Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/tdYI_AEPeLnJcAjQCdQTMx3MpfM.roa
File:                     tdYI_AEPeLnJcAjQCdQTMx3MpfM.roa (raw, json)
Hash identifier:          anzlJ9g4eLc/VN6v2y4enkaTnqMHaHMzqUv7HyT2XQ8=
Subject key identifier:   B5:D6:08:FC:01:0F:78:B9:C9:70:08:D0:09:D4:13:33:1D:CC:A5:F3
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       018F852B174EFFDE42A09A56AE140E8010E2
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/tdYI_AEPeLnJcAjQCdQTMx3MpfM.roa
Signing time:             Fri 17 May 2024 06:09:04 +0000
ROA not before:           Fri 17 May 2024 06:09:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204592
IP address blocks:        45.155.122.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:85:2b:17:4e:ff:de:42:a0:9a:56:ae:14:0e:80:10:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: May 17 06:09:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5d608fc010f78b9c97008d009d413331dcca5f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:bb:85:42:a9:08:8e:bb:39:36:0a:f2:fd:db:
                    8b:c9:15:43:30:0c:db:89:2d:06:2d:9a:3a:b9:24:
                    80:c2:61:31:1a:93:3e:95:b2:89:73:bf:9a:8b:11:
                    e2:19:83:97:b9:40:b1:95:2d:d1:aa:ba:30:f4:63:
                    d4:36:07:ad:e2:40:85:8b:80:ee:fa:35:fb:f7:01:
                    06:e9:3f:fe:ce:4a:e3:1c:52:a7:e6:ba:93:ab:ce:
                    cb:c5:1b:cb:10:33:f4:8b:48:a2:93:cb:13:d7:e6:
                    a1:90:ad:36:35:84:92:60:62:12:8d:bf:28:b4:21:
                    84:7c:57:3c:c8:ec:61:c8:32:ac:00:16:eb:c7:67:
                    63:d8:6b:cb:dd:ce:27:97:c7:f2:a1:01:e2:79:14:
                    b1:7b:ac:75:68:aa:ce:fa:84:ca:02:50:d7:d2:17:
                    66:17:e9:2c:89:31:80:e4:5c:ba:ae:e8:dd:53:7d:
                    02:08:fc:58:f0:96:ac:98:bb:fb:21:8b:2f:79:a4:
                    a7:e9:f3:56:15:e3:83:aa:14:74:7f:09:4b:e1:9a:
                    b6:e3:e0:32:53:d4:a9:d0:1b:15:aa:7f:e7:fc:e4:
                    e0:1f:24:23:81:78:68:b2:02:1d:a2:c6:78:0e:43:
                    42:11:92:17:be:99:fa:ff:ff:ec:5e:2a:4e:5d:bc:
                    26:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:D6:08:FC:01:0F:78:B9:C9:70:08:D0:09:D4:13:33:1D:CC:A5:F3
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/tdYI_AEPeLnJcAjQCdQTMx3MpfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:e7:ca:e5:a6:57:34:6e:e9:51:c8:3f:8f:9e:a0:78:35:be:
         9e:eb:76:2e:d0:c7:19:d8:2d:4e:06:ad:60:c5:d2:ba:62:d4:
         52:35:24:01:7b:d1:ee:6d:af:04:28:44:53:30:c9:58:84:f9:
         11:3b:6e:e7:4d:85:e7:fe:ee:dd:04:fa:c3:5b:40:34:f7:93:
         b6:4d:10:04:9e:8e:e7:56:3d:32:15:21:ab:2a:94:8a:4e:e0:
         fc:4b:ac:d2:34:18:99:e5:f8:eb:d5:c1:e8:03:81:03:e3:ca:
         2e:c2:b2:e3:b9:ae:21:9f:f6:38:de:16:ad:78:9c:9d:51:15:
         84:e6:e7:65:14:17:52:27:63:b7:45:3c:b9:84:2a:b6:4c:d8:
         40:8f:5a:ce:b5:93:5a:18:27:73:18:bf:27:f1:1e:74:40:6a:
         fe:a4:07:b4:a6:71:fc:1c:de:d2:f7:f3:f8:09:2d:96:b2:b7:
         b6:5d:10:f9:79:e3:90:05:09:cb:3b:76:05:f8:ab:70:83:86:
         b1:99:2b:bb:49:a2:99:34:92:b9:0c:ff:43:fc:de:8d:59:b7:
         e2:54:0e:2b:42:c2:f6:95:9d:26:39:a3:85:a8:86:0f:96:a9:
         1f:86:2c:92:ce:ac:19:75:19:c4:0e:3b:27:32:a6:95:d0:9b:
         e1:3f:f7:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+FKxdO/95CoJpWrhQOgBDiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwNTE3MDYwOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWQ2MDhmYzAxMGY3OGI5Yzk3MDA4ZDAwOWQ0MTMzMzFkY2NhNWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbuFQqkIjrs5Ngry/duLyRVDMAzb
iS0GLZo6uSSAwmExGpM+lbKJc7+aixHiGYOXuUCxlS3Rqrow9GPUNget4kCFi4Du
+jX79wEG6T/+zkrjHFKn5rqTq87LxRvLEDP0i0iik8sT1+ahkK02NYSSYGISjb8o
tCGEfFc8yOxhyDKsABbrx2dj2GvL3c4nl8fyoQHieRSxe6x1aKrO+oTKAlDX0hdm
F+ksiTGA5Fy6rujdU30CCPxY8JasmLv7IYsveaSn6fNWFeODqhR0fwlL4Zq24+Ay
U9Sp0BsVqn/n/OTgHyQjgXhosgIdosZ4DkNCEZIXvpn6///sXipOXbwmOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLXWCPwBD3i5yXAI0AnUEzMdzKXzMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvdGRZSV9BRVBlTG5KY0FqUUNkUVRNeDNNcGZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZt6MA0G
CSqGSIb3DQEBCwUAA4IBAQBq58rlplc0bulRyD+PnqB4Nb6e63Yu0McZ2C1OBq1g
xdK6YtRSNSQBe9Huba8EKERTMMlYhPkRO27nTYXn/u7dBPrDW0A095O2TRAEno7n
Vj0yFSGrKpSKTuD8S6zSNBiZ5fjr1cHoA4ED48ouwrLjua4hn/Y43hateJydURWE
5udlFBdSJ2O3RTy5hCq2TNhAj1rOtZNaGCdzGL8n8R50QGr+pAe0pnH8HN7S9/P4
CS2Wsre2XRD5eeOQBQnLO3YF+Ktwg4axmSu7SaKZNJK5DP9D/N6NWbfiVA4rQsL2
lZ0mOaOFqIYPlqkfhiySzqwZdRnEDjsnMqaV0JvhP/eg
-----END CERTIFICATE-----