Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b29d96-da9e-47a0-9fb1-1243b46795f8/1/o_DTgNVDfNjfEmjxQiLkwabyo1U.roa
File:                     o_DTgNVDfNjfEmjxQiLkwabyo1U.roa (raw, json)
Hash identifier:          dxy2Re8RxV14CMvhTEzNzjdndauUlFeWNu8cYgZIUIY=
Subject key identifier:   A3:F0:D3:80:D5:43:7C:D8:DF:12:68:F1:42:22:E4:C1:A6:F2:A3:55
Certificate issuer:       /CN=adee89c13d6de73a894404bf7eaf9ee5e40dea33
Certificate serial:       018CC94D538F1D25CE24971300CB0AA7CED4
Authority key identifier: AD:EE:89:C1:3D:6D:E7:3A:89:44:04:BF:7E:AF:9E:E5:E4:0D:EA:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/re6JwT1t5zqJRAS_fq-e5eQN6jM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b29d96-da9e-47a0-9fb1-1243b46795f8/1/o_DTgNVDfNjfEmjxQiLkwabyo1U.roa
Signing time:             Tue 02 Jan 2024 08:32:17 +0000
ROA not before:           Tue 02 Jan 2024 08:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200254
IP address blocks:        45.131.8.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b29d96-da9e-47a0-9fb1-1243b46795f8/1/re6JwT1t5zqJRAS_fq-e5eQN6jM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b29d96-da9e-47a0-9fb1-1243b46795f8/1/re6JwT1t5zqJRAS_fq-e5eQN6jM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/re6JwT1t5zqJRAS_fq-e5eQN6jM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:53:8f:1d:25:ce:24:97:13:00:cb:0a:a7:ce:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adee89c13d6de73a894404bf7eaf9ee5e40dea33
        Validity
            Not Before: Jan  2 08:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3f0d380d5437cd8df1268f14222e4c1a6f2a355
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:c6:d2:39:2e:e7:97:f1:8d:7b:2e:91:3e:76:
                    a7:1a:a7:ed:a5:4a:2c:24:db:60:89:5c:81:ab:cb:
                    cb:d7:5c:e5:c3:58:28:0b:fd:cf:38:6b:9e:8e:31:
                    68:3e:76:79:87:b5:61:09:1f:c8:63:c4:15:e8:18:
                    a3:70:bb:a4:cc:9a:3b:d9:4f:c8:4e:b5:a2:7b:86:
                    47:60:5d:89:f0:75:83:53:1a:1f:ee:e1:44:a6:59:
                    12:59:8b:d4:e4:8b:09:98:86:7e:6a:bf:e1:92:66:
                    14:4b:df:da:38:16:e9:fe:50:b2:c0:9b:f9:51:22:
                    28:2a:c3:4b:88:f4:0c:a9:db:c2:34:03:83:7a:e6:
                    9d:5a:44:c4:dd:0a:d0:5b:a9:16:86:64:2f:cc:75:
                    9d:88:f7:eb:78:44:7c:e6:e4:7a:9a:fd:38:c9:33:
                    8b:e2:3f:93:a1:e8:fd:36:fa:23:ed:63:79:5e:9b:
                    07:50:86:47:5e:46:d9:90:4d:70:cc:0b:da:c6:3c:
                    a0:a2:0e:d1:b9:78:e8:c0:f7:2a:6f:a2:8a:01:da:
                    1f:6d:e8:46:1c:28:26:f9:ef:d3:40:5f:6b:e8:d1:
                    31:23:06:64:59:00:e8:fe:33:fd:3f:f5:74:bb:0f:
                    0c:bf:48:ec:7c:a9:ca:1a:8c:2a:5a:42:37:43:9f:
                    07:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:F0:D3:80:D5:43:7C:D8:DF:12:68:F1:42:22:E4:C1:A6:F2:A3:55
            X509v3 Authority Key Identifier:
                keyid:AD:EE:89:C1:3D:6D:E7:3A:89:44:04:BF:7E:AF:9E:E5:E4:0D:EA:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/re6JwT1t5zqJRAS_fq-e5eQN6jM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b29d96-da9e-47a0-9fb1-1243b46795f8/1/o_DTgNVDfNjfEmjxQiLkwabyo1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b29d96-da9e-47a0-9fb1-1243b46795f8/1/re6JwT1t5zqJRAS_fq-e5eQN6jM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:b0:d1:02:50:4b:23:45:e8:9c:51:5b:61:e2:b8:0f:01:c2:
         50:22:5a:54:22:7b:0d:f1:c6:5e:d5:fe:ae:93:23:e7:62:45:
         8e:88:24:45:c9:5e:29:68:91:f1:7e:f7:ca:b6:bf:a8:dc:aa:
         65:f2:dc:e1:a8:b0:32:59:ef:5c:3c:b5:fa:ab:6f:22:df:e6:
         d8:af:82:ca:ab:18:aa:34:23:37:1c:38:49:ad:78:ff:8b:46:
         e6:f1:d2:7f:ac:2f:7f:c7:d4:af:a0:e7:b8:45:40:2e:f2:26:
         60:72:fb:cd:9d:b6:77:27:bc:0b:5f:c7:3a:b0:70:33:40:66:
         f3:75:13:4a:f4:66:94:67:6c:2e:36:b1:44:be:b3:ab:02:d6:
         23:18:91:23:ab:ba:3e:85:d3:a3:37:31:c8:63:aa:64:f2:7b:
         24:98:ea:9b:94:b2:5c:39:78:a0:41:26:5d:45:97:91:48:6c:
         7c:88:03:76:64:a1:2b:3c:84:c9:79:cb:80:51:1c:73:84:09:
         da:ab:bc:fd:72:47:b4:bb:fc:8b:70:9a:d5:c5:7d:d5:da:30:
         04:02:fc:66:a3:0c:82:3c:ce:9b:84:e1:a3:a1:bd:99:21:e8:
         1b:68:44:ee:89:74:b7:10:8f:f2:90:10:7f:f8:51:2a:25:b2:
         1c:ca:59:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTVOPHSXOJJcTAMsKp87UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZWU4OWMxM2Q2ZGU3M2E4OTQ0MDRiZjdlYWY5ZWU1ZTQw
ZGVhMzMwHhcNMjQwMTAyMDgzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2YwZDM4MGQ1NDM3Y2Q4ZGYxMjY4ZjE0MjIyZTRjMWE2ZjJhMzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08bSOS7nl/GNey6RPnanGqftpUos
JNtgiVyBq8vL11zlw1goC/3POGuejjFoPnZ5h7VhCR/IY8QV6BijcLukzJo72U/I
TrWie4ZHYF2J8HWDUxof7uFEplkSWYvU5IsJmIZ+ar/hkmYUS9/aOBbp/lCywJv5
USIoKsNLiPQMqdvCNAODeuadWkTE3QrQW6kWhmQvzHWdiPfreER85uR6mv04yTOL
4j+Toej9Nvoj7WN5XpsHUIZHXkbZkE1wzAvaxjygog7RuXjowPcqb6KKAdofbehG
HCgm+e/TQF9r6NExIwZkWQDo/jP9P/V0uw8Mv0jsfKnKGowqWkI3Q58HewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPw04DVQ3zY3xJo8UIi5MGm8qNVMB8GA1UdIwQY
MBaAFK3uicE9bec6iUQEv36vnuXkDeozMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmU2SndUMXQ1enFKUkFTX2ZxLWU1ZVFONmpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iMjlkOTYtZGE5ZS00N2EwLTlmYjEt
MTI0M2I0Njc5NWY4LzEvb19EVGdOVkRmTmpmRW1qeFFpTGt3YWJ5bzFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iMjlkOTYtZGE5ZS00N2EwLTlmYjEtMTI0M2I0Njc5NWY4
LzEvcmU2SndUMXQ1enFKUkFTX2ZxLWU1ZVFONmpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYMIMA0G
CSqGSIb3DQEBCwUAA4IBAQAksNECUEsjReicUVth4rgPAcJQIlpUInsN8cZe1f6u
kyPnYkWOiCRFyV4paJHxfvfKtr+o3Kpl8tzhqLAyWe9cPLX6q28i3+bYr4LKqxiq
NCM3HDhJrXj/i0bm8dJ/rC9/x9SvoOe4RUAu8iZgcvvNnbZ3J7wLX8c6sHAzQGbz
dRNK9GaUZ2wuNrFEvrOrAtYjGJEjq7o+hdOjNzHIY6pk8nskmOqblLJcOXigQSZd
RZeRSGx8iAN2ZKErPITJecuAURxzhAnaq7z9cke0u/yLcJrVxX3V2jAEAvxmowyC
PM6bhOGjob2ZIegbaETuiXS3EI/ykBB/+FEqJbIcyln6
-----END CERTIFICATE-----