Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/d5df03-b5ee-4bf7-aedf-8d8e9ea14325/1/6PM8LeyhT9Wedjox430uQ0NekpY.roa
File:                     6PM8LeyhT9Wedjox430uQ0NekpY.roa (raw, json)
Hash identifier:          2he5qA/6qran7q1rA+q1hxbS6LLvjbPlXBt/nYyRuVM=
Subject key identifier:   E8:F3:3C:2D:EC:A1:4F:D5:9E:76:3A:31:E3:7D:2E:43:43:5E:92:96
Certificate issuer:       /CN=d2ae5e338794e60d5d8b523bdb2b68ec4ac762ce
Certificate serial:       018CC5002FBE186B7F2CF55E130020A52DF6
Authority key identifier: D2:AE:5E:33:87:94:E6:0D:5D:8B:52:3B:DB:2B:68:EC:4A:C7:62:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0q5eM4eU5g1di1I72yto7ErHYs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/d5df03-b5ee-4bf7-aedf-8d8e9ea14325/1/6PM8LeyhT9Wedjox430uQ0NekpY.roa
Signing time:             Mon 01 Jan 2024 12:29:32 +0000
ROA not before:           Mon 01 Jan 2024 12:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35499
IP address blocks:        45.66.124.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/d5df03-b5ee-4bf7-aedf-8d8e9ea14325/1/0q5eM4eU5g1di1I72yto7ErHYs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/d5df03-b5ee-4bf7-aedf-8d8e9ea14325/1/0q5eM4eU5g1di1I72yto7ErHYs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0q5eM4eU5g1di1I72yto7ErHYs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:2f:be:18:6b:7f:2c:f5:5e:13:00:20:a5:2d:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2ae5e338794e60d5d8b523bdb2b68ec4ac762ce
        Validity
            Not Before: Jan  1 12:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8f33c2deca14fd59e763a31e37d2e43435e9296
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:bc:0d:b3:6f:7a:7d:89:86:42:23:99:19:50:
                    41:32:9b:51:4d:c9:6e:6f:c6:9b:67:9c:85:1f:98:
                    1a:e6:ee:15:eb:bb:ef:34:9f:7e:d4:3f:1d:9b:28:
                    16:6e:2e:dc:65:6e:09:0a:05:b6:ee:cb:f9:af:d8:
                    64:44:cd:2f:84:a6:a4:0f:3e:05:ae:bb:73:14:ca:
                    55:0a:bc:13:12:5e:f6:f3:e0:8c:2e:4f:61:b4:96:
                    ea:fb:bd:83:d0:90:b0:fb:db:84:c8:2a:42:7e:8e:
                    12:8a:43:75:d7:c6:24:3f:f0:61:af:88:bb:b1:6c:
                    3c:e0:c4:39:67:db:55:05:2c:7d:09:75:c8:1b:57:
                    8e:b5:46:1f:f4:9b:73:0b:4a:22:1e:a6:38:f8:55:
                    56:b1:8b:fe:50:1e:c8:b1:34:9c:71:b4:96:22:3e:
                    a2:64:c5:8e:d3:82:9f:b2:04:c1:75:6a:a5:92:81:
                    d8:2f:16:24:75:c4:30:d5:b9:f1:a7:d9:6a:21:11:
                    1c:a4:cd:5d:2c:88:72:b8:6b:74:32:a2:b8:94:85:
                    ce:a4:85:09:02:a1:00:29:31:41:b8:07:41:9a:51:
                    f2:6e:53:36:c0:80:dd:40:dd:56:85:19:81:1c:38:
                    4c:e6:89:38:e1:7e:ed:ba:fd:9b:cf:ba:19:84:8f:
                    52:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:F3:3C:2D:EC:A1:4F:D5:9E:76:3A:31:E3:7D:2E:43:43:5E:92:96
            X509v3 Authority Key Identifier:
                keyid:D2:AE:5E:33:87:94:E6:0D:5D:8B:52:3B:DB:2B:68:EC:4A:C7:62:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0q5eM4eU5g1di1I72yto7ErHYs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/d5df03-b5ee-4bf7-aedf-8d8e9ea14325/1/6PM8LeyhT9Wedjox430uQ0NekpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/d5df03-b5ee-4bf7-aedf-8d8e9ea14325/1/0q5eM4eU5g1di1I72yto7ErHYs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:bf:66:a6:cc:49:0c:4e:66:72:41:18:9c:e6:a9:2c:99:1d:
         5d:10:9b:47:48:76:7d:ae:fa:52:49:01:02:21:5b:f0:78:e7:
         c2:d1:5a:e1:59:1b:5f:30:61:da:6a:95:1c:0e:d1:f0:a1:ab:
         90:ca:6b:58:7f:2d:a7:0b:c8:ce:20:b5:2b:d7:12:2d:b7:ee:
         2e:a5:ee:1c:ac:bc:73:72:a9:62:53:7a:5f:25:0e:12:f5:b7:
         10:59:59:a1:bf:64:27:01:3a:5b:aa:66:1c:ed:46:ae:18:ad:
         bc:5c:0b:5f:d5:e3:16:73:9b:16:6a:f6:5a:bb:36:66:3a:f0:
         45:ae:63:c0:5f:14:aa:ee:e1:67:01:80:90:c1:19:ae:d7:b5:
         fe:ef:26:8b:9d:3c:c3:4c:00:0b:13:33:3e:cf:52:d3:43:b1:
         f7:f4:d5:c8:f4:73:80:24:18:07:83:c7:0e:9b:25:5e:71:3d:
         23:68:15:c5:65:4c:11:ba:1a:69:21:53:f1:31:dc:71:08:db:
         5b:c4:5e:2b:a5:9b:18:6f:b3:f3:26:2f:0e:42:94:84:83:8c:
         22:ac:f0:6d:62:1d:5d:fb:a1:1b:f9:48:ce:39:63:68:51:f0:
         32:f8:ee:64:52:dd:2d:a5:9a:d2:01:e7:9b:6b:03:f3:b3:90:
         54:c5:8a:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAC++GGt/LPVeEwAgpS32MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYWU1ZTMzODc5NGU2MGQ1ZDhiNTIzYmRiMmI2OGVjNGFj
NzYyY2UwHhcNMjQwMTAxMTIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGYzM2MyZGVjYTE0ZmQ1OWU3NjNhMzFlMzdkMmU0MzQzNWU5Mjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorwNs296fYmGQiOZGVBBMptRTclu
b8abZ5yFH5ga5u4V67vvNJ9+1D8dmygWbi7cZW4JCgW27sv5r9hkRM0vhKakDz4F
rrtzFMpVCrwTEl728+CMLk9htJbq+72D0JCw+9uEyCpCfo4SikN118YkP/Bhr4i7
sWw84MQ5Z9tVBSx9CXXIG1eOtUYf9JtzC0oiHqY4+FVWsYv+UB7IsTSccbSWIj6i
ZMWO04KfsgTBdWqlkoHYLxYkdcQw1bnxp9lqIREcpM1dLIhyuGt0MqK4lIXOpIUJ
AqEAKTFBuAdBmlHyblM2wIDdQN1WhRmBHDhM5ok44X7tuv2bz7oZhI9S8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOjzPC3soU/VnnY6MeN9LkNDXpKWMB8GA1UdIwQY
MBaAFNKuXjOHlOYNXYtSO9sraOxKx2LOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHE1ZU00ZVU1ZzFkaTFJNzJ5dG83RXJIWXM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9kNWRmMDMtYjVlZS00YmY3LWFlZGYt
OGQ4ZTllYTE0MzI1LzEvNlBNOExleWhUOVdlZGpveDQzMHVRME5la3BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9kNWRmMDMtYjVlZS00YmY3LWFlZGYtOGQ4ZTllYTE0MzI1
LzEvMHE1ZU00ZVU1ZzFkaTFJNzJ5dG83RXJIWXM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLUJ8MA0G
CSqGSIb3DQEBCwUAA4IBAQBEv2amzEkMTmZyQRic5qksmR1dEJtHSHZ9rvpSSQEC
IVvweOfC0VrhWRtfMGHaapUcDtHwoauQymtYfy2nC8jOILUr1xItt+4upe4crLxz
cqliU3pfJQ4S9bcQWVmhv2QnATpbqmYc7UauGK28XAtf1eMWc5sWavZauzZmOvBF
rmPAXxSq7uFnAYCQwRmu17X+7yaLnTzDTAALEzM+z1LTQ7H39NXI9HOAJBgHg8cO
myVecT0jaBXFZUwRuhppIVPxMdxxCNtbxF4rpZsYb7PzJi8OQpSEg4wirPBtYh1d
+6Eb+UjOOWNoUfAy+O5kUt0tpZrSAeebawPzs5BUxYoh
-----END CERTIFICATE-----