Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/Kgxi5lw5AVz8RKdNC478nQpdxGU.roa
File:                     Kgxi5lw5AVz8RKdNC478nQpdxGU.roa (raw, json)
Hash identifier:          kS/TuxpgTbzeDTtdS/3ELD59Kjtn0Ts7Onk7ylr4D/I=
Subject key identifier:   2A:0C:62:E6:5C:39:01:5C:FC:44:A7:4D:0B:8E:FC:9D:0A:5D:C4:65
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       018DF4B50A44C40D167D56DAF7A5168FAC31
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/Kgxi5lw5AVz8RKdNC478nQpdxGU.roa
Signing time:             Thu 29 Feb 2024 11:52:01 +0000
ROA not before:           Thu 29 Feb 2024 11:52:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33911
IP address blocks:        45.145.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f4:b5:0a:44:c4:0d:16:7d:56:da:f7:a5:16:8f:ac:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Feb 29 11:52:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a0c62e65c39015cfc44a74d0b8efc9d0a5dc465
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2f:5e:f6:b9:a9:57:eb:7c:8c:9a:1e:9a:be:
                    e5:07:66:85:cc:f7:64:53:2a:05:ba:f1:f7:8a:9a:
                    11:53:d3:94:9e:00:99:99:6b:13:e5:bd:df:89:9e:
                    aa:40:c3:80:f6:b5:97:7c:7f:b4:94:86:91:3c:40:
                    d8:99:d1:fb:a7:95:87:f7:77:84:38:d5:c7:72:ad:
                    e8:09:37:26:d3:1e:56:ee:49:0d:f3:b8:e5:4f:11:
                    c8:13:3f:28:13:48:5f:90:33:9e:3b:eb:83:d1:7d:
                    6e:2f:f6:2f:0c:98:b0:3a:00:4e:a7:fa:54:bd:09:
                    f7:90:57:86:12:37:59:eb:ed:c3:43:63:06:48:f8:
                    89:0d:db:26:7e:29:24:53:0c:65:10:47:9b:94:1a:
                    71:a5:fd:fe:ce:ab:d5:0b:1b:95:2c:e0:b7:36:52:
                    4c:43:24:1d:9d:e2:c5:18:06:3b:e2:de:9f:65:52:
                    6f:be:17:4f:b3:ab:79:7c:66:07:7b:e1:77:76:45:
                    d7:66:7b:5a:8f:77:06:92:3c:c3:cd:52:b5:db:ef:
                    24:2d:99:b4:cb:a3:3a:6d:fe:69:d7:de:05:6b:10:
                    c3:37:e4:97:8a:e0:71:c3:00:7e:e2:34:0a:b5:64:
                    a2:d5:4e:3f:24:eb:0e:5d:74:b1:90:c8:7f:d4:90:
                    c8:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:0C:62:E6:5C:39:01:5C:FC:44:A7:4D:0B:8E:FC:9D:0A:5D:C4:65
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/Kgxi5lw5AVz8RKdNC478nQpdxGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:b7:55:51:97:a3:11:fd:24:5e:13:46:72:b0:82:aa:f6:08:
         6d:df:df:57:24:bc:29:5d:c9:1b:8c:f3:42:c3:a7:65:1c:53:
         87:4b:10:22:92:7b:56:9e:4c:6f:1c:75:cc:28:ea:f1:b4:74:
         1f:62:7e:b5:e8:f8:4b:33:b6:ba:69:5d:4e:88:20:3c:55:b3:
         9b:fb:8f:cb:93:60:e9:2d:00:9e:b5:e4:32:55:2a:55:49:e8:
         d6:d7:cc:3c:43:03:66:5b:1b:4d:5b:b9:cd:d0:ed:eb:6c:b0:
         4a:b7:b8:a0:a2:34:08:e2:9c:be:d9:63:4a:f6:cf:34:30:07:
         71:b0:6f:03:dc:b7:b9:8d:d5:40:b2:9b:73:c5:ea:16:6c:e6:
         72:dd:e1:3b:b5:82:4f:be:48:c4:ae:d5:13:e7:a3:12:eb:b7:
         fa:f6:b7:44:3f:7e:2a:b0:5f:ed:24:ea:a7:4f:90:c7:6b:3e:
         68:7a:51:41:1a:c9:32:7e:b1:e9:76:d5:a3:4f:4d:ad:ca:31:
         b1:51:59:24:3a:cd:bc:ea:c6:c4:7f:7e:61:2e:9e:b3:9e:87:
         59:11:bc:2d:29:f1:e1:e7:49:4f:51:15:a3:a5:7f:fc:11:fe:
         21:8c:54:01:52:0b:db:f4:96:74:38:0f:72:f3:ac:20:b5:3a:
         fd:fe:df:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY30tQpExA0WfVba96UWj6wxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjQwMjI5MTE1MjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTBjNjJlNjVjMzkwMTVjZmM0NGE3NGQwYjhlZmM5ZDBhNWRjNDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAly9e9rmpV+t8jJoemr7lB2aFzPdk
UyoFuvH3ipoRU9OUngCZmWsT5b3fiZ6qQMOA9rWXfH+0lIaRPEDYmdH7p5WH93eE
ONXHcq3oCTcm0x5W7kkN87jlTxHIEz8oE0hfkDOeO+uD0X1uL/YvDJiwOgBOp/pU
vQn3kFeGEjdZ6+3DQ2MGSPiJDdsmfikkUwxlEEeblBpxpf3+zqvVCxuVLOC3NlJM
QyQdneLFGAY74t6fZVJvvhdPs6t5fGYHe+F3dkXXZntaj3cGkjzDzVK12+8kLZm0
y6M6bf5p194FaxDDN+SXiuBxwwB+4jQKtWSi1U4/JOsOXXSxkMh/1JDIvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCoMYuZcOQFc/ESnTQuO/J0KXcRlMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvS2d4aTVsdzVBVno4UktkTkM0NzhuUXBkeEdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZEQMA0G
CSqGSIb3DQEBCwUAA4IBAQBot1VRl6MR/SReE0ZysIKq9ght399XJLwpXckbjPNC
w6dlHFOHSxAikntWnkxvHHXMKOrxtHQfYn616PhLM7a6aV1OiCA8VbOb+4/Lk2Dp
LQCeteQyVSpVSejW18w8QwNmWxtNW7nN0O3rbLBKt7igojQI4py+2WNK9s80MAdx
sG8D3Le5jdVAsptzxeoWbOZy3eE7tYJPvkjErtUT56MS67f69rdEP34qsF/tJOqn
T5DHaz5oelFBGskyfrHpdtWjT02tyjGxUVkkOs286sbEf35hLp6znodZEbwtKfHh
50lPURWjpX/8Ef4hjFQBUgvb9JZ0OA9y86wgtTr9/t8+
-----END CERTIFICATE-----