Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/U1kHrpKiI-hxkjjwh5C3L8ZG51E.roa
File:                     U1kHrpKiI-hxkjjwh5C3L8ZG51E.roa (raw, json)
Hash identifier:          pVkaFtWe7s5rNJ3FEpVh3+KobFG7ANb0q3bA1o7Js9M=
Subject key identifier:   53:59:07:AE:92:A2:23:E8:71:92:38:F0:87:90:B7:2F:C6:46:E7:51
Certificate issuer:       /CN=75ea894ee05775e0ef061d086ca252147f5c91de
Certificate serial:       018CC86F7B63876D0DD04EEF49551F784266
Authority key identifier: 75:EA:89:4E:E0:57:75:E0:EF:06:1D:08:6C:A2:52:14:7F:5C:91:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/deqJTuBXdeDvBh0IbKJSFH9ckd4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/U1kHrpKiI-hxkjjwh5C3L8ZG51E.roa
Signing time:             Tue 02 Jan 2024 04:29:58 +0000
ROA not before:           Tue 02 Jan 2024 04:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57795
IP address blocks:        45.154.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/deqJTuBXdeDvBh0IbKJSFH9ckd4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/deqJTuBXdeDvBh0IbKJSFH9ckd4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/deqJTuBXdeDvBh0IbKJSFH9ckd4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:7b:63:87:6d:0d:d0:4e:ef:49:55:1f:78:42:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75ea894ee05775e0ef061d086ca252147f5c91de
        Validity
            Not Before: Jan  2 04:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=535907ae92a223e8719238f08790b72fc646e751
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:5e:a3:b5:7c:c9:f5:d3:dc:ac:28:11:74:b1:
                    46:8c:a5:0a:59:a8:d9:47:84:b6:28:d7:cf:f1:40:
                    f6:2a:2f:f7:d3:00:e0:2e:ab:75:e6:d0:a9:08:a3:
                    db:5c:3e:00:11:30:b2:c9:a1:82:91:11:8c:14:72:
                    4f:9d:f2:71:1c:58:35:d0:5f:cb:83:b7:ac:60:2c:
                    c6:85:df:23:b7:bb:7c:52:a0:9a:c5:29:92:d0:7f:
                    58:c1:7e:19:c0:09:55:df:0d:ed:13:95:47:67:41:
                    da:8f:ec:4f:80:8c:24:2d:ba:d9:a6:eb:c6:e1:cc:
                    32:d3:42:98:aa:17:a5:93:31:8f:b4:48:0e:54:a3:
                    e2:91:aa:f3:b2:e9:c9:15:87:3e:0b:80:d5:95:ea:
                    6c:cf:da:b4:f8:61:22:cf:eb:e6:fb:5b:69:c3:6c:
                    01:ac:91:bd:49:63:1d:18:25:57:73:0e:cc:f2:bb:
                    1b:e0:39:6f:ca:fe:56:bf:a3:af:26:83:9d:b1:bc:
                    b6:87:2b:fe:8c:e8:6f:a0:44:ed:a5:2a:72:c8:6c:
                    e7:82:e1:8d:20:10:80:ef:53:5f:22:9a:5a:53:87:
                    64:b3:b0:ba:7a:58:6f:a6:8c:b8:de:2b:40:b2:71:
                    d3:64:45:0b:57:1e:88:83:ab:ae:d2:bb:10:be:ca:
                    11:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:59:07:AE:92:A2:23:E8:71:92:38:F0:87:90:B7:2F:C6:46:E7:51
            X509v3 Authority Key Identifier:
                keyid:75:EA:89:4E:E0:57:75:E0:EF:06:1D:08:6C:A2:52:14:7F:5C:91:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/deqJTuBXdeDvBh0IbKJSFH9ckd4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/U1kHrpKiI-hxkjjwh5C3L8ZG51E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/deqJTuBXdeDvBh0IbKJSFH9ckd4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:c3:7c:db:ee:e2:ca:5f:90:c5:60:a4:5f:84:31:0b:56:a7:
         c7:02:36:82:6e:ff:19:f2:3f:3c:6f:e2:1b:03:7e:3d:63:57:
         09:dd:52:6a:76:08:fb:b6:c0:77:fa:71:fc:a9:e5:bd:2a:f8:
         12:f7:4e:04:92:7c:ab:a9:1f:02:ec:25:38:e2:ea:5c:57:94:
         7b:cb:70:f9:ca:a1:ad:ba:3c:ee:55:e7:b0:05:db:5e:e1:71:
         e4:ff:35:f3:5a:35:60:67:fe:74:f3:a1:9b:d6:0c:3f:1a:ec:
         5f:fa:2f:5f:72:01:d2:fc:26:9a:5a:58:c9:13:3b:bb:1f:1b:
         34:7c:a8:3c:4a:67:a7:b4:9a:5c:d6:16:a2:a9:01:86:93:41:
         21:30:49:56:03:6c:f2:0a:b0:fa:1e:28:ef:25:32:d5:ab:0b:
         e4:d4:01:bf:ed:dd:96:cc:82:0e:4a:4e:d7:d9:4c:e2:8c:74:
         a8:af:5b:b6:a8:c3:12:f6:4c:29:e4:06:ff:0f:0f:b6:84:70:
         fa:3c:d2:ed:b6:6f:8c:9c:b3:64:d4:33:d3:bd:bd:fa:11:43:
         13:5e:85:ef:98:c3:28:c7:cf:f9:1a:c3:ca:70:76:8c:58:37:
         95:0c:79:78:1d:06:65:25:4e:2e:9e:9d:bd:9c:81:7f:9b:65:
         ec:a9:9f:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb3tjh20N0E7vSVUfeEJmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZWE4OTRlZTA1Nzc1ZTBlZjA2MWQwODZjYTI1MjE0N2Y1
YzkxZGUwHhcNMjQwMTAyMDQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzU5MDdhZTkyYTIyM2U4NzE5MjM4ZjA4NzkwYjcyZmM2NDZlNzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnV6jtXzJ9dPcrCgRdLFGjKUKWajZ
R4S2KNfP8UD2Ki/30wDgLqt15tCpCKPbXD4AETCyyaGCkRGMFHJPnfJxHFg10F/L
g7esYCzGhd8jt7t8UqCaxSmS0H9YwX4ZwAlV3w3tE5VHZ0Haj+xPgIwkLbrZpuvG
4cwy00KYqhelkzGPtEgOVKPikarzsunJFYc+C4DVlepsz9q0+GEiz+vm+1tpw2wB
rJG9SWMdGCVXcw7M8rsb4Dlvyv5Wv6OvJoOdsby2hyv+jOhvoETtpSpyyGznguGN
IBCA71NfIppaU4dks7C6elhvpoy43itAsnHTZEULVx6Ig6uu0rsQvsoRbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNZB66SoiPocZI48IeQty/GRudRMB8GA1UdIwQY
MBaAFHXqiU7gV3Xg7wYdCGyiUhR/XJHeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGVxSlR1QlhkZUR2QmgwSWJLSlNGSDlja2Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8xY2RjZTItYTNmOC00NGI2LWI1ZTEt
YjdmMjk4NGViNjUzLzEvVTFrSHJwS2lJLWh4a2pqd2g1QzNMOFpHNTFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8xY2RjZTItYTNmOC00NGI2LWI1ZTEtYjdmMjk4NGViNjUz
LzEvZGVxSlR1QlhkZUR2QmgwSWJLSlNGSDlja2Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZouMA0G
CSqGSIb3DQEBCwUAA4IBAQCuw3zb7uLKX5DFYKRfhDELVqfHAjaCbv8Z8j88b+Ib
A349Y1cJ3VJqdgj7tsB3+nH8qeW9KvgS904EknyrqR8C7CU44upcV5R7y3D5yqGt
ujzuVeewBdte4XHk/zXzWjVgZ/5086Gb1gw/Guxf+i9fcgHS/CaaWljJEzu7Hxs0
fKg8SmentJpc1haiqQGGk0EhMElWA2zyCrD6HijvJTLVqwvk1AG/7d2WzIIOSk7X
2UzijHSor1u2qMMS9kwp5Ab/Dw+2hHD6PNLttm+MnLNk1DPTvb36EUMTXoXvmMMo
x8/5GsPKcHaMWDeVDHl4HQZlJU4unp29nIF/m2XsqZ8V
-----END CERTIFICATE-----