Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/02hc6JgWitJscQKFhogl4dZ92hc.roa
File:                     02hc6JgWitJscQKFhogl4dZ92hc.roa (raw, json)
Hash identifier:          pzOSGio3pWFX43S1mVvEXTZ8dGupKg0aN02/TVWGRTg=
Subject key identifier:   D3:68:5C:E8:98:16:8A:D2:6C:71:02:85:86:88:25:E1:D6:7D:DA:17
Certificate issuer:       /CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
Certificate serial:       018D0DB4FA425C11061111611E6CD6686F65
Authority key identifier: B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/02hc6JgWitJscQKFhogl4dZ92hc.roa
Signing time:             Mon 15 Jan 2024 15:19:40 +0000
ROA not before:           Mon 15 Jan 2024 15:19:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207713
IP address blocks:        45.143.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0d:b4:fa:42:5c:11:06:11:11:61:1e:6c:d6:68:6f:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
        Validity
            Not Before: Jan 15 15:19:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3685ce898168ad26c710285868825e1d67dda17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:84:48:eb:89:3b:24:04:f4:34:ed:e2:b2:46:
                    26:76:29:01:9a:56:15:57:b9:a1:bb:7b:8c:c3:d1:
                    ba:1c:e8:e3:b6:cd:48:c4:97:ed:36:ad:1e:9b:d1:
                    b5:44:28:51:89:94:b9:8e:bf:b2:89:31:e8:6a:3a:
                    82:6f:05:92:bb:3c:86:77:10:6b:7f:2a:38:36:55:
                    cd:b5:b3:9c:cd:df:ec:33:cb:45:8f:0f:d8:54:c3:
                    6e:3d:73:97:1b:ba:06:ef:c1:ae:f4:52:c4:93:07:
                    e8:84:50:09:24:64:3a:00:b5:29:5f:b5:15:df:d0:
                    ab:e6:75:fd:ce:9e:30:0d:7f:1d:4d:87:80:6f:37:
                    1d:7b:5e:6e:f5:5a:99:03:a6:80:d7:2c:58:ab:2e:
                    a2:de:dd:1d:ae:5b:d6:fb:2e:ec:ce:2a:80:ed:a2:
                    b7:46:70:91:97:e1:f2:9b:f7:54:4e:6c:fb:24:85:
                    94:66:24:31:ce:c5:85:73:30:56:a5:9e:85:00:f6:
                    b4:ca:03:54:ee:13:7e:5f:9e:99:87:fb:3a:62:1d:
                    18:c5:68:26:9a:fb:d5:ff:1d:49:53:43:76:f9:dd:
                    a4:54:d4:e9:a5:21:67:ee:ba:9e:48:99:8f:9b:07:
                    19:f7:e0:23:8e:cb:29:ea:15:f6:d4:d7:11:ec:df:
                    37:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:68:5C:E8:98:16:8A:D2:6C:71:02:85:86:88:25:E1:D6:7D:DA:17
            X509v3 Authority Key Identifier:
                keyid:B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/02hc6JgWitJscQKFhogl4dZ92hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:af:44:ea:39:82:93:9f:6f:ec:b1:3e:e0:2a:8a:03:86:5d:
         88:63:8b:aa:e8:a2:e2:f3:b2:68:84:d3:f2:75:b0:9c:da:51:
         e0:49:d7:0d:1c:61:b1:c7:0e:d9:ee:bd:d2:c2:35:6f:42:bb:
         47:4f:e2:d3:21:79:28:32:90:aa:15:1a:17:6c:15:b8:f1:6d:
         36:04:ee:db:ca:d4:8e:5c:a4:ad:a3:07:b6:f4:31:e6:62:8f:
         6b:30:57:8c:7c:ee:b2:03:de:0e:d6:c6:33:5f:e5:8d:3c:58:
         08:dc:74:71:dd:59:90:e9:08:e0:81:9f:af:b5:b8:6d:13:33:
         0d:d0:2e:3b:dc:8f:a8:df:13:f5:83:4a:0e:06:68:54:13:86:
         cb:ef:46:ae:a6:f3:06:18:b0:9e:5b:97:b0:23:d4:36:b7:79:
         cf:0e:87:e8:d1:6f:5f:12:1f:84:70:fe:6d:a2:6b:c7:06:ca:
         ad:d8:42:93:87:fc:55:e1:ef:d4:e2:77:34:03:a7:7e:37:e8:
         e8:71:66:56:4c:9d:23:8d:c8:28:c1:20:52:f2:8a:ac:00:72:
         9f:8b:9f:52:04:df:23:e4:97:cc:ee:d9:dc:d6:01:90:52:92:
         ce:22:23:61:2e:81:1f:80:f8:a6:60:2d:50:b3:57:9f:08:01:
         9d:b1:72:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0NtPpCXBEGERFhHmzWaG9lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYWYxMmY1Y2E3NWM5MjJhNGFhNWRhY2I0OWMwNGE5MzIz
N2Y0ZWQwHhcNMjQwMTE1MTUxOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzY4NWNlODk4MTY4YWQyNmM3MTAyODU4Njg4MjVlMWQ2N2RkYTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjoRI64k7JAT0NO3iskYmdikBmlYV
V7mhu3uMw9G6HOjjts1IxJftNq0em9G1RChRiZS5jr+yiTHoajqCbwWSuzyGdxBr
fyo4NlXNtbOczd/sM8tFjw/YVMNuPXOXG7oG78Gu9FLEkwfohFAJJGQ6ALUpX7UV
39Cr5nX9zp4wDX8dTYeAbzcde15u9VqZA6aA1yxYqy6i3t0drlvW+y7sziqA7aK3
RnCRl+Hym/dUTmz7JIWUZiQxzsWFczBWpZ6FAPa0ygNU7hN+X56Zh/s6Yh0YxWgm
mvvV/x1JU0N2+d2kVNTppSFn7rqeSJmPmwcZ9+Ajjssp6hX21NcR7N83WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNoXOiYForSbHEChYaIJeHWfdoXMB8GA1UdIwQY
MBaAFLGvEvXKdckipKpdrLScBKkyN/TtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUt
NTc2MGVmYmNjNjU0LzEvMDJoYzZKZ1dpdEpzY1FLRmhvZ2w0ZFo5MmhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUtNTc2MGVmYmNjNjU0
LzEvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY/LMA0G
CSqGSIb3DQEBCwUAA4IBAQA9r0TqOYKTn2/ssT7gKooDhl2IY4uq6KLi87JohNPy
dbCc2lHgSdcNHGGxxw7Z7r3SwjVvQrtHT+LTIXkoMpCqFRoXbBW48W02BO7bytSO
XKStowe29DHmYo9rMFeMfO6yA94O1sYzX+WNPFgI3HRx3VmQ6QjggZ+vtbhtEzMN
0C473I+o3xP1g0oOBmhUE4bL70aupvMGGLCeW5ewI9Q2t3nPDofo0W9fEh+EcP5t
omvHBsqt2EKTh/xV4e/U4nc0A6d+N+jocWZWTJ0jjcgowSBS8oqsAHKfi59SBN8j
5JfM7tnc1gGQUpLOIiNhLoEfgPimYC1Qs1efCAGdsXL1
-----END CERTIFICATE-----