Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/oQ6oQutjVyoyrWQ0VnFuFIKk0qQ.roa
File:                     oQ6oQutjVyoyrWQ0VnFuFIKk0qQ.roa (raw, json)
Hash identifier:          Nwb8XkBJofB69HPRWHIz/YuxCMC7s2Si9XLC0DVJuD4=
Subject key identifier:   A1:0E:A8:42:EB:63:57:2A:32:AD:64:34:56:71:6E:14:82:A4:D2:A4
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       018CC5DD10CB9DD674B4CFBD050BC0107A6C
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/oQ6oQutjVyoyrWQ0VnFuFIKk0qQ.roa
Signing time:             Mon 01 Jan 2024 16:30:48 +0000
ROA not before:           Mon 01 Jan 2024 16:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3223
IP address blocks:        45.131.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:10:cb:9d:d6:74:b4:cf:bd:05:0b:c0:10:7a:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Jan  1 16:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a10ea842eb63572a32ad643456716e1482a4d2a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6e:10:cd:47:e6:45:00:6c:6b:19:86:0b:d2:
                    72:50:29:be:65:45:b8:fd:25:31:e8:42:c5:56:d3:
                    13:10:50:82:5c:16:bb:1a:63:df:57:e2:fd:06:5e:
                    0f:46:b5:92:c7:10:8c:4f:87:a9:8a:0e:f8:d0:07:
                    42:5a:e4:6f:e0:73:77:c1:8c:9c:6e:a0:fa:80:e8:
                    a5:d4:bd:d0:a4:c5:d5:68:ba:bc:55:9d:68:b7:b9:
                    70:e1:3d:7b:ec:ab:ee:e3:de:f2:97:ac:3d:9f:d0:
                    ae:4d:00:34:ac:c0:83:49:8c:92:2f:92:c1:97:cd:
                    04:d0:3b:5d:3a:bc:10:c6:0a:d2:80:2a:de:59:39:
                    16:68:01:50:ae:4c:e4:75:d3:7b:29:04:59:0e:44:
                    37:a4:57:f8:4d:93:24:8a:9a:48:3b:7d:7b:b1:74:
                    bd:19:7c:0e:c7:9c:39:aa:ad:19:8f:70:43:88:99:
                    47:1a:ac:ef:e7:98:f4:b5:1a:de:fa:99:2a:d3:2d:
                    9b:85:db:d7:57:52:26:b0:9b:33:5b:1f:09:63:7d:
                    b6:e9:e5:0b:eb:71:9a:09:3c:f5:14:b4:59:a6:6f:
                    fc:3c:ef:8e:c6:b5:81:fe:37:1d:40:5d:5a:02:8c:
                    a2:c5:56:6d:64:af:29:a0:d8:61:cb:ba:9d:33:81:
                    f9:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:0E:A8:42:EB:63:57:2A:32:AD:64:34:56:71:6E:14:82:A4:D2:A4
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/oQ6oQutjVyoyrWQ0VnFuFIKk0qQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:6e:d5:f5:57:8d:24:96:e0:dd:8c:fe:73:a6:45:53:bf:22:
         a8:47:39:56:5f:54:98:15:c6:ca:18:77:9d:76:e8:0a:d8:0b:
         db:28:e0:d9:e1:49:3f:03:dc:7f:eb:83:90:1d:c7:f9:1d:d4:
         c3:3c:96:a6:e8:03:ab:68:9f:a3:d8:cd:da:28:fd:85:dd:bc:
         85:0f:24:bc:48:9d:6e:0e:09:19:e7:57:e4:88:52:be:93:4a:
         7a:a6:4a:c9:a5:17:e4:72:9d:2e:c1:2d:33:32:2d:98:db:f8:
         e0:0b:8e:63:a5:71:3f:b7:62:c3:7a:28:e4:a3:92:87:11:d9:
         dc:c1:25:94:3c:56:50:7c:04:df:60:bf:d1:57:b3:4d:14:02:
         3e:e2:22:d2:d5:09:76:a2:f5:a7:a1:b4:d6:44:36:6a:f2:36:
         97:4c:e3:51:cf:56:a5:fd:ca:d1:a9:fb:92:c8:08:14:d5:ef:
         c7:78:5a:1b:99:55:4b:2f:ea:c2:1d:84:59:d2:4a:27:72:ab:
         4d:3c:1d:2a:54:8e:4c:3a:14:f3:dc:ee:c4:31:37:7e:c4:a2:
         cd:ce:fd:be:88:8f:d2:82:66:f3:7f:99:5d:84:ba:39:e4:e8:
         c7:80:97:2b:3c:98:fd:43:03:9b:13:de:61:fc:81:b8:8f:da:
         76:2e:b8:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3RDLndZ0tM+9BQvAEHpsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjQwMTAxMTYzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTBlYTg0MmViNjM1NzJhMzJhZDY0MzQ1NjcxNmUxNDgyYTRkMmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtG4QzUfmRQBsaxmGC9JyUCm+ZUW4
/SUx6ELFVtMTEFCCXBa7GmPfV+L9Bl4PRrWSxxCMT4epig740AdCWuRv4HN3wYyc
bqD6gOil1L3QpMXVaLq8VZ1ot7lw4T177Kvu497yl6w9n9CuTQA0rMCDSYySL5LB
l80E0DtdOrwQxgrSgCreWTkWaAFQrkzkddN7KQRZDkQ3pFf4TZMkippIO317sXS9
GXwOx5w5qq0Zj3BDiJlHGqzv55j0tRre+pkq0y2bhdvXV1ImsJszWx8JY3226eUL
63GaCTz1FLRZpm/8PO+OxrWB/jcdQF1aAoyixVZtZK8poNhhy7qdM4H5wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEOqELrY1cqMq1kNFZxbhSCpNKkMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvb1E2b1F1dGpWeW95cldRMFZuRnVGSUtrMHFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYNqMA0G
CSqGSIb3DQEBCwUAA4IBAQBpbtX1V40kluDdjP5zpkVTvyKoRzlWX1SYFcbKGHed
dugK2AvbKODZ4Uk/A9x/64OQHcf5HdTDPJam6AOraJ+j2M3aKP2F3byFDyS8SJ1u
DgkZ51fkiFK+k0p6pkrJpRfkcp0uwS0zMi2Y2/jgC45jpXE/t2LDeijko5KHEdnc
wSWUPFZQfATfYL/RV7NNFAI+4iLS1Ql2ovWnobTWRDZq8jaXTONRz1al/crRqfuS
yAgU1e/HeFobmVVLL+rCHYRZ0koncqtNPB0qVI5MOhTz3O7EMTd+xKLNzv2+iI/S
gmbzf5ldhLo55OjHgJcrPJj9QwObE95h/IG4j9p2Lrie
-----END CERTIFICATE-----