Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/1ECerwPFS5bqjh_87AnEYMFcl3w.roa
File:                     1ECerwPFS5bqjh_87AnEYMFcl3w.roa (raw, json)
Hash identifier:          riwr0mj0sYkBHK6sl+tmndKFQc70RFhQvtydO3rtjbs=
Subject key identifier:   D4:40:9E:AF:03:C5:4B:96:EA:8E:1F:FC:EC:09:C4:60:C1:5C:97:7C
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B5F0E5632C2B0235BDE46A085229C
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/1ECerwPFS5bqjh_87AnEYMFcl3w.roa
Signing time:             Tue 02 Jan 2024 12:34:49 +0000
ROA not before:           Tue 02 Jan 2024 12:34:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     149485
IP address blocks:        45.138.210.0/24 maxlen: 32
                          45.138.211.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:5f:0e:56:32:c2:b0:23:5b:de:46:a0:85:22:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4409eaf03c54b96ea8e1ffcec09c460c15c977c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ae:c7:a1:5a:d4:ec:e4:3e:3c:8d:23:89:a1:
                    ab:87:6e:24:30:be:06:d6:30:8b:c3:07:b1:77:07:
                    c7:06:b0:70:95:b0:76:17:12:57:f3:d7:34:d9:ea:
                    dc:79:c3:c8:2a:7e:16:d9:e1:38:d0:ce:3e:99:71:
                    c9:75:19:0d:a4:a4:7f:8b:b5:ea:19:18:2b:5e:04:
                    2d:55:39:3a:1a:40:5f:3d:ce:33:74:d5:8a:42:8c:
                    47:b8:9c:c8:bf:c8:5a:06:c6:f0:c7:2f:ec:c9:3f:
                    43:6d:87:0b:8f:ff:3c:4b:17:e1:cb:98:96:ac:cb:
                    46:8f:32:87:fa:59:94:f0:e8:19:ca:32:37:5f:66:
                    2b:52:83:a0:31:bc:b7:6f:4d:dc:ed:f6:a4:1e:7a:
                    98:36:2b:a2:37:91:15:0b:23:5a:fd:1e:73:8d:20:
                    0b:d2:a5:5d:61:8d:4b:e1:cb:02:61:56:7d:84:49:
                    bb:6a:16:19:af:77:8e:93:4e:fb:98:ad:07:d6:c6:
                    61:6e:0a:5a:70:d0:da:ef:fb:24:01:12:54:7d:1c:
                    33:89:e4:78:0f:92:fc:41:4c:36:80:d5:8f:ba:43:
                    36:37:a4:d7:6e:ef:dd:92:43:98:ed:86:23:51:4a:
                    6f:4e:d0:de:3e:c2:f6:9a:fa:57:32:68:5f:64:e2:
                    6b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:40:9E:AF:03:C5:4B:96:EA:8E:1F:FC:EC:09:C4:60:C1:5C:97:7C
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/1ECerwPFS5bqjh_87AnEYMFcl3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:25:4e:4e:bc:04:ad:48:f7:5d:97:d1:75:d3:50:9b:08:fe:
         f7:42:db:0b:3b:84:cc:38:1a:d3:c6:06:e3:29:32:a4:9a:8d:
         c1:a0:33:c4:ff:82:93:30:ca:2e:cf:bc:8d:b5:91:25:e0:4b:
         da:50:4b:f4:2e:f4:4b:d8:e8:bc:45:55:81:67:f6:91:aa:71:
         c3:f2:20:93:5a:b2:81:8d:c2:32:74:94:23:72:2c:da:ca:e0:
         91:17:2f:dc:12:63:5d:b8:91:67:a0:93:2a:db:b1:48:f5:9c:
         1a:56:ca:a7:b3:5f:e0:12:ca:61:86:2e:1e:4c:60:75:e4:0d:
         54:9c:75:f4:c8:97:5f:ed:79:fc:3e:ba:7a:87:d1:42:be:16:
         de:c0:19:eb:72:60:b8:2f:81:12:1d:e1:f8:4b:e8:0e:fa:da:
         8e:7d:f9:03:45:3a:b0:69:8a:db:61:7c:93:a7:ed:8a:73:52:
         01:86:c6:04:79:ee:f4:2e:03:23:2e:1a:da:ff:40:e6:85:62:
         c9:5d:f1:57:cc:d0:3f:34:ad:f3:c2:f4:92:b4:91:00:26:dd:
         98:f5:6a:97:2c:be:2a:59:3e:1c:0c:2c:bb:04:e8:aa:50:8e:
         fb:49:46:22:10:3d:f9:a8:16:18:cb:bb:5a:85:d0:65:9a:04:
         8f:0e:25:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK18OVjLCsCNb3kaghSKcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDQwOWVhZjAzYzU0Yjk2ZWE4ZTFmZmNlYzA5YzQ2MGMxNWM5NzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg67HoVrU7OQ+PI0jiaGrh24kML4G
1jCLwwexdwfHBrBwlbB2FxJX89c02ercecPIKn4W2eE40M4+mXHJdRkNpKR/i7Xq
GRgrXgQtVTk6GkBfPc4zdNWKQoxHuJzIv8haBsbwxy/syT9DbYcLj/88Sxfhy5iW
rMtGjzKH+lmU8OgZyjI3X2YrUoOgMby3b03c7fakHnqYNiuiN5EVCyNa/R5zjSAL
0qVdYY1L4csCYVZ9hEm7ahYZr3eOk077mK0H1sZhbgpacNDa7/skARJUfRwzieR4
D5L8QUw2gNWPukM2N6TXbu/dkkOY7YYjUUpvTtDePsL2mvpXMmhfZOJrKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNRAnq8DxUuW6o4f/OwJxGDBXJd8MB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvMUVDZXJ3UEZTNWJxamhfODdBbkVZTUZjbDN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYrSMA0G
CSqGSIb3DQEBCwUAA4IBAQAPJU5OvAStSPddl9F101CbCP73QtsLO4TMOBrTxgbj
KTKkmo3BoDPE/4KTMMouz7yNtZEl4EvaUEv0LvRL2Oi8RVWBZ/aRqnHD8iCTWrKB
jcIydJQjcizayuCRFy/cEmNduJFnoJMq27FI9ZwaVsqns1/gEsphhi4eTGB15A1U
nHX0yJdf7Xn8Prp6h9FCvhbewBnrcmC4L4ESHeH4S+gO+tqOffkDRTqwaYrbYXyT
p+2Kc1IBhsYEee70LgMjLhra/0DmhWLJXfFXzNA/NK3zwvSStJEAJt2Y9WqXLL4q
WT4cDCy7BOiqUI77SUYiED35qBYYy7tahdBlmgSPDiVn
-----END CERTIFICATE-----