Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/ZCsLW5cExvcwFzhxl9CRZtYIm0A.roa
File:                     ZCsLW5cExvcwFzhxl9CRZtYIm0A.roa (raw, json)
Hash identifier:          pKz+NRla+6SJ1eaD7xUvoOcPLkBDXsBpo7ts/KUccF0=
Subject key identifier:   64:2B:0B:5B:97:04:C6:F7:30:17:38:71:97:D0:91:66:D6:08:9B:40
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B5146B0617A7B9F9BDB1814769DAC
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/ZCsLW5cExvcwFzhxl9CRZtYIm0A.roa
Signing time:             Tue 02 Jan 2024 12:34:45 +0000
ROA not before:           Tue 02 Jan 2024 12:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40676
IP address blocks:        45.12.161.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:51:46:b0:61:7a:7b:9f:9b:db:18:14:76:9d:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=642b0b5b9704c6f73017387197d09166d6089b40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:3e:d3:a0:05:0d:94:e4:6c:52:c0:6f:4f:fd:
                    43:e4:44:fc:96:83:ab:9d:21:16:89:69:72:e0:88:
                    05:57:db:ee:65:36:a5:ec:61:99:72:73:70:6c:80:
                    83:73:2f:60:e5:79:c4:a6:fe:01:72:54:14:14:3a:
                    33:11:69:87:6d:74:d2:66:a9:c2:d9:4f:d2:da:2d:
                    29:84:a3:fe:77:e9:5c:f5:cc:38:7e:1f:8c:df:2f:
                    c2:2f:b7:2c:5e:17:e0:0c:f0:8a:e3:fb:cc:00:c7:
                    dd:4f:68:f2:d9:5b:b7:e1:3c:51:78:01:13:70:88:
                    cd:f5:42:38:79:65:3c:99:82:7b:6a:8e:48:07:aa:
                    0a:f4:af:72:77:00:23:66:0a:0c:a9:b2:32:3d:96:
                    44:ff:bc:36:59:ea:7b:ff:05:53:c7:83:4e:19:b2:
                    9b:ae:a7:fb:6c:a2:69:4c:44:ca:7f:d7:f3:9e:c0:
                    e8:b9:a5:28:34:7b:11:19:19:d2:52:17:0c:b0:9d:
                    3e:79:c5:56:ae:fe:05:c5:8f:5b:c4:a2:47:ed:9e:
                    8b:fb:c7:e8:52:a3:73:7c:d8:34:65:e8:b0:63:03:
                    df:1d:21:58:64:74:2e:4f:6a:2c:5a:37:89:31:88:
                    94:ee:5d:0e:a2:14:ea:cf:4a:dd:07:e9:6a:6b:f7:
                    33:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:2B:0B:5B:97:04:C6:F7:30:17:38:71:97:D0:91:66:D6:08:9B:40
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/ZCsLW5cExvcwFzhxl9CRZtYIm0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:af:c9:4a:9c:51:13:8a:86:d6:a7:34:a4:de:ea:10:b0:e2:
         4f:dc:3d:90:dd:e8:84:8b:19:58:c4:6c:94:cc:ca:6b:64:0b:
         04:5c:42:76:4c:02:5b:e8:1a:43:2a:bc:c6:fe:2b:cf:9b:ca:
         aa:4a:c7:2d:c8:0a:7c:03:e1:16:ad:f4:9e:d8:48:73:fc:04:
         8e:6b:6b:46:52:e6:08:16:bf:d4:20:85:35:b7:83:5e:24:a7:
         0c:bc:a6:05:41:52:51:4c:a6:fb:1f:b3:01:d0:5f:bc:79:0f:
         2a:e5:59:78:8d:cb:c6:61:91:58:1e:a5:45:c4:86:18:d3:d5:
         64:de:59:1b:9d:a9:7a:d4:65:8c:76:8c:d5:69:3e:bb:26:9e:
         8c:af:4a:a2:f9:14:2a:cc:3a:f5:ed:f3:ff:21:af:10:0b:23:
         32:24:66:cb:6f:50:89:22:e5:36:f6:d6:f6:bf:6b:79:28:6a:
         38:95:70:a1:4f:ad:c0:5f:de:53:f2:ce:4c:fa:57:0b:0b:97:
         de:89:25:1e:26:68:2d:06:bc:f5:a0:39:22:6d:04:0c:ed:5c:
         ba:0b:55:bf:ee:8a:4d:00:86:65:31:74:83:e4:3f:40:8a:7d:
         ee:6c:fd:75:4c:98:fb:82:63:59:8e:fa:1c:7c:52:2e:ec:f8:
         64:c5:05:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK1FGsGF6e5+b2xgUdp2sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDJiMGI1Yjk3MDRjNmY3MzAxNzM4NzE5N2QwOTE2NmQ2MDg5YjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4D7ToAUNlORsUsBvT/1D5ET8loOr
nSEWiWly4IgFV9vuZTal7GGZcnNwbICDcy9g5XnEpv4BclQUFDozEWmHbXTSZqnC
2U/S2i0phKP+d+lc9cw4fh+M3y/CL7csXhfgDPCK4/vMAMfdT2jy2Vu34TxReAET
cIjN9UI4eWU8mYJ7ao5IB6oK9K9ydwAjZgoMqbIyPZZE/7w2Wep7/wVTx4NOGbKb
rqf7bKJpTETKf9fznsDouaUoNHsRGRnSUhcMsJ0+ecVWrv4FxY9bxKJH7Z6L+8fo
UqNzfNg0ZeiwYwPfHSFYZHQuT2osWjeJMYiU7l0OohTqz0rdB+lqa/czuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQrC1uXBMb3MBc4cZfQkWbWCJtAMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvWkNzTFc1Y0V4dmN3RnpoeGw5Q1JadFlJbTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQyhMA0G
CSqGSIb3DQEBCwUAA4IBAQC1r8lKnFETiobWpzSk3uoQsOJP3D2Q3eiEixlYxGyU
zMprZAsEXEJ2TAJb6BpDKrzG/ivPm8qqSsctyAp8A+EWrfSe2Ehz/ASOa2tGUuYI
Fr/UIIU1t4NeJKcMvKYFQVJRTKb7H7MB0F+8eQ8q5Vl4jcvGYZFYHqVFxIYY09Vk
3lkbnal61GWMdozVaT67Jp6Mr0qi+RQqzDr17fP/Ia8QCyMyJGbLb1CJIuU29tb2
v2t5KGo4lXChT63AX95T8s5M+lcLC5feiSUeJmgtBrz1oDkibQQM7Vy6C1W/7opN
AIZlMXSD5D9Ain3ubP11TJj7gmNZjvocfFIu7PhkxQVM
-----END CERTIFICATE-----