Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/KzyKsEpiMfnMXZ7n_lOIE78t_zE.roa
File:                     KzyKsEpiMfnMXZ7n_lOIE78t_zE.roa (raw, json)
Hash identifier:          35wHrypdt/aLDPxjsEKyi1F7nRjBvezYN1GoZcJa0Ew=
Subject key identifier:   2B:3C:8A:B0:4A:62:31:F9:CC:5D:9E:E7:FE:53:88:13:BF:2D:FF:31
Certificate issuer:       /CN=64d864ae92bd7ceab5083bcc71101ef04676f8ac
Certificate serial:       018CC7942F50776339E96159BC1FC8C63B28
Authority key identifier: 64:D8:64:AE:92:BD:7C:EA:B5:08:3B:CC:71:10:1E:F0:46:76:F8:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/KzyKsEpiMfnMXZ7n_lOIE78t_zE.roa
Signing time:             Tue 02 Jan 2024 00:30:26 +0000
ROA not before:           Tue 02 Jan 2024 00:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212692
IP address blocks:        45.10.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:2f:50:77:63:39:e9:61:59:bc:1f:c8:c6:3b:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64d864ae92bd7ceab5083bcc71101ef04676f8ac
        Validity
            Not Before: Jan  2 00:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b3c8ab04a6231f9cc5d9ee7fe538813bf2dff31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:46:b7:36:8f:61:9d:1e:4e:58:38:0a:f1:e2:
                    5c:88:f9:74:08:b6:62:2f:12:11:1b:8d:79:a4:8b:
                    26:5a:24:32:10:82:e3:d3:bf:48:f2:e8:c8:bf:b9:
                    b5:9a:5c:e8:12:ff:df:fa:2d:51:9e:fb:04:7c:dd:
                    ce:72:73:d7:97:1f:5b:8c:fc:89:8a:9e:91:87:ec:
                    eb:f0:a1:d8:6a:07:0b:ec:11:da:f8:84:fa:77:2a:
                    c4:63:65:61:14:38:64:ee:ef:f6:02:f1:13:00:34:
                    d1:fe:c6:c9:d2:ad:8a:2b:56:94:a3:14:94:4f:ef:
                    bb:e8:6f:c8:ad:56:bd:49:37:f7:5a:79:8f:94:e6:
                    1f:de:e0:25:e6:8a:b6:ec:e3:82:24:e3:74:8d:41:
                    56:96:c3:af:ad:67:80:fc:b8:f8:46:92:e4:06:4e:
                    eb:1a:52:dd:eb:ba:b5:20:8c:ba:40:12:08:79:f4:
                    08:ee:60:47:94:25:78:6a:de:d0:0e:14:f6:73:0f:
                    91:26:63:12:aa:86:37:57:31:9a:54:ad:f4:8c:31:
                    aa:3a:74:d8:84:92:3e:ac:7c:6c:56:30:1b:f1:65:
                    07:09:bb:02:17:a8:93:18:ff:2e:7f:f4:eb:33:f0:
                    fd:e5:d3:c8:98:6e:4e:0f:0b:7a:fe:9b:92:af:bf:
                    ba:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:3C:8A:B0:4A:62:31:F9:CC:5D:9E:E7:FE:53:88:13:BF:2D:FF:31
            X509v3 Authority Key Identifier:
                keyid:64:D8:64:AE:92:BD:7C:EA:B5:08:3B:CC:71:10:1E:F0:46:76:F8:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/KzyKsEpiMfnMXZ7n_lOIE78t_zE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:96:7b:a6:60:7b:52:9a:72:0c:7e:60:88:51:ab:f8:6c:de:
         1c:af:c8:4a:10:57:45:0c:43:09:73:41:22:60:79:1f:98:ec:
         d1:f5:b4:3a:2d:32:4b:0f:34:78:4c:64:10:dd:b0:e8:68:d3:
         f2:7f:60:bb:af:e4:c8:26:52:02:6f:91:bc:39:12:cf:e1:d4:
         ea:3f:45:cc:11:2c:16:d1:a9:d8:90:75:10:a5:bc:e5:16:69:
         ec:94:88:f4:33:53:20:23:af:11:b6:2e:2d:8f:8b:e5:20:8f:
         66:9a:f6:42:9a:11:4e:0a:60:48:78:e9:85:c8:2a:d8:71:f6:
         86:4e:a0:2c:03:d6:9e:0b:ba:86:45:6f:20:c6:58:84:e5:f5:
         e7:38:a3:f3:91:44:37:0f:af:6a:e0:e8:bd:8c:88:cf:4d:0d:
         c7:8a:9c:4c:82:a2:93:af:f5:82:c4:38:97:2c:52:f9:3e:68:
         b7:cc:a5:5f:a2:91:a6:c9:62:82:2d:10:bb:db:96:c5:59:45:
         bf:ae:98:00:0a:4e:7a:d1:df:5e:1c:78:4c:e2:45:bc:4d:2a:
         9d:13:cf:ae:37:00:db:11:29:39:d6:0f:3f:c8:a0:a5:9f:22:
         56:ba:a6:c9:42:95:4b:1f:b1:d2:9b:c3:43:b7:0f:bc:fe:b9:
         a2:b4:75:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlC9Qd2M56WFZvB/IxjsoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZDg2NGFlOTJiZDdjZWFiNTA4M2JjYzcxMTAxZWYwNDY3
NmY4YWMwHhcNMjQwMTAyMDAzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjNjOGFiMDRhNjIzMWY5Y2M1ZDllZTdmZTUzODgxM2JmMmRmZjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEa3No9hnR5OWDgK8eJciPl0CLZi
LxIRG415pIsmWiQyEILj079I8ujIv7m1mlzoEv/f+i1RnvsEfN3OcnPXlx9bjPyJ
ip6Rh+zr8KHYagcL7BHa+IT6dyrEY2VhFDhk7u/2AvETADTR/sbJ0q2KK1aUoxSU
T++76G/IrVa9STf3WnmPlOYf3uAl5oq27OOCJON0jUFWlsOvrWeA/Lj4RpLkBk7r
GlLd67q1IIy6QBIIefQI7mBHlCV4at7QDhT2cw+RJmMSqoY3VzGaVK30jDGqOnTY
hJI+rHxsVjAb8WUHCbsCF6iTGP8uf/TrM/D95dPImG5ODwt6/puSr7+6KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCs8irBKYjH5zF2e5/5TiBO/Lf8xMB8GA1UdIwQY
MBaAFGTYZK6SvXzqtQg7zHEQHvBGdvisMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5oa3JwSzlmT3ExQ0R2TWNSQWU4RVoyLUt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni83MGIyYzQtMWQ0YS00YjkxLWIwZDAt
MmMwNWNjOTIyMDAxLzEvS3p5S3NFcGlNZm5NWFo3bl9sT0lFNzh0X3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni83MGIyYzQtMWQ0YS00YjkxLWIwZDAtMmMwNWNjOTIyMDAx
LzEvWk5oa3JwSzlmT3ExQ0R2TWNSQWU4RVoyLUt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQrKMA0G
CSqGSIb3DQEBCwUAA4IBAQBqlnumYHtSmnIMfmCIUav4bN4cr8hKEFdFDEMJc0Ei
YHkfmOzR9bQ6LTJLDzR4TGQQ3bDoaNPyf2C7r+TIJlICb5G8ORLP4dTqP0XMESwW
0anYkHUQpbzlFmnslIj0M1MgI68Rti4tj4vlII9mmvZCmhFOCmBIeOmFyCrYcfaG
TqAsA9aeC7qGRW8gxliE5fXnOKPzkUQ3D69q4Oi9jIjPTQ3HipxMgqKTr/WCxDiX
LFL5Pmi3zKVfopGmyWKCLRC725bFWUW/rpgACk560d9eHHhM4kW8TSqdE8+uNwDb
ESk51g8/yKClnyJWuqbJQpVLH7HSm8NDtw+8/rmitHXW
-----END CERTIFICATE-----