Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/DHPXADILhwM7Ks88M9bGR-JWRiE.roa
File:                     DHPXADILhwM7Ks88M9bGR-JWRiE.roa (raw, json)
Hash identifier:          kXxbk7h7yWQm9eHCBsOWkHTfYQ9v+PYBBkZ0LJriiWc=
Subject key identifier:   0C:73:D7:00:32:0B:87:03:3B:2A:CF:3C:33:D6:C6:47:E2:56:46:21
Certificate issuer:       /CN=cc6077e004e88eff8f13b7740df254d9e48dd574
Certificate serial:       01934650A3F55F969120BDB0D51B1E03F634
Authority key identifier: CC:60:77:E0:04:E8:8E:FF:8F:13:B7:74:0D:F2:54:D9:E4:8D:D5:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zGB34ATojv-PE7d0DfJU2eSN1XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/DHPXADILhwM7Ks88M9bGR-JWRiE.roa
Signing time:             Tue 19 Nov 2024 21:25:10 +0000
ROA not before:           Tue 19 Nov 2024 21:25:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        45.10.120.0/22 maxlen: 24
                          2a0e:3d80:beaf::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/zGB34ATojv-PE7d0DfJU2eSN1XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/zGB34ATojv-PE7d0DfJU2eSN1XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zGB34ATojv-PE7d0DfJU2eSN1XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:46:50:a3:f5:5f:96:91:20:bd:b0:d5:1b:1e:03:f6:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc6077e004e88eff8f13b7740df254d9e48dd574
        Validity
            Not Before: Nov 19 21:25:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c73d700320b87033b2acf3c33d6c647e2564621
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:4c:50:26:eb:08:d6:f8:db:fd:88:86:3d:6e:
                    ab:44:ea:41:7a:35:7d:66:8a:01:05:3b:b8:5a:f9:
                    60:59:07:d5:d3:27:73:eb:0a:be:ba:86:af:16:66:
                    ce:76:14:1c:2a:d5:76:76:bc:76:5f:86:99:57:38:
                    52:56:f0:32:a6:09:8f:ec:74:57:87:0d:f4:bf:4b:
                    cf:01:ea:0e:87:69:19:ee:6f:bd:89:5c:f2:15:30:
                    bc:5e:ca:75:9e:9e:97:a2:29:af:9a:92:16:27:e4:
                    3e:5b:82:f2:61:4f:87:fd:5b:18:10:4f:b6:be:0a:
                    31:93:62:cc:52:49:fb:cf:b6:5d:97:d3:f7:d3:7b:
                    3c:01:3b:5d:1d:18:ba:fa:6a:69:f2:ca:34:19:0b:
                    db:36:b3:ce:44:07:d7:25:b4:55:e6:3a:7c:8c:82:
                    aa:e2:ce:d9:c5:27:2f:eb:2f:6d:bb:b4:7d:40:de:
                    dc:d8:0b:26:a0:b8:41:9d:ef:e9:58:e7:e5:43:da:
                    8c:83:2d:e3:1f:25:cc:ce:26:48:be:5f:f3:9f:97:
                    6f:8b:4f:be:7e:f9:4f:e4:63:a1:8c:d9:d3:5f:7c:
                    d4:cc:83:80:af:04:7e:73:0c:cb:34:4b:05:6a:21:
                    75:77:68:53:9a:7e:d3:48:3b:71:8c:e4:cf:97:a8:
                    8b:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:73:D7:00:32:0B:87:03:3B:2A:CF:3C:33:D6:C6:47:E2:56:46:21
            X509v3 Authority Key Identifier:
                keyid:CC:60:77:E0:04:E8:8E:FF:8F:13:B7:74:0D:F2:54:D9:E4:8D:D5:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zGB34ATojv-PE7d0DfJU2eSN1XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/DHPXADILhwM7Ks88M9bGR-JWRiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/zGB34ATojv-PE7d0DfJU2eSN1XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.120.0/22
                IPv6:
                  2a0e:3d80:beaf::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:d6:6d:a0:91:45:1d:b1:e6:5c:21:64:d5:79:ed:6e:a8:b7:
         4e:4d:14:b2:7c:8d:83:f5:f4:f5:5a:61:3c:73:d9:37:98:af:
         ec:b1:1a:cd:ad:a8:88:4a:04:9e:df:90:94:0f:c3:99:e5:c7:
         0d:f5:13:22:9f:41:2a:05:5f:8a:8e:a3:2a:72:4f:a7:b1:16:
         63:b6:47:22:e0:14:af:4b:b8:19:51:bf:5b:59:a3:2a:32:88:
         ed:d9:22:72:8b:89:8e:7a:d1:99:7d:06:49:49:c7:a2:dd:84:
         22:0a:ba:ff:01:fd:c7:ed:1c:3c:01:71:af:f4:cd:1f:e3:8b:
         08:34:20:d6:74:87:63:54:c5:5d:0f:1d:13:46:b8:4b:1d:dc:
         45:3b:a3:10:d5:55:b3:d8:2c:25:f6:76:15:49:17:9c:b0:d4:
         e1:32:4f:ba:95:c1:2c:f5:f6:c0:e9:29:86:9c:e3:79:e0:d4:
         d6:e9:2a:66:fe:44:24:54:39:1a:c3:75:5b:f7:e3:96:40:9c:
         95:4e:83:09:5a:33:c9:98:41:d4:80:99:6d:c4:49:63:9d:51:
         b0:1a:d7:d0:12:55:eb:16:0b:45:8d:53:cf:cb:36:d8:39:e2:
         9e:60:0f:c8:c0:ae:5a:3e:b6:98:e1:2b:ce:e4:aa:d7:a6:66:
         ef:c2:f5:12
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZNGUKP1X5aRIL2w1RseA/Y0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNjA3N2UwMDRlODhlZmY4ZjEzYjc3NDBkZjI1NGQ5ZTQ4
ZGQ1NzQwHhcNMjQxMTE5MjEyNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzczZDcwMDMyMGI4NzAzM2IyYWNmM2MzM2Q2YzY0N2UyNTY0NjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkxQJusI1vjb/YiGPW6rROpBejV9
ZooBBTu4WvlgWQfV0ydz6wq+uoavFmbOdhQcKtV2drx2X4aZVzhSVvAypgmP7HRX
hw30v0vPAeoOh2kZ7m+9iVzyFTC8Xsp1np6XoimvmpIWJ+Q+W4LyYU+H/VsYEE+2
vgoxk2LMUkn7z7Zdl9P303s8ATtdHRi6+mpp8so0GQvbNrPORAfXJbRV5jp8jIKq
4s7ZxScv6y9tu7R9QN7c2AsmoLhBne/pWOflQ9qMgy3jHyXMziZIvl/zn5dvi0++
fvlP5GOhjNnTX3zUzIOArwR+cwzLNEsFaiF1d2hTmn7TSDtxjOTPl6iLlwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAxz1wAyC4cDOyrPPDPWxkfiVkYhMB8GA1UdIwQY
MBaAFMxgd+AE6I7/jxO3dA3yVNnkjdV0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekdCMzRBVG9qdi1QRTdkMERmSlUyZVNOMVhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS81ODE3OGQtMzc3Yi00NjBhLTk0YjEt
NDY3MWY0YmFhOWIxLzEvREhQWEFESUxod003S3M4OE05YkdSLUpXUmlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS81ODE3OGQtMzc3Yi00NjBhLTk0YjEtNDY3MWY0YmFhOWIx
LzEvekdCMzRBVG9qdi1QRTdkMERmSlUyZVNOMVhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCLQp4MA8E
AgACMAkDBwAqDj2Avq8wDQYJKoZIhvcNAQELBQADggEBAG3WbaCRRR2x5lwhZNV5
7W6ot05NFLJ8jYP19PVaYTxz2TeYr+yxGs2tqIhKBJ7fkJQPw5nlxw31EyKfQSoF
X4qOoypyT6exFmO2RyLgFK9LuBlRv1tZoyoyiO3ZInKLiY560Zl9BklJx6LdhCIK
uv8B/cftHDwBca/0zR/jiwg0INZ0h2NUxV0PHRNGuEsd3EU7oxDVVbPYLCX2dhVJ
F5yw1OEyT7qVwSz19sDpKYac43ng1NbpKmb+RCRUORrDdVv345ZAnJVOgwlaM8mY
QdSAmW3ESWOdUbAa19ASVesWC0WNU8/LNtg54p5gD8jArlo+tpjhK87kqtemZu/C
9RI=
-----END CERTIFICATE-----