Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/205d24-009f-486a-976f-2ecda11de153/1/EsWVd7DRmcRfkmdao-OP0BQJ230.roa
File:                     EsWVd7DRmcRfkmdao-OP0BQJ230.roa (raw, json)
Hash identifier:          YT0hbDxa1+sApWFNr49giE0xb+WsdTBzAY04fwexavg=
Subject key identifier:   12:C5:95:77:B0:D1:99:C4:5F:92:67:5A:A3:E3:8F:D0:14:09:DB:7D
Certificate issuer:       /CN=025f2a93db10f2dd5f6a55bb2a440f67486cd1a3
Certificate serial:       018CC56DED7C63D92A5AD3A7290457AFB207
Authority key identifier: 02:5F:2A:93:DB:10:F2:DD:5F:6A:55:BB:2A:44:0F:67:48:6C:D1:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Al8qk9sQ8t1falW7KkQPZ0hs0aM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/205d24-009f-486a-976f-2ecda11de153/1/EsWVd7DRmcRfkmdao-OP0BQJ230.roa
Signing time:             Mon 01 Jan 2024 14:29:24 +0000
ROA not before:           Mon 01 Jan 2024 14:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62304
IP address blocks:        45.95.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/205d24-009f-486a-976f-2ecda11de153/1/Al8qk9sQ8t1falW7KkQPZ0hs0aM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/205d24-009f-486a-976f-2ecda11de153/1/Al8qk9sQ8t1falW7KkQPZ0hs0aM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Al8qk9sQ8t1falW7KkQPZ0hs0aM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ed:7c:63:d9:2a:5a:d3:a7:29:04:57:af:b2:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=025f2a93db10f2dd5f6a55bb2a440f67486cd1a3
        Validity
            Not Before: Jan  1 14:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12c59577b0d199c45f92675aa3e38fd01409db7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:6b:62:41:df:34:d1:b8:dd:f4:4e:f7:76:d7:
                    dd:ae:05:aa:34:b7:97:cb:ee:26:26:48:20:ac:23:
                    71:f6:c2:8b:82:07:ce:bd:af:d8:64:58:73:1f:19:
                    98:82:ba:e4:3e:77:28:4f:a9:e1:f8:82:55:c7:c7:
                    d6:1d:2f:c4:4a:a9:95:93:f4:88:b2:24:17:4c:a3:
                    6f:bf:1b:dc:06:80:69:58:9c:95:cd:a4:15:f3:ed:
                    90:1b:4c:2a:df:92:9e:79:90:96:9e:c5:e2:9c:9e:
                    1b:71:c2:32:7c:f6:7a:32:48:90:dd:0b:8d:e4:b5:
                    06:4f:6f:a3:39:d4:49:c2:fb:74:f7:53:73:d5:dd:
                    cf:d5:0c:4e:f4:22:4c:cf:bd:2c:b9:78:56:30:d8:
                    3e:25:c5:f7:5d:9c:35:a1:1e:5e:00:b2:e1:43:f6:
                    1f:5f:b8:b5:35:d7:73:44:31:8a:0e:0d:e5:ab:4b:
                    3b:45:16:68:c3:69:0b:58:7c:a0:c3:5b:91:4d:b2:
                    2a:b4:d5:b6:2b:15:12:19:f7:94:af:6f:71:79:09:
                    2a:a6:ec:8d:0e:48:ab:fe:bb:9a:8a:7a:72:13:a0:
                    eb:40:89:ad:94:14:b5:13:7e:b8:4e:48:cd:2b:cb:
                    b3:d6:a4:cc:1f:38:04:a8:aa:4f:94:81:9f:a1:94:
                    0b:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:C5:95:77:B0:D1:99:C4:5F:92:67:5A:A3:E3:8F:D0:14:09:DB:7D
            X509v3 Authority Key Identifier:
                keyid:02:5F:2A:93:DB:10:F2:DD:5F:6A:55:BB:2A:44:0F:67:48:6C:D1:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Al8qk9sQ8t1falW7KkQPZ0hs0aM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/205d24-009f-486a-976f-2ecda11de153/1/EsWVd7DRmcRfkmdao-OP0BQJ230.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/205d24-009f-486a-976f-2ecda11de153/1/Al8qk9sQ8t1falW7KkQPZ0hs0aM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:82:11:65:0a:8f:e6:34:5f:26:fd:94:cd:54:ba:0a:7d:6c:
         cf:fe:21:56:47:44:36:2e:91:17:df:fc:3c:15:b8:0d:e7:32:
         a9:04:e2:2c:c0:97:e3:21:8c:34:c5:ad:de:76:5b:e2:e5:36:
         02:39:e3:ce:bf:d2:8d:a2:bd:29:a3:76:69:d7:5d:e3:7d:f0:
         e6:03:08:91:8d:58:82:fb:19:19:cc:f7:be:71:7b:0c:37:13:
         84:44:7f:b3:e8:af:44:b0:32:b5:02:f4:43:99:27:4f:56:38:
         11:de:a2:60:18:b4:8f:78:48:03:0b:e2:32:be:13:12:4c:e9:
         ae:00:59:33:e3:93:39:e3:ac:72:89:91:b3:fa:99:3b:b1:3f:
         35:94:bc:b8:43:96:86:cc:32:44:35:bf:9b:13:26:d1:d2:38:
         15:66:63:c9:3a:ef:82:f4:da:6b:07:3d:44:72:86:43:e3:1e:
         44:5c:66:2a:ac:c7:38:1f:7c:94:ec:3f:b2:db:ad:5c:13:38:
         0a:66:51:c4:c1:33:cf:52:fe:2a:e9:21:90:ed:83:8f:8a:52:
         1a:d1:41:95:3b:0f:a1:e1:0b:20:6d:15:3f:fe:78:b4:f5:e9:
         35:f8:cf:25:84:01:ff:23:57:6f:6b:d4:0a:13:82:5e:1e:2d:
         b7:04:d7:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbe18Y9kqWtOnKQRXr7IHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyNWYyYTkzZGIxMGYyZGQ1ZjZhNTViYjJhNDQwZjY3NDg2
Y2QxYTMwHhcNMjQwMTAxMTQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmM1OTU3N2IwZDE5OWM0NWY5MjY3NWFhM2UzOGZkMDE0MDlkYjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3GtiQd800bjd9E73dtfdrgWqNLeX
y+4mJkggrCNx9sKLggfOva/YZFhzHxmYgrrkPncoT6nh+IJVx8fWHS/ESqmVk/SI
siQXTKNvvxvcBoBpWJyVzaQV8+2QG0wq35KeeZCWnsXinJ4bccIyfPZ6MkiQ3QuN
5LUGT2+jOdRJwvt091Nz1d3P1QxO9CJMz70suXhWMNg+JcX3XZw1oR5eALLhQ/Yf
X7i1NddzRDGKDg3lq0s7RRZow2kLWHygw1uRTbIqtNW2KxUSGfeUr29xeQkqpuyN
Dkir/ruainpyE6DrQImtlBS1E364TkjNK8uz1qTMHzgEqKpPlIGfoZQLpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBLFlXew0ZnEX5JnWqPjj9AUCdt9MB8GA1UdIwQY
MBaAFAJfKpPbEPLdX2pVuypED2dIbNGjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWw4cWs5c1E4dDFmYWxXN0trUVBaMGhzMGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8yMDVkMjQtMDA5Zi00ODZhLTk3NmYt
MmVjZGExMWRlMTUzLzEvRXNXVmQ3RFJtY1Jma21kYW8tT1AwQlFKMjMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8yMDVkMjQtMDA5Zi00ODZhLTk3NmYtMmVjZGExMWRlMTUz
LzEvQWw4cWs5c1E4dDFmYWxXN0trUVBaMGhzMGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV+QMA0G
CSqGSIb3DQEBCwUAA4IBAQBGghFlCo/mNF8m/ZTNVLoKfWzP/iFWR0Q2LpEX3/w8
FbgN5zKpBOIswJfjIYw0xa3edlvi5TYCOePOv9KNor0po3Zp113jffDmAwiRjViC
+xkZzPe+cXsMNxOERH+z6K9EsDK1AvRDmSdPVjgR3qJgGLSPeEgDC+IyvhMSTOmu
AFkz45M546xyiZGz+pk7sT81lLy4Q5aGzDJENb+bEybR0jgVZmPJOu+C9NprBz1E
coZD4x5EXGYqrMc4H3yU7D+y261cEzgKZlHEwTPPUv4q6SGQ7YOPilIa0UGVOw+h
4QsgbRU//ni09ek1+M8lhAH/I1dva9QKE4JeHi23BNcV
-----END CERTIFICATE-----