Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/S-8xl1cxt5AK0KGEX-AbPOnZY6c.roa
File:                     S-8xl1cxt5AK0KGEX-AbPOnZY6c.roa (raw, json)
Hash identifier:          WlLokJjlKFvVyk+ks3bjZMu5J0tZHQ5uwDXR/BrysnE=
Subject key identifier:   4B:EF:31:97:57:31:B7:90:0A:D0:A1:84:5F:E0:1B:3C:E9:D9:63:A7
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018EF0A3BC7610FADD6829D25164B0ACC5F0
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/S-8xl1cxt5AK0KGEX-AbPOnZY6c.roa
Signing time:             Thu 18 Apr 2024 09:57:26 +0000
ROA not before:           Thu 18 Apr 2024 09:57:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215151
IP address blocks:        45.131.132.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 03:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f0:a3:bc:76:10:fa:dd:68:29:d2:51:64:b0:ac:c5:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Apr 18 09:57:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4bef31975731b7900ad0a1845fe01b3ce9d963a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3d:4b:fe:b7:dc:88:50:71:ab:48:92:f9:d9:
                    ed:3b:13:41:c7:cb:64:7e:59:3b:08:ac:b8:c4:ce:
                    9f:3a:04:04:94:a7:9a:fc:5b:6e:de:db:77:17:03:
                    df:da:c6:17:c7:61:0e:cd:38:37:29:e2:a8:93:39:
                    f3:7a:cc:76:21:1f:f3:6a:d5:e4:26:20:d7:12:33:
                    92:f4:2b:7b:2a:7f:6e:5f:dd:3e:71:14:e2:e5:23:
                    bb:92:f8:8e:ca:93:92:2d:2d:eb:0b:78:12:8c:38:
                    f1:c6:cf:ae:2d:86:05:f6:dc:9d:8f:24:99:b4:4b:
                    29:42:a5:2d:37:00:be:e5:2e:47:83:ce:cc:5e:9b:
                    f9:74:fc:71:ac:bd:70:92:2f:75:a6:08:2a:e7:fc:
                    e3:85:44:4c:51:98:7f:d8:2a:cc:a1:cb:e7:77:2c:
                    de:eb:7e:33:12:5b:e9:88:8a:e2:3d:e7:03:b1:50:
                    70:62:2a:a0:5d:f5:7f:25:0c:a0:0b:27:20:cd:db:
                    73:4e:30:eb:f2:e9:59:f7:85:6b:b9:cd:76:fa:d4:
                    bc:cc:d4:b9:3f:00:7b:a5:42:25:99:6f:61:bb:42:
                    f7:b1:c3:69:a9:ee:a7:85:7e:69:1e:f4:b2:57:35:
                    4f:5d:63:b6:bf:6e:6f:7f:ce:6c:cb:31:27:66:f1:
                    79:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:EF:31:97:57:31:B7:90:0A:D0:A1:84:5F:E0:1B:3C:E9:D9:63:A7
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/S-8xl1cxt5AK0KGEX-AbPOnZY6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:6a:1c:96:2c:d5:38:bf:de:15:3c:48:b6:5b:f4:2b:c0:08:
         2a:fb:ee:38:c0:c1:64:f3:d3:b4:41:2b:72:d1:1e:f6:9c:2b:
         a0:4f:fc:01:5b:d2:59:82:b3:53:d0:d8:c5:6d:93:89:0f:58:
         44:6c:cb:0b:57:0d:21:07:56:33:07:77:53:66:69:53:66:44:
         d5:a2:1e:6b:0b:84:36:47:9c:03:c4:b4:50:cc:4d:17:b3:85:
         72:d9:61:07:f5:ce:8f:e0:79:0e:1b:1f:0d:a8:97:f2:1a:ff:
         da:58:a0:d9:5a:f7:7f:d8:2f:a6:87:38:ef:98:e3:6d:02:ad:
         11:ad:10:31:db:0b:69:73:72:ff:2e:dd:5f:0d:b7:41:3d:99:
         39:c1:93:56:50:a6:02:20:db:9b:a5:6f:f2:96:2b:2c:13:55:
         64:30:c2:cf:79:6b:c0:72:88:8c:8c:f5:17:8d:12:d1:27:86:
         2b:3f:0b:b0:86:65:4e:41:63:42:6d:5f:9f:72:0a:00:b5:01:
         96:d1:a0:3b:97:f0:25:64:45:3c:35:15:c0:40:49:1b:f0:39:
         c0:f6:14:56:7b:93:33:7c:48:2f:01:98:09:5c:24:f3:28:6e:
         89:da:23:7c:fa:89:c1:8d:b7:11:02:36:79:ae:92:86:6c:15:
         d8:89:06:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7wo7x2EPrdaCnSUWSwrMXwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwNDE4MDk1NzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmVmMzE5NzU3MzFiNzkwMGFkMGExODQ1ZmUwMWIzY2U5ZDk2M2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj1L/rfciFBxq0iS+dntOxNBx8tk
flk7CKy4xM6fOgQElKea/Ftu3tt3FwPf2sYXx2EOzTg3KeKokznzesx2IR/zatXk
JiDXEjOS9Ct7Kn9uX90+cRTi5SO7kviOypOSLS3rC3gSjDjxxs+uLYYF9tydjySZ
tEspQqUtNwC+5S5Hg87MXpv5dPxxrL1wki91pggq5/zjhURMUZh/2CrMocvndyze
634zElvpiIriPecDsVBwYiqgXfV/JQygCycgzdtzTjDr8ulZ94Vruc12+tS8zNS5
PwB7pUIlmW9hu0L3scNpqe6nhX5pHvSyVzVPXWO2v25vf85syzEnZvF5aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvvMZdXMbeQCtChhF/gGzzp2WOnMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvUy04eGwxY3h0NUFLMEtHRVgtQWJQT25aWTZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYOEMA0G
CSqGSIb3DQEBCwUAA4IBAQACahyWLNU4v94VPEi2W/QrwAgq++44wMFk89O0QSty
0R72nCugT/wBW9JZgrNT0NjFbZOJD1hEbMsLVw0hB1YzB3dTZmlTZkTVoh5rC4Q2
R5wDxLRQzE0Xs4Vy2WEH9c6P4HkOGx8NqJfyGv/aWKDZWvd/2C+mhzjvmONtAq0R
rRAx2wtpc3L/Lt1fDbdBPZk5wZNWUKYCINubpW/ylissE1VkMMLPeWvAcoiMjPUX
jRLRJ4YrPwuwhmVOQWNCbV+fcgoAtQGW0aA7l/AlZEU8NRXAQEkb8DnA9hRWe5Mz
fEgvAZgJXCTzKG6J2iN8+onBjbcRAjZ5rpKGbBXYiQZ4
-----END CERTIFICATE-----