Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/m6twPfVwWlVTaKMoyvsJk7Mi2t0.roa
File:                     m6twPfVwWlVTaKMoyvsJk7Mi2t0.roa (raw, json)
Hash identifier:          lmaStjkS7uKC8MGMePSNXbNGumjkrJOQvos9wHQk1GI=
Subject key identifier:   9B:AB:70:3D:F5:70:5A:55:53:68:A3:28:CA:FB:09:93:B3:22:DA:DD
Certificate issuer:       /CN=c2d21e804ab7713ad7877dde603aa7824b31983c
Certificate serial:       018CC86F812690CDF4A8022257A090FC474F
Authority key identifier: C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/m6twPfVwWlVTaKMoyvsJk7Mi2t0.roa
Signing time:             Tue 02 Jan 2024 04:29:59 +0000
ROA not before:           Tue 02 Jan 2024 04:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20712
IP address blocks:        45.141.51.0/24 maxlen: 24
                          45.141.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:81:26:90:cd:f4:a8:02:22:57:a0:90:fc:47:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d21e804ab7713ad7877dde603aa7824b31983c
        Validity
            Not Before: Jan  2 04:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bab703df5705a555368a328cafb0993b322dadd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:cb:91:3b:02:e7:9e:0d:87:a1:e9:f6:0e:04:
                    1d:71:47:20:fd:57:94:05:4d:79:8a:58:63:fa:b3:
                    d8:cd:a1:78:98:73:c6:38:1a:3d:44:a4:66:3c:b6:
                    67:1f:74:56:bc:b3:ee:37:82:95:1d:fe:7b:5d:e1:
                    dd:84:f4:43:7c:e8:4d:65:d5:50:8f:91:2d:b1:d6:
                    50:ee:bc:9d:d8:f6:11:1e:21:e9:fc:ec:32:d1:a4:
                    e9:90:ab:86:bd:64:6d:cb:78:f3:79:5e:9d:c0:bf:
                    b9:66:7a:0f:c8:5b:41:0c:6b:63:e7:19:d5:86:6c:
                    0d:ab:74:82:7c:b6:f7:d7:76:22:18:73:91:5f:98:
                    10:0a:7e:35:e5:43:19:02:23:12:a9:d6:e7:fb:12:
                    81:8f:0f:89:0c:88:b4:aa:59:13:94:95:b9:62:07:
                    cf:ad:cb:c9:a9:7d:71:b7:1c:1d:38:49:94:2d:79:
                    10:10:ba:59:0f:d8:c3:fc:c1:e3:68:11:1f:eb:45:
                    31:f1:e6:7b:77:c7:b0:a0:e3:1a:fb:12:20:45:df:
                    66:4c:28:0b:73:c4:c2:c2:81:ca:14:0c:53:d7:f2:
                    1f:09:32:57:04:fd:9b:72:6a:c9:9a:ad:62:46:48:
                    d3:99:5e:d3:75:f2:5e:15:dc:65:64:97:1a:62:36:
                    d4:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:AB:70:3D:F5:70:5A:55:53:68:A3:28:CA:FB:09:93:B3:22:DA:DD
            X509v3 Authority Key Identifier:
                keyid:C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/m6twPfVwWlVTaKMoyvsJk7Mi2t0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.49.0/24
                  45.141.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:1c:25:9d:c6:91:a9:f9:05:41:6a:cd:4f:bb:d4:cb:15:2f:
         62:eb:00:9a:46:cf:da:4f:0a:7c:c6:dd:04:fb:5e:6a:5c:c3:
         4e:2d:8a:5f:6d:f8:5a:64:5e:26:53:ea:b3:fd:24:93:f2:af:
         5d:2c:7a:5b:99:d5:d9:08:b3:71:b9:2c:05:b1:6c:12:b1:6f:
         51:c3:b1:50:ee:37:5f:b9:2f:59:5f:b9:a7:dd:bd:97:d5:6b:
         f4:99:99:e5:d7:62:b3:bd:22:c9:ea:cb:c0:2a:cd:9a:09:e7:
         35:2c:60:ac:ba:06:c5:8d:14:2f:23:7f:4d:13:f5:80:a7:f1:
         3f:8e:2b:ca:9a:68:44:8d:d2:b9:75:fc:5b:d6:6b:04:29:03:
         de:cb:30:d8:24:ce:bc:86:f5:7d:e1:59:0f:12:da:ac:dc:14:
         23:0e:9b:09:cd:5b:d0:fd:0d:8a:ed:52:0f:60:1c:ec:9e:4f:
         3c:0d:dc:99:55:35:2d:e7:11:76:fd:aa:58:37:3a:37:c4:1c:
         4b:c2:67:77:da:85:b5:5d:ed:13:f4:68:19:74:f5:cc:ab:53:
         71:db:72:df:9f:bc:f6:13:ca:3d:8a:96:63:91:f9:f0:91:a5:
         7c:09:2b:0b:53:ec:d8:9d:34:b6:fe:38:4a:c3:ce:6f:13:e3:
         95:5d:ee:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb4EmkM30qAIiV6CQ/EdPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDIxZTgwNGFiNzcxM2FkNzg3N2RkZTYwM2FhNzgyNGIz
MTk4M2MwHhcNMjQwMTAyMDQyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmFiNzAzZGY1NzA1YTU1NTM2OGEzMjhjYWZiMDk5M2IzMjJkYWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMuROwLnng2Hoen2DgQdcUcg/VeU
BU15ilhj+rPYzaF4mHPGOBo9RKRmPLZnH3RWvLPuN4KVHf57XeHdhPRDfOhNZdVQ
j5EtsdZQ7ryd2PYRHiHp/Owy0aTpkKuGvWRty3jzeV6dwL+5ZnoPyFtBDGtj5xnV
hmwNq3SCfLb313YiGHORX5gQCn415UMZAiMSqdbn+xKBjw+JDIi0qlkTlJW5YgfP
rcvJqX1xtxwdOEmULXkQELpZD9jD/MHjaBEf60Ux8eZ7d8ewoOMa+xIgRd9mTCgL
c8TCwoHKFAxT1/IfCTJXBP2bcmrJmq1iRkjTmV7TdfJeFdxlZJcaYjbURwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJurcD31cFpVU2ijKMr7CZOzItrdMB8GA1UdIwQY
MBaAFMLSHoBKt3E614d93mA6p4JLMZg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYt
NTlhZTA5ZWRiZWI5LzEvbTZ0d1BmVndXbFZUYUtNb3l2c0prN01pMnQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYtNTlhZTA5ZWRiZWI5
LzEvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALY0xAwQA
LY0zMA0GCSqGSIb3DQEBCwUAA4IBAQCCHCWdxpGp+QVBas1Pu9TLFS9i6wCaRs/a
Twp8xt0E+15qXMNOLYpfbfhaZF4mU+qz/SST8q9dLHpbmdXZCLNxuSwFsWwSsW9R
w7FQ7jdfuS9ZX7mn3b2X1Wv0mZnl12KzvSLJ6svAKs2aCec1LGCsugbFjRQvI39N
E/WAp/E/jivKmmhEjdK5dfxb1msEKQPeyzDYJM68hvV94VkPEtqs3BQjDpsJzVvQ
/Q2K7VIPYBzsnk88DdyZVTUt5xF2/apYNzo3xBxLwmd32oW1Xe0T9GgZdPXMq1Nx
23Lfn7z2E8o9ipZjkfnwkaV8CSsLU+zYnTS2/jhKw85vE+OVXe7m
-----END CERTIFICATE-----