Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/pkjiST5zUzewV_2TmjMoh-1av1I.roa
File:                     pkjiST5zUzewV_2TmjMoh-1av1I.roa (raw, json)
Hash identifier:          DiXzFmmk1DQOUHyiRTaAmxz7dyPLhin337qajIqXU3Q=
Subject key identifier:   A6:48:E2:49:3E:73:53:37:B0:57:FD:93:9A:33:28:87:ED:5A:BF:52
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       0193055BC935245E8745B13334B2DDC56CB2
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/pkjiST5zUzewV_2TmjMoh-1av1I.roa
Signing time:             Thu 07 Nov 2024 06:42:01 +0000
ROA not before:           Thu 07 Nov 2024 06:42:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63150
IP address blocks:        45.145.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:05:5b:c9:35:24:5e:87:45:b1:33:34:b2:dd:c5:6c:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Nov  7 06:42:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a648e2493e735337b057fd939a332887ed5abf52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c6:ce:b3:45:57:f6:5f:6a:8c:1b:a2:6f:94:
                    d9:82:3c:28:5c:d4:e6:23:3f:98:85:cb:bc:d7:65:
                    3e:03:ac:a8:7f:cd:08:b2:17:eb:cf:b2:9c:62:47:
                    19:a2:f3:bd:d0:64:bf:03:c9:47:b6:9e:04:dd:ad:
                    a6:16:5c:47:92:bc:93:a5:8e:07:53:e2:46:34:f7:
                    08:bb:ed:d7:5b:20:dc:5e:3f:5e:d0:e6:de:cd:f0:
                    ae:96:3d:06:00:12:ea:b7:41:6a:0d:ff:30:5e:58:
                    9e:7d:8a:13:cf:94:68:a7:c3:ba:10:5d:4a:08:23:
                    97:cc:56:67:a3:27:1e:38:c0:d1:66:27:55:f2:27:
                    83:c3:bb:f1:f8:17:9f:0a:5b:23:e9:21:d4:72:81:
                    3b:9b:2a:a9:9a:19:c9:20:62:bb:3b:57:55:c6:24:
                    af:23:fa:8c:2d:85:c8:d4:17:8e:e7:b7:18:f6:15:
                    86:d6:0b:3d:64:52:41:8e:78:fb:99:55:d3:11:78:
                    95:8e:67:c8:07:e0:fb:8c:ea:be:87:c7:d6:98:b3:
                    bb:f0:69:98:79:90:cf:6b:ad:56:c7:b6:a0:b3:29:
                    e4:4a:f9:6c:8c:21:3f:b0:f6:27:4c:9b:99:ee:49:
                    a1:6a:a8:43:c0:78:e3:5f:b3:2e:df:6a:e1:66:e9:
                    97:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:48:E2:49:3E:73:53:37:B0:57:FD:93:9A:33:28:87:ED:5A:BF:52
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/pkjiST5zUzewV_2TmjMoh-1av1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:a8:75:21:f0:d3:ca:39:db:16:2b:0d:44:c7:e9:25:ae:f9:
         3a:2e:ce:75:0b:eb:d8:a5:ef:14:c6:5a:14:bb:96:ed:29:31:
         34:92:96:67:e6:62:12:7e:98:ab:c8:b2:9b:ca:03:69:12:a7:
         8e:f2:74:0e:98:b6:a4:03:65:fe:a1:9e:22:59:99:82:31:53:
         02:89:aa:08:be:9c:a0:4f:49:72:3a:e7:97:29:1a:c4:cf:56:
         6a:c7:be:2d:0a:dd:6c:b9:47:25:66:06:d0:c6:28:46:c5:9e:
         c1:6f:0c:bd:ac:66:fb:f5:3f:0a:86:33:ad:d1:45:cf:56:62:
         b2:3f:70:62:a1:88:32:4a:2d:89:36:64:36:59:92:d2:f5:b4:
         61:b3:f7:ff:e8:9c:c2:0a:48:53:2e:6a:b6:df:11:a4:f8:ac:
         7a:90:8b:7b:89:c2:87:3e:0c:9f:03:16:7d:5b:3a:f7:54:9a:
         f5:c4:8e:1a:58:41:12:4b:09:55:75:1d:4a:50:44:9a:0b:54:
         5a:65:83:3b:59:3c:85:c5:b6:d0:54:4b:91:77:fb:bd:42:f1:
         95:2a:74:c8:36:17:78:6a:8e:68:3e:35:96:77:77:0b:b6:0c:
         de:0d:42:f8:bd:d6:46:56:33:74:7b:4d:4c:44:0b:b0:96:38:
         4a:1d:22:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMFW8k1JF6HRbEzNLLdxWyyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjQxMTA3MDY0MjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjQ4ZTI0OTNlNzM1MzM3YjA1N2ZkOTM5YTMzMjg4N2VkNWFiZjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MbOs0VX9l9qjBuib5TZgjwoXNTm
Iz+Yhcu812U+A6yof80Ishfrz7KcYkcZovO90GS/A8lHtp4E3a2mFlxHkryTpY4H
U+JGNPcIu+3XWyDcXj9e0ObezfCulj0GABLqt0FqDf8wXliefYoTz5Rop8O6EF1K
CCOXzFZnoyceOMDRZidV8ieDw7vx+BefClsj6SHUcoE7myqpmhnJIGK7O1dVxiSv
I/qMLYXI1BeO57cY9hWG1gs9ZFJBjnj7mVXTEXiVjmfIB+D7jOq+h8fWmLO78GmY
eZDPa61Wx7agsynkSvlsjCE/sPYnTJuZ7kmhaqhDwHjjX7Mu32rhZumXowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKZI4kk+c1M3sFf9k5ozKIftWr9SMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvcGtqaVNUNXpVemV3Vl8yVG1qTW9oLTFhdjFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGZMA0G
CSqGSIb3DQEBCwUAA4IBAQBnqHUh8NPKOdsWKw1Ex+klrvk6Ls51C+vYpe8UxloU
u5btKTE0kpZn5mISfpiryLKbygNpEqeO8nQOmLakA2X+oZ4iWZmCMVMCiaoIvpyg
T0lyOueXKRrEz1Zqx74tCt1suUclZgbQxihGxZ7Bbwy9rGb79T8KhjOt0UXPVmKy
P3BioYgySi2JNmQ2WZLS9bRhs/f/6JzCCkhTLmq23xGk+Kx6kIt7icKHPgyfAxZ9
Wzr3VJr1xI4aWEESSwlVdR1KUESaC1RaZYM7WTyFxbbQVEuRd/u9QvGVKnTINhd4
ao5oPjWWd3cLtgzeDUL4vdZGVjN0e01MRAuwljhKHSII
-----END CERTIFICATE-----