Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/KeP9lH62pt5NuBHhaBRz_mWpe2A.roa
File:                     KeP9lH62pt5NuBHhaBRz_mWpe2A.roa (raw, json)
Hash identifier:          kYH80uKvJ/fCU4mR5ZkbGGTzBmWKfcbx3Ubfvq1ooTk=
Subject key identifier:   29:E3:FD:94:7E:B6:A6:DE:4D:B8:11:E1:68:14:73:FE:65:A9:7B:60
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       018CC5DD130DB9DCB170F5D88FD04E27D7EB
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/KeP9lH62pt5NuBHhaBRz_mWpe2A.roa
Signing time:             Mon 01 Jan 2024 16:30:49 +0000
ROA not before:           Mon 01 Jan 2024 16:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35771
IP address blocks:        45.135.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:13:0d:b9:dc:b1:70:f5:d8:8f:d0:4e:27:d7:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Jan  1 16:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29e3fd947eb6a6de4db811e1681473fe65a97b60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:01:0f:a4:e6:a2:e0:3e:71:42:dd:7e:c0:eb:
                    41:16:95:01:46:5b:60:f1:c9:83:57:f9:6f:ef:fb:
                    a2:7d:70:6e:dc:93:2b:fe:66:7e:bc:5c:63:f7:3a:
                    31:81:7c:f5:67:c9:e3:7e:d8:b1:fe:18:8a:ee:53:
                    64:59:d4:7a:a3:22:af:02:cb:ef:bc:6a:ba:3b:34:
                    69:03:a7:8d:0d:30:c0:34:0f:d9:dd:b4:98:3a:53:
                    b2:68:7f:61:90:57:d8:d9:10:33:c6:75:32:f1:60:
                    35:41:9c:c9:2f:68:3c:b2:40:4e:e1:3c:ac:d7:b7:
                    7c:11:70:bc:c2:a7:20:b3:38:68:cc:fa:7d:c5:36:
                    94:51:41:e4:8e:89:ec:1b:9b:08:56:59:26:bd:69:
                    8d:d2:e9:9b:36:d6:d3:3f:22:7a:fa:5d:e5:d2:93:
                    e6:59:60:44:81:1a:c4:34:2b:80:92:41:5a:c3:50:
                    5c:ad:59:ac:42:42:fe:6f:82:68:14:3b:07:a2:b5:
                    f1:2b:ee:eb:ac:9e:5d:23:38:28:dc:34:e0:b7:cd:
                    cb:39:fd:5a:07:07:e8:15:95:98:aa:e2:10:61:99:
                    fd:1c:d8:35:53:a0:2c:71:dd:01:0c:8d:41:bc:8d:
                    9f:93:14:79:5d:e7:32:af:02:cc:36:e2:67:61:1f:
                    e6:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:E3:FD:94:7E:B6:A6:DE:4D:B8:11:E1:68:14:73:FE:65:A9:7B:60
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/KeP9lH62pt5NuBHhaBRz_mWpe2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:47:b8:fe:df:55:ce:f8:c9:26:50:0e:6d:50:fc:3a:32:e0:
         50:e6:e2:7c:5c:30:04:7a:fb:69:61:05:4c:3d:13:9d:d1:2c:
         de:a9:ee:a8:a5:59:24:f0:a2:4f:06:2c:54:7e:83:e3:24:92:
         f2:64:63:71:1e:5e:47:12:84:b7:3c:5a:73:47:52:8d:00:b1:
         8a:25:4d:99:8f:68:33:a4:fe:fc:18:28:89:b6:fc:b9:ef:50:
         85:e4:9e:93:32:b7:28:f8:ad:ac:64:57:82:13:ed:e2:2e:32:
         db:4f:46:62:93:15:b6:2e:ab:a6:ec:28:a2:2d:0e:35:73:9e:
         c8:96:b8:07:59:a4:62:53:9c:c6:67:68:dd:5d:2e:33:1f:27:
         57:a5:fd:8c:d3:c9:91:d9:18:f9:0d:2e:22:8a:37:f8:ad:55:
         f2:69:a2:03:58:f3:0a:1c:4c:ae:24:b6:43:0c:5a:a3:9d:18:
         4f:b5:46:36:70:b0:1e:cb:40:7f:93:69:20:0b:5a:88:e8:fe:
         ea:7f:fc:5c:5b:3b:1f:fa:22:e5:75:f8:3b:81:75:e6:6e:28:
         93:f5:88:ea:b1:c8:0a:e5:f9:30:49:56:85:ab:46:cb:91:40:
         f0:c1:62:d8:02:79:ce:07:11:fe:2b:4b:9e:fa:8e:e2:28:26:
         7e:27:89:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3RMNudyxcPXYj9BOJ9frMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjQwMTAxMTYzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWUzZmQ5NDdlYjZhNmRlNGRiODExZTE2ODE0NzNmZTY1YTk3YjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQEPpOai4D5xQt1+wOtBFpUBRltg
8cmDV/lv7/uifXBu3JMr/mZ+vFxj9zoxgXz1Z8njftix/hiK7lNkWdR6oyKvAsvv
vGq6OzRpA6eNDTDANA/Z3bSYOlOyaH9hkFfY2RAzxnUy8WA1QZzJL2g8skBO4Tys
17d8EXC8wqcgszhozPp9xTaUUUHkjonsG5sIVlkmvWmN0umbNtbTPyJ6+l3l0pPm
WWBEgRrENCuAkkFaw1BcrVmsQkL+b4JoFDsHorXxK+7rrJ5dIzgo3DTgt83LOf1a
BwfoFZWYquIQYZn9HNg1U6Ascd0BDI1BvI2fkxR5XecyrwLMNuJnYR/m0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnj/ZR+tqbeTbgR4WgUc/5lqXtgMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvS2VQOWxINjJwdDVOdUJIaGFCUnpfbVdwZTJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYfhMA0G
CSqGSIb3DQEBCwUAA4IBAQBsR7j+31XO+MkmUA5tUPw6MuBQ5uJ8XDAEevtpYQVM
PROd0Szeqe6opVkk8KJPBixUfoPjJJLyZGNxHl5HEoS3PFpzR1KNALGKJU2Zj2gz
pP78GCiJtvy571CF5J6TMrco+K2sZFeCE+3iLjLbT0ZikxW2Lqum7CiiLQ41c57I
lrgHWaRiU5zGZ2jdXS4zHydXpf2M08mR2Rj5DS4iijf4rVXyaaIDWPMKHEyuJLZD
DFqjnRhPtUY2cLAey0B/k2kgC1qI6P7qf/xcWzsf+iLldfg7gXXmbiiT9YjqscgK
5fkwSVaFq0bLkUDwwWLYAnnOBxH+K0ue+o7iKCZ+J4kV
-----END CERTIFICATE-----