Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Ox5t4nzd6qjvwud9O6udVmPDKM8.roa
File:                     Ox5t4nzd6qjvwud9O6udVmPDKM8.roa (raw, json)
Hash identifier:          1JI15hZHWKsiS9QWhPzwvqdb583PO8BqgdWzzUmjVM4=
Subject key identifier:   3B:1E:6D:E2:7C:DD:EA:A8:EF:C2:E7:7D:3B:AB:9D:56:63:C3:28:CF
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018E802B9C21925E959E64075BA94E55C710
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Ox5t4nzd6qjvwud9O6udVmPDKM8.roa
Signing time:             Wed 27 Mar 2024 13:48:45 +0000
ROA not before:           Wed 27 Mar 2024 13:48:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16628
IP address blocks:        45.8.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 12:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:80:2b:9c:21:92:5e:95:9e:64:07:5b:a9:4e:55:c7:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar 27 13:48:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b1e6de27cddeaa8efc2e77d3bab9d5663c328cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ce:71:2f:90:ab:38:1e:d6:ce:d9:6a:6c:34:
                    7e:42:70:05:8e:8e:44:8c:6e:57:be:ea:8e:54:d5:
                    82:0a:6e:6a:ec:a0:bb:79:e9:61:06:71:e7:ae:c0:
                    2c:e5:44:0b:6b:4c:7e:9a:63:d7:13:3e:45:20:79:
                    ba:58:82:97:37:fd:57:21:31:d7:3d:66:ce:35:73:
                    d3:43:0e:34:1b:58:c1:ff:fe:59:86:f6:2a:44:79:
                    58:96:19:7b:3d:3c:06:cc:f7:a8:72:6f:40:06:8a:
                    d3:54:2c:ea:0d:c6:0d:f3:1f:d7:ee:7a:9c:4f:97:
                    70:e2:1c:ac:82:82:e8:1b:d2:b1:94:ba:27:00:95:
                    c8:a5:fd:72:da:26:4f:24:0c:ca:8d:33:8c:89:27:
                    e7:f6:44:b7:c4:fd:e6:06:1c:78:b1:b0:ff:b7:9b:
                    aa:df:39:86:33:b3:d7:43:29:a5:1f:07:d8:be:e5:
                    82:21:bf:7f:ed:30:6f:32:10:48:aa:4b:ac:ad:ea:
                    b9:ec:7b:6f:99:91:9e:02:a3:cd:cb:63:8d:e0:83:
                    04:16:c7:ee:33:b1:fc:b4:ac:4a:5b:d8:50:85:64:
                    d1:31:70:00:fe:58:9a:ed:1a:14:62:be:51:55:a4:
                    b6:17:41:c9:6e:3b:c8:f6:be:0c:83:50:c0:63:44:
                    b9:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:1E:6D:E2:7C:DD:EA:A8:EF:C2:E7:7D:3B:AB:9D:56:63:C3:28:CF
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Ox5t4nzd6qjvwud9O6udVmPDKM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:86:eb:7a:d8:ca:f9:07:76:50:f6:9d:43:64:86:f8:0e:07:
         d3:ea:38:84:a9:4d:56:02:b0:dd:96:6e:ad:c7:10:31:5e:2a:
         15:3d:db:97:90:8f:a2:90:ca:ba:73:40:03:24:17:3f:b4:af:
         a2:b5:b6:33:ca:a2:7d:0e:f7:a4:64:5e:93:7a:c1:0f:c8:0f:
         98:6b:9a:f1:62:32:58:61:cf:76:ad:6e:57:32:3a:66:5a:99:
         f2:21:4d:c0:fc:49:fb:63:16:b6:d8:c6:e4:fe:88:6a:91:35:
         62:a7:69:72:ef:b0:66:3f:fc:f7:d2:8d:d2:39:45:3b:08:5f:
         81:e7:13:4f:7f:db:3e:73:a2:e9:9d:5e:a6:01:a6:76:a1:ac:
         3f:36:26:b3:fa:50:b0:dc:a4:a8:6e:65:0c:e5:44:dd:02:b1:
         8d:bd:18:12:2f:75:12:1c:ad:89:69:f8:75:df:f9:03:d7:10:
         0c:44:58:dd:33:d6:cd:c2:2a:71:eb:c9:b3:b7:69:e4:71:3e:
         65:ef:7b:85:8e:40:6a:c8:6a:2e:72:80:99:a1:34:1b:ef:b3:
         3c:e4:d2:d3:6f:23:e9:28:24:59:9d:41:d5:06:7b:b2:24:63:
         f2:6a:2e:cb:98:32:98:8a:8e:00:c4:64:30:26:1b:57:cf:5f:
         fe:4d:0f:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6AK5whkl6VnmQHW6lOVccQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMzI3MTM0ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjFlNmRlMjdjZGRlYWE4ZWZjMmU3N2QzYmFiOWQ1NjYzYzMyOGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsM5xL5CrOB7WztlqbDR+QnAFjo5E
jG5XvuqOVNWCCm5q7KC7eelhBnHnrsAs5UQLa0x+mmPXEz5FIHm6WIKXN/1XITHX
PWbONXPTQw40G1jB//5ZhvYqRHlYlhl7PTwGzPeocm9ABorTVCzqDcYN8x/X7nqc
T5dw4hysgoLoG9KxlLonAJXIpf1y2iZPJAzKjTOMiSfn9kS3xP3mBhx4sbD/t5uq
3zmGM7PXQymlHwfYvuWCIb9/7TBvMhBIqkusreq57HtvmZGeAqPNy2ON4IMEFsfu
M7H8tKxKW9hQhWTRMXAA/lia7RoUYr5RVaS2F0HJbjvI9r4Mg1DAY0S5PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDsebeJ83eqo78LnfTurnVZjwyjPMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvT3g1dDRuemQ2cWp2d3VkOU82dWRWbVBES004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQgVMA0G
CSqGSIb3DQEBCwUAA4IBAQBghut62Mr5B3ZQ9p1DZIb4DgfT6jiEqU1WArDdlm6t
xxAxXioVPduXkI+ikMq6c0ADJBc/tK+itbYzyqJ9DvekZF6TesEPyA+Ya5rxYjJY
Yc92rW5XMjpmWpnyIU3A/En7Yxa22Mbk/ohqkTVip2ly77BmP/z30o3SOUU7CF+B
5xNPf9s+c6LpnV6mAaZ2oaw/Niaz+lCw3KSobmUM5UTdArGNvRgSL3USHK2Jafh1
3/kD1xAMRFjdM9bNwipx68mzt2nkcT5l73uFjkBqyGoucoCZoTQb77M85NLTbyPp
KCRZnUHVBnuyJGPyai7LmDKYio4AxGQwJhtXz1/+TQ95
-----END CERTIFICATE-----