Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/XTHtGod4dCrJHnMbrodjjNF-5f0.roa
File:                     XTHtGod4dCrJHnMbrodjjNF-5f0.roa (raw, json)
Hash identifier:          ml525+BbXnisksGpZ7YawxjX+58KW7bsPQRvEhI/Oi0=
Subject key identifier:   5D:31:ED:1A:87:78:74:2A:C9:1E:73:1B:AE:87:63:8C:D1:7E:E5:FD
Certificate issuer:       /CN=b960b14746c5875244ae3b694162ec6d8c63255e
Certificate serial:       018CC26D03826CA793E345869B6B6199D8A4
Authority key identifier: B9:60:B1:47:46:C5:87:52:44:AE:3B:69:41:62:EC:6D:8C:63:25:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uWCxR0bFh1JErjtpQWLsbYxjJV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/XTHtGod4dCrJHnMbrodjjNF-5f0.roa
Signing time:             Mon 01 Jan 2024 00:29:33 +0000
ROA not before:           Mon 01 Jan 2024 00:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41960
IP address blocks:        45.135.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/uWCxR0bFh1JErjtpQWLsbYxjJV4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/uWCxR0bFh1JErjtpQWLsbYxjJV4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uWCxR0bFh1JErjtpQWLsbYxjJV4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:03:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:03:82:6c:a7:93:e3:45:86:9b:6b:61:99:d8:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b960b14746c5875244ae3b694162ec6d8c63255e
        Validity
            Not Before: Jan  1 00:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d31ed1a8778742ac91e731bae87638cd17ee5fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:5d:78:9c:2e:6f:eb:23:a2:7e:30:3a:69:d6:
                    c3:10:25:86:04:a4:a4:77:dc:50:45:2f:a6:0c:52:
                    ed:68:9a:15:1f:0b:4b:7f:30:08:d4:7d:bf:8e:72:
                    73:0c:7b:21:ec:45:c6:6f:62:ec:57:6f:f6:8c:54:
                    2e:42:a0:bc:77:48:11:0e:4b:65:2b:9f:fc:71:7d:
                    df:d9:ca:3f:57:3f:f7:03:50:11:c7:9c:58:b9:8d:
                    01:4b:09:94:d0:0a:ad:7d:09:00:8c:2a:3a:7e:96:
                    72:a0:0c:b1:0d:dd:ce:55:ab:a2:51:0a:1c:3f:d1:
                    ce:7d:3b:1e:f0:70:ea:8d:35:49:1e:19:f7:e4:2e:
                    55:16:0c:6e:af:ee:ff:42:22:b5:ca:d0:f9:99:3d:
                    9c:c1:a9:53:fc:2b:6d:c7:da:56:8e:96:90:27:b8:
                    aa:73:2a:6a:38:cf:4e:aa:04:62:39:b6:38:26:f6:
                    dc:c7:f4:05:39:72:63:1c:c1:9e:98:9e:22:cd:75:
                    04:42:29:5a:d1:5e:c7:fb:28:c9:d6:a6:c1:db:a6:
                    23:70:cc:d4:86:e8:84:f5:db:7b:49:6e:3f:9d:bc:
                    54:b7:5e:30:e0:92:2c:40:67:89:09:cd:08:0e:a5:
                    8c:f2:d8:80:65:a0:f8:de:70:62:a5:69:46:4f:73:
                    17:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:31:ED:1A:87:78:74:2A:C9:1E:73:1B:AE:87:63:8C:D1:7E:E5:FD
            X509v3 Authority Key Identifier:
                keyid:B9:60:B1:47:46:C5:87:52:44:AE:3B:69:41:62:EC:6D:8C:63:25:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uWCxR0bFh1JErjtpQWLsbYxjJV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/XTHtGod4dCrJHnMbrodjjNF-5f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/uWCxR0bFh1JErjtpQWLsbYxjJV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:16:70:84:1e:e0:c4:09:63:fc:88:bb:bd:a2:90:f2:42:75:
         18:4b:91:d9:ed:f6:e7:07:3a:d0:ca:c9:97:8c:62:62:de:c2:
         ae:56:8e:ef:24:78:a2:04:ea:a6:b4:b0:f7:b4:6b:e5:71:7e:
         d8:d4:9c:67:96:73:1a:30:1d:72:1d:07:80:54:26:16:c2:86:
         d1:f9:08:62:b9:4f:c7:73:a2:29:82:ea:48:9d:e6:06:81:77:
         58:3b:78:62:ca:c9:43:24:86:b3:3d:80:5b:47:3a:3e:07:9a:
         17:8f:50:c2:75:9f:13:c8:c9:6f:69:97:c1:f5:69:fb:cb:a3:
         1f:9a:8a:22:87:54:8b:12:b5:7d:f1:a3:9e:86:52:64:72:29:
         c3:ee:e9:c7:57:42:92:63:01:8d:8a:15:51:a4:4d:1a:32:9c:
         b1:3e:9e:74:6a:d3:20:a3:70:46:0d:9e:6a:2c:f9:01:98:5d:
         fa:83:29:6a:cf:88:ec:d0:d2:30:3d:bf:ba:a3:8c:c2:c1:ce:
         f2:87:a5:e8:68:12:89:90:0c:04:8d:a2:e1:3c:61:38:87:d6:
         8d:bc:33:3b:e1:ea:05:59:53:67:40:ac:62:65:42:26:db:e0:
         00:fa:26:e6:a2:ef:74:e7:ac:e6:27:d1:ca:39:eb:dc:5f:17:
         ed:e1:72:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQOCbKeT40WGm2thmdikMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NjBiMTQ3NDZjNTg3NTI0NGFlM2I2OTQxNjJlYzZkOGM2
MzI1NWUwHhcNMjQwMTAxMDAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDMxZWQxYTg3Nzg3NDJhYzkxZTczMWJhZTg3NjM4Y2QxN2VlNWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy114nC5v6yOifjA6adbDECWGBKSk
d9xQRS+mDFLtaJoVHwtLfzAI1H2/jnJzDHsh7EXGb2LsV2/2jFQuQqC8d0gRDktl
K5/8cX3f2co/Vz/3A1ARx5xYuY0BSwmU0AqtfQkAjCo6fpZyoAyxDd3OVauiUQoc
P9HOfTse8HDqjTVJHhn35C5VFgxur+7/QiK1ytD5mT2cwalT/Cttx9pWjpaQJ7iq
cypqOM9OqgRiObY4Jvbcx/QFOXJjHMGemJ4izXUEQila0V7H+yjJ1qbB26YjcMzU
huiE9dt7SW4/nbxUt14w4JIsQGeJCc0IDqWM8tiAZaD43nBipWlGT3MXFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF0x7RqHeHQqyR5zG66HY4zRfuX9MB8GA1UdIwQY
MBaAFLlgsUdGxYdSRK47aUFi7G2MYyVeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVdDeFIwYkZoMUpFcmp0cFFXTHNiWXhqSlY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy80NTgwNzgtNDI2ZS00NDQ5LWEyYTkt
MTg4ODJhMjgwOWIyLzEvWFRIdEdvZDRkQ3JKSG5NYnJvZGpqTkYtNWYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy80NTgwNzgtNDI2ZS00NDQ5LWEyYTktMTg4ODJhMjgwOWIy
LzEvdVdDeFIwYkZoMUpFcmp0cFFXTHNiWXhqSlY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYfTMA0G
CSqGSIb3DQEBCwUAA4IBAQC9FnCEHuDECWP8iLu9opDyQnUYS5HZ7fbnBzrQysmX
jGJi3sKuVo7vJHiiBOqmtLD3tGvlcX7Y1JxnlnMaMB1yHQeAVCYWwobR+QhiuU/H
c6IpgupIneYGgXdYO3hiyslDJIazPYBbRzo+B5oXj1DCdZ8TyMlvaZfB9Wn7y6Mf
mooih1SLErV98aOehlJkcinD7unHV0KSYwGNihVRpE0aMpyxPp50atMgo3BGDZ5q
LPkBmF36gylqz4js0NIwPb+6o4zCwc7yh6XoaBKJkAwEjaLhPGE4h9aNvDM74eoF
WVNnQKxiZUIm2+AA+ibmou9056zmJ9HKOevcXxft4XKc
-----END CERTIFICATE-----