Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/_ryi1tUiEu8etsRLCwSzrcDzsdc.roa
File:                     _ryi1tUiEu8etsRLCwSzrcDzsdc.roa (raw, json)
Hash identifier:          oE4o0Ugrmd2aQD0ZfRLTSphY2W7es4st+PNVsslBplA=
Subject key identifier:   FE:BC:A2:D6:D5:22:12:EF:1E:B6:C4:4B:0B:04:B3:AD:C0:F3:B1:D7
Certificate issuer:       /CN=3a00807698f0b097d69ab3926917d1dcc838a624
Certificate serial:       018CC86F35AEAD0A04CA7FDF54DDFE12EAA0
Authority key identifier: 3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/_ryi1tUiEu8etsRLCwSzrcDzsdc.roa
Signing time:             Tue 02 Jan 2024 04:29:40 +0000
ROA not before:           Tue 02 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16262
IP address blocks:        45.10.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:35:ae:ad:0a:04:ca:7f:df:54:dd:fe:12:ea:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a00807698f0b097d69ab3926917d1dcc838a624
        Validity
            Not Before: Jan  2 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=febca2d6d52212ef1eb6c44b0b04b3adc0f3b1d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b8:71:c8:66:a5:0d:09:31:f0:05:3d:e3:79:
                    06:e5:70:76:6b:bf:cf:f4:1c:96:5d:ab:c0:ea:08:
                    3e:3c:f5:7f:e1:a8:4c:6d:59:09:3e:4e:96:96:e4:
                    1c:64:60:58:f3:9f:3c:7d:cd:84:94:89:eb:51:91:
                    b9:0a:48:f9:1f:23:11:39:cd:8a:16:f5:64:36:0d:
                    07:e8:06:f5:8f:9c:59:ce:ca:a6:90:ac:d5:82:0b:
                    d3:39:99:9d:2e:b2:b2:a7:c1:e3:05:2a:a1:ba:4e:
                    13:7d:f6:d9:1d:29:82:63:82:26:f1:0b:14:22:17:
                    72:74:b7:ee:ae:08:d1:6d:f2:98:0e:31:cc:71:76:
                    7a:09:58:16:89:7d:25:7c:e1:28:75:4a:10:84:97:
                    8d:ae:89:6e:eb:16:41:60:3b:b8:2c:cc:99:d2:b8:
                    d0:a9:a6:c3:00:59:35:5d:e8:60:19:11:90:4d:20:
                    20:66:34:2b:e4:81:07:d2:70:5e:17:68:9d:1d:62:
                    3f:7c:61:02:bc:0a:bb:4d:71:89:9f:14:d7:eb:ac:
                    17:ca:cb:f3:69:e6:50:c3:34:96:90:c7:04:e7:ac:
                    aa:dc:f3:c9:58:57:d9:46:49:68:cc:b8:8b:46:18:
                    cc:b5:04:21:a7:e0:7f:89:19:9c:66:c9:f6:a4:3a:
                    15:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:BC:A2:D6:D5:22:12:EF:1E:B6:C4:4B:0B:04:B3:AD:C0:F3:B1:D7
            X509v3 Authority Key Identifier:
                keyid:3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/_ryi1tUiEu8etsRLCwSzrcDzsdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:03:7a:ab:41:3d:04:18:3e:1a:a6:04:9f:eb:d5:9e:43:cd:
         30:d8:d4:43:79:7a:97:af:f4:1a:9e:d1:4b:0a:86:ea:ed:a1:
         ea:71:a7:d5:c6:9e:31:44:e7:c2:08:1b:8f:f1:ca:18:6d:91:
         00:06:d9:38:97:9d:1a:db:4d:32:c4:52:c5:80:e7:f0:20:71:
         31:e4:ec:f0:4b:bb:f4:c5:91:9c:66:a6:b1:2e:a3:ed:de:f8:
         75:2c:b8:e9:ec:dd:f1:9f:d9:6d:a9:a0:ad:2b:52:98:26:91:
         33:36:44:3a:53:4e:89:a6:b8:45:ac:61:dd:ff:eb:93:f6:c7:
         a5:a4:a5:50:9c:12:50:05:21:da:94:38:20:60:a7:30:24:dc:
         e2:21:6d:ff:0b:6c:a3:4c:35:1d:10:ab:47:82:be:89:7a:3f:
         fb:15:6b:46:5b:eb:6f:eb:75:73:93:ad:65:39:36:84:02:26:
         ae:13:0e:32:6a:d1:9c:94:16:d4:92:38:ae:f0:90:60:38:0f:
         02:54:d0:21:35:c3:aa:cf:85:07:81:44:ff:b5:ad:ba:38:11:
         25:a4:29:c9:d2:8d:f0:67:17:57:58:03:f1:5f:c8:49:26:be:
         88:9b:5c:16:d2:d1:ca:43:2b:0b:31:c0:8c:41:da:05:37:9a:
         4b:6d:16:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbzWurQoEyn/fVN3+EuqgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDA4MDc2OThmMGIwOTdkNjlhYjM5MjY5MTdkMWRjYzgz
OGE2MjQwHhcNMjQwMTAyMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWJjYTJkNmQ1MjIxMmVmMWViNmM0NGIwYjA0YjNhZGMwZjNiMWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrhxyGalDQkx8AU943kG5XB2a7/P
9ByWXavA6gg+PPV/4ahMbVkJPk6WluQcZGBY8588fc2ElInrUZG5Ckj5HyMROc2K
FvVkNg0H6Ab1j5xZzsqmkKzVggvTOZmdLrKyp8HjBSqhuk4TffbZHSmCY4Im8QsU
IhdydLfurgjRbfKYDjHMcXZ6CVgWiX0lfOEodUoQhJeNrolu6xZBYDu4LMyZ0rjQ
qabDAFk1XehgGRGQTSAgZjQr5IEH0nBeF2idHWI/fGECvAq7TXGJnxTX66wXysvz
aeZQwzSWkMcE56yq3PPJWFfZRklozLiLRhjMtQQhp+B/iRmcZsn2pDoVuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP68otbVIhLvHrbESwsEs63A87HXMB8GA1UdIwQY
MBaAFDoAgHaY8LCX1pqzkmkX0dzIOKYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMt
MTZhZmM0ZGZmZGQ0LzEvX3J5aTF0VWlFdThldHNSTEN3U3pyY0R6c2RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMtMTZhZmM0ZGZmZGQ0
LzEvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQquMA0G
CSqGSIb3DQEBCwUAA4IBAQA9A3qrQT0EGD4apgSf69WeQ80w2NRDeXqXr/QantFL
Cobq7aHqcafVxp4xROfCCBuP8coYbZEABtk4l50a200yxFLFgOfwIHEx5OzwS7v0
xZGcZqaxLqPt3vh1LLjp7N3xn9ltqaCtK1KYJpEzNkQ6U06JprhFrGHd/+uT9sel
pKVQnBJQBSHalDggYKcwJNziIW3/C2yjTDUdEKtHgr6Jej/7FWtGW+tv63Vzk61l
OTaEAiauEw4yatGclBbUkjiu8JBgOA8CVNAhNcOqz4UHgUT/ta26OBElpCnJ0o3w
ZxdXWAPxX8hJJr6Im1wW0tHKQysLMcCMQdoFN5pLbRZ3
-----END CERTIFICATE-----