Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/V1IHpErbztKUndLcBCon-fv-6nc.roa
File:                     V1IHpErbztKUndLcBCon-fv-6nc.roa (raw, json)
Hash identifier:          zy9T5ejXitS6HaQU41xje/kG6hFQ/BfPX2Hwbojd9tM=
Subject key identifier:   57:52:07:A4:4A:DB:CE:D2:94:9D:D2:DC:04:2A:27:F9:FB:FE:EA:77
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       018CC94E6C4CF81E09696785BE7F0CF1D7A0
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/V1IHpErbztKUndLcBCon-fv-6nc.roa
Signing time:             Tue 02 Jan 2024 08:33:29 +0000
ROA not before:           Tue 02 Jan 2024 08:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34679
IP address blocks:        45.14.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6c:4c:f8:1e:09:69:67:85:be:7f:0c:f1:d7:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  2 08:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=575207a44adbced2949dd2dc042a27f9fbfeea77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5a:a1:d6:6c:54:78:0f:a8:a5:6f:58:94:96:
                    af:8d:ce:c7:64:c5:1f:fe:84:63:94:f2:6d:4c:df:
                    71:b3:53:31:94:55:81:87:e7:57:08:22:3c:37:46:
                    0a:c3:f4:56:44:35:ae:bb:36:af:44:71:0e:6c:7a:
                    2f:06:d9:c1:59:1e:6d:97:d4:77:5e:45:bf:3d:c8:
                    42:2f:1c:40:72:23:c2:1a:10:29:0b:11:79:f2:98:
                    9d:07:86:82:9a:4f:92:93:0b:2c:23:55:e7:29:98:
                    39:f4:ec:54:ae:7a:03:31:6b:f5:5e:19:37:d3:d0:
                    01:14:4c:c5:bc:cc:27:f9:b2:4e:83:9c:75:0a:0c:
                    2a:06:b5:a1:3a:c2:90:80:0b:17:ff:3f:7b:21:dd:
                    1f:1c:79:95:e4:9a:62:28:69:40:ff:3e:4d:1d:13:
                    b1:99:36:81:0b:df:60:b7:52:fe:04:69:8c:61:4e:
                    64:8b:f5:a0:f2:fe:b4:59:15:00:ad:fa:17:b7:24:
                    eb:15:78:7a:35:2b:ef:21:48:d3:51:a5:8e:09:77:
                    6e:34:c3:ff:01:ac:cc:ee:dd:dd:0b:8f:9f:fe:d0:
                    b7:c7:6c:94:1b:d4:98:4a:aa:66:7b:dc:19:9c:d1:
                    50:14:d5:5a:26:b5:c9:8b:98:3d:5f:67:f4:26:98:
                    e3:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:52:07:A4:4A:DB:CE:D2:94:9D:D2:DC:04:2A:27:F9:FB:FE:EA:77
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/V1IHpErbztKUndLcBCon-fv-6nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:82:06:cd:49:07:86:0b:11:03:f5:5e:79:35:0c:fa:9d:57:
         38:04:a9:ab:69:7e:cc:12:eb:dc:c7:d3:2d:a7:88:92:58:9a:
         e3:eb:cd:11:8a:6a:75:72:d3:e0:5a:3c:c0:fe:4c:a1:8b:26:
         9d:c9:64:5e:7a:b3:1d:33:db:ff:62:3d:ca:05:12:8b:65:19:
         2c:1d:d5:10:2b:91:bb:90:bd:a8:ed:21:f8:3f:ff:cd:15:27:
         7e:a5:3c:fd:94:f6:37:4b:58:73:96:75:c9:66:bb:98:f9:e8:
         c6:cd:87:2a:d6:5a:e9:33:cd:b8:67:25:16:fe:03:7f:31:b3:
         b4:8f:04:36:05:2f:41:c6:4c:56:fa:a2:a7:dd:f8:73:9c:18:
         f9:d6:16:08:92:54:71:88:1d:9b:f0:50:8f:7b:ad:d0:9c:b3:
         d1:6a:44:20:9e:a7:e9:26:dd:6a:0a:c8:c2:6d:b1:e6:28:de:
         fa:2d:ea:50:ef:1e:4c:2c:a4:9b:4a:96:c6:2c:93:29:57:e4:
         79:b3:51:c1:e8:b6:0a:c3:40:e3:13:8f:93:85:62:24:07:da:
         90:c0:7a:64:fd:9a:a3:c2:9b:d2:4b:b6:68:e3:9a:12:f6:4d:
         5a:c8:2e:aa:cd:e0:6a:44:2a:8d:c3:88:4a:55:0e:ca:12:f4:
         9b:70:f8:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTmxM+B4JaWeFvn8M8degMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjQwMTAyMDgzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzUyMDdhNDRhZGJjZWQyOTQ5ZGQyZGMwNDJhMjdmOWZiZmVlYTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolqh1mxUeA+opW9YlJavjc7HZMUf
/oRjlPJtTN9xs1MxlFWBh+dXCCI8N0YKw/RWRDWuuzavRHEObHovBtnBWR5tl9R3
XkW/PchCLxxAciPCGhApCxF58pidB4aCmk+SkwssI1XnKZg59OxUrnoDMWv1Xhk3
09ABFEzFvMwn+bJOg5x1CgwqBrWhOsKQgAsX/z97Id0fHHmV5JpiKGlA/z5NHROx
mTaBC99gt1L+BGmMYU5ki/Wg8v60WRUArfoXtyTrFXh6NSvvIUjTUaWOCXduNMP/
AazM7t3dC4+f/tC3x2yUG9SYSqpme9wZnNFQFNVaJrXJi5g9X2f0JpjjtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFdSB6RK287SlJ3S3AQqJ/n7/up3MB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvVjFJSHBFcmJ6dEtVbmRMY0JDb24tZnYtNm5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ7tMA0G
CSqGSIb3DQEBCwUAA4IBAQDKggbNSQeGCxED9V55NQz6nVc4BKmraX7MEuvcx9Mt
p4iSWJrj680Rimp1ctPgWjzA/kyhiyadyWReerMdM9v/Yj3KBRKLZRksHdUQK5G7
kL2o7SH4P//NFSd+pTz9lPY3S1hzlnXJZruY+ejGzYcq1lrpM824ZyUW/gN/MbO0
jwQ2BS9BxkxW+qKn3fhznBj51hYIklRxiB2b8FCPe63QnLPRakQgnqfpJt1qCsjC
bbHmKN76LepQ7x5MLKSbSpbGLJMpV+R5s1HB6LYKw0DjE4+ThWIkB9qQwHpk/Zqj
wpvSS7Zo45oS9k1ayC6qzeBqRCqNw4hKVQ7KEvSbcPie
-----END CERTIFICATE-----