c9:
                    3f:d2:dc:cd:e2:ee:8d:62:ba:c3:2f:8c:24:e7:16:
                    bc:39:1e:df:30:23:38:ad:e8:7b:62:2c:57:77:d1:
                    ed:2f:c8:ef:7b:de:14:bf:73:1e:58:a8:e2:51:06:
                    75:43:08:89:fb:bb:6c:b8:4b:86:a3:0a:87:a1:63:
                    ea:be:6b:da:c3:f7:86:84:ef:a6:0f:6e:56:d8:f2:
                    a5:6f:b0:4f:95:74:8b:b7:90:20:82:cf:93:ba:58:
                    d9:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:AC:51:1D:C0:F3:84:2D:88:33:4E:EE:07:BD:29:E2:8F:21:1E:7E
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/hKxRHcDzhC2IM07uB70p4o8hHn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:ae:82:70:2d:02:bd:27:d1:33:0f:8f:ab:d2:b8:42:31:69:
         24:ee:64:00:9b:04:bf:50:09:e8:3c:0a:50:00:5e:90:67:61:
         26:1d:57:ff:6f:c9:c7:c9:a2:59:3c:3a:28:30:9a:f8:4e:46:
         09:40:94:54:af:91:0a:bf:a5:2f:c8:3b:5c:70:0a:f0:c6:a5:
         43:6f:bf:18:82:81:05:64:67:16:e8:8c:90:a9:c5:91:3a:6a:
         be:35:48:87:12:03:57:8a:f0:fa:5d:3d:c1:0f:9d:39:14:23:
         2f:ef:13:f3:39:53:95:64:03:eb:3d:c8:b8:fb:74:bb:e1:49:
         1e:5b:35:e4:ee:4e:71:a2:f6:8b:ee:7c:d1:dc:4f:30:f0:fa:
         5b:4c:e3:2f:25:f6:56:05:e7:14:60:0d:0f:02:c5:35:44:fe:
         e9:e8:41:0e:48:53:b9:a5:09:cd:23:1b:b2:07:e8:2a:9e:61:
         c2:e2:e5:85:61:e3:10:c7:28:a3:ad:2d:de:3c:0d:42:31:65:
         52:f9:cc:86:c4:a4:63:00:11:64:f7:2e:cc:86:47:f9:f3:eb:
         3d:87:d5:66:4d:f6:8e:f5:db:ce:a5:42:19:cd:b0:5e:b3:d0:
         63:0f:0c:45:b1:78:38:3d:1e:09:cb:2f:8d:f6:5b:a3:da:f9:
         7f:2a:53:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlHwTMS2LJ0d5x4g/YV/+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjQwMTAyMDAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGFjNTExZGMwZjM4NDJkODgzMzRlZWUwN2JkMjllMjhmMjExZTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKB2Vbq3qDYyAr7w5RkzLJCEEoho
D+rUiG3FPhovOr3z5XbHommHmp5UGY4X0c52GU1n1WUx7VM1if6uhpbEcxrBdqed
E7qlimrHnISHnEO0h5dtwRlxRv4ppMbDo+1awUBAqcpNKnZU6x9Zn1U3lchZCO/r
HsxoC1ljL8sRL42sWYrgPcOhpLmamyOy/5LdCl3XbFSFNdozYsDGQuJW8Gluysk/
0tzN4u6NYrrDL4wk5xa8OR7fMCM4reh7YixXd9HtL8jve94Uv3MeWKjiUQZ1QwiJ
+7tsuEuGowqHoWPqvmvaw/eGhO+mD25W2PKlb7BPlXSLt5Aggs+TuljZBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISsUR3A84QtiDNO7ge9KeKPIR5+MB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvaEt4UkhjRHpoQzJJTTA3dUI3MHA0bzhoSG40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGYMA0G
CSqGSIb3DQEBCwUAA4IBAQBtroJwLQK9J9EzD4+r0rhCMWkk7mQAmwS/UAnoPApQ
AF6QZ2EmHVf/b8nHyaJZPDooMJr4TkYJQJRUr5EKv6UvyDtccArwxqVDb78YgoEF
ZGcW6IyQqcWROmq+NUiHEgNXivD6XT3BD505FCMv7xPzOVOVZAPrPci4+3S74Uke
WzXk7k5xovaL7nzR3E8w8PpbTOMvJfZWBecUYA0PAsU1RP7p6EEOSFO5pQnNIxuy
B+gqnmHC4uWFYeMQxyijrS3ePA1CMWVS+cyGxKRjABFk9y7Mhkf58+s9h9VmTfaO
9dvOpUIZzbBes9BjDwxFsXg4PR4Jyy+N9luj2vl/KlP9
-----END CERTIFICATE-----