Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/lXgSczTkFIkpNbaoQCqomje1kKA.roa
File:                     lXgSczTkFIkpNbaoQCqomje1kKA.roa (raw, json)
Hash identifier:          9HFHtys3sKzBpf1lwVdjNkTbGuyrk+lFHMW4TU1+v3E=
Subject key identifier:   95:78:12:73:34:E4:14:89:29:35:B6:A8:40:2A:A8:9A:37:B5:90:A0
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       018CC7947C5AD4C9D49CAF7D242E0E5DCB57
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/lXgSczTkFIkpNbaoQCqomje1kKA.roa
Signing time:             Tue 02 Jan 2024 00:30:46 +0000
ROA not before:           Tue 02 Jan 2024 00:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40676
IP address blocks:        45.145.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 03:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:7c:5a:d4:c9:d4:9c:af:7d:24:2e:0e:5d:cb:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jan  2 00:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9578127334e414892935b6a8402aa89a37b590a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:fa:5c:73:a7:80:2a:92:c1:f8:6a:93:25:e0:
                    86:c8:8f:d8:bc:78:95:e7:69:40:67:93:ed:80:c4:
                    c1:11:c3:c8:d0:72:21:a9:f3:f4:f6:af:61:1b:59:
                    9e:fa:67:20:2c:85:5e:45:65:d1:d0:76:b3:35:d1:
                    27:44:f3:7f:ea:18:ca:8f:20:03:c7:47:21:a3:c2:
                    30:9f:e6:cc:65:57:0d:2a:65:53:5a:ee:89:22:c0:
                    4b:6d:22:77:63:b0:ab:1f:90:dc:d8:5f:9e:5f:43:
                    07:96:92:d1:52:77:3f:f7:84:06:95:88:ce:a4:97:
                    1e:2e:33:8e:eb:97:bb:9a:3f:08:6c:50:a2:03:81:
                    ac:4a:66:ad:74:4f:9c:3a:45:76:ff:1b:eb:75:6b:
                    ae:06:90:a4:ee:e6:dd:b1:19:65:21:d0:a5:f7:c2:
                    a0:7b:a6:33:15:f3:a3:62:0b:36:ea:b7:41:1b:44:
                    de:a9:3d:4a:2c:25:8b:97:91:95:d3:a8:e1:0b:a0:
                    e8:9a:a1:7d:d4:e8:27:62:3b:1d:7b:06:08:ce:a8:
                    6d:7e:38:a4:e8:a1:94:72:19:2d:dd:20:88:1f:29:
                    6e:cc:a2:1e:da:d7:3a:39:f1:79:df:ee:10:65:3a:
                    93:09:54:d4:9d:0f:8a:73:7f:ed:a9:64:55:b7:42:
                    47:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:78:12:73:34:E4:14:89:29:35:B6:A8:40:2A:A8:9A:37:B5:90:A0
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/lXgSczTkFIkpNbaoQCqomje1kKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:96:75:ee:04:11:6e:d3:80:44:73:e4:d1:da:e5:f6:75:6a:
         56:07:de:64:c4:86:e6:7d:2b:1d:fb:e8:e0:88:ee:5e:d5:e1:
         51:29:e5:6b:54:4f:b5:f0:10:e9:68:81:94:91:3c:94:76:66:
         92:30:39:43:31:7f:c8:fe:2f:6c:67:e3:65:3f:42:cd:80:17:
         ea:f2:55:41:23:df:1c:e4:5c:db:90:6f:6c:f7:40:6c:33:da:
         a2:f7:c4:82:05:44:b1:4d:fb:cc:aa:a7:58:f4:e1:57:72:e7:
         73:b4:23:85:4d:f0:ec:04:c5:bb:2c:b3:27:26:03:2d:96:56:
         be:24:c5:23:c7:20:f4:ac:85:09:e5:95:a0:28:7c:b3:0f:f1:
         67:a8:02:9a:8e:98:c8:04:00:8d:e7:57:ce:d5:62:e6:5e:68:
         6f:71:a7:32:82:83:8d:a9:ea:19:ae:19:99:60:39:d6:30:f0:
         18:19:f3:7a:e2:22:e0:a7:b7:0e:13:e9:61:22:84:b2:bd:88:
         2c:c8:d8:b5:7d:56:2d:09:12:76:bc:30:46:40:69:32:54:63:
         f5:d3:74:1a:74:6b:42:d5:e6:e1:4a:32:ea:59:40:da:58:d5:
         18:b9:67:ba:58:fb:23:96:0e:df:1a:9f:f5:07:7a:15:94:d8:
         c2:a4:53:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlHxa1MnUnK99JC4OXctXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjQwMTAyMDAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTc4MTI3MzM0ZTQxNDg5MjkzNWI2YTg0MDJhYTg5YTM3YjU5MGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/pcc6eAKpLB+GqTJeCGyI/YvHiV
52lAZ5PtgMTBEcPI0HIhqfP09q9hG1me+mcgLIVeRWXR0HazNdEnRPN/6hjKjyAD
x0cho8Iwn+bMZVcNKmVTWu6JIsBLbSJ3Y7CrH5Dc2F+eX0MHlpLRUnc/94QGlYjO
pJceLjOO65e7mj8IbFCiA4GsSmatdE+cOkV2/xvrdWuuBpCk7ubdsRllIdCl98Kg
e6YzFfOjYgs26rdBG0TeqT1KLCWLl5GV06jhC6DomqF91OgnYjsdewYIzqhtfjik
6KGUchkt3SCIHyluzKIe2tc6OfF53+4QZTqTCVTUnQ+Kc3/tqWRVt0JH7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJV4EnM05BSJKTW2qEAqqJo3tZCgMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvbFhnU2N6VGtGSWtwTmJhb1FDcW9tamUxa0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGbMA0G
CSqGSIb3DQEBCwUAA4IBAQCPlnXuBBFu04BEc+TR2uX2dWpWB95kxIbmfSsd++jg
iO5e1eFRKeVrVE+18BDpaIGUkTyUdmaSMDlDMX/I/i9sZ+NlP0LNgBfq8lVBI98c
5FzbkG9s90BsM9qi98SCBUSxTfvMqqdY9OFXcudztCOFTfDsBMW7LLMnJgMtlla+
JMUjxyD0rIUJ5ZWgKHyzD/FnqAKajpjIBACN51fO1WLmXmhvcacygoONqeoZrhmZ
YDnWMPAYGfN64iLgp7cOE+lhIoSyvYgsyNi1fVYtCRJ2vDBGQGkyVGP103QadGtC
1ebhSjLqWUDaWNUYuWe6WPsjlg7fGp/1B3oVlNjCpFPV
-----END CERTIFICATE-----