Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/Ls3Ynafee-YiWCvLEIKI3fuRkxY.roa
File:                     Ls3Ynafee-YiWCvLEIKI3fuRkxY.roa (raw, json)
Hash identifier:          ZweLuwG16o7nlZDAi4VIk2BrlL7hu4XfgaRqzEYh/cA=
Subject key identifier:   2E:CD:D8:9D:A7:DE:7B:E6:22:58:2B:CB:10:82:88:DD:FB:91:93:16
Certificate issuer:       /CN=57130f799f8a8985502a2ea3356037674085cfca
Certificate serial:       018CC4923CE93D7CFB2E49A6E4E4CBEDF89C
Authority key identifier: 57:13:0F:79:9F:8A:89:85:50:2A:2E:A3:35:60:37:67:40:85:CF:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/Ls3Ynafee-YiWCvLEIKI3fuRkxY.roa
Signing time:             Mon 01 Jan 2024 10:29:27 +0000
ROA not before:           Mon 01 Jan 2024 10:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        45.149.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:3c:e9:3d:7c:fb:2e:49:a6:e4:e4:cb:ed:f8:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57130f799f8a8985502a2ea3356037674085cfca
        Validity
            Not Before: Jan  1 10:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ecdd89da7de7be622582bcb108288ddfb919316
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:75:f4:5c:ff:be:cc:56:78:28:3a:22:ce:53:
                    ad:d6:1e:5c:96:d9:d7:ff:b4:18:f6:98:a5:9d:21:
                    2e:37:c1:e9:c7:78:53:bd:cb:a2:b2:8d:d1:5b:8c:
                    fb:df:5d:3f:94:44:b7:fd:41:ed:44:98:d2:37:f6:
                    98:61:a5:4c:49:8c:07:bd:00:fa:09:ca:ee:5f:d1:
                    f1:d4:18:45:fd:c6:78:fb:66:8a:b5:cf:4f:d5:9f:
                    ca:80:e6:21:9e:fe:5a:7d:8b:37:26:b0:8c:05:9b:
                    b1:11:4e:34:ef:30:e6:c6:94:ae:30:96:7e:09:f6:
                    0d:1a:72:7d:41:b6:4a:21:bb:f0:39:d5:d7:b4:dd:
                    7a:ba:5b:75:60:56:7b:3a:48:07:21:ff:dc:c8:8f:
                    b6:94:89:53:fe:6a:e0:c3:b2:6f:cc:ec:6b:ae:d6:
                    00:5d:db:eb:16:51:1d:ca:87:d2:93:ad:c6:1b:f3:
                    76:93:78:ca:4b:3e:5f:c2:a0:74:79:15:f6:a8:2b:
                    e5:84:cc:2b:50:01:9b:f6:3e:d7:4a:1b:5b:10:7f:
                    84:7c:6e:0e:19:ca:f6:f2:1b:58:1d:bf:52:4d:a7:
                    4f:e6:84:5c:77:06:59:7d:b9:01:64:4f:34:bf:72:
                    ed:86:fd:2b:43:cc:40:0b:88:e5:fb:eb:66:50:51:
                    49:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:CD:D8:9D:A7:DE:7B:E6:22:58:2B:CB:10:82:88:DD:FB:91:93:16
            X509v3 Authority Key Identifier:
                keyid:57:13:0F:79:9F:8A:89:85:50:2A:2E:A3:35:60:37:67:40:85:CF:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/Ls3Ynafee-YiWCvLEIKI3fuRkxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:97:45:33:22:ce:92:50:ee:8b:c4:89:e0:fa:52:e4:7e:e5:
         59:2d:87:d7:2d:e5:df:30:3e:ca:30:c7:7f:ba:d0:b0:a5:b1:
         33:f5:5e:bf:75:8d:d6:27:df:5e:e0:bc:e0:5d:55:5a:0e:7c:
         e1:d4:79:36:4e:dd:ff:7b:e2:57:55:73:af:5e:49:48:c6:a7:
         bd:f0:6c:63:96:ba:29:7c:fe:8b:a9:f9:d5:d7:fd:4b:77:ce:
         fb:b4:d6:14:c4:82:c3:91:68:63:fa:75:91:66:d0:f4:86:dd:
         fb:a2:da:bc:6f:f3:82:fc:db:9c:02:d0:91:6b:35:8b:2b:66:
         4f:40:06:46:b9:47:4a:3e:46:7f:52:94:97:36:90:3e:6c:81:
         6a:d5:5c:53:38:b5:62:9d:0c:84:2f:71:89:fa:cb:e3:7e:3e:
         71:ba:dd:b8:dc:33:8c:29:24:34:3e:4f:45:00:51:44:79:60:
         fd:82:7c:63:5f:fe:19:21:a0:f3:ca:25:92:a5:39:5d:ed:44:
         4f:2d:c7:1b:63:f1:9e:84:de:15:16:b9:a3:4c:af:29:75:8a:
         09:cc:88:4d:5b:4f:12:5f:55:6d:07:47:4b:9a:bf:c8:c2:55:
         ca:ed:5a:91:80:3b:37:62:b9:4b:af:b3:be:94:4a:84:2c:39:
         22:b5:76:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkjzpPXz7Lkmm5OTL7ficMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTMwZjc5OWY4YTg5ODU1MDJhMmVhMzM1NjAzNzY3NDA4
NWNmY2EwHhcNMjQwMTAxMTAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWNkZDg5ZGE3ZGU3YmU2MjI1ODJiY2IxMDgyODhkZGZiOTE5MzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnnX0XP++zFZ4KDoizlOt1h5cltnX
/7QY9pilnSEuN8Hpx3hTvcuiso3RW4z7310/lES3/UHtRJjSN/aYYaVMSYwHvQD6
CcruX9Hx1BhF/cZ4+2aKtc9P1Z/KgOYhnv5afYs3JrCMBZuxEU407zDmxpSuMJZ+
CfYNGnJ9QbZKIbvwOdXXtN16ult1YFZ7OkgHIf/cyI+2lIlT/mrgw7JvzOxrrtYA
XdvrFlEdyofSk63GG/N2k3jKSz5fwqB0eRX2qCvlhMwrUAGb9j7XShtbEH+EfG4O
Gcr28htYHb9STadP5oRcdwZZfbkBZE80v3Lthv0rQ8xAC4jl++tmUFFJBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7N2J2n3nvmIlgryxCCiN37kZMWMB8GA1UdIwQY
MBaAFFcTD3mfiomFUCouozVgN2dAhc/KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhNUGVaLUtpWVZRS2k2ak5XQTNaMENGejhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi81MTgxZGUtNDRjZC00NjU0LTk2ZmMt
ZDNiOTBhOWI5YjQxLzEvTHMzWW5hZmVlLVlpV0N2TEVJS0kzZnVSa3hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi81MTgxZGUtNDRjZC00NjU0LTk2ZmMtZDNiOTBhOWI5YjQx
LzEvVnhNUGVaLUtpWVZRS2k2ak5XQTNaMENGejhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZUmMA0G
CSqGSIb3DQEBCwUAA4IBAQAkl0UzIs6SUO6LxIng+lLkfuVZLYfXLeXfMD7KMMd/
utCwpbEz9V6/dY3WJ99e4LzgXVVaDnzh1Hk2Tt3/e+JXVXOvXklIxqe98Gxjlrop
fP6LqfnV1/1Ld877tNYUxILDkWhj+nWRZtD0ht37otq8b/OC/NucAtCRazWLK2ZP
QAZGuUdKPkZ/UpSXNpA+bIFq1VxTOLVinQyEL3GJ+svjfj5xut243DOMKSQ0Pk9F
AFFEeWD9gnxjX/4ZIaDzyiWSpTld7URPLccbY/GehN4VFrmjTK8pdYoJzIhNW08S
X1VtB0dLmr/IwlXK7VqRgDs3YrlLr7O+lEqELDkitXbV
-----END CERTIFICATE-----