Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/a5980d-65f4-4573-9759-33415967c213/1/Je_wlmvn3d-Vi-j5RdyinfbTTuA.roa
File:                     Je_wlmvn3d-Vi-j5RdyinfbTTuA.roa (raw, json)
Hash identifier:          xHR95QXNatQG89IFFwQJwhX+yFejBkeGnOFelfxVkBE=
Subject key identifier:   25:EF:F0:96:6B:E7:DD:DF:95:8B:E8:F9:45:DC:A2:9D:F6:D3:4E:E0
Certificate issuer:       /CN=2326eeeadd4c0ee55b3594a596e67220819c18d5
Certificate serial:       018CC26D823910CED7945FFF2835109C1C88
Authority key identifier: 23:26:EE:EA:DD:4C:0E:E5:5B:35:94:A5:96:E6:72:20:81:9C:18:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iybu6t1MDuVbNZSlluZyIIGcGNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/a5980d-65f4-4573-9759-33415967c213/1/Je_wlmvn3d-Vi-j5RdyinfbTTuA.roa
Signing time:             Mon 01 Jan 2024 00:30:05 +0000
ROA not before:           Mon 01 Jan 2024 00:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51519
IP address blocks:        45.132.232.0/22 maxlen: 22
                          45.132.235.0/24 maxlen: 24
                          2a0e:73c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/a5980d-65f4-4573-9759-33415967c213/1/Iybu6t1MDuVbNZSlluZyIIGcGNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/a5980d-65f4-4573-9759-33415967c213/1/Iybu6t1MDuVbNZSlluZyIIGcGNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iybu6t1MDuVbNZSlluZyIIGcGNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:82:39:10:ce:d7:94:5f:ff:28:35:10:9c:1c:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2326eeeadd4c0ee55b3594a596e67220819c18d5
        Validity
            Not Before: Jan  1 00:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25eff0966be7dddf958be8f945dca29df6d34ee0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:cf:a8:b4:ea:66:9d:5a:ab:20:78:5a:4e:32:
                    fe:2f:1b:9f:43:69:3a:f1:7e:91:da:f4:69:17:57:
                    9c:ba:06:e0:73:59:68:4c:c6:a2:aa:d3:74:a4:94:
                    4d:23:8d:af:da:4c:d0:e6:a0:03:ea:dd:b3:ca:92:
                    63:83:0e:5f:e3:30:e3:e8:cc:80:05:a1:e8:ba:db:
                    db:24:fa:fb:3b:78:c4:5a:ad:53:f7:3b:14:10:c6:
                    24:07:69:5f:b2:a8:69:a4:94:e2:7b:1e:da:1b:eb:
                    00:d8:49:09:fc:61:ef:66:bc:80:11:06:16:24:81:
                    3a:18:01:da:86:52:49:3b:95:c2:1d:fe:c1:0f:20:
                    dd:d6:e2:bb:eb:95:2d:80:5c:0a:04:8d:f2:b8:24:
                    54:39:05:47:05:42:c4:c9:2e:a5:18:f7:62:c0:80:
                    d9:81:3b:44:6f:1d:28:0a:75:cc:88:44:7f:04:56:
                    e7:b9:c4:de:68:7a:50:15:28:7a:92:e3:cb:04:09:
                    c4:13:d3:03:03:4f:62:ac:0e:79:d8:10:07:09:2d:
                    71:a3:a5:d8:75:47:af:90:82:cc:2d:8d:15:aa:44:
                    ca:9f:a9:66:32:53:4d:fa:9e:fc:77:cf:56:c4:88:
                    8a:ee:e3:95:ba:c5:85:98:f5:5b:30:26:50:15:c4:
                    29:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:EF:F0:96:6B:E7:DD:DF:95:8B:E8:F9:45:DC:A2:9D:F6:D3:4E:E0
            X509v3 Authority Key Identifier:
                keyid:23:26:EE:EA:DD:4C:0E:E5:5B:35:94:A5:96:E6:72:20:81:9C:18:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iybu6t1MDuVbNZSlluZyIIGcGNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/a5980d-65f4-4573-9759-33415967c213/1/Je_wlmvn3d-Vi-j5RdyinfbTTuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/a5980d-65f4-4573-9759-33415967c213/1/Iybu6t1MDuVbNZSlluZyIIGcGNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.232.0/22
                IPv6:
                  2a0e:73c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         51:64:f6:13:75:04:bd:d2:c1:03:09:5b:86:76:92:7a:21:a2:
         37:b9:7a:68:75:3c:bf:f4:34:46:45:8c:d8:6a:21:01:b7:93:
         db:1f:5c:4b:4c:f2:ed:8a:b7:e7:64:91:84:9b:5d:f6:a7:96:
         a2:a1:97:25:5d:66:11:02:1e:b3:ec:ec:0a:d7:44:76:7c:cc:
         f3:d4:ed:8f:ef:67:21:00:ac:74:65:1c:95:59:2e:19:da:0e:
         7d:7f:df:bf:01:d7:35:90:49:5f:a0:3c:f3:1e:35:e4:dc:c7:
         59:4a:ea:bd:eb:da:3b:47:bb:b1:52:27:83:8b:99:ec:49:5f:
         70:f9:6f:b5:9a:0a:fd:44:6e:32:ae:a0:34:6a:77:aa:c8:90:
         e1:42:d5:dd:53:4e:e1:97:d1:21:6d:a5:8f:f8:6c:4b:2d:7c:
         b9:8d:1c:fb:40:36:ef:68:83:78:41:b9:c4:54:51:06:a1:c0:
         e6:68:94:3a:e0:35:30:73:80:7d:5f:45:04:39:e1:5e:1a:17:
         2d:e5:9c:bb:af:7d:05:e5:f9:43:c1:0d:0f:a2:f9:ad:cd:22:
         eb:17:03:ba:3b:75:3e:9d:1d:d7:16:3f:aa:39:f7:f8:0b:d0:
         6e:0f:eb:4d:0d:cf:4f:13:dd:00:c4:61:13:53:9c:ec:4d:1d:
         55:6e:5a:53
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbYI5EM7XlF//KDUQnByIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMjZlZWVhZGQ0YzBlZTU1YjM1OTRhNTk2ZTY3MjIwODE5
YzE4ZDUwHhcNMjQwMTAxMDAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWVmZjA5NjZiZTdkZGRmOTU4YmU4Zjk0NWRjYTI5ZGY2ZDM0ZWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAos+otOpmnVqrIHhaTjL+LxufQ2k6
8X6R2vRpF1ecugbgc1loTMaiqtN0pJRNI42v2kzQ5qAD6t2zypJjgw5f4zDj6MyA
BaHoutvbJPr7O3jEWq1T9zsUEMYkB2lfsqhppJTiex7aG+sA2EkJ/GHvZryAEQYW
JIE6GAHahlJJO5XCHf7BDyDd1uK765UtgFwKBI3yuCRUOQVHBULEyS6lGPdiwIDZ
gTtEbx0oCnXMiER/BFbnucTeaHpQFSh6kuPLBAnEE9MDA09irA552BAHCS1xo6XY
dUevkILMLY0VqkTKn6lmMlNN+p78d89WxIiK7uOVusWFmPVbMCZQFcQp0QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCXv8JZr593flYvo+UXcop32007gMB8GA1UdIwQY
MBaAFCMm7urdTA7lWzWUpZbmciCBnBjVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXlidTZ0MU1EdVZiTlpTbGx1WnlJSUdjR05VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9hNTk4MGQtNjVmNC00NTczLTk3NTkt
MzM0MTU5NjdjMjEzLzEvSmVfd2xtdm4zZC1WaS1qNVJkeWluZmJUVHVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9hNTk4MGQtNjVmNC00NTczLTk3NTktMzM0MTU5NjdjMjEz
LzEvSXlidTZ0MU1EdVZiTlpTbGx1WnlJSUdjR05VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYToMA0E
AgACMAcDBQMqDnPAMA0GCSqGSIb3DQEBCwUAA4IBAQBRZPYTdQS90sEDCVuGdpJ6
IaI3uXpodTy/9DRGRYzYaiEBt5PbH1xLTPLtirfnZJGEm132p5aioZclXWYRAh6z
7OwK10R2fMzz1O2P72chAKx0ZRyVWS4Z2g59f9+/Adc1kElfoDzzHjXk3MdZSuq9
69o7R7uxUieDi5nsSV9w+W+1mgr9RG4yrqA0aneqyJDhQtXdU07hl9EhbaWP+GxL
LXy5jRz7QDbvaIN4QbnEVFEGocDmaJQ64DUwc4B9X0UEOeFeGhct5Zy7r30F5flD
wQ0PovmtzSLrFwO6O3U+nR3XFj+qOff4C9BuD+tNDc9PE90AxGETU5zsTR1VblpT
-----END CERTIFICATE-----