Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/8b554c-0cef-41b3-ba3b-2d5d6884173f/1/EDoc6wG56JaGuqrME5CK5Mxl-GU.roa
File:                     EDoc6wG56JaGuqrME5CK5Mxl-GU.roa (raw, json)
Hash identifier:          i+3LcNEF0h5Q87qxChy0EdbPHhbo55gOhHNXBniA57I=
Subject key identifier:   10:3A:1C:EB:01:B9:E8:96:86:BA:AA:CC:13:90:8A:E4:CC:65:F8:65
Certificate issuer:       /CN=935f53f5e407e55a2330d9d523a804c0722ca565
Certificate serial:       018CC9BC0C934F27A1240BD83B84CDEE3994
Authority key identifier: 93:5F:53:F5:E4:07:E5:5A:23:30:D9:D5:23:A8:04:C0:72:2C:A5:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k19T9eQH5VojMNnVI6gEwHIspWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/8b554c-0cef-41b3-ba3b-2d5d6884173f/1/EDoc6wG56JaGuqrME5CK5Mxl-GU.roa
Signing time:             Tue 02 Jan 2024 10:33:13 +0000
ROA not before:           Tue 02 Jan 2024 10:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208550
IP address blocks:        45.158.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/8b554c-0cef-41b3-ba3b-2d5d6884173f/1/k19T9eQH5VojMNnVI6gEwHIspWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/8b554c-0cef-41b3-ba3b-2d5d6884173f/1/k19T9eQH5VojMNnVI6gEwHIspWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k19T9eQH5VojMNnVI6gEwHIspWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:0c:93:4f:27:a1:24:0b:d8:3b:84:cd:ee:39:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=935f53f5e407e55a2330d9d523a804c0722ca565
        Validity
            Not Before: Jan  2 10:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=103a1ceb01b9e89686baaacc13908ae4cc65f865
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:73:35:7c:c7:9e:5c:ae:7b:9f:e6:3f:b5:95:
                    f9:66:42:f9:f6:42:a4:f5:c8:d9:77:1f:c9:1f:4c:
                    a5:98:40:f8:18:db:69:37:95:da:e8:da:26:3c:21:
                    2c:80:fd:67:ad:c4:fd:16:99:ab:80:ef:35:df:7c:
                    2e:41:65:eb:d8:66:6f:11:62:cf:33:b7:e3:55:4c:
                    76:d2:38:cc:ba:bc:2d:0d:61:54:97:7e:92:b0:3d:
                    c9:1a:f9:95:d5:e1:c6:b8:c6:a7:52:ac:74:1e:70:
                    fa:40:0c:22:22:9d:dc:a8:3b:78:c1:e5:a7:60:12:
                    6f:32:8d:f9:73:f0:d3:2b:74:d4:e9:7d:99:7f:e2:
                    36:fb:b6:b8:51:cf:58:a1:df:13:b3:af:99:ae:7e:
                    97:c6:52:f3:40:33:51:7d:4b:25:cd:74:d2:8d:c6:
                    26:b6:63:3d:8f:1d:d8:a8:5f:b8:e2:77:fc:1f:e5:
                    61:a3:18:22:79:20:f4:7d:92:5e:6a:a8:98:4e:d6:
                    cf:79:f3:e6:94:ec:fd:9a:87:91:ee:bd:7c:fc:26:
                    42:10:63:98:af:5e:bc:1c:3b:4d:b8:fb:16:7a:00:
                    4d:7f:59:ee:e0:1e:d1:fd:7e:e8:9f:17:90:fc:8a:
                    fd:02:80:e8:ff:06:56:84:ce:51:e2:e3:e8:58:e4:
                    44:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:3A:1C:EB:01:B9:E8:96:86:BA:AA:CC:13:90:8A:E4:CC:65:F8:65
            X509v3 Authority Key Identifier:
                keyid:93:5F:53:F5:E4:07:E5:5A:23:30:D9:D5:23:A8:04:C0:72:2C:A5:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k19T9eQH5VojMNnVI6gEwHIspWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/8b554c-0cef-41b3-ba3b-2d5d6884173f/1/EDoc6wG56JaGuqrME5CK5Mxl-GU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/8b554c-0cef-41b3-ba3b-2d5d6884173f/1/k19T9eQH5VojMNnVI6gEwHIspWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:1d:27:e4:d7:03:ad:94:b3:1b:c0:e2:8d:f2:3a:be:c6:36:
         3c:98:95:60:9e:18:92:8d:6a:f9:c2:ca:b7:8f:d5:6b:23:21:
         9a:20:69:ed:2c:2d:9e:21:f1:09:59:91:4a:17:e6:06:35:82:
         b8:ac:1c:2d:44:af:16:01:0a:de:dc:7c:df:00:74:b1:88:c2:
         5c:92:0e:f6:4e:2f:7e:cf:ad:65:8c:ed:12:c3:c8:19:f6:4b:
         5e:22:d9:16:05:71:08:e1:bf:58:22:0d:5b:68:00:1b:85:e2:
         94:ee:a8:e9:68:b9:92:5e:fd:70:1f:d3:05:86:f8:cb:0c:b0:
         a4:a8:1c:72:e9:52:0b:a6:ac:c1:a2:a4:69:5d:ab:b6:eb:88:
         1b:8f:78:a0:fb:76:76:79:8c:5f:ee:36:79:b5:6e:80:f5:4b:
         92:e7:0a:31:c2:2a:8a:b4:f7:2c:bb:64:63:6e:d8:f6:d1:1f:
         c2:bd:0b:37:7e:4d:31:8b:84:d8:90:44:91:55:dc:be:eb:34:
         c0:ce:46:ad:e9:5d:e9:0a:9a:1f:d7:df:cc:03:29:50:4d:41:
         40:57:6b:a1:ad:25:d0:c8:d0:bd:44:67:4a:c3:95:61:69:fe:
         f9:bc:b4:3d:4c:87:c2:7f:e9:83:19:3c:71:06:90:bd:76:96:
         6a:08:eb:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvAyTTyehJAvYO4TN7jmUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNWY1M2Y1ZTQwN2U1NWEyMzMwZDlkNTIzYTgwNGMwNzIy
Y2E1NjUwHhcNMjQwMTAyMTAzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDNhMWNlYjAxYjllODk2ODZiYWFhY2MxMzkwOGFlNGNjNjVmODY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHM1fMeeXK57n+Y/tZX5ZkL59kKk
9cjZdx/JH0ylmED4GNtpN5Xa6NomPCEsgP1nrcT9FpmrgO8133wuQWXr2GZvEWLP
M7fjVUx20jjMurwtDWFUl36SsD3JGvmV1eHGuManUqx0HnD6QAwiIp3cqDt4weWn
YBJvMo35c/DTK3TU6X2Zf+I2+7a4Uc9Yod8Ts6+Zrn6XxlLzQDNRfUslzXTSjcYm
tmM9jx3YqF+44nf8H+VhoxgieSD0fZJeaqiYTtbPefPmlOz9moeR7r18/CZCEGOY
r168HDtNuPsWegBNf1nu4B7R/X7onxeQ/Ir9AoDo/wZWhM5R4uPoWOREaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBA6HOsBueiWhrqqzBOQiuTMZfhlMB8GA1UdIwQY
MBaAFJNfU/XkB+VaIzDZ1SOoBMByLKVlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazE5VDllUUg1Vm9qTU5uVkk2Z0V3SElzcFdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi84YjU1NGMtMGNlZi00MWIzLWJhM2It
MmQ1ZDY4ODQxNzNmLzEvRURvYzZ3RzU2SmFHdXFyTUU1Q0s1TXhsLUdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi84YjU1NGMtMGNlZi00MWIzLWJhM2ItMmQ1ZDY4ODQxNzNm
LzEvazE5VDllUUg1Vm9qTU5uVkk2Z0V3SElzcFdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ40MA0G
CSqGSIb3DQEBCwUAA4IBAQCjHSfk1wOtlLMbwOKN8jq+xjY8mJVgnhiSjWr5wsq3
j9VrIyGaIGntLC2eIfEJWZFKF+YGNYK4rBwtRK8WAQre3HzfAHSxiMJckg72Ti9+
z61ljO0Sw8gZ9kteItkWBXEI4b9YIg1baAAbheKU7qjpaLmSXv1wH9MFhvjLDLCk
qBxy6VILpqzBoqRpXau264gbj3ig+3Z2eYxf7jZ5tW6A9UuS5woxwiqKtPcsu2Rj
btj20R/CvQs3fk0xi4TYkESRVdy+6zTAzkat6V3pCpof19/MAylQTUFAV2uhrSXQ
yNC9RGdKw5Vhaf75vLQ9TIfCf+mDGTxxBpC9dpZqCOsd
-----END CERTIFICATE-----