Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/7d2cb5-bddf-4201-baf8-1b24484e55ec/1/pIa0vsj2MJtoq4PywqdZjmav3rw.roa
File:                     pIa0vsj2MJtoq4PywqdZjmav3rw.roa (raw, json)
Hash identifier:          SrucdUIeexjU9vC3sI2jgAKxSISVe3tqBtEKh9Z7CN8=
Subject key identifier:   A4:86:B4:BE:C8:F6:30:9B:68:AB:83:F2:C2:A7:59:8E:66:AF:DE:BC
Certificate issuer:       /CN=54404da602dab0625be7223d09320b1cd7aafced
Certificate serial:       018CC26D6F3A5676259B35E27CF2214D2FF4
Authority key identifier: 54:40:4D:A6:02:DA:B0:62:5B:E7:22:3D:09:32:0B:1C:D7:AA:FC:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VEBNpgLasGJb5yI9CTILHNeq_O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/7d2cb5-bddf-4201-baf8-1b24484e55ec/1/pIa0vsj2MJtoq4PywqdZjmav3rw.roa
Signing time:             Mon 01 Jan 2024 00:30:00 +0000
ROA not before:           Mon 01 Jan 2024 00:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207117
IP address blocks:        45.152.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/7d2cb5-bddf-4201-baf8-1b24484e55ec/1/VEBNpgLasGJb5yI9CTILHNeq_O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/7d2cb5-bddf-4201-baf8-1b24484e55ec/1/VEBNpgLasGJb5yI9CTILHNeq_O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VEBNpgLasGJb5yI9CTILHNeq_O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6f:3a:56:76:25:9b:35:e2:7c:f2:21:4d:2f:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54404da602dab0625be7223d09320b1cd7aafced
        Validity
            Not Before: Jan  1 00:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a486b4bec8f6309b68ab83f2c2a7598e66afdebc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a2:8a:29:5b:95:ff:12:13:4f:a8:70:f8:61:
                    b2:7a:d6:c9:70:b3:f3:b6:bc:8f:1e:cf:14:f5:29:
                    dd:7a:67:c7:3f:e6:61:69:2a:de:78:f2:02:1d:69:
                    56:07:92:8d:3e:bb:5e:03:26:bc:cb:cd:af:0c:45:
                    89:20:6e:e7:32:d2:ed:b2:b0:ec:68:e1:43:6d:e7:
                    46:95:bb:62:01:5b:7c:5c:40:9c:21:c7:31:eb:8e:
                    93:4b:3a:34:be:1a:6d:91:7f:d5:e3:c4:c7:f7:ac:
                    e3:79:ab:4d:49:a3:7f:6b:14:93:43:ed:3d:e4:c3:
                    75:74:30:23:26:36:39:cb:23:61:a8:5b:83:f3:2d:
                    38:4c:c7:1e:88:00:b6:c3:62:10:e8:e3:2a:b6:aa:
                    19:11:b2:62:84:f0:f2:ed:f9:e7:bc:22:01:a0:b0:
                    0c:8e:be:34:81:95:7d:dc:19:a4:1e:4d:22:1e:75:
                    9f:c0:70:ce:f8:4f:71:8f:30:d8:ab:b7:99:6a:66:
                    e6:23:70:57:12:08:c2:b4:80:6a:ef:bd:c3:c1:97:
                    5c:64:84:de:20:57:3a:46:74:34:b9:46:2f:d0:4d:
                    05:1f:d5:43:04:c2:59:0f:53:dd:f9:f9:7a:b4:69:
                    2f:af:bb:fc:bb:5c:cc:4c:8d:ab:8f:42:83:78:89:
                    44:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:86:B4:BE:C8:F6:30:9B:68:AB:83:F2:C2:A7:59:8E:66:AF:DE:BC
            X509v3 Authority Key Identifier:
                keyid:54:40:4D:A6:02:DA:B0:62:5B:E7:22:3D:09:32:0B:1C:D7:AA:FC:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VEBNpgLasGJb5yI9CTILHNeq_O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/7d2cb5-bddf-4201-baf8-1b24484e55ec/1/pIa0vsj2MJtoq4PywqdZjmav3rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/7d2cb5-bddf-4201-baf8-1b24484e55ec/1/VEBNpgLasGJb5yI9CTILHNeq_O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:db:2c:d8:1d:70:8d:80:c8:51:57:5a:a2:50:d4:c8:ab:10:
         7f:e2:1d:ac:9a:05:f9:63:42:02:2c:6d:1a:82:50:ef:e7:2c:
         05:de:16:19:b8:bb:c0:99:56:63:d5:74:cd:bb:04:ee:44:47:
         e4:8d:d7:66:5f:ac:ad:8e:81:ce:de:fc:1a:5b:1f:5c:5f:9e:
         74:72:f5:b0:c3:4e:cb:a4:d0:0c:91:56:a5:58:11:24:f4:be:
         2c:6e:1b:39:23:d2:41:33:b2:1a:93:98:0e:e7:9d:d4:f6:c9:
         7b:e6:7e:b7:aa:be:1d:34:16:fc:09:01:1b:11:cd:85:74:96:
         9e:57:ce:47:dd:42:fc:e4:d4:7c:de:a8:1f:c5:49:20:5b:c9:
         47:04:db:c5:22:e6:2d:10:de:88:9e:13:29:bf:1e:3d:8d:3b:
         4e:60:8d:36:a8:cb:34:b8:a8:c4:b9:92:f2:cd:58:bb:29:2c:
         9a:23:9f:f7:e8:12:c6:4c:09:88:12:7b:75:55:9e:eb:b1:87:
         51:a3:6d:ec:ba:b7:23:70:30:9a:66:34:f1:9a:a9:74:e6:a5:
         83:72:9a:99:cc:70:df:4f:97:55:73:ed:27:c6:76:d2:e8:fa:
         9a:3e:f5:fa:38:7c:62:62:07:80:01:45:5d:60:6f:61:68:b4:
         6e:a2:c2:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbW86VnYlmzXifPIhTS/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NDA0ZGE2MDJkYWIwNjI1YmU3MjIzZDA5MzIwYjFjZDdh
YWZjZWQwHhcNMjQwMTAxMDAzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDg2YjRiZWM4ZjYzMDliNjhhYjgzZjJjMmE3NTk4ZTY2YWZkZWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKKKKVuV/xITT6hw+GGyetbJcLPz
tryPHs8U9SndemfHP+ZhaSreePICHWlWB5KNPrteAya8y82vDEWJIG7nMtLtsrDs
aOFDbedGlbtiAVt8XECcIccx646TSzo0vhptkX/V48TH96zjeatNSaN/axSTQ+09
5MN1dDAjJjY5yyNhqFuD8y04TMceiAC2w2IQ6OMqtqoZEbJihPDy7fnnvCIBoLAM
jr40gZV93BmkHk0iHnWfwHDO+E9xjzDYq7eZambmI3BXEgjCtIBq773DwZdcZITe
IFc6RnQ0uUYv0E0FH9VDBMJZD1Pd+fl6tGkvr7v8u1zMTI2rj0KDeIlEswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKSGtL7I9jCbaKuD8sKnWY5mr968MB8GA1UdIwQY
MBaAFFRATaYC2rBiW+ciPQkyCxzXqvztMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkVCTnBnTGFzR0piNXlJOUNUSUxITmVxX08wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny83ZDJjYjUtYmRkZi00MjAxLWJhZjgt
MWIyNDQ4NGU1NWVjLzEvcElhMHZzajJNSnRvcTRQeXdxZFpqbWF2M3J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny83ZDJjYjUtYmRkZi00MjAxLWJhZjgtMWIyNDQ4NGU1NWVj
LzEvVkVCTnBnTGFzR0piNXlJOUNUSUxITmVxX08wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZhOMA0G
CSqGSIb3DQEBCwUAA4IBAQBe2yzYHXCNgMhRV1qiUNTIqxB/4h2smgX5Y0ICLG0a
glDv5ywF3hYZuLvAmVZj1XTNuwTuREfkjddmX6ytjoHO3vwaWx9cX550cvWww07L
pNAMkValWBEk9L4sbhs5I9JBM7Iak5gO553U9sl75n63qr4dNBb8CQEbEc2FdJae
V85H3UL85NR83qgfxUkgW8lHBNvFIuYtEN6InhMpvx49jTtOYI02qMs0uKjEuZLy
zVi7KSyaI5/36BLGTAmIEnt1VZ7rsYdRo23surcjcDCaZjTxmql05qWDcpqZzHDf
T5dVc+0nxnbS6PqaPvX6OHxiYgeAAUVdYG9haLRuosJU
-----END CERTIFICATE-----