Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/300bd4-0356-4c44-83cf-38efcfdc417b/1/rl0hgpA5a1Zt5MsTczMo1rcn55E.roa
File:                     rl0hgpA5a1Zt5MsTczMo1rcn55E.roa (raw, json)
Hash identifier:          rqPI/OPG7m+IXuK5Yny2ngJR2NX6Aoygp35Y9zLWs8k=
Subject key identifier:   AE:5D:21:82:90:39:6B:56:6D:E4:CB:13:73:33:28:D6:B7:27:E7:91
Certificate issuer:       /CN=c21e32d047c5d1b9e26770c3840304cf6971de1c
Certificate serial:       018CC64A0DE7088B3CB7D06B7FE9D12DEC48
Authority key identifier: C2:1E:32:D0:47:C5:D1:B9:E2:67:70:C3:84:03:04:CF:69:71:DE:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wh4y0EfF0bniZ3DDhAMEz2lx3hw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/300bd4-0356-4c44-83cf-38efcfdc417b/1/rl0hgpA5a1Zt5MsTczMo1rcn55E.roa
Signing time:             Mon 01 Jan 2024 18:29:51 +0000
ROA not before:           Mon 01 Jan 2024 18:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        45.82.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/300bd4-0356-4c44-83cf-38efcfdc417b/1/wh4y0EfF0bniZ3DDhAMEz2lx3hw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/300bd4-0356-4c44-83cf-38efcfdc417b/1/wh4y0EfF0bniZ3DDhAMEz2lx3hw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wh4y0EfF0bniZ3DDhAMEz2lx3hw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:0d:e7:08:8b:3c:b7:d0:6b:7f:e9:d1:2d:ec:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c21e32d047c5d1b9e26770c3840304cf6971de1c
        Validity
            Not Before: Jan  1 18:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae5d218290396b566de4cb13733328d6b727e791
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:da:75:3d:b1:13:17:45:60:fc:8b:f4:6d:86:
                    d9:da:bc:9a:90:32:7c:5b:8c:6d:39:37:57:0d:e1:
                    d7:8e:f0:ed:94:ca:32:bd:51:2d:b2:fa:d7:c1:d3:
                    54:92:0a:85:0a:33:e5:97:e3:09:53:c5:81:29:ee:
                    1e:07:be:71:f2:dc:b3:85:85:66:36:61:6a:a5:a6:
                    b8:f6:d2:86:c2:6d:65:f5:bc:39:4e:ca:61:66:50:
                    69:49:86:96:2f:f6:04:09:33:8e:94:ab:98:7e:4c:
                    32:4b:34:38:53:f2:13:2d:51:95:12:0a:26:08:dd:
                    7c:d4:01:19:f3:44:4a:26:15:6a:41:3d:dc:83:81:
                    1c:76:78:ce:6f:48:89:3c:da:ba:a1:a1:84:10:38:
                    84:1d:79:6a:16:a2:b8:cc:3f:f4:1e:ac:da:4c:7e:
                    de:0a:56:52:e4:24:5f:f5:f3:de:2b:88:d7:ce:87:
                    6a:c0:a9:21:b6:59:26:d3:20:b7:fa:14:2f:86:db:
                    fe:77:2b:73:0d:fc:c1:c2:74:62:a8:bf:c8:82:0f:
                    27:84:5f:14:4c:a8:c5:28:41:77:cb:e0:cd:6d:3c:
                    2c:b0:6a:85:f2:91:99:af:af:18:b6:a7:be:db:dc:
                    2a:90:ae:76:74:3d:e5:2f:84:40:0c:cb:fd:ca:b9:
                    e8:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:5D:21:82:90:39:6B:56:6D:E4:CB:13:73:33:28:D6:B7:27:E7:91
            X509v3 Authority Key Identifier:
                keyid:C2:1E:32:D0:47:C5:D1:B9:E2:67:70:C3:84:03:04:CF:69:71:DE:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wh4y0EfF0bniZ3DDhAMEz2lx3hw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/300bd4-0356-4c44-83cf-38efcfdc417b/1/rl0hgpA5a1Zt5MsTczMo1rcn55E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/300bd4-0356-4c44-83cf-38efcfdc417b/1/wh4y0EfF0bniZ3DDhAMEz2lx3hw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:d6:55:ac:c6:8e:8b:dc:c3:fc:14:55:10:5b:63:71:d3:1d:
         54:a4:27:e6:f9:3d:2b:83:ba:8a:84:d4:00:7d:50:a1:52:f5:
         c9:4a:8c:fd:da:78:6b:40:3c:28:ad:56:07:a2:a2:8e:34:0b:
         7a:31:23:60:0e:dc:f8:3b:a1:9d:7d:93:4d:38:e6:54:10:28:
         53:20:74:e4:9e:3b:0d:7a:04:9b:af:32:28:51:f4:23:3b:3b:
         bc:8c:b6:1d:b6:ee:a3:8f:8b:a8:c9:7d:ff:22:62:ba:51:bf:
         f2:b6:cd:95:91:8f:a5:1c:28:29:f5:76:2a:0c:c0:77:b8:c7:
         a6:14:cf:cc:09:77:10:ea:2f:e9:56:f1:eb:e1:75:e3:bb:42:
         fc:55:b6:18:3b:e0:01:2c:3a:34:cb:73:67:d5:5d:f0:9c:5e:
         06:37:b0:77:72:d9:d9:c4:bf:f0:73:61:2a:ea:15:5e:99:4f:
         39:37:f6:5c:f3:f2:7f:9b:54:63:10:73:1b:4e:38:27:90:b2:
         d3:1d:3d:86:57:02:28:8c:54:03:79:c5:a1:8a:a4:f6:3b:86:
         21:ba:24:fe:1b:38:06:4d:7b:18:01:db:85:44:bc:a2:c5:4e:
         63:34:42:85:ca:3b:6a:38:a3:60:bc:53:1b:f0:d4:01:87:00:
         e6:d8:b3:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSg3nCIs8t9Brf+nRLexIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMWUzMmQwNDdjNWQxYjllMjY3NzBjMzg0MDMwNGNmNjk3
MWRlMWMwHhcNMjQwMTAxMTgyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTVkMjE4MjkwMzk2YjU2NmRlNGNiMTM3MzMzMjhkNmI3MjdlNzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydp1PbETF0Vg/Iv0bYbZ2ryakDJ8
W4xtOTdXDeHXjvDtlMoyvVEtsvrXwdNUkgqFCjPll+MJU8WBKe4eB75x8tyzhYVm
NmFqpaa49tKGwm1l9bw5TsphZlBpSYaWL/YECTOOlKuYfkwySzQ4U/ITLVGVEgom
CN181AEZ80RKJhVqQT3cg4EcdnjOb0iJPNq6oaGEEDiEHXlqFqK4zD/0HqzaTH7e
ClZS5CRf9fPeK4jXzodqwKkhtlkm0yC3+hQvhtv+dytzDfzBwnRiqL/Igg8nhF8U
TKjFKEF3y+DNbTwssGqF8pGZr68Ytqe+29wqkK52dD3lL4RADMv9yrnoAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK5dIYKQOWtWbeTLE3MzKNa3J+eRMB8GA1UdIwQY
MBaAFMIeMtBHxdG54mdww4QDBM9pcd4cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2g0eTBFZkYwYm5pWjNERGhBTUV6Mmx4M2h3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8zMDBiZDQtMDM1Ni00YzQ0LTgzY2Yt
MzhlZmNmZGM0MTdiLzEvcmwwaGdwQTVhMVp0NU1zVGN6TW8xcmNuNTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8zMDBiZDQtMDM1Ni00YzQ0LTgzY2YtMzhlZmNmZGM0MTdi
LzEvd2g0eTBFZkYwYm5pWjNERGhBTUV6Mmx4M2h3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVJ3MA0G
CSqGSIb3DQEBCwUAA4IBAQAj1lWsxo6L3MP8FFUQW2Nx0x1UpCfm+T0rg7qKhNQA
fVChUvXJSoz92nhrQDworVYHoqKONAt6MSNgDtz4O6GdfZNNOOZUEChTIHTknjsN
egSbrzIoUfQjOzu8jLYdtu6jj4uoyX3/ImK6Ub/yts2VkY+lHCgp9XYqDMB3uMem
FM/MCXcQ6i/pVvHr4XXju0L8VbYYO+ABLDo0y3Nn1V3wnF4GN7B3ctnZxL/wc2Eq
6hVemU85N/Zc8/J/m1RjEHMbTjgnkLLTHT2GVwIojFQDecWhiqT2O4YhuiT+GzgG
TXsYAduFRLyixU5jNEKFyjtqOKNgvFMb8NQBhwDm2LO/
-----END CERTIFICATE-----