Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/njabFCfnMLcNiqyZK-a7FQTtfPk.roa
File:                     njabFCfnMLcNiqyZK-a7FQTtfPk.roa (raw, json)
Hash identifier:          64Q7nwuUJAqwVXedx/LGBqwo5cLFEsY+kjgc14qWDjM=
Subject key identifier:   9E:36:9B:14:27:E7:30:B7:0D:8A:AC:99:2B:E6:BB:15:04:ED:7C:F9
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       018E2A32B6AF31125BA0A46801FFA5BBD762
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/njabFCfnMLcNiqyZK-a7FQTtfPk.roa
Signing time:             Sun 10 Mar 2024 21:09:10 +0000
ROA not before:           Sun 10 Mar 2024 21:09:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211975
IP address blocks:        45.145.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2a:32:b6:af:31:12:5b:a0:a4:68:01:ff:a5:bb:d7:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Mar 10 21:09:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e369b1427e730b70d8aac992be6bb1504ed7cf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:83:6c:c2:ed:6b:98:a9:ad:86:53:d9:b0:ad:
                    8f:74:f0:71:08:03:cf:cd:4c:43:28:80:d6:84:83:
                    fc:1e:61:22:f6:5b:4d:7d:17:63:2a:80:34:45:b8:
                    41:1d:76:f2:57:51:8b:df:e7:8a:05:7a:5b:66:dc:
                    ea:b4:ac:48:0b:00:14:e2:ae:e0:67:78:3c:c8:1e:
                    0c:0e:d3:45:e6:3c:d0:b6:8c:97:d4:2c:af:a5:b8:
                    71:bd:66:42:7c:1a:2b:8f:63:33:ee:f6:ec:22:2a:
                    c6:21:27:bf:43:7d:ef:b3:57:48:20:6b:4a:14:1c:
                    62:ae:b1:df:05:ae:a0:ba:91:69:bf:4d:ae:16:4f:
                    1c:47:df:4e:64:5f:73:4d:88:13:47:01:8b:38:72:
                    0f:5e:e1:dc:c7:1f:e4:92:7c:11:6c:ec:96:6d:1e:
                    e4:f2:ef:64:7e:d6:03:44:56:de:8b:a1:9a:df:45:
                    8f:e4:fa:7c:8a:20:5e:8d:03:28:de:a7:8a:93:d1:
                    13:85:3f:bc:ac:55:90:7c:7f:e9:60:e5:2d:91:e7:
                    17:2b:9b:72:30:d8:fc:2f:1e:5b:da:c2:09:1c:d8:
                    09:58:ea:5f:92:1d:cd:82:76:bf:fc:92:07:8f:fc:
                    00:53:cc:4b:57:3e:e0:6c:d0:d8:d2:0f:e7:c5:41:
                    6d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:36:9B:14:27:E7:30:B7:0D:8A:AC:99:2B:E6:BB:15:04:ED:7C:F9
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/njabFCfnMLcNiqyZK-a7FQTtfPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:f0:c7:65:fa:3a:a0:4f:5e:a1:50:f1:34:fb:eb:d7:ea:bf:
         e0:89:a5:7a:bb:9e:08:f6:5e:d8:83:ea:ff:02:14:85:ca:dc:
         bc:89:9f:31:1d:87:4a:0f:c0:4c:4d:50:01:c0:a9:93:d4:7d:
         2e:06:ed:92:88:64:16:ef:11:d6:82:b0:38:f7:73:63:ed:46:
         a4:76:0c:1a:fd:96:c9:37:6f:2e:68:39:ef:48:33:c7:6f:f9:
         c2:86:03:5f:c2:3e:00:80:31:92:b3:26:97:bc:8f:4c:fd:56:
         5f:92:f3:a8:fe:fe:bc:cd:10:8e:84:43:e1:10:82:31:71:ac:
         96:94:88:94:a9:5d:51:fd:9a:f1:7b:8d:42:1d:75:eb:13:9b:
         90:08:64:b3:26:e4:14:e8:b7:98:5b:b0:2f:6f:6d:73:54:c1:
         6c:36:c9:9e:c4:e0:81:5e:49:15:46:e1:f3:a2:59:02:24:59:
         ca:3d:7e:57:6d:18:79:86:7c:b1:4f:bb:cd:17:7d:32:08:fb:
         b2:22:9c:ec:54:14:cf:40:95:0b:88:d3:2e:87:96:f5:35:19:
         54:7d:94:2b:b8:69:3f:a9:88:8d:bf:b6:fc:94:3f:ee:cd:4d:
         02:6c:7f:e3:f0:30:6d:e5:44:e0:2f:dd:46:d3:d8:d8:9e:c5:
         ca:33:63:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4qMravMRJboKRoAf+lu9diMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjQwMzEwMjEwOTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTM2OWIxNDI3ZTczMGI3MGQ4YWFjOTkyYmU2YmIxNTA0ZWQ3Y2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6INswu1rmKmthlPZsK2PdPBxCAPP
zUxDKIDWhIP8HmEi9ltNfRdjKoA0RbhBHXbyV1GL3+eKBXpbZtzqtKxICwAU4q7g
Z3g8yB4MDtNF5jzQtoyX1CyvpbhxvWZCfBorj2Mz7vbsIirGISe/Q33vs1dIIGtK
FBxirrHfBa6gupFpv02uFk8cR99OZF9zTYgTRwGLOHIPXuHcxx/kknwRbOyWbR7k
8u9kftYDRFbei6Ga30WP5Pp8iiBejQMo3qeKk9EThT+8rFWQfH/pYOUtkecXK5ty
MNj8Lx5b2sIJHNgJWOpfkh3Ngna//JIHj/wAU8xLVz7gbNDY0g/nxUFt6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ42mxQn5zC3DYqsmSvmuxUE7Xz5MB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvbmphYkZDZm5NTGNOaXF5WkstYTdGUVR0ZlBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGZMA0G
CSqGSIb3DQEBCwUAA4IBAQBl8Mdl+jqgT16hUPE0++vX6r/giaV6u54I9l7Yg+r/
AhSFyty8iZ8xHYdKD8BMTVABwKmT1H0uBu2SiGQW7xHWgrA493Nj7Uakdgwa/ZbJ
N28uaDnvSDPHb/nChgNfwj4AgDGSsyaXvI9M/VZfkvOo/v68zRCOhEPhEIIxcayW
lIiUqV1R/Zrxe41CHXXrE5uQCGSzJuQU6LeYW7Avb21zVMFsNsmexOCBXkkVRuHz
olkCJFnKPX5XbRh5hnyxT7vNF30yCPuyIpzsVBTPQJULiNMuh5b1NRlUfZQruGk/
qYiNv7b8lD/uzU0CbH/j8DBt5UTgL91G09jYnsXKM2PG
-----END CERTIFICATE-----