Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/212dd2-da8d-4048-916a-45a8fed3a2a5/1/VewFwd3BJHkiZ4FU8VF67V3MN3U.roa
File:                     VewFwd3BJHkiZ4FU8VF67V3MN3U.roa (raw, json)
Hash identifier:          JFgQFUKs6kKwOKMbFmKv26ZuLUKnUR0A7QjgyaniJ6U=
Subject key identifier:   55:EC:05:C1:DD:C1:24:79:22:67:81:54:F1:51:7A:ED:5D:CC:37:75
Certificate issuer:       /CN=a6562d0869480dc11b74a552cd167b6f6339c8ba
Certificate serial:       018CC2DAF0F5EBBD452C3227BAA830CF0AF9
Authority key identifier: A6:56:2D:08:69:48:0D:C1:1B:74:A5:52:CD:16:7B:6F:63:39:C8:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/plYtCGlIDcEbdKVSzRZ7b2M5yLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/212dd2-da8d-4048-916a-45a8fed3a2a5/1/VewFwd3BJHkiZ4FU8VF67V3MN3U.roa
Signing time:             Mon 01 Jan 2024 02:29:37 +0000
ROA not before:           Mon 01 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202945
IP address blocks:        45.154.60.0/24 maxlen: 24
                          2a0f:b100:2::/48 maxlen: 48
                          2a0f:b100::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/212dd2-da8d-4048-916a-45a8fed3a2a5/1/plYtCGlIDcEbdKVSzRZ7b2M5yLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/212dd2-da8d-4048-916a-45a8fed3a2a5/1/plYtCGlIDcEbdKVSzRZ7b2M5yLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/plYtCGlIDcEbdKVSzRZ7b2M5yLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f0:f5:eb:bd:45:2c:32:27:ba:a8:30:cf:0a:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6562d0869480dc11b74a552cd167b6f6339c8ba
        Validity
            Not Before: Jan  1 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55ec05c1ddc1247922678154f1517aed5dcc3775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:76:23:e8:ac:18:26:4e:ae:64:00:2e:07:2f:
                    f5:29:05:71:b5:f2:33:87:c5:ff:6b:c1:d0:a1:7d:
                    f7:18:8f:ab:9e:80:33:66:c2:49:43:ec:e0:7e:1e:
                    ea:1b:d0:61:ae:9e:52:84:07:63:77:4a:38:c8:37:
                    b6:da:2d:12:3d:ab:6e:b2:56:a3:39:30:07:d2:a8:
                    72:51:44:0f:1e:85:fc:a8:6f:9c:65:d3:7d:40:cb:
                    46:2a:a3:e1:f3:cb:0b:ff:1d:e7:b8:bc:03:3f:34:
                    9b:4f:5b:f9:3f:c3:d2:d1:e7:52:3b:91:dd:de:69:
                    4f:9d:92:7d:f2:80:06:b8:63:71:40:d3:dc:aa:db:
                    9a:ca:86:8c:fb:3d:29:0a:ad:f6:28:0a:43:94:41:
                    d1:65:79:eb:21:f8:b1:25:c0:97:80:4a:8a:6f:11:
                    9c:a5:7f:9c:f8:21:8d:65:e1:30:e5:49:a2:c1:31:
                    44:93:1a:bd:bf:cf:b7:43:57:4b:fa:89:68:a6:fc:
                    04:8d:00:22:41:fb:07:bc:1b:bf:96:f5:71:1e:cd:
                    6a:90:4a:20:af:82:ad:53:3c:47:bd:0c:7a:03:fa:
                    1d:31:a6:cf:0c:18:84:1b:20:17:f8:bd:f7:1c:48:
                    d9:67:6d:63:36:a2:9c:88:0b:41:18:43:08:7c:b2:
                    ae:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:EC:05:C1:DD:C1:24:79:22:67:81:54:F1:51:7A:ED:5D:CC:37:75
            X509v3 Authority Key Identifier:
                keyid:A6:56:2D:08:69:48:0D:C1:1B:74:A5:52:CD:16:7B:6F:63:39:C8:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/plYtCGlIDcEbdKVSzRZ7b2M5yLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/212dd2-da8d-4048-916a-45a8fed3a2a5/1/VewFwd3BJHkiZ4FU8VF67V3MN3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/212dd2-da8d-4048-916a-45a8fed3a2a5/1/plYtCGlIDcEbdKVSzRZ7b2M5yLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.60.0/24
                IPv6:
                  2a0f:b100::/44

    Signature Algorithm: sha256WithRSAEncryption
         a0:4e:52:10:fe:cc:69:29:4d:2c:ce:90:aa:d2:9d:80:8b:99:
         d6:63:63:5e:a7:94:bf:b9:40:2f:4c:13:da:e6:39:84:0f:f8:
         53:6d:f8:a3:ac:2c:e0:ea:fc:3e:55:d7:61:39:b2:9d:da:7e:
         ef:3e:17:d6:4c:40:85:16:8f:c4:c6:50:42:19:79:eb:d0:38:
         0e:f8:6c:c2:5d:aa:aa:1b:b6:e4:45:ea:99:1c:65:81:b7:e7:
         58:cb:fd:c1:56:ba:22:18:4e:8c:cb:57:d8:0f:6d:f6:7b:43:
         d6:7b:46:9c:f1:ed:62:88:12:8c:29:d4:20:d3:27:ac:1e:ac:
         8d:5f:e8:6c:79:6c:79:28:b7:f5:ee:64:55:c8:bc:67:e1:ff:
         c3:84:a1:aa:52:33:31:88:8b:6b:70:d4:2b:32:64:41:61:8b:
         52:d7:c9:81:30:24:63:1b:b7:d9:72:5d:de:df:92:8d:4f:ab:
         9e:65:a8:85:60:d5:2a:77:f6:fc:36:e7:31:11:fb:83:9f:d5:
         68:ac:ab:d2:fb:5f:50:ad:61:1b:97:a0:3f:ba:e0:6c:6d:eb:
         04:63:4b:d9:37:0b:5f:4e:8b:cc:f7:b9:96:13:e7:dc:ca:3d:
         af:a5:0c:35:ae:c3:9f:95:b3:73:87:17:2f:d1:cb:bf:a6:68:
         f3:a1:36:48
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzC2vD1671FLDInuqgwzwr5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NTYyZDA4Njk0ODBkYzExYjc0YTU1MmNkMTY3YjZmNjMz
OWM4YmEwHhcNMjQwMTAxMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWVjMDVjMWRkYzEyNDc5MjI2NzgxNTRmMTUxN2FlZDVkY2MzNzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3Yj6KwYJk6uZAAuBy/1KQVxtfIz
h8X/a8HQoX33GI+rnoAzZsJJQ+zgfh7qG9Bhrp5ShAdjd0o4yDe22i0SPatuslaj
OTAH0qhyUUQPHoX8qG+cZdN9QMtGKqPh88sL/x3nuLwDPzSbT1v5P8PS0edSO5Hd
3mlPnZJ98oAGuGNxQNPcqtuayoaM+z0pCq32KApDlEHRZXnrIfixJcCXgEqKbxGc
pX+c+CGNZeEw5UmiwTFEkxq9v8+3Q1dL+olopvwEjQAiQfsHvBu/lvVxHs1qkEog
r4KtUzxHvQx6A/odMabPDBiEGyAX+L33HEjZZ21jNqKciAtBGEMIfLKumwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFXsBcHdwSR5ImeBVPFReu1dzDd1MB8GA1UdIwQY
MBaAFKZWLQhpSA3BG3SlUs0We29jOci6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGxZdENHbElEY0ViZEtWU3pSWjdiMk01eUxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8yMTJkZDItZGE4ZC00MDQ4LTkxNmEt
NDVhOGZlZDNhMmE1LzEvVmV3RndkM0JKSGtpWjRGVThWRjY3VjNNTjNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8yMTJkZDItZGE4ZC00MDQ4LTkxNmEtNDVhOGZlZDNhMmE1
LzEvcGxZdENHbElEY0ViZEtWU3pSWjdiMk01eUxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALZo8MA8E
AgACMAkDBwQqD7EAAAAwDQYJKoZIhvcNAQELBQADggEBAKBOUhD+zGkpTSzOkKrS
nYCLmdZjY16nlL+5QC9ME9rmOYQP+FNt+KOsLODq/D5V12E5sp3afu8+F9ZMQIUW
j8TGUEIZeevQOA74bMJdqqobtuRF6pkcZYG351jL/cFWuiIYTozLV9gPbfZ7Q9Z7
Rpzx7WKIEowp1CDTJ6werI1f6Gx5bHkot/XuZFXIvGfh/8OEoapSMzGIi2tw1Csy
ZEFhi1LXyYEwJGMbt9lyXd7fko1Pq55lqIVg1Sp39vw25zER+4Of1Wisq9L7X1Ct
YRuXoD+64Gxt6wRjS9k3C19Oi8z3uZYT59zKPa+lDDWuw5+Vs3OHFy/Ry7+maPOh
Nkg=
-----END CERTIFICATE-----