Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/r3751rmLEpNaBvevXGLG5bcf9ng.roa
File:                     r3751rmLEpNaBvevXGLG5bcf9ng.roa (raw, json)
Hash identifier:          NVx9cjfvM9VFUVH8od6r0DCALJsi2wO3OE5CFxi3nWA=
Subject key identifier:   AF:7E:F9:D6:B9:8B:12:93:5A:06:F7:AF:5C:62:C6:E5:B7:1F:F6:78
Certificate issuer:       /CN=67e24c7284ef4887e45d4ccd9bde679cd9ab4f00
Certificate serial:       018CC8DEEF731B7CFB6A26487BD7F33B3233
Authority key identifier: 67:E2:4C:72:84:EF:48:87:E4:5D:4C:CD:9B:DE:67:9C:D9:AB:4F:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z-JMcoTvSIfkXUzNm95nnNmrTwA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/r3751rmLEpNaBvevXGLG5bcf9ng.roa
Signing time:             Tue 02 Jan 2024 06:31:42 +0000
ROA not before:           Tue 02 Jan 2024 06:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212047
IP address blocks:        45.157.0.0/24 maxlen: 24
                          212.2.240.0/21 maxlen: 21
                          2a10:c880::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/Z-JMcoTvSIfkXUzNm95nnNmrTwA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/Z-JMcoTvSIfkXUzNm95nnNmrTwA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z-JMcoTvSIfkXUzNm95nnNmrTwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ef:73:1b:7c:fb:6a:26:48:7b:d7:f3:3b:32:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67e24c7284ef4887e45d4ccd9bde679cd9ab4f00
        Validity
            Not Before: Jan  2 06:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af7ef9d6b98b12935a06f7af5c62c6e5b71ff678
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:10:a2:4e:11:a9:33:2c:77:57:97:c7:65:8a:
                    8b:4b:32:66:79:1e:05:17:a4:fe:cf:db:45:bf:da:
                    a4:42:60:9f:62:da:f9:23:00:64:b3:fb:27:71:58:
                    04:38:e1:d9:b1:2e:16:52:b4:3c:b7:f2:7d:2b:41:
                    47:3f:fe:0d:8f:63:92:17:0e:8c:74:93:68:bf:9f:
                    cc:8e:85:9a:b3:c6:b8:bb:21:f2:b0:b8:ca:b6:0d:
                    e8:10:1a:9a:ad:45:f7:35:19:d0:6b:35:ab:42:89:
                    99:39:85:2b:c6:54:81:58:89:f0:d1:9c:f8:26:74:
                    35:d3:70:37:39:fd:de:ea:40:62:05:29:c8:e5:99:
                    f9:56:4f:9b:60:1f:79:fb:3d:2a:47:9a:70:49:3e:
                    59:ab:26:5d:aa:41:90:c6:9b:9e:0f:4c:a9:d5:6c:
                    fa:6e:a7:77:67:07:ce:de:74:b1:9d:58:db:70:ed:
                    87:bf:26:fb:a7:38:83:f4:1e:79:2f:a7:e9:6a:c4:
                    c2:78:88:5a:f6:cf:4a:7f:96:30:a8:c9:da:46:b3:
                    a9:01:ee:c3:63:e9:5e:72:74:95:a4:4e:a0:27:b3:
                    17:c8:b0:84:73:61:ff:ff:74:b9:d2:18:2d:b5:50:
                    72:0a:58:f0:9a:be:c8:32:38:4d:31:db:82:37:28:
                    ab:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:7E:F9:D6:B9:8B:12:93:5A:06:F7:AF:5C:62:C6:E5:B7:1F:F6:78
            X509v3 Authority Key Identifier:
                keyid:67:E2:4C:72:84:EF:48:87:E4:5D:4C:CD:9B:DE:67:9C:D9:AB:4F:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z-JMcoTvSIfkXUzNm95nnNmrTwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/r3751rmLEpNaBvevXGLG5bcf9ng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/Z-JMcoTvSIfkXUzNm95nnNmrTwA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.0.0/24
                  212.2.240.0/21
                IPv6:
                  2a10:c880::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:66:77:e2:cb:cd:1c:75:0a:d7:6f:e1:26:8d:9f:e3:44:89:
         29:6b:3e:7e:8d:fe:ea:dc:3b:18:e2:e0:2f:bb:b0:d0:2f:53:
         be:ed:53:09:fc:f5:d8:e2:e8:5b:dd:39:06:d9:a3:1c:ad:c2:
         fa:20:08:53:26:b0:85:54:3b:32:8a:81:29:1b:78:ba:a6:17:
         de:2b:7d:fc:9f:9b:a6:51:e4:41:fe:f0:fa:fd:67:60:4a:b7:
         0b:04:7b:d3:16:f0:d2:02:2f:99:41:17:94:a9:45:86:b2:0a:
         06:e7:92:fc:a3:b4:59:38:22:7f:55:ad:81:f7:43:2f:45:ee:
         be:a7:13:16:cb:0e:84:a9:0d:6c:f1:0c:04:bf:6d:a7:50:7c:
         38:f5:f1:32:93:57:b4:75:09:81:46:f8:70:1d:90:bd:46:13:
         f6:91:90:cf:68:df:f2:d9:90:5c:4c:81:ea:9b:cd:29:b6:e9:
         53:6b:b9:b1:ac:aa:59:84:d9:f5:ed:48:c5:fd:07:b5:79:dd:
         94:35:ae:da:c4:a0:8f:f6:66:f9:d6:b3:03:28:0a:f0:50:bf:
         cf:4d:52:cb:a5:00:b5:71:a9:48:9d:c8:2c:47:d1:7e:b4:29:
         06:4b:20:d1:1f:27:74:bd:48:7f:9f:e4:12:a8:8b:aa:d9:d0:
         1a:c1:ee:0c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzI3u9zG3z7aiZIe9fzOzIzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZTI0YzcyODRlZjQ4ODdlNDVkNGNjZDliZGU2NzljZDlh
YjRmMDAwHhcNMjQwMTAyMDYzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjdlZjlkNmI5OGIxMjkzNWEwNmY3YWY1YzYyYzZlNWI3MWZmNjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxCiThGpMyx3V5fHZYqLSzJmeR4F
F6T+z9tFv9qkQmCfYtr5IwBks/sncVgEOOHZsS4WUrQ8t/J9K0FHP/4Nj2OSFw6M
dJNov5/MjoWas8a4uyHysLjKtg3oEBqarUX3NRnQazWrQomZOYUrxlSBWInw0Zz4
JnQ103A3Of3e6kBiBSnI5Zn5Vk+bYB95+z0qR5pwST5ZqyZdqkGQxpueD0yp1Wz6
bqd3ZwfO3nSxnVjbcO2Hvyb7pziD9B55L6fpasTCeIha9s9Kf5YwqMnaRrOpAe7D
Y+lecnSVpE6gJ7MXyLCEc2H//3S50hgttVByCljwmr7IMjhNMduCNyirjQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFK9++da5ixKTWgb3r1xixuW3H/Z4MB8GA1UdIwQY
MBaAFGfiTHKE70iH5F1MzZveZ5zZq08AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWi1KTWNvVHZTSWZrWFV6Tm05NW5uTm1yVHdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8wMmQzZjYtNDMwMS00YmU1LThjMzct
MDM3NWE5YzMyYjAwLzEvcjM3NTFybUxFcE5hQnZldlhHTEc1YmNmOW5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8wMmQzZjYtNDMwMS00YmU1LThjMzctMDM3NWE5YzMyYjAw
LzEvWi1KTWNvVHZTSWZrWFV6Tm05NW5uTm1yVHdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALZ0AAwQD
1ALwMA0EAgACMAcDBQAqEMiAMA0GCSqGSIb3DQEBCwUAA4IBAQBzZnfiy80cdQrX
b+EmjZ/jRIkpaz5+jf7q3DsY4uAvu7DQL1O+7VMJ/PXY4uhb3TkG2aMcrcL6IAhT
JrCFVDsyioEpG3i6phfeK338n5umUeRB/vD6/WdgSrcLBHvTFvDSAi+ZQReUqUWG
sgoG55L8o7RZOCJ/Va2B90MvRe6+pxMWyw6EqQ1s8QwEv22nUHw49fEyk1e0dQmB
RvhwHZC9RhP2kZDPaN/y2ZBcTIHqm80ptulTa7mxrKpZhNn17UjF/Qe1ed2UNa7a
xKCP9mb51rMDKArwUL/PTVLLpQC1calIncgsR9F+tCkGSyDRHyd0vUh/n+QSqIuq
2dAawe4M
-----END CERTIFICATE-----