Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/55tXlDd7UR6qdbl5Gn1x5_zkroA.roa
File:                     55tXlDd7UR6qdbl5Gn1x5_zkroA.roa (raw, json)
Hash identifier:          U2fo2YtiH2p/qkNWZtH9i6J9DPkxNG5TY+CyYSGiyaQ=
Subject key identifier:   E7:9B:57:94:37:7B:51:1E:AA:75:B9:79:1A:7D:71:E7:FC:E4:AE:80
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B5B0B3C0F73C78F0D3A3E2DDD9142
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/55tXlDd7UR6qdbl5Gn1x5_zkroA.roa
Signing time:             Tue 02 Jan 2024 12:34:48 +0000
ROA not before:           Tue 02 Jan 2024 12:34:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60952
IP address blocks:        45.132.15.0/24 maxlen: 32
                          92.119.149.0/24 maxlen: 32
                          2a06:7a02::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:5b:0b:3c:0f:73:c7:8f:0d:3a:3e:2d:dd:91:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e79b5794377b511eaa75b9791a7d71e7fce4ae80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:07:39:5e:de:f4:50:dc:7c:28:85:aa:3d:43:
                    a8:28:7e:0c:68:50:ef:7b:87:e9:a3:99:02:b3:c0:
                    38:42:25:47:f9:99:76:fe:e7:9f:d4:47:44:ac:56:
                    03:8b:68:65:2a:2f:49:7c:5e:51:59:bf:57:0b:8c:
                    34:4d:89:4a:1b:5d:00:d2:c0:b4:96:da:6e:03:e0:
                    22:14:dc:51:40:1b:84:af:79:cf:6a:55:b6:f4:dd:
                    0a:18:4c:36:4d:55:49:39:b9:59:70:35:68:7e:1c:
                    39:e1:31:a7:a7:ec:05:0b:89:9d:25:47:73:8b:ba:
                    ec:88:da:48:e5:2b:63:ba:a4:5b:b6:12:1b:53:bf:
                    ea:19:4d:87:0a:b1:44:ec:d2:91:7c:65:49:7e:2a:
                    55:80:7b:70:43:7f:9c:ee:5b:52:db:80:3b:fd:c0:
                    20:1b:b9:e0:ca:05:0b:80:5d:39:05:65:07:96:f5:
                    5c:e9:c4:69:61:49:61:10:b7:d5:46:be:d8:5c:e4:
                    99:f1:af:d2:0e:b5:49:dd:b3:3f:57:ed:91:74:5a:
                    49:6f:ed:a2:53:3c:bb:c8:7f:ff:e5:03:f3:1b:08:
                    47:59:42:18:33:8a:94:94:30:5b:e3:5a:df:fd:40:
                    97:42:24:2e:64:b4:c1:a5:fe:e8:43:80:6b:52:40:
                    cf:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:9B:57:94:37:7B:51:1E:AA:75:B9:79:1A:7D:71:E7:FC:E4:AE:80
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/55tXlDd7UR6qdbl5Gn1x5_zkroA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.15.0/24
                  92.119.149.0/24
                IPv6:
                  2a06:7a02::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:0f:b0:e8:95:8b:a7:e3:11:fa:35:3e:9c:dd:5a:2f:b7:87:
         33:df:bd:17:dd:44:a2:43:60:b7:79:8e:0c:f7:a0:8a:e0:cc:
         70:8e:64:81:f1:bb:02:a3:18:c1:b6:b9:00:ae:d1:86:41:c2:
         57:96:ef:fe:33:ae:09:b0:fe:14:da:b1:5e:09:ff:34:36:4a:
         7b:17:69:92:80:d8:16:07:12:ea:0a:12:9d:47:ae:3b:f9:17:
         39:65:49:00:2b:03:1f:3f:5d:a4:9d:d7:5e:c5:d5:49:44:09:
         3c:3a:42:5a:b0:e9:bf:21:7a:63:ab:ab:66:fe:3d:e5:ea:4f:
         f4:5f:dd:2f:18:f5:33:f7:87:3f:d8:47:93:dc:28:9c:07:0f:
         55:66:90:8a:4e:6a:f3:a3:e4:e1:cb:51:3b:18:fa:9d:51:49:
         e2:55:39:b4:ff:e6:df:cb:05:2e:0e:c2:43:10:1d:9d:9a:64:
         c7:3a:4f:a8:26:4b:3e:53:90:47:f2:f6:65:23:c1:67:33:d2:
         ab:56:80:32:31:e2:b7:83:96:ab:0a:2a:e8:85:1f:64:b7:2d:
         59:e2:af:a6:67:56:92:62:5e:47:6b:9d:d2:44:30:fb:7b:a0:
         f5:c8:3c:03:b3:7d:4d:eb:c3:e0:6f:26:66:ef:c7:31:86:14:
         1e:79:3a:77
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzKK1sLPA9zx48NOj4t3ZFCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzliNTc5NDM3N2I1MTFlYWE3NWI5NzkxYTdkNzFlN2ZjZTRhZTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAc5Xt70UNx8KIWqPUOoKH4MaFDv
e4fpo5kCs8A4QiVH+Zl2/uef1EdErFYDi2hlKi9JfF5RWb9XC4w0TYlKG10A0sC0
ltpuA+AiFNxRQBuEr3nPalW29N0KGEw2TVVJOblZcDVofhw54TGnp+wFC4mdJUdz
i7rsiNpI5StjuqRbthIbU7/qGU2HCrFE7NKRfGVJfipVgHtwQ3+c7ltS24A7/cAg
G7ngygULgF05BWUHlvVc6cRpYUlhELfVRr7YXOSZ8a/SDrVJ3bM/V+2RdFpJb+2i
Uzy7yH//5QPzGwhHWUIYM4qUlDBb41rf/UCXQiQuZLTBpf7oQ4BrUkDP8wIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFOebV5Q3e1EeqnW5eRp9cef85K6AMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvNTV0WGxEZDdVUjZxZGJsNUduMXg1X3prcm9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQALYQPAwQA
XHeVMA8EAgACMAkDBwAqBnoCAAAwDQYJKoZIhvcNAQELBQADggEBAFEPsOiVi6fj
Efo1PpzdWi+3hzPfvRfdRKJDYLd5jgz3oIrgzHCOZIHxuwKjGMG2uQCu0YZBwleW
7/4zrgmw/hTasV4J/zQ2SnsXaZKA2BYHEuoKEp1Hrjv5FzllSQArAx8/XaSd117F
1UlECTw6Qlqw6b8hemOrq2b+PeXqT/Rf3S8Y9TP3hz/YR5PcKJwHD1VmkIpOavOj
5OHLUTsY+p1RSeJVObT/5t/LBS4OwkMQHZ2aZMc6T6gmSz5TkEfy9mUjwWcz0qtW
gDIx4reDlqsKKuiFH2S3LVnir6ZnVpJiXkdrndJEMPt7oPXIPAOzfU3rw+BvJmbv
xzGGFB55Onc=
-----END CERTIFICATE-----