Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ytzDdg2es6tltddtwtHKqXMjcUM.roa
File:                     ytzDdg2es6tltddtwtHKqXMjcUM.roa (raw, json)
Hash identifier:          M1rQBSguTH5xojJFgTsPGj8+ZCbXQuXQ1Yx3s8sBkw4=
Subject key identifier:   CA:DC:C3:76:0D:9E:B3:AB:65:B5:D7:6D:C2:D1:CA:A9:73:23:71:43
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018D6BBE4172C81FF9D96BD66E110D1BE154
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ytzDdg2es6tltddtwtHKqXMjcUM.roa
Signing time:             Fri 02 Feb 2024 21:34:07 +0000
ROA not before:           Fri 02 Feb 2024 21:34:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400696
IP address blocks:        45.133.0.0/24 maxlen: 24
                          2a10:7405::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:6b:be:41:72:c8:1f:f9:d9:6b:d6:6e:11:0d:1b:e1:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Feb  2 21:34:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cadcc3760d9eb3ab65b5d76dc2d1caa973237143
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:55:4b:34:5e:3e:78:ea:bb:88:9d:46:7b:4a:
                    b6:3f:c4:d0:45:43:67:a2:16:d2:2d:b3:e5:04:09:
                    88:d0:a7:97:b7:0c:32:43:26:77:be:08:9f:f9:71:
                    f5:f9:34:21:1e:3a:16:ee:51:c3:45:bd:ae:af:ab:
                    0c:79:06:6e:c4:0f:fc:47:6f:8e:9e:35:ad:b0:4a:
                    fe:db:a9:c7:c6:a6:65:03:b8:93:66:53:37:60:15:
                    3c:6c:55:f8:5c:b3:39:5e:c4:f2:b5:2c:64:9f:15:
                    05:8d:44:a6:98:85:19:6e:35:17:03:98:fb:e8:03:
                    7b:33:8f:20:ba:86:c7:f6:ce:8c:48:a3:57:46:98:
                    6d:d0:10:1c:59:f0:1b:eb:48:91:0c:a8:cc:cf:79:
                    52:81:3f:ed:cf:c8:b3:e9:60:15:94:48:ea:59:41:
                    ae:9d:4d:3f:f6:89:06:e5:90:8c:3b:d5:9b:51:80:
                    33:fd:1f:24:de:63:d1:19:4c:7f:79:66:ac:fb:21:
                    00:3c:0d:cd:ef:5d:65:05:65:fd:b7:b8:5d:81:34:
                    26:1f:e3:54:e7:8e:33:15:32:30:b6:cd:0d:df:8c:
                    e9:62:4d:74:bd:be:df:2d:0b:85:3a:48:a3:f1:f2:
                    f3:de:27:d4:b7:ba:ae:2f:9e:4e:7b:5e:59:aa:b0:
                    29:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:DC:C3:76:0D:9E:B3:AB:65:B5:D7:6D:C2:D1:CA:A9:73:23:71:43
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ytzDdg2es6tltddtwtHKqXMjcUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.0.0/24
                IPv6:
                  2a10:7405::/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:07:c1:c1:88:38:2d:7a:2d:ee:05:05:3a:bc:6e:a3:f8:8a:
         42:f5:4a:d1:58:aa:60:b2:8d:ee:2f:93:d7:b3:1d:22:de:75:
         31:64:a9:2b:dd:17:77:68:4b:77:2d:31:a0:ac:e0:08:6d:ed:
         e5:cf:78:26:01:4d:c3:71:0e:b6:71:cf:bf:4c:4e:27:ae:4b:
         33:33:6b:a6:c4:13:0b:87:00:c2:21:bc:6a:54:d4:b0:b7:09:
         52:32:4e:fc:55:ea:1c:20:6f:15:7e:ba:96:47:d4:8c:b8:33:
         94:10:45:e6:b1:fe:48:c0:f4:c9:e5:b6:b1:4a:db:d8:92:05:
         1b:c3:92:9a:60:25:b5:80:0a:5a:4c:fd:45:ca:44:9b:eb:7d:
         fd:e5:54:92:8a:70:29:33:59:76:6a:3e:f3:7e:5b:cc:dd:c3:
         74:4d:e9:e3:7c:46:2e:02:b3:28:ea:f2:10:01:e7:30:e2:b3:
         52:80:3a:cc:a5:7f:c2:08:f7:1d:01:00:c8:ea:49:ee:5b:c6:
         46:b5:2c:cf:80:4a:9f:0c:3c:5e:d6:05:3c:0e:95:38:44:84:
         15:e9:23:5f:b1:2b:5c:aa:11:8f:fd:db:fd:d0:02:53:b3:09:
         a4:97:e5:69:c6:15:0b:36:7a:65:ba:f8:3b:c8:fe:f8:ea:91:
         1e:b6:a7:36
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY1rvkFyyB/52WvWbhENG+FUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMjAyMjEzNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWRjYzM3NjBkOWViM2FiNjViNWQ3NmRjMmQxY2FhOTczMjM3MTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFVLNF4+eOq7iJ1Ge0q2P8TQRUNn
ohbSLbPlBAmI0KeXtwwyQyZ3vgif+XH1+TQhHjoW7lHDRb2ur6sMeQZuxA/8R2+O
njWtsEr+26nHxqZlA7iTZlM3YBU8bFX4XLM5XsTytSxknxUFjUSmmIUZbjUXA5j7
6AN7M48guobH9s6MSKNXRpht0BAcWfAb60iRDKjMz3lSgT/tz8iz6WAVlEjqWUGu
nU0/9okG5ZCMO9WbUYAz/R8k3mPRGUx/eWas+yEAPA3N711lBWX9t7hdgTQmH+NU
544zFTIwts0N34zpYk10vb7fLQuFOkij8fLz3ifUt7quL55Oe15ZqrApyQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMrcw3YNnrOrZbXXbcLRyqlzI3FDMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEveXR6RGRnMmVzNnRsdGRkdHd0SEtxWE1qY1VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALYUAMA0E
AgACMAcDBQAqEHQFMA0GCSqGSIb3DQEBCwUAA4IBAQA7B8HBiDgtei3uBQU6vG6j
+IpC9UrRWKpgso3uL5PXsx0i3nUxZKkr3Rd3aEt3LTGgrOAIbe3lz3gmAU3DcQ62
cc+/TE4nrkszM2umxBMLhwDCIbxqVNSwtwlSMk78VeocIG8VfrqWR9SMuDOUEEXm
sf5IwPTJ5baxStvYkgUbw5KaYCW1gApaTP1FykSb63395VSSinApM1l2aj7zflvM
3cN0TenjfEYuArMo6vIQAecw4rNSgDrMpX/CCPcdAQDI6knuW8ZGtSzPgEqfDDxe
1gU8DpU4RIQV6SNfsStcqhGP/dv90AJTswmkl+VpxhULNnpluvg7yP746pEetqc2
-----END CERTIFICATE-----