Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/z-rObA3advC75JTZGeTb3FAxVrg.roa
File:                     z-rObA3advC75JTZGeTb3FAxVrg.roa (raw, json)
Hash identifier:          mRSOW7OAuxft7mV4y8tWKtl4aZcfp0rfmOwg5bDi3Uo=
Subject key identifier:   CF:EA:CE:6C:0D:DA:76:F0:BB:E4:94:D9:19:E4:DB:DC:50:31:56:B8
Certificate issuer:       /CN=940a10a256728f11a4bbaadc3204b7f0a35a5000
Certificate serial:       018CC7263DC892110BCE4A5F8E485F20F5F4
Authority key identifier: 94:0A:10:A2:56:72:8F:11:A4:BB:AA:DC:32:04:B7:F0:A3:5A:50:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/z-rObA3advC75JTZGeTb3FAxVrg.roa
Signing time:             Mon 01 Jan 2024 22:30:21 +0000
ROA not before:           Mon 01 Jan 2024 22:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31287
IP address blocks:        45.15.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/lAoQolZyjxGku6rcMgS38KNaUAA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/lAoQolZyjxGku6rcMgS38KNaUAA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 05:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:3d:c8:92:11:0b:ce:4a:5f:8e:48:5f:20:f5:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=940a10a256728f11a4bbaadc3204b7f0a35a5000
        Validity
            Not Before: Jan  1 22:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfeace6c0dda76f0bbe494d919e4dbdc503156b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e9:e2:7c:80:3e:1b:d4:08:0d:1d:e2:34:e6:
                    53:32:11:38:7a:14:fe:8c:3c:d6:b1:8f:fa:2b:dc:
                    f2:d5:69:ab:0a:1a:08:f3:ab:08:65:90:4c:c6:7b:
                    00:6d:19:e1:a9:d2:9f:ce:c1:20:da:07:88:00:ab:
                    54:ab:74:f9:59:85:97:49:ef:43:fd:d4:25:0e:8d:
                    81:0d:e3:1f:53:d9:45:76:05:45:98:87:0d:aa:6f:
                    af:8c:d6:40:a1:64:69:de:57:7d:d6:f0:42:74:03:
                    4e:f9:dc:18:19:ae:9d:cd:1a:f6:61:f7:c2:9b:56:
                    f7:70:cc:43:a2:52:5a:b5:d5:9b:18:b3:61:46:81:
                    b7:e9:70:08:18:e2:42:c8:27:07:4d:30:3f:d4:02:
                    2d:1a:9b:43:5a:50:38:a2:a2:61:14:03:7f:4e:9b:
                    bb:6f:8a:b3:54:5c:3c:0c:ac:8e:ce:f1:20:64:3a:
                    b6:24:c7:13:0f:da:d5:4d:16:ab:4a:64:3b:a8:0a:
                    77:3f:95:be:04:b8:ba:36:a4:66:83:2e:41:d1:fd:
                    de:af:a8:55:4b:a0:fb:94:79:6f:75:fc:6a:4a:1d:
                    0a:fd:4a:5d:eb:1d:5c:21:52:0d:a1:24:48:f9:76:
                    4a:6b:48:e4:14:9f:8b:e5:92:21:a9:52:26:af:60:
                    74:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:EA:CE:6C:0D:DA:76:F0:BB:E4:94:D9:19:E4:DB:DC:50:31:56:B8
            X509v3 Authority Key Identifier:
                keyid:94:0A:10:A2:56:72:8F:11:A4:BB:AA:DC:32:04:B7:F0:A3:5A:50:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/z-rObA3advC75JTZGeTb3FAxVrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/lAoQolZyjxGku6rcMgS38KNaUAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:f2:ac:8e:8a:96:92:9e:18:9a:fc:f1:64:9a:39:01:ef:73:
         5c:21:72:f1:77:37:09:35:4f:0f:b3:36:36:f1:ff:43:3c:0d:
         8e:85:cd:4c:75:8f:33:6f:e3:b9:d1:f2:07:27:55:a1:82:57:
         dc:14:66:f1:b0:f0:dc:47:9f:02:cc:7b:e9:c6:ed:dc:a1:23:
         52:72:72:23:cc:52:92:f1:7c:fc:62:a2:53:fc:59:c1:f2:3f:
         57:1e:45:a0:a7:8e:2d:69:5e:00:9c:f6:f8:92:e3:1f:05:6d:
         d2:62:40:3a:72:a0:43:18:58:e4:32:fb:41:71:d3:de:43:2f:
         94:81:52:52:bc:8d:22:8e:05:4c:00:29:08:b4:de:ec:90:81:
         01:1f:27:56:4f:80:ff:00:da:1c:71:de:57:9b:c3:e2:70:44:
         f6:4f:43:45:42:70:45:4d:a9:f8:78:e2:71:48:68:13:88:f2:
         d1:63:7d:d4:f2:92:98:2c:27:0a:f2:60:25:90:4b:d6:e1:b4:
         f8:21:05:4a:0a:e2:47:38:53:c2:2f:97:b2:b7:46:24:b8:9f:
         b4:43:4e:85:1c:25:6a:9d:8b:50:fd:e4:da:c9:c0:5b:53:d1:
         fc:ad:f9:54:a9:a8:e9:20:69:ae:ef:54:48:e7:1d:a9:64:57:
         54:fc:c2:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJj3IkhELzkpfjkhfIPX0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MGExMGEyNTY3MjhmMTFhNGJiYWFkYzMyMDRiN2YwYTM1
YTUwMDAwHhcNMjQwMTAxMjIzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmVhY2U2YzBkZGE3NmYwYmJlNDk0ZDkxOWU0ZGJkYzUwMzE1NmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmenifIA+G9QIDR3iNOZTMhE4ehT+
jDzWsY/6K9zy1WmrChoI86sIZZBMxnsAbRnhqdKfzsEg2geIAKtUq3T5WYWXSe9D
/dQlDo2BDeMfU9lFdgVFmIcNqm+vjNZAoWRp3ld91vBCdANO+dwYGa6dzRr2YffC
m1b3cMxDolJatdWbGLNhRoG36XAIGOJCyCcHTTA/1AItGptDWlA4oqJhFAN/Tpu7
b4qzVFw8DKyOzvEgZDq2JMcTD9rVTRarSmQ7qAp3P5W+BLi6NqRmgy5B0f3er6hV
S6D7lHlvdfxqSh0K/Upd6x1cIVINoSRI+XZKa0jkFJ+L5ZIhqVImr2B0QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/qzmwN2nbwu+SU2Rnk29xQMVa4MB8GA1UdIwQY
MBaAFJQKEKJWco8RpLuq3DIEt/CjWlAAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEFvUW9sWnlqeEdrdTZyY01nUzM4S05hVUFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hMWFlNzUtMmQ2Yi00Y2M2LWFjZWYt
ZGNlNmQ2OTA5MjQ3LzEvei1yT2JBM2FkdkM3NUpUWkdlVGIzRkF4VnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hMWFlNzUtMmQ2Yi00Y2M2LWFjZWYtZGNlNmQ2OTA5MjQ3
LzEvbEFvUW9sWnlqeEdrdTZyY01nUzM4S05hVUFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ+3MA0G
CSqGSIb3DQEBCwUAA4IBAQAS8qyOipaSnhia/PFkmjkB73NcIXLxdzcJNU8PszY2
8f9DPA2Ohc1MdY8zb+O50fIHJ1WhglfcFGbxsPDcR58CzHvpxu3coSNScnIjzFKS
8Xz8YqJT/FnB8j9XHkWgp44taV4AnPb4kuMfBW3SYkA6cqBDGFjkMvtBcdPeQy+U
gVJSvI0ijgVMACkItN7skIEBHydWT4D/ANoccd5Xm8PicET2T0NFQnBFTan4eOJx
SGgTiPLRY33U8pKYLCcK8mAlkEvW4bT4IQVKCuJHOFPCL5eyt0YkuJ+0Q06FHCVq
nYtQ/eTaycBbU9H8rflUqajpIGmu71RI5x2pZFdU/MJ4
-----END CERTIFICATE-----