Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/KLxwM_LwqDbSg_VsaG6w117BemE.roa
File:                     KLxwM_LwqDbSg_VsaG6w117BemE.roa (raw, json)
Hash identifier:          ym0VQWHzLUh1bHGwBnnwDNOXnbRdS1+3SeAD+O0x82M=
Subject key identifier:   28:BC:70:33:F2:F0:A8:36:D2:83:F5:6C:68:6E:B0:D7:5E:C1:7A:61
Certificate issuer:       /CN=cc6077e004e88eff8f13b7740df254d9e48dd574
Certificate serial:       018CC86FBBFBBD92E944030023C45A234AB7
Authority key identifier: CC:60:77:E0:04:E8:8E:FF:8F:13:B7:74:0D:F2:54:D9:E4:8D:D5:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zGB34ATojv-PE7d0DfJU2eSN1XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/KLxwM_LwqDbSg_VsaG6w117BemE.roa
Signing time:             Tue 02 Jan 2024 04:30:14 +0000
ROA not before:           Tue 02 Jan 2024 04:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49030
IP address blocks:        45.10.120.0/24 maxlen: 24
                          2001:67c:1424::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/zGB34ATojv-PE7d0DfJU2eSN1XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/zGB34ATojv-PE7d0DfJU2eSN1XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zGB34ATojv-PE7d0DfJU2eSN1XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:bb:fb:bd:92:e9:44:03:00:23:c4:5a:23:4a:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc6077e004e88eff8f13b7740df254d9e48dd574
        Validity
            Not Before: Jan  2 04:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28bc7033f2f0a836d283f56c686eb0d75ec17a61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:3d:72:eb:6c:68:52:85:e1:08:6a:0c:48:54:
                    18:1f:3d:96:3b:c4:fa:26:c9:11:76:6c:fe:33:a4:
                    39:3f:5f:e2:64:18:a6:1e:38:ff:04:64:b3:00:26:
                    b4:d5:22:43:16:b4:e6:37:28:79:49:20:ad:3f:41:
                    26:1a:51:f1:9c:be:8f:92:00:b4:c3:2a:d1:c4:15:
                    54:ca:30:03:05:eb:3c:d3:2c:a9:16:bd:90:00:6a:
                    a6:5a:b4:36:c7:8f:32:2d:1f:dd:7d:20:86:31:3c:
                    b2:03:8b:18:47:3a:e7:ba:89:15:7c:88:75:d7:47:
                    7f:e0:a7:1a:6e:b3:0b:4e:46:da:d3:6c:e8:9b:35:
                    27:40:34:4d:d3:71:4c:99:9f:b1:a2:fe:d1:c6:f2:
                    65:83:d9:92:62:0f:0c:4c:56:09:30:a4:a3:6a:4d:
                    28:ff:a9:09:d2:97:8b:39:55:de:f8:30:51:04:51:
                    c3:a7:39:f0:49:ed:f9:ba:b7:06:11:de:d4:2a:74:
                    47:4a:af:b7:5a:81:d4:ce:57:d8:ba:53:09:07:01:
                    14:00:21:dc:22:5a:d5:a8:1c:ba:22:f1:27:0c:f0:
                    57:d4:a0:33:2c:26:35:b1:e7:5a:58:4d:65:91:3f:
                    a0:8c:3a:e9:be:8a:6f:b2:07:04:34:f2:2f:ca:52:
                    70:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:BC:70:33:F2:F0:A8:36:D2:83:F5:6C:68:6E:B0:D7:5E:C1:7A:61
            X509v3 Authority Key Identifier:
                keyid:CC:60:77:E0:04:E8:8E:FF:8F:13:B7:74:0D:F2:54:D9:E4:8D:D5:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zGB34ATojv-PE7d0DfJU2eSN1XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/KLxwM_LwqDbSg_VsaG6w117BemE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/58178d-377b-460a-94b1-4671f4baa9b1/1/zGB34ATojv-PE7d0DfJU2eSN1XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.120.0/24
                IPv6:
                  2001:67c:1424::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:32:44:a7:7a:0f:0c:76:83:62:4c:81:d2:f3:a7:21:78:a6:
         aa:b7:cf:66:4d:65:5d:24:f9:29:8b:50:d3:0d:54:5a:db:47:
         89:12:d0:b2:41:52:fd:6f:80:e2:65:85:e4:63:e2:94:22:78:
         9f:1c:ed:b1:ee:d1:2b:b6:30:6b:61:75:85:53:9d:06:e0:71:
         cf:83:a2:a9:eb:15:85:43:d5:85:0c:f8:14:fc:72:5a:91:38:
         15:b2:99:33:bc:1a:d6:31:71:97:d8:8f:b3:0f:34:b0:c3:76:
         9e:61:23:7c:a5:ae:dc:de:74:23:3e:ce:ed:93:c1:9b:55:28:
         cb:19:f6:89:3c:a5:9f:31:db:58:ce:97:ef:ae:d3:a9:80:d3:
         ba:e2:a3:d8:bc:fe:7d:3b:94:81:68:1e:b6:47:8a:95:11:46:
         ad:c4:5c:27:1e:48:7f:1b:f4:c0:db:e0:04:dc:3f:01:93:01:
         44:e8:06:2e:ed:88:5c:c8:34:f8:ae:a5:c5:07:68:1d:0f:ee:
         d1:a9:7c:07:2f:6f:b4:8a:63:fa:0e:b0:46:9b:5d:ae:e6:8c:
         13:b9:f1:f8:52:e3:4d:43:40:e2:77:6b:d6:b3:1b:5f:66:b3:
         77:3b:ce:7e:51:6f:68:15:13:bc:d0:e4:46:0f:34:e7:ad:9e:
         cd:c5:6e:c6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIb7v7vZLpRAMAI8RaI0q3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNjA3N2UwMDRlODhlZmY4ZjEzYjc3NDBkZjI1NGQ5ZTQ4
ZGQ1NzQwHhcNMjQwMTAyMDQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGJjNzAzM2YyZjBhODM2ZDI4M2Y1NmM2ODZlYjBkNzVlYzE3YTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz1y62xoUoXhCGoMSFQYHz2WO8T6
JskRdmz+M6Q5P1/iZBimHjj/BGSzACa01SJDFrTmNyh5SSCtP0EmGlHxnL6PkgC0
wyrRxBVUyjADBes80yypFr2QAGqmWrQ2x48yLR/dfSCGMTyyA4sYRzrnuokVfIh1
10d/4KcabrMLTkba02zomzUnQDRN03FMmZ+xov7RxvJlg9mSYg8MTFYJMKSjak0o
/6kJ0peLOVXe+DBRBFHDpznwSe35urcGEd7UKnRHSq+3WoHUzlfYulMJBwEUACHc
IlrVqBy6IvEnDPBX1KAzLCY1sedaWE1lkT+gjDrpvopvsgcENPIvylJwsQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCi8cDPy8Kg20oP1bGhusNdewXphMB8GA1UdIwQY
MBaAFMxgd+AE6I7/jxO3dA3yVNnkjdV0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekdCMzRBVG9qdi1QRTdkMERmSlUyZVNOMVhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS81ODE3OGQtMzc3Yi00NjBhLTk0YjEt
NDY3MWY0YmFhOWIxLzEvS0x4d01fTHdxRGJTZ19Wc2FHNncxMTdCZW1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS81ODE3OGQtMzc3Yi00NjBhLTk0YjEtNDY3MWY0YmFhOWIx
LzEvekdCMzRBVG9qdi1QRTdkMERmSlUyZVNOMVhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALQp4MA8E
AgACMAkDBwAgAQZ8FCQwDQYJKoZIhvcNAQELBQADggEBAL8yRKd6Dwx2g2JMgdLz
pyF4pqq3z2ZNZV0k+SmLUNMNVFrbR4kS0LJBUv1vgOJlheRj4pQieJ8c7bHu0Su2
MGthdYVTnQbgcc+DoqnrFYVD1YUM+BT8clqROBWymTO8GtYxcZfYj7MPNLDDdp5h
I3ylrtzedCM+zu2TwZtVKMsZ9ok8pZ8x21jOl++u06mA07rio9i8/n07lIFoHrZH
ipURRq3EXCceSH8b9MDb4ATcPwGTAUToBi7tiFzINPiupcUHaB0P7tGpfAcvb7SK
Y/oOsEabXa7mjBO58fhS401DQOJ3a9azG19ms3c7zn5Rb2gVE7zQ5EYPNOetns3F
bsY=
-----END CERTIFICATE-----