Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/UeQOZVLrd6vHXtOWm2LoGJtiGqQ.roa
File:                     UeQOZVLrd6vHXtOWm2LoGJtiGqQ.roa (raw, json)
Hash identifier:          rycqQdVy6me64GFb0iJRFxTQ5B4G71VLP5RP6AmHVJg=
Subject key identifier:   51:E4:0E:65:52:EB:77:AB:C7:5E:D3:96:9B:62:E8:18:9B:62:1A:A4
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       018CC94E6C8BE608A84F743D7F5C29B8E6B4
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/UeQOZVLrd6vHXtOWm2LoGJtiGqQ.roa
Signing time:             Tue 02 Jan 2024 08:33:29 +0000
ROA not before:           Tue 02 Jan 2024 08:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35711
IP address blocks:        45.14.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6c:8b:e6:08:a8:4f:74:3d:7f:5c:29:b8:e6:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  2 08:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51e40e6552eb77abc75ed3969b62e8189b621aa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b8:c1:2f:45:92:aa:24:c7:5c:d9:1d:db:99:
                    5c:f7:d8:8a:ef:39:02:22:ec:c7:df:f6:92:32:22:
                    cd:fe:37:55:33:25:4b:b6:66:65:a2:88:fd:b1:d0:
                    ca:b9:0a:6e:08:43:ae:4e:58:ff:7f:98:de:f8:1c:
                    8c:a8:fd:53:d8:8f:61:a8:2a:9f:dc:4e:ac:3f:e4:
                    db:25:26:f4:b1:b9:05:aa:18:ad:f7:98:fb:54:aa:
                    62:a3:43:0b:e6:93:d1:5b:82:5f:47:b7:5d:60:34:
                    d8:6a:de:e6:c7:d1:90:8c:d0:39:33:d1:eb:e0:96:
                    ca:74:b3:ed:a9:00:47:0a:33:94:18:f6:14:f0:10:
                    73:f2:18:dd:25:e4:a0:a6:fa:ed:ae:0d:bd:62:7e:
                    e3:25:4e:fe:d3:d1:3f:d5:56:fc:0f:3d:f7:be:34:
                    a4:18:fa:94:5a:31:48:9b:94:65:80:f2:66:5f:1d:
                    09:19:de:58:6c:07:c3:3f:4c:ea:cc:8e:06:b5:df:
                    b2:78:91:34:41:9c:9e:3e:08:7c:79:d6:df:04:64:
                    4f:2e:a1:fc:c3:5d:1f:9e:85:8c:61:c5:e3:d3:7b:
                    fa:e1:a8:9e:12:9d:c1:f2:6a:29:6d:65:de:35:d6:
                    69:6e:4a:5e:ef:21:87:ae:4e:f5:af:5a:9a:a7:eb:
                    30:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:E4:0E:65:52:EB:77:AB:C7:5E:D3:96:9B:62:E8:18:9B:62:1A:A4
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/UeQOZVLrd6vHXtOWm2LoGJtiGqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:ef:c4:99:84:f6:d0:06:86:3d:c5:1b:d7:dc:86:6c:75:2b:
         b6:db:58:02:43:f7:63:72:76:ea:20:e9:fa:f7:0c:c5:cc:43:
         97:e9:c4:5d:f6:aa:42:88:38:74:72:69:97:5b:5e:50:1d:a5:
         8f:e0:b7:13:5f:61:b9:fb:19:78:05:d7:8d:dd:78:90:0a:72:
         4a:08:3b:b7:42:aa:57:bd:f6:3d:cc:5e:7e:49:10:e2:71:a9:
         10:f2:35:8c:c1:89:80:d2:06:48:7b:5f:d6:6b:cb:1f:d3:c4:
         56:07:1a:eb:ca:b6:6c:fc:1e:cd:34:92:b5:ea:52:03:ff:dd:
         f1:c9:ff:f0:e6:8c:24:61:e1:a4:90:3a:26:49:c1:ef:3b:55:
         43:22:61:dc:a1:69:9e:84:df:0a:30:6c:58:ba:de:1e:d6:68:
         7d:7d:6b:d4:ed:60:9e:a2:de:d5:a9:9a:6a:a2:55:79:8b:f8:
         fd:f6:59:6a:1a:6b:d8:32:18:f3:50:64:0e:10:a2:ad:b0:68:
         fe:f4:58:42:17:6c:e0:7b:fa:39:7b:b1:6f:b8:a7:a5:fb:20:
         93:12:83:3e:7e:75:2f:bd:35:33:3f:19:ea:42:d3:d0:d6:7d:
         9e:31:38:a3:a7:c3:48:c6:8d:72:3a:8d:19:cf:5b:82:d1:d2:
         14:2a:06:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTmyL5gioT3Q9f1wpuOa0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjQwMTAyMDgzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWU0MGU2NTUyZWI3N2FiYzc1ZWQzOTY5YjYyZTgxODliNjIxYWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobjBL0WSqiTHXNkd25lc99iK7zkC
IuzH3/aSMiLN/jdVMyVLtmZlooj9sdDKuQpuCEOuTlj/f5je+ByMqP1T2I9hqCqf
3E6sP+TbJSb0sbkFqhit95j7VKpio0ML5pPRW4JfR7ddYDTYat7mx9GQjNA5M9Hr
4JbKdLPtqQBHCjOUGPYU8BBz8hjdJeSgpvrtrg29Yn7jJU7+09E/1Vb8Dz33vjSk
GPqUWjFIm5RlgPJmXx0JGd5YbAfDP0zqzI4Gtd+yeJE0QZyePgh8edbfBGRPLqH8
w10fnoWMYcXj03v64aieEp3B8mopbWXeNdZpbkpe7yGHrk71r1qap+swKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFHkDmVS63erx17Tlpti6BibYhqkMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvVWVRT1pWTHJkNnZIWHRPV20yTG9HSnRpR3FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ7sMA0G
CSqGSIb3DQEBCwUAA4IBAQDJ78SZhPbQBoY9xRvX3IZsdSu221gCQ/djcnbqIOn6
9wzFzEOX6cRd9qpCiDh0cmmXW15QHaWP4LcTX2G5+xl4BdeN3XiQCnJKCDu3QqpX
vfY9zF5+SRDicakQ8jWMwYmA0gZIe1/Wa8sf08RWBxrryrZs/B7NNJK16lID/93x
yf/w5owkYeGkkDomScHvO1VDImHcoWmehN8KMGxYut4e1mh9fWvU7WCeot7VqZpq
olV5i/j99llqGmvYMhjzUGQOEKKtsGj+9FhCF2zge/o5e7FvuKel+yCTEoM+fnUv
vTUzPxnqQtPQ1n2eMTijp8NIxo1yOo0Zz1uC0dIUKgb0
-----END CERTIFICATE-----