Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/EtytpkUcVfH8HBZccHOd2d9oRM8.roa
File:                     EtytpkUcVfH8HBZccHOd2d9oRM8.roa (raw, json)
Hash identifier:          z6vrJMwVVvVQXMTGu1/5PiMzhkPpbfJ8wc7MaztHuo8=
Subject key identifier:   12:DC:AD:A6:45:1C:55:F1:FC:1C:16:5C:70:73:9D:D9:DF:68:44:CF
Certificate issuer:       /CN=b960b14746c5875244ae3b694162ec6d8c63255e
Certificate serial:       018CC26D041A195875D599E4EABBF1E759F7
Authority key identifier: B9:60:B1:47:46:C5:87:52:44:AE:3B:69:41:62:EC:6D:8C:63:25:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uWCxR0bFh1JErjtpQWLsbYxjJV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/EtytpkUcVfH8HBZccHOd2d9oRM8.roa
Signing time:             Mon 01 Jan 2024 00:29:33 +0000
ROA not before:           Mon 01 Jan 2024 00:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202120
IP address blocks:        45.135.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/uWCxR0bFh1JErjtpQWLsbYxjJV4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/uWCxR0bFh1JErjtpQWLsbYxjJV4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uWCxR0bFh1JErjtpQWLsbYxjJV4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:04:1a:19:58:75:d5:99:e4:ea:bb:f1:e7:59:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b960b14746c5875244ae3b694162ec6d8c63255e
        Validity
            Not Before: Jan  1 00:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12dcada6451c55f1fc1c165c70739dd9df6844cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:96:a5:3e:be:a5:d9:cc:d5:b0:b1:05:5e:fc:
                    3f:e6:88:b7:7f:b6:c9:7c:81:ef:d7:d1:3b:c4:cf:
                    2a:1c:8a:a4:79:c4:39:ad:e9:4a:2e:31:75:d3:03:
                    12:cd:d1:6f:e9:7c:e9:dc:dc:97:02:40:a7:1e:1b:
                    23:68:66:74:21:49:07:13:e0:c2:77:6c:c0:ac:f6:
                    7a:e8:a2:d1:6a:5f:12:c3:ee:04:da:81:d0:c2:5f:
                    35:d6:db:7e:1b:e9:7f:bf:5d:cd:90:d2:49:3b:27:
                    05:6e:4f:b6:48:38:4c:b3:1c:a8:ae:34:56:e3:af:
                    a4:51:14:88:93:21:d7:56:36:71:19:5b:c3:76:e4:
                    14:99:2f:07:d0:a2:b4:7d:e3:f1:1d:2e:e0:c5:b9:
                    be:83:fe:d9:2c:98:54:47:b5:83:46:22:72:36:ec:
                    c0:8d:e9:56:c3:f6:af:96:fc:92:c7:9c:44:10:0e:
                    b9:d8:bc:cd:85:40:b5:33:52:4f:27:19:89:12:0a:
                    08:49:64:aa:ab:8f:f9:21:ff:c3:fc:18:22:77:0c:
                    44:c1:fd:82:aa:99:f0:0b:cd:0c:9a:23:b1:9e:08:
                    73:dd:28:53:5c:45:35:be:9e:96:32:1d:19:4b:77:
                    b7:ea:72:e4:f6:cb:99:07:3c:4f:a6:9e:0c:41:fe:
                    92:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:DC:AD:A6:45:1C:55:F1:FC:1C:16:5C:70:73:9D:D9:DF:68:44:CF
            X509v3 Authority Key Identifier:
                keyid:B9:60:B1:47:46:C5:87:52:44:AE:3B:69:41:62:EC:6D:8C:63:25:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uWCxR0bFh1JErjtpQWLsbYxjJV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/EtytpkUcVfH8HBZccHOd2d9oRM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/uWCxR0bFh1JErjtpQWLsbYxjJV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:0c:bf:e2:a2:a2:e3:3f:f2:f3:cf:5a:e2:18:88:21:3d:0a:
         6f:92:a7:3f:58:74:00:4c:79:c7:ed:08:56:5e:50:a1:26:46:
         54:d9:f4:83:bc:41:00:8b:b4:01:44:21:fc:c2:bd:69:e7:fa:
         b6:4c:c3:e4:84:0d:dc:2f:3c:63:bb:b7:4b:64:5f:3b:53:76:
         e7:bc:2d:0d:28:9c:a2:16:e2:75:c3:57:9f:d4:34:c3:89:db:
         e0:83:78:26:86:ec:2b:fd:7f:b7:a9:7d:6c:20:ae:8b:52:dc:
         d2:1d:62:24:df:7b:a6:72:b7:3a:f2:12:5e:69:06:3f:21:ae:
         eb:b7:b8:0e:ed:86:81:b5:7a:e9:cc:25:dc:32:21:6c:9d:02:
         ac:f1:1b:ac:f7:f8:88:56:20:03:43:71:a1:47:81:af:db:e2:
         31:72:e8:57:8a:de:f0:f5:1b:36:e2:19:44:e4:de:5e:ab:0c:
         ad:10:e5:cb:a2:60:cb:cc:80:76:73:4c:1c:d1:01:10:df:8d:
         79:55:62:70:97:5f:94:63:a9:84:57:86:db:e9:df:21:c5:57:
         d6:73:fd:dc:7b:bc:4e:36:1d:21:31:f6:80:b2:88:ca:04:55:
         e9:f0:1f:c9:61:10:d8:39:f2:c2:ae:09:c1:a1:5b:c4:e2:c0:
         9b:f9:72:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQQaGVh11Znk6rvx51n3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NjBiMTQ3NDZjNTg3NTI0NGFlM2I2OTQxNjJlYzZkOGM2
MzI1NWUwHhcNMjQwMTAxMDAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmRjYWRhNjQ1MWM1NWYxZmMxYzE2NWM3MDczOWRkOWRmNjg0NGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypalPr6l2czVsLEFXvw/5oi3f7bJ
fIHv19E7xM8qHIqkecQ5relKLjF10wMSzdFv6Xzp3NyXAkCnHhsjaGZ0IUkHE+DC
d2zArPZ66KLRal8Sw+4E2oHQwl811tt+G+l/v13NkNJJOycFbk+2SDhMsxyorjRW
46+kURSIkyHXVjZxGVvDduQUmS8H0KK0fePxHS7gxbm+g/7ZLJhUR7WDRiJyNuzA
jelWw/avlvySx5xEEA652LzNhUC1M1JPJxmJEgoISWSqq4/5If/D/BgidwxEwf2C
qpnwC80MmiOxnghz3ShTXEU1vp6WMh0ZS3e36nLk9suZBzxPpp4MQf6SfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBLcraZFHFXx/BwWXHBzndnfaETPMB8GA1UdIwQY
MBaAFLlgsUdGxYdSRK47aUFi7G2MYyVeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVdDeFIwYkZoMUpFcmp0cFFXTHNiWXhqSlY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy80NTgwNzgtNDI2ZS00NDQ5LWEyYTkt
MTg4ODJhMjgwOWIyLzEvRXR5dHBrVWNWZkg4SEJaY2NIT2QyZDlvUk04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy80NTgwNzgtNDI2ZS00NDQ5LWEyYTktMTg4ODJhMjgwOWIy
LzEvdVdDeFIwYkZoMUpFcmp0cFFXTHNiWXhqSlY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYfSMA0G
CSqGSIb3DQEBCwUAA4IBAQBcDL/ioqLjP/Lzz1riGIghPQpvkqc/WHQATHnH7QhW
XlChJkZU2fSDvEEAi7QBRCH8wr1p5/q2TMPkhA3cLzxju7dLZF87U3bnvC0NKJyi
FuJ1w1ef1DTDidvgg3gmhuwr/X+3qX1sIK6LUtzSHWIk33umcrc68hJeaQY/Ia7r
t7gO7YaBtXrpzCXcMiFsnQKs8Rus9/iIViADQ3GhR4Gv2+IxcuhXit7w9Rs24hlE
5N5eqwytEOXLomDLzIB2c0wc0QEQ3415VWJwl1+UY6mEV4bb6d8hxVfWc/3ce7xO
Nh0hMfaAsojKBFXp8B/JYRDYOfLCrgnBoVvE4sCb+XIj
-----END CERTIFICATE-----