Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/u8y2W6ZelwDhs7n1Jfv6XoJcmD8.roa
File:                     u8y2W6ZelwDhs7n1Jfv6XoJcmD8.roa (raw, json)
Hash identifier:          iVmbJYahdlW78WeO7rXXaZEmg/SKM519kRqE20SkRtg=
Subject key identifier:   BB:CC:B6:5B:A6:5E:97:00:E1:B3:B9:F5:25:FB:FA:5E:82:5C:98:3F
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       018E50976DE9DF362E732A383D52999563D8
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/u8y2W6ZelwDhs7n1Jfv6XoJcmD8.roa
Signing time:             Mon 18 Mar 2024 08:04:45 +0000
ROA not before:           Mon 18 Mar 2024 08:04:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        45.146.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 04:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:50:97:6d:e9:df:36:2e:73:2a:38:3d:52:99:95:63:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Mar 18 08:04:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbccb65ba65e9700e1b3b9f525fbfa5e825c983f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:1e:6a:e7:49:d8:31:66:6b:86:a6:cd:5a:1f:
                    97:82:68:6d:94:2e:50:a4:c4:5a:7d:72:1f:08:3b:
                    df:c0:7d:13:f1:4c:ff:c1:56:fc:95:72:be:6a:8e:
                    eb:18:a4:f0:62:09:bb:89:26:cb:58:e6:26:f2:39:
                    a8:27:df:d2:3a:8c:6c:2c:cf:d2:cc:ec:e3:e6:3f:
                    e3:dd:dd:75:64:97:f1:5d:00:5a:60:5c:11:54:dc:
                    6b:c8:b0:20:53:6a:15:77:ba:75:d3:0b:77:59:69:
                    36:83:f5:f4:4a:b8:09:1c:6f:16:24:d8:b3:c3:02:
                    65:23:fa:d9:a1:1a:d5:3b:8f:16:60:a4:af:17:a8:
                    93:8e:14:a7:62:cf:89:ad:90:be:5b:13:4d:d2:3f:
                    c1:d3:e0:d1:c6:6d:0e:f4:11:34:92:4c:c6:83:2d:
                    60:64:cc:73:9c:81:dc:7a:33:9a:6d:87:a7:e5:f2:
                    6d:de:d7:3d:cd:8b:07:98:20:96:8d:9a:de:91:63:
                    7e:e6:6b:e9:0a:72:5b:54:b1:51:8f:9e:c0:6b:66:
                    71:b0:ca:dd:b4:18:2b:99:e1:d0:42:f5:1c:aa:5f:
                    2f:29:c9:7f:8a:1b:b7:c4:46:df:13:8d:80:80:f0:
                    3c:40:ae:2f:1e:07:3a:54:50:0e:00:90:27:29:1c:
                    de:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:CC:B6:5B:A6:5E:97:00:E1:B3:B9:F5:25:FB:FA:5E:82:5C:98:3F
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/u8y2W6ZelwDhs7n1Jfv6XoJcmD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:13:5a:95:5a:68:38:c1:6c:3d:ab:2e:fe:2c:ec:69:6c:94:
         76:d8:6d:d9:f5:66:a8:68:97:0d:48:47:71:04:ed:28:e2:61:
         41:44:b8:98:fc:29:f8:18:f0:d0:69:ca:a9:52:5c:f1:c9:b4:
         bd:4e:65:a8:f1:ca:8d:e9:06:0c:1d:bd:74:e7:a8:8f:a7:7c:
         e8:0a:23:bf:8f:e4:5b:1c:49:79:2e:19:8f:2f:f0:2a:2e:9b:
         ec:e2:f1:a6:76:f5:d2:7e:11:3f:a2:f5:91:37:7a:e9:a3:62:
         68:e1:1e:08:59:61:f3:56:a4:31:a8:fa:93:3f:39:a1:2a:be:
         d2:9d:17:cd:a6:97:a9:ad:48:a6:3e:3d:22:92:7b:47:37:04:
         e1:68:31:cd:0a:56:51:b0:eb:49:7d:34:07:14:1e:ae:fa:37:
         a3:ed:33:22:1c:15:93:68:7c:fa:0b:35:64:06:75:9e:04:84:
         ae:7d:2a:3d:e5:51:97:f7:fb:51:c7:04:c3:26:5f:d8:51:e8:
         84:98:e4:bd:af:a6:18:6b:c9:72:a0:ad:2e:99:f8:df:0e:d4:
         60:7c:64:94:ae:9f:99:a7:8c:bf:30:56:be:92:71:73:45:cc:
         04:dd:64:4e:59:09:e8:1b:4a:4b:f9:8c:59:bb:90:96:ec:29:
         3b:9e:60:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5Ql23p3zYucyo4PVKZlWPYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjQwMzE4MDgwNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmNjYjY1YmE2NWU5NzAwZTFiM2I5ZjUyNWZiZmE1ZTgyNWM5ODNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7R5q50nYMWZrhqbNWh+XgmhtlC5Q
pMRafXIfCDvfwH0T8Uz/wVb8lXK+ao7rGKTwYgm7iSbLWOYm8jmoJ9/SOoxsLM/S
zOzj5j/j3d11ZJfxXQBaYFwRVNxryLAgU2oVd7p10wt3WWk2g/X0SrgJHG8WJNiz
wwJlI/rZoRrVO48WYKSvF6iTjhSnYs+JrZC+WxNN0j/B0+DRxm0O9BE0kkzGgy1g
ZMxznIHcejOabYen5fJt3tc9zYsHmCCWjZrekWN+5mvpCnJbVLFRj57Aa2ZxsMrd
tBgrmeHQQvUcql8vKcl/ihu3xEbfE42AgPA8QK4vHgc6VFAOAJAnKRzekQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLvMtlumXpcA4bO59SX7+l6CXJg/MB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvdTh5Mlc2WmVsd0RoczduMUpmdjZYb0pjbUQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZLLMA0G
CSqGSIb3DQEBCwUAA4IBAQCEE1qVWmg4wWw9qy7+LOxpbJR22G3Z9WaoaJcNSEdx
BO0o4mFBRLiY/Cn4GPDQacqpUlzxybS9TmWo8cqN6QYMHb1056iPp3zoCiO/j+Rb
HEl5LhmPL/AqLpvs4vGmdvXSfhE/ovWRN3rpo2Jo4R4IWWHzVqQxqPqTPzmhKr7S
nRfNppeprUimPj0ikntHNwThaDHNClZRsOtJfTQHFB6u+jej7TMiHBWTaHz6CzVk
BnWeBISufSo95VGX9/tRxwTDJl/YUeiEmOS9r6YYa8lyoK0umfjfDtRgfGSUrp+Z
p4y/MFa+knFzRcwE3WROWQnoG0pL+YxZu5CW7Ck7nmCt
-----END CERTIFICATE-----