Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/noeycDSAU8aLwrndfpkxrIvBumM.roa
File:                     noeycDSAU8aLwrndfpkxrIvBumM.roa (raw, json)
Hash identifier:          i1R+Ow6WzYakFfYy5nYc1v6ep91jj5lukG1kJ5nkFkM=
Subject key identifier:   9E:87:B2:70:34:80:53:C6:8B:C2:B9:DD:7E:99:31:AC:8B:C1:BA:63
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       018CC94D88537F83F1273E801D80D3F376F2
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/noeycDSAU8aLwrndfpkxrIvBumM.roa
Signing time:             Tue 02 Jan 2024 08:32:30 +0000
ROA not before:           Tue 02 Jan 2024 08:32:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        45.146.200.0/24 maxlen: 24
                          45.146.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 19:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:88:53:7f:83:f1:27:3e:80:1d:80:d3:f3:76:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jan  2 08:32:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e87b270348053c68bc2b9dd7e9931ac8bc1ba63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f7:f2:06:e8:85:78:32:7f:ef:e0:48:c7:9e:
                    26:a4:5b:4e:99:47:e3:bc:24:74:71:f7:a6:89:d3:
                    1d:26:b3:31:aa:c3:d2:a6:28:28:4d:26:4e:ca:ce:
                    01:7a:6a:86:b7:b9:2c:08:2c:c6:2d:77:ca:46:ca:
                    fe:b1:6b:25:a4:57:85:f9:39:45:0e:0d:0d:97:6a:
                    a4:27:ce:01:84:ee:50:f3:7c:ef:d0:33:e5:1e:df:
                    61:17:11:f1:24:25:28:97:32:ac:55:18:72:b8:b5:
                    71:90:6c:7a:24:eb:75:c0:91:4a:e5:53:7c:eb:38:
                    5f:81:e9:48:04:06:46:a1:43:0d:42:cc:d2:95:a4:
                    1f:d8:9a:08:f6:6f:54:ca:19:54:4b:e7:f0:b1:2f:
                    87:6f:50:93:e8:73:31:2d:21:26:d4:1f:5f:d1:58:
                    54:f8:06:15:ba:2a:a3:4b:4e:0d:b5:40:52:1a:69:
                    73:94:6e:17:4c:68:07:81:31:30:dc:e4:b2:02:6d:
                    be:99:31:9c:dc:ae:ab:c5:fa:02:9d:d3:b3:f6:99:
                    98:f2:61:dd:c3:41:0b:9f:05:97:0c:dd:37:cb:94:
                    86:54:2b:ac:3c:48:fb:b7:dc:f5:79:28:f7:f1:19:
                    11:c1:ff:ee:10:b5:bd:c4:83:a8:9d:70:9f:fd:1b:
                    59:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:87:B2:70:34:80:53:C6:8B:C2:B9:DD:7E:99:31:AC:8B:C1:BA:63
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/noeycDSAU8aLwrndfpkxrIvBumM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         86:55:a5:1f:1b:90:b0:28:1a:89:6e:c5:17:d5:dc:e1:98:db:
         a0:b9:58:e3:ec:95:2f:97:b2:96:d0:da:b7:84:c2:92:5e:34:
         a4:ca:bf:8d:80:d5:56:bc:cd:d0:f5:4b:38:73:8d:cd:3e:05:
         84:fc:79:71:b9:28:c4:2e:e1:89:5c:03:e3:06:77:7d:2b:24:
         02:14:82:b1:b2:4a:60:06:64:39:1b:10:15:69:e0:c9:37:fb:
         aa:5c:b3:df:43:3f:d4:e7:b3:67:ec:29:65:22:e9:1f:cb:c2:
         1b:4b:8d:21:6a:77:31:6b:a1:48:57:0c:ad:b2:bb:85:97:48:
         a8:ad:3d:69:a2:55:fc:15:61:f7:06:3f:00:dd:ba:04:db:40:
         b4:66:03:e8:9b:89:50:25:a3:23:95:38:9a:7b:b4:a3:db:d2:
         52:8b:8e:3f:4a:bc:a5:51:ae:71:50:f3:6a:bb:00:98:86:86:
         a3:88:5a:fb:b1:97:74:bb:a8:01:ff:c9:e9:f4:c4:5e:d1:b5:
         94:e2:2f:2b:db:1e:9f:e5:ea:76:c4:7c:9c:ef:ed:ff:89:d1:
         7b:0c:39:a2:22:d2:ae:ee:91:1f:f7:6a:9f:9c:ba:8f:87:5a:
         6f:ae:30:8b:56:66:d5:a7:c2:93:96:c9:7f:fc:f8:31:af:d5:
         93:84:ea:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTYhTf4PxJz6AHYDT83byMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjQwMTAyMDgzMjMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTg3YjI3MDM0ODA1M2M2OGJjMmI5ZGQ3ZTk5MzFhYzhiYzFiYTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/fyBuiFeDJ/7+BIx54mpFtOmUfj
vCR0cfemidMdJrMxqsPSpigoTSZOys4BemqGt7ksCCzGLXfKRsr+sWslpFeF+TlF
Dg0Nl2qkJ84BhO5Q83zv0DPlHt9hFxHxJCUolzKsVRhyuLVxkGx6JOt1wJFK5VN8
6zhfgelIBAZGoUMNQszSlaQf2JoI9m9UyhlUS+fwsS+Hb1CT6HMxLSEm1B9f0VhU
+AYVuiqjS04NtUBSGmlzlG4XTGgHgTEw3OSyAm2+mTGc3K6rxfoCndOz9pmY8mHd
w0ELnwWXDN03y5SGVCusPEj7t9z1eSj38RkRwf/uELW9xIOonXCf/RtZMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6HsnA0gFPGi8K53X6ZMayLwbpjMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvbm9leWNEU0FVOGFMd3JuZGZwa3hySXZCdW1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZLIMA0G
CSqGSIb3DQEBCwUAA4IBAQCGVaUfG5CwKBqJbsUX1dzhmNuguVjj7JUvl7KW0Nq3
hMKSXjSkyr+NgNVWvM3Q9Us4c43NPgWE/HlxuSjELuGJXAPjBnd9KyQCFIKxskpg
BmQ5GxAVaeDJN/uqXLPfQz/U57Nn7CllIukfy8IbS40hancxa6FIVwytsruFl0io
rT1polX8FWH3Bj8A3boE20C0ZgPom4lQJaMjlTiae7Sj29JSi44/SrylUa5xUPNq
uwCYhoajiFr7sZd0u6gB/8np9MRe0bWU4i8r2x6f5ep2xHyc7+3/idF7DDmiItKu
7pEf92qfnLqPh1pvrjCLVmbVp8KTlsl//Pgxr9WThOr/
-----END CERTIFICATE-----