Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/3ei_yRW9Fqk60qtc6U7_zpa4fwk.roa
File:                     3ei_yRW9Fqk60qtc6U7_zpa4fwk.roa (raw, json)
Hash identifier:          RczaU/062luxZImq3Uz5Z+9Ja8dy+T+FN5U9LKSfWSQ=
Subject key identifier:   DD:E8:BF:C9:15:BD:16:A9:3A:D2:AB:5C:E9:4E:FF:CE:96:B8:7F:09
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAC242324A319A3668E0F044A7316B
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/3ei_yRW9Fqk60qtc6U7_zpa4fwk.roa
Signing time:             Mon 01 Jan 2024 02:29:25 +0000
ROA not before:           Mon 01 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48020
IP address blocks:        45.67.184.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c2:42:32:4a:31:9a:36:68:e0:f0:44:a7:31:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dde8bfc915bd16a93ad2ab5ce94effce96b87f09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c3:39:65:55:9d:4d:c4:ca:97:1e:3d:e2:a2:
                    3c:b9:55:c9:52:a5:19:7f:85:aa:62:09:21:99:db:
                    0b:74:fa:f4:6d:e5:d2:93:c4:e0:b9:fe:d7:fa:94:
                    71:d3:98:14:2c:9c:9f:97:f7:63:be:68:af:68:76:
                    a1:de:38:f6:13:e1:c2:b2:33:a7:18:d3:7b:26:43:
                    9d:33:c3:f1:8e:7a:a8:30:24:c0:b5:78:79:2c:ea:
                    76:17:9e:31:0d:6a:e5:13:53:64:10:d8:6d:08:96:
                    bf:42:a9:c6:ba:41:34:d7:91:9e:14:30:e0:6a:d0:
                    0d:2c:d8:f4:8a:9c:66:d9:1a:ce:5a:d1:a9:72:0c:
                    1f:f4:e8:3f:82:b5:5b:d6:ed:f1:82:ba:df:33:81:
                    fc:0c:f9:02:00:72:33:c7:e1:85:46:cd:e6:35:f7:
                    45:01:6b:11:ed:b3:9e:60:48:3b:b1:35:94:92:1d:
                    56:88:6c:98:a7:30:e7:16:82:02:c8:45:5d:41:71:
                    db:f1:7d:43:76:ad:f8:27:23:9b:58:52:67:24:38:
                    3c:d7:09:33:84:68:1d:9f:1c:6e:26:93:b6:5c:1c:
                    07:6a:59:0d:80:64:c6:31:35:cd:70:6e:0c:3b:7f:
                    6a:53:21:9c:7a:66:73:6f:93:2b:1b:68:20:6c:55:
                    0e:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:E8:BF:C9:15:BD:16:A9:3A:D2:AB:5C:E9:4E:FF:CE:96:B8:7F:09
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/3ei_yRW9Fqk60qtc6U7_zpa4fwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:95:9d:85:38:44:57:b3:c7:d6:22:26:2c:ad:f3:39:e1:6f:
         50:55:09:21:74:5a:b0:b5:e8:76:eb:72:fc:a1:e4:43:7c:a6:
         2f:1b:b3:15:a7:0b:ea:4c:8f:8c:15:ec:2a:4f:c7:44:6a:c7:
         2d:24:b9:3f:f3:22:7a:4f:c3:83:53:30:36:cb:09:4e:1d:0a:
         5e:67:9a:0e:fa:63:5e:8c:76:9c:4d:48:42:51:1c:62:93:84:
         2c:03:4f:74:fd:69:ad:4b:f4:12:61:37:a1:4c:82:f5:91:03:
         42:2c:af:be:ba:d6:e2:2b:dd:6e:18:fe:20:9a:51:3c:51:9d:
         c0:c7:32:0d:d2:4b:9e:93:bf:ec:b4:3c:3f:03:03:15:fd:b0:
         69:55:2a:bf:54:4c:26:86:13:b4:b9:18:5a:59:e8:d0:a2:d2:
         0f:73:ed:87:a2:b2:a0:4d:f6:23:14:99:c3:19:18:fb:ae:33:
         3c:37:40:30:74:55:b9:42:c0:8f:2f:d7:d4:2e:db:55:ec:7b:
         96:ca:1e:9f:49:73:23:30:bd:1c:6d:06:f5:ee:b3:e1:5e:3f:
         bd:e9:d4:1f:4f:3d:c9:8b:72:80:19:6a:ee:d1:0f:48:27:5d:
         cb:3d:12:47:3f:99:a4:71:48:0d:d7:b9:17:4d:b7:4b:9e:c7:
         05:7c:0c:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2sJCMkoxmjZo4PBEpzFrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGU4YmZjOTE1YmQxNmE5M2FkMmFiNWNlOTRlZmZjZTk2Yjg3ZjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsM5ZVWdTcTKlx494qI8uVXJUqUZ
f4WqYgkhmdsLdPr0beXSk8Tguf7X+pRx05gULJyfl/djvmivaHah3jj2E+HCsjOn
GNN7JkOdM8PxjnqoMCTAtXh5LOp2F54xDWrlE1NkENhtCJa/QqnGukE015GeFDDg
atANLNj0ipxm2RrOWtGpcgwf9Og/grVb1u3xgrrfM4H8DPkCAHIzx+GFRs3mNfdF
AWsR7bOeYEg7sTWUkh1WiGyYpzDnFoICyEVdQXHb8X1Ddq34JyObWFJnJDg81wkz
hGgdnxxuJpO2XBwHalkNgGTGMTXNcG4MO39qUyGcemZzb5MrG2ggbFUOKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN3ov8kVvRapOtKrXOlO/86WuH8JMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvM2VpX3lSVzlGcWs2MHF0YzZVN196cGE0ZndrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLUO4MA0G
CSqGSIb3DQEBCwUAA4IBAQA9lZ2FOERXs8fWIiYsrfM54W9QVQkhdFqwteh263L8
oeRDfKYvG7MVpwvqTI+MFewqT8dEasctJLk/8yJ6T8ODUzA2ywlOHQpeZ5oO+mNe
jHacTUhCURxik4QsA090/WmtS/QSYTehTIL1kQNCLK++utbiK91uGP4gmlE8UZ3A
xzIN0kuek7/stDw/AwMV/bBpVSq/VEwmhhO0uRhaWejQotIPc+2HorKgTfYjFJnD
GRj7rjM8N0AwdFW5QsCPL9fULttV7HuWyh6fSXMjML0cbQb17rPhXj+96dQfTz3J
i3KAGWru0Q9IJ13LPRJHP5mkcUgN17kXTbdLnscFfAyO
-----END CERTIFICATE-----