Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3_wbnV67AFGrBz0xmyzAKIaVCs8.roa
File:                     3_wbnV67AFGrBz0xmyzAKIaVCs8.roa (raw, json)
Hash identifier:          4TVQ1dP2MU7DETmQFwcTfZZDW/DWFUoeO8GUWmMrTvk=
Subject key identifier:   DF:FC:1B:9D:5E:BB:00:51:AB:07:3D:31:9B:2C:C0:28:86:95:0A:CF
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5010F278FFB0D8822FC15529360F230
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3_wbnV67AFGrBz0xmyzAKIaVCs8.roa
Signing time:             Mon 01 Jan 2024 12:30:30 +0000
ROA not before:           Mon 01 Jan 2024 12:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41327
IP address blocks:        45.156.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:0f:27:8f:fb:0d:88:22:fc:15:52:93:60:f2:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dffc1b9d5ebb0051ab073d319b2cc02886950acf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:07:a9:4b:61:5a:f4:06:32:4c:cc:93:3d:62:
                    a6:24:38:4c:61:2e:1a:c9:a4:12:ba:fa:a4:c6:51:
                    33:d6:0a:bc:40:dc:d6:71:e7:c0:20:74:2f:38:3c:
                    8d:96:07:51:b5:5f:56:9b:57:29:4c:02:a7:06:94:
                    47:9c:3f:09:83:d6:d2:36:bb:67:40:8e:66:1b:ae:
                    22:d7:ba:02:af:5a:3c:cf:ae:05:6b:f3:35:f0:bb:
                    69:22:e9:3d:08:0a:a8:b7:7a:c1:52:ee:5c:a5:31:
                    30:17:df:ca:8a:b0:4b:3f:23:c4:dc:17:c9:b7:e0:
                    d1:a5:52:c5:17:2c:e1:9f:3e:20:a1:7c:10:66:7a:
                    25:50:e5:d0:e9:67:5b:32:a5:90:07:04:da:2c:43:
                    17:58:cc:59:1a:3b:49:45:22:86:15:df:2e:9b:d4:
                    ca:5c:b0:ff:9e:9d:95:83:07:57:95:e5:10:f4:1f:
                    c8:c0:bf:ad:cd:dc:95:ce:6d:fc:23:60:78:3c:c8:
                    99:88:95:2e:44:93:a6:8b:1a:95:c7:5b:23:c8:06:
                    24:e2:6d:76:25:d8:3f:5a:ad:c8:3d:e2:10:63:58:
                    6a:9d:1b:7b:c2:3b:fc:a2:06:7f:c9:fc:71:11:c2:
                    a5:0c:c8:6f:f3:18:bf:05:a5:d6:8d:dc:17:24:df:
                    f4:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:FC:1B:9D:5E:BB:00:51:AB:07:3D:31:9B:2C:C0:28:86:95:0A:CF
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3_wbnV67AFGrBz0xmyzAKIaVCs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:75:c4:93:b4:dd:db:d2:31:86:99:28:b2:fd:27:b6:e9:3a:
         31:2e:17:b9:9b:31:a4:2a:c2:42:fd:f3:ad:62:5a:9a:4d:d0:
         37:6c:d6:ff:a0:9a:9f:28:ca:2f:47:fc:c0:24:1d:04:9d:1f:
         fd:d4:d5:3e:cd:97:3b:cf:64:62:05:16:23:98:41:65:28:dd:
         c5:e7:1d:9b:04:53:76:a8:2d:75:ec:c4:aa:b7:5d:55:ac:b0:
         b7:7c:2d:67:c8:a7:11:22:0e:16:14:f1:a1:f0:50:7e:56:2d:
         34:e9:40:76:24:38:40:53:60:a8:81:88:3f:54:47:33:d5:4f:
         38:b5:aa:af:62:7e:43:36:3e:af:a7:16:4d:4a:5d:e8:42:7a:
         7b:0a:e8:47:af:0c:1c:12:0d:94:83:23:39:b3:85:02:58:bb:
         4d:d7:c1:f4:b1:91:7d:ce:56:c6:8c:88:b7:e0:35:49:fb:82:
         36:0b:3a:61:09:6a:99:45:fe:35:e3:e4:f3:30:41:d8:c2:fc:
         b0:73:09:2e:9d:fa:43:28:d3:50:ad:40:42:74:64:23:be:69:
         82:af:d2:a4:b0:aa:ab:c7:18:1e:1c:a9:2b:a6:e5:af:f5:df:
         d5:b5:ab:93:05:51:d3:ce:ca:78:16:10:36:77:b5:98:12:65:
         55:c9:3e:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAQ8nj/sNiCL8FVKTYPIwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmZjMWI5ZDVlYmIwMDUxYWIwNzNkMzE5YjJjYzAyODg2OTUwYWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwepS2Fa9AYyTMyTPWKmJDhMYS4a
yaQSuvqkxlEz1gq8QNzWcefAIHQvODyNlgdRtV9Wm1cpTAKnBpRHnD8Jg9bSNrtn
QI5mG64i17oCr1o8z64Fa/M18LtpIuk9CAqot3rBUu5cpTEwF9/KirBLPyPE3BfJ
t+DRpVLFFyzhnz4goXwQZnolUOXQ6WdbMqWQBwTaLEMXWMxZGjtJRSKGFd8um9TK
XLD/np2VgwdXleUQ9B/IwL+tzdyVzm38I2B4PMiZiJUuRJOmixqVx1sjyAYk4m12
Jdg/Wq3IPeIQY1hqnRt7wjv8ogZ/yfxxEcKlDMhv8xi/BaXWjdwXJN/0GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/8G51euwBRqwc9MZsswCiGlQrPMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvM193Ym5WNjdBRkdyQnoweG15ekFLSWFWQ3M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZydMA0G
CSqGSIb3DQEBCwUAA4IBAQBedcSTtN3b0jGGmSiy/Se26ToxLhe5mzGkKsJC/fOt
YlqaTdA3bNb/oJqfKMovR/zAJB0EnR/91NU+zZc7z2RiBRYjmEFlKN3F5x2bBFN2
qC117MSqt11VrLC3fC1nyKcRIg4WFPGh8FB+Vi006UB2JDhAU2CogYg/VEcz1U84
taqvYn5DNj6vpxZNSl3oQnp7CuhHrwwcEg2UgyM5s4UCWLtN18H0sZF9zlbGjIi3
4DVJ+4I2CzphCWqZRf414+TzMEHYwvywcwkunfpDKNNQrUBCdGQjvmmCr9KksKqr
xxgeHKkrpuWv9d/VtauTBVHTzsp4FhA2d7WYEmVVyT5d
-----END CERTIFICATE-----