Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/c02ebc-dfec-4b0f-803c-c33634a61d20/1/Vxe2ha0_fDXv-54ASEqxbV-tEbU.roa
File:                     Vxe2ha0_fDXv-54ASEqxbV-tEbU.roa (raw, json)
Hash identifier:          VJBk9nem/YiYwaPu+HJHb5bDE72IAio/jUGM5M/LrKk=
Subject key identifier:   57:17:B6:85:AD:3F:7C:35:EF:FB:9E:00:48:4A:B1:6D:5F:AD:11:B5
Certificate issuer:       /CN=36e790ea8ac645c85064745a420c3d85bdd75e63
Certificate serial:       018D876F4F622AC95FFF42CFAAA37AABFBF4
Authority key identifier: 36:E7:90:EA:8A:C6:45:C8:50:64:74:5A:42:0C:3D:85:BD:D7:5E:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NueQ6orGRchQZHRaQgw9hb3XXmM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/c02ebc-dfec-4b0f-803c-c33634a61d20/1/Vxe2ha0_fDXv-54ASEqxbV-tEbU.roa
Signing time:             Thu 08 Feb 2024 06:37:15 +0000
ROA not before:           Thu 08 Feb 2024 06:37:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205285
IP address blocks:        45.81.108.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/c02ebc-dfec-4b0f-803c-c33634a61d20/1/NueQ6orGRchQZHRaQgw9hb3XXmM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/c02ebc-dfec-4b0f-803c-c33634a61d20/1/NueQ6orGRchQZHRaQgw9hb3XXmM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NueQ6orGRchQZHRaQgw9hb3XXmM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:87:6f:4f:62:2a:c9:5f:ff:42:cf:aa:a3:7a:ab:fb:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36e790ea8ac645c85064745a420c3d85bdd75e63
        Validity
            Not Before: Feb  8 06:37:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5717b685ad3f7c35effb9e00484ab16d5fad11b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fd:26:5b:b3:bd:b0:78:61:da:a1:bc:4f:5f:3d:
                    1c:71:10:f0:4a:a4:af:c8:2b:87:c9:62:bc:2a:95:
                    6d:b2:56:1b:1a:0f:17:c3:e5:5e:db:cd:da:e1:4c:
                    43:a8:12:a4:f3:5d:9f:2b:35:63:9f:14:8d:90:bb:
                    66:06:f3:e1:14:19:5d:e1:b3:82:26:2b:93:3b:a8:
                    eb:0c:88:7f:e4:93:dc:e1:f4:67:04:7b:3b:fd:70:
                    9d:d3:b3:56:25:3d:ee:a4:b6:c4:65:c9:f6:de:18:
                    b6:58:45:b7:ec:e9:05:12:b8:40:94:03:06:a6:11:
                    ee:c5:f1:64:1b:4f:0e:98:e6:4f:d5:7c:bc:0d:a7:
                    cd:60:a2:7a:6f:0d:fb:82:eb:79:e7:29:94:c0:59:
                    d3:91:60:de:2b:b3:42:a2:0b:ae:20:69:c6:d1:20:
                    fc:56:e7:38:1b:4f:25:01:1c:d7:5e:75:5a:a7:87:
                    9a:d3:b0:fe:a2:84:b3:18:3a:54:7e:13:e2:13:9b:
                    40:92:9f:9d:39:14:30:dc:85:fd:76:f4:89:8b:7f:
                    ff:f5:00:3f:b8:37:89:c8:88:ea:84:c8:19:b9:c9:
                    8b:7e:5c:43:61:d7:53:24:c8:0f:63:5f:26:3a:3c:
                    9c:8a:10:a2:41:17:5a:8f:ae:df:f8:04:3b:08:fb:
                    ee:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:17:B6:85:AD:3F:7C:35:EF:FB:9E:00:48:4A:B1:6D:5F:AD:11:B5
            X509v3 Authority Key Identifier:
                keyid:36:E7:90:EA:8A:C6:45:C8:50:64:74:5A:42:0C:3D:85:BD:D7:5E:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NueQ6orGRchQZHRaQgw9hb3XXmM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/c02ebc-dfec-4b0f-803c-c33634a61d20/1/Vxe2ha0_fDXv-54ASEqxbV-tEbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/c02ebc-dfec-4b0f-803c-c33634a61d20/1/NueQ6orGRchQZHRaQgw9hb3XXmM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:ab:65:3e:15:15:fa:40:ce:96:be:72:62:59:d6:07:fb:e9:
         ad:ef:34:8d:86:6f:09:df:1d:e9:e9:20:fa:23:07:66:f7:8e:
         66:6f:5f:e7:c8:38:e8:1a:39:12:df:8a:e1:0a:ea:d1:b9:e2:
         a6:a6:45:82:bd:a0:66:00:b4:3a:87:bf:64:6a:a9:8e:e6:ae:
         d8:db:73:e4:14:69:97:02:0a:c9:40:22:b7:09:7d:1f:49:8c:
         60:8b:9d:73:72:26:fe:ef:0c:27:bc:c9:e9:c9:18:a2:94:4c:
         a8:b5:21:21:0c:7d:f4:2b:33:fb:08:b7:3d:90:08:85:96:d5:
         83:1f:62:21:2f:f4:37:6d:df:83:43:28:38:47:65:fa:56:36:
         ba:de:89:f6:4c:3d:15:46:b9:90:c6:97:d2:bc:05:ab:cb:50:
         01:3a:2b:44:74:d8:b5:e6:66:2e:48:83:02:8e:a6:a9:84:dd:
         3f:1f:8d:4d:72:3a:46:e7:28:50:62:bc:66:fd:2c:76:69:18:
         58:00:fb:54:0b:68:ff:8a:83:88:f8:99:1b:1e:48:bd:91:09:
         4d:75:c2:4b:0c:8b:59:10:23:c5:15:eb:df:61:16:8a:9b:47:
         b0:15:2b:bd:95:ae:b7:f0:9b:4f:b1:87:0c:58:d4:94:dc:42:
         0d:14:ea:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2Hb09iKslf/0LPqqN6q/v0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZTc5MGVhOGFjNjQ1Yzg1MDY0NzQ1YTQyMGMzZDg1YmRk
NzVlNjMwHhcNMjQwMjA4MDYzNzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzE3YjY4NWFkM2Y3YzM1ZWZmYjllMDA0ODRhYjE2ZDVmYWQxMWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/SZbs72weGHaobxPXz0ccRDwSqSv
yCuHyWK8KpVtslYbGg8Xw+Ve283a4UxDqBKk812fKzVjnxSNkLtmBvPhFBld4bOC
JiuTO6jrDIh/5JPc4fRnBHs7/XCd07NWJT3upLbEZcn23hi2WEW37OkFErhAlAMG
phHuxfFkG08OmOZP1Xy8DafNYKJ6bw37gut55ymUwFnTkWDeK7NCoguuIGnG0SD8
Vuc4G08lARzXXnVap4ea07D+ooSzGDpUfhPiE5tAkp+dORQw3IX9dvSJi3//9QA/
uDeJyIjqhMgZucmLflxDYddTJMgPY18mOjycihCiQRdaj67f+AQ7CPvuxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFcXtoWtP3w17/ueAEhKsW1frRG1MB8GA1UdIwQY
MBaAFDbnkOqKxkXIUGR0WkIMPYW9115jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnVlUTZvckdSY2hRWkhSYVFndzloYjNYWG1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9jMDJlYmMtZGZlYy00YjBmLTgwM2Mt
YzMzNjM0YTYxZDIwLzEvVnhlMmhhMF9mRFh2LTU0QVNFcXhiVi10RWJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9jMDJlYmMtZGZlYy00YjBmLTgwM2MtYzMzNjM0YTYxZDIw
LzEvTnVlUTZvckdSY2hRWkhSYVFndzloYjNYWG1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVFsMA0G
CSqGSIb3DQEBCwUAA4IBAQC3q2U+FRX6QM6WvnJiWdYH++mt7zSNhm8J3x3p6SD6
Iwdm945mb1/nyDjoGjkS34rhCurRueKmpkWCvaBmALQ6h79kaqmO5q7Y23PkFGmX
AgrJQCK3CX0fSYxgi51zcib+7wwnvMnpyRiilEyotSEhDH30KzP7CLc9kAiFltWD
H2IhL/Q3bd+DQyg4R2X6Vja63on2TD0VRrmQxpfSvAWry1ABOitEdNi15mYuSIMC
jqaphN0/H41NcjpG5yhQYrxm/Sx2aRhYAPtUC2j/ioOI+JkbHki9kQlNdcJLDItZ
ECPFFevfYRaKm0ewFSu9la638JtPsYcMWNSU3EINFOpj
-----END CERTIFICATE-----