Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/223d8f-58ac-4df7-bf1e-442010b579ef/1/c2xf8E0fTWt-x_PCmLyg3jndrBM.roa
File:                     c2xf8E0fTWt-x_PCmLyg3jndrBM.roa (raw, json)
Hash identifier:          hG77jPRxEG4+rx/8EWx/dNG2AzbqdXcdGjfGi1NDV/0=
Subject key identifier:   73:6C:5F:F0:4D:1F:4D:6B:7E:C7:F3:C2:98:BC:A0:DE:39:DD:AC:13
Certificate issuer:       /CN=5d0a0d396f769369365f2b983c531afeca9710a7
Certificate serial:       018F805773E4478C198CFE785B53455466B9
Authority key identifier: 5D:0A:0D:39:6F:76:93:69:36:5F:2B:98:3C:53:1A:FE:CA:97:10:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XQoNOW92k2k2XyuYPFMa_sqXEKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/223d8f-58ac-4df7-bf1e-442010b579ef/1/c2xf8E0fTWt-x_PCmLyg3jndrBM.roa
Signing time:             Thu 16 May 2024 07:39:25 +0000
ROA not before:           Thu 16 May 2024 07:39:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6661
IP address blocks:        45.148.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/223d8f-58ac-4df7-bf1e-442010b579ef/1/XQoNOW92k2k2XyuYPFMa_sqXEKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/223d8f-58ac-4df7-bf1e-442010b579ef/1/XQoNOW92k2k2XyuYPFMa_sqXEKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XQoNOW92k2k2XyuYPFMa_sqXEKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:80:57:73:e4:47:8c:19:8c:fe:78:5b:53:45:54:66:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d0a0d396f769369365f2b983c531afeca9710a7
        Validity
            Not Before: May 16 07:39:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=736c5ff04d1f4d6b7ec7f3c298bca0de39ddac13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:08:ae:75:a6:aa:a1:45:2f:a7:88:06:0f:a5:
                    b2:a2:47:4b:1f:dd:23:0a:b9:a5:f2:21:b3:84:10:
                    9d:76:0b:bc:da:a0:0a:64:c1:11:7c:b8:a0:70:68:
                    11:80:9c:16:05:e8:0c:27:af:39:16:f7:98:08:84:
                    e7:b0:13:74:57:19:3d:a7:3f:ba:1d:f5:ce:27:82:
                    35:b8:3f:b0:d1:ee:0d:db:21:a4:78:c1:5c:62:a5:
                    99:5a:7f:49:f8:bb:60:9a:c7:f1:ea:22:35:86:3e:
                    79:58:ce:6f:44:d8:20:71:4b:b4:16:c5:26:32:75:
                    25:08:97:5a:32:c8:d3:75:a7:1c:3e:10:a5:39:37:
                    f8:50:a9:bf:eb:9b:a7:87:3a:6c:13:f6:e1:c0:fa:
                    f1:a1:d4:27:d9:a7:66:5f:d7:ac:d4:54:4d:5f:34:
                    d4:87:5b:ce:7c:2b:59:e4:54:bf:f6:5b:0c:1d:5d:
                    c8:71:c3:40:c5:7a:dd:46:93:f6:ac:0f:fc:e7:1a:
                    da:d5:98:34:2a:57:f5:7b:04:0b:02:45:97:b9:af:
                    c7:28:15:5a:e6:cb:03:ec:e4:bd:5a:4e:25:00:c6:
                    4f:e9:22:ea:6e:f9:4e:41:07:4f:91:53:f3:36:e4:
                    8a:cc:6b:d8:76:36:c3:88:8f:1c:44:f3:a6:cb:eb:
                    ba:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:6C:5F:F0:4D:1F:4D:6B:7E:C7:F3:C2:98:BC:A0:DE:39:DD:AC:13
            X509v3 Authority Key Identifier:
                keyid:5D:0A:0D:39:6F:76:93:69:36:5F:2B:98:3C:53:1A:FE:CA:97:10:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XQoNOW92k2k2XyuYPFMa_sqXEKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/223d8f-58ac-4df7-bf1e-442010b579ef/1/c2xf8E0fTWt-x_PCmLyg3jndrBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/223d8f-58ac-4df7-bf1e-442010b579ef/1/XQoNOW92k2k2XyuYPFMa_sqXEKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:80:5d:f4:2b:fd:ae:94:b6:1f:f5:7e:a9:fc:bf:4f:3a:98:
         37:6d:18:a3:b1:57:c0:93:0c:f2:c6:f5:06:3c:1c:ce:4c:2e:
         7c:d7:71:f5:5b:a7:9b:18:96:df:d8:8b:67:7c:05:8b:3d:c1:
         e2:e3:47:ed:64:9f:c6:55:03:c0:0e:6d:8c:d5:8e:c9:fb:0f:
         ac:ae:fe:af:23:c1:a1:9b:5f:6a:58:b5:d5:71:3f:4b:cb:99:
         ae:cc:85:88:55:13:f1:10:e5:00:88:8b:b3:6d:2c:bb:9f:5b:
         8c:0d:28:c7:b2:58:bb:11:6a:9a:16:4c:04:4c:a4:fb:c6:cf:
         35:ba:b7:ec:2f:42:af:c7:cd:54:56:22:6a:07:b2:0e:61:77:
         9b:1e:b1:58:cf:6a:dd:bc:de:41:31:e4:55:1a:52:e7:be:5a:
         f9:44:b4:cc:5f:82:0b:6a:85:90:40:89:63:70:00:ca:c8:05:
         e4:d8:72:18:88:c6:5e:c3:3c:09:2c:47:77:f1:69:17:b4:61:
         87:e1:1e:f6:dc:60:70:76:ad:d6:f7:85:9f:c9:a2:85:45:28:
         7d:89:20:ef:11:2a:e0:fe:da:08:bd:3a:36:7b:0c:70:27:06:
         c1:cf:31:bf:f1:d8:51:25:27:35:40:67:6e:37:79:08:eb:0a:
         d5:15:a8:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+AV3PkR4wZjP54W1NFVGa5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMGEwZDM5NmY3NjkzNjkzNjVmMmI5ODNjNTMxYWZlY2E5
NzEwYTcwHhcNMjQwNTE2MDczOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzZjNWZmMDRkMWY0ZDZiN2VjN2YzYzI5OGJjYTBkZTM5ZGRhYzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3wiudaaqoUUvp4gGD6WyokdLH90j
Crml8iGzhBCddgu82qAKZMERfLigcGgRgJwWBegMJ685FveYCITnsBN0Vxk9pz+6
HfXOJ4I1uD+w0e4N2yGkeMFcYqWZWn9J+Ltgmsfx6iI1hj55WM5vRNggcUu0FsUm
MnUlCJdaMsjTdaccPhClOTf4UKm/65unhzpsE/bhwPrxodQn2admX9es1FRNXzTU
h1vOfCtZ5FS/9lsMHV3IccNAxXrdRpP2rA/85xra1Zg0Klf1ewQLAkWXua/HKBVa
5ssD7OS9Wk4lAMZP6SLqbvlOQQdPkVPzNuSKzGvYdjbDiI8cRPOmy+u65QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHNsX/BNH01rfsfzwpi8oN453awTMB8GA1UdIwQY
MBaAFF0KDTlvdpNpNl8rmDxTGv7KlxCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFFvTk9XOTJrMmsyWHl1WVBGTWFfc3FYRUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yMjNkOGYtNThhYy00ZGY3LWJmMWUt
NDQyMDEwYjU3OWVmLzEvYzJ4ZjhFMGZUV3QteF9QQ21MeWczam5kckJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yMjNkOGYtNThhYy00ZGY3LWJmMWUtNDQyMDEwYjU3OWVm
LzEvWFFvTk9XOTJrMmsyWHl1WVBGTWFfc3FYRUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZTvMA0G
CSqGSIb3DQEBCwUAA4IBAQAjgF30K/2ulLYf9X6p/L9POpg3bRijsVfAkwzyxvUG
PBzOTC5813H1W6ebGJbf2ItnfAWLPcHi40ftZJ/GVQPADm2M1Y7J+w+srv6vI8Gh
m19qWLXVcT9Ly5muzIWIVRPxEOUAiIuzbSy7n1uMDSjHsli7EWqaFkwETKT7xs81
urfsL0Kvx81UViJqB7IOYXebHrFYz2rdvN5BMeRVGlLnvlr5RLTMX4ILaoWQQIlj
cADKyAXk2HIYiMZewzwJLEd38WkXtGGH4R723GBwdq3W94WfyaKFRSh9iSDvESrg
/toIvTo2ewxwJwbBzzG/8dhRJSc1QGduN3kI6wrVFajG
-----END CERTIFICATE-----