Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/3o8myZ_Y-fkyy2X8wzy1b01ZMug.roa
File:                     3o8myZ_Y-fkyy2X8wzy1b01ZMug.roa (raw, json)
Hash identifier:          bjkiR2W8stJRMyuDlbA8BBZDd9gMYSRmsHzyRF+xqms=
Subject key identifier:   DE:8F:26:C9:9F:D8:F9:F9:32:CB:65:FC:C3:3C:B5:6F:4D:59:32:E8
Certificate issuer:       /CN=5b2dd9fe628b6bc10141de0241766a1b7a63193f
Certificate serial:       018CC8015A067932030B7DA903BC0F765D99
Authority key identifier: 5B:2D:D9:FE:62:8B:6B:C1:01:41:DE:02:41:76:6A:1B:7A:63:19:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/3o8myZ_Y-fkyy2X8wzy1b01ZMug.roa
Signing time:             Tue 02 Jan 2024 02:29:40 +0000
ROA not before:           Tue 02 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134835
IP address blocks:        45.155.220.0/24 maxlen: 24
                          45.155.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 19:03:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5a:06:79:32:03:0b:7d:a9:03:bc:0f:76:5d:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b2dd9fe628b6bc10141de0241766a1b7a63193f
        Validity
            Not Before: Jan  2 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de8f26c99fd8f9f932cb65fcc33cb56f4d5932e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:4e:41:29:c3:69:bd:20:91:8e:69:3a:aa:49:
                    9a:3d:5b:77:62:0f:d5:e2:68:3e:33:91:44:23:a0:
                    1f:80:80:f1:d6:7e:d1:66:2c:e1:63:5a:9e:72:d9:
                    92:0d:ac:c6:fc:6c:26:c7:9f:b0:9a:44:18:c4:55:
                    33:80:f3:59:16:73:ea:82:0c:79:c1:42:f9:ba:b8:
                    c5:7f:59:64:19:d7:1b:d8:57:ed:23:f1:81:6c:14:
                    77:c1:bc:00:63:9d:7f:4c:b0:39:17:ea:c2:1b:3e:
                    75:c9:82:c3:1c:c9:43:88:25:c9:42:18:cf:95:bf:
                    72:c0:f4:42:5b:e5:07:bf:b2:8e:0b:ce:a6:95:f3:
                    08:77:1c:d7:e0:d4:96:26:09:79:d1:45:96:b7:ce:
                    e0:49:28:5c:94:e2:5c:2e:f6:7c:09:a2:dd:65:7c:
                    c5:0f:db:ff:b1:0f:6b:6e:9e:9f:40:12:2d:fb:55:
                    55:d8:8e:53:30:ac:d4:00:9d:19:f7:38:26:6e:a3:
                    80:ef:1a:a6:25:69:52:64:d5:96:b4:58:e0:da:cb:
                    40:47:80:3e:58:9e:67:93:33:8d:2b:65:08:5c:07:
                    5c:2e:87:97:8c:48:24:2c:7f:72:5a:43:29:71:55:
                    dd:93:e5:7d:c0:8a:f8:e2:01:70:48:a0:49:71:38:
                    04:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:8F:26:C9:9F:D8:F9:F9:32:CB:65:FC:C3:3C:B5:6F:4D:59:32:E8
            X509v3 Authority Key Identifier:
                keyid:5B:2D:D9:FE:62:8B:6B:C1:01:41:DE:02:41:76:6A:1B:7A:63:19:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/3o8myZ_Y-fkyy2X8wzy1b01ZMug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:75:4e:19:0e:56:55:59:f0:88:b2:6c:18:71:a8:f6:d6:0f:
         61:8f:9a:2d:fb:50:86:cc:30:f6:ff:bc:ba:bf:1d:ed:ec:e8:
         be:5d:ae:17:14:08:f2:16:0b:08:f3:53:8d:c9:ac:50:50:b1:
         72:0c:6c:34:6c:7f:68:9f:14:56:50:ea:74:6a:e4:48:d9:50:
         a5:a5:90:d0:e0:31:1d:bc:22:dc:2e:c7:b6:4f:0c:ae:30:ef:
         8a:01:2c:ff:82:55:9a:69:16:24:a9:e3:81:cc:32:7f:c5:2d:
         a3:1e:ef:24:89:68:fb:f7:6f:9c:a4:f9:72:cd:90:6f:05:fa:
         6e:79:a4:f3:0c:0e:58:bf:83:58:df:69:0c:53:f9:c1:b2:f1:
         62:9f:3f:ef:9c:cf:c5:04:03:2f:0c:bb:d3:41:86:3f:dd:3a:
         63:b8:37:26:59:cd:91:c4:58:67:10:45:83:93:cd:74:2f:6b:
         f9:15:9a:19:cc:d3:6b:ce:97:fe:83:f5:e7:43:de:3e:19:0f:
         88:49:49:84:a4:4a:48:a0:96:f0:59:72:36:9f:d6:fb:fb:e4:
         46:43:54:75:29:d1:e7:64:c3:6e:03:51:09:5f:a0:a6:0d:bf:
         d3:8e:ff:99:3c:9f:24:f7:88:99:1b:c1:f5:93:d0:9d:ce:d3:
         f3:4b:d7:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVoGeTIDC32pA7wPdl2ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViMmRkOWZlNjI4YjZiYzEwMTQxZGUwMjQxNzY2YTFiN2E2
MzE5M2YwHhcNMjQwMTAyMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZThmMjZjOTlmZDhmOWY5MzJjYjY1ZmNjMzNjYjU2ZjRkNTkzMmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt05BKcNpvSCRjmk6qkmaPVt3Yg/V
4mg+M5FEI6AfgIDx1n7RZizhY1qectmSDazG/Gwmx5+wmkQYxFUzgPNZFnPqggx5
wUL5urjFf1lkGdcb2FftI/GBbBR3wbwAY51/TLA5F+rCGz51yYLDHMlDiCXJQhjP
lb9ywPRCW+UHv7KOC86mlfMIdxzX4NSWJgl50UWWt87gSShclOJcLvZ8CaLdZXzF
D9v/sQ9rbp6fQBIt+1VV2I5TMKzUAJ0Z9zgmbqOA7xqmJWlSZNWWtFjg2stAR4A+
WJ5nkzONK2UIXAdcLoeXjEgkLH9yWkMpcVXdk+V9wIr44gFwSKBJcTgEewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6PJsmf2Pn5Mstl/MM8tW9NWTLoMB8GA1UdIwQY
MBaAFFst2f5ii2vBAUHeAkF2aht6Yxk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3kzWl9tS0xhOEVCUWQ0Q1FYWnFHM3BqR1Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi80ZGU4ODktZGM5ZC00MWU1LWIzYWEt
MGQ3YjU1MWY4MjhjLzEvM284bXlaX1ktZmt5eTJYOHd6eTFiMDFaTXVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi80ZGU4ODktZGM5ZC00MWU1LWIzYWEtMGQ3YjU1MWY4Mjhj
LzEvV3kzWl9tS0xhOEVCUWQ0Q1FYWnFHM3BqR1Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZvcMA0G
CSqGSIb3DQEBCwUAA4IBAQAmdU4ZDlZVWfCIsmwYcaj21g9hj5ot+1CGzDD2/7y6
vx3t7Oi+Xa4XFAjyFgsI81ONyaxQULFyDGw0bH9onxRWUOp0auRI2VClpZDQ4DEd
vCLcLse2TwyuMO+KASz/glWaaRYkqeOBzDJ/xS2jHu8kiWj792+cpPlyzZBvBfpu
eaTzDA5Yv4NY32kMU/nBsvFinz/vnM/FBAMvDLvTQYY/3TpjuDcmWc2RxFhnEEWD
k810L2v5FZoZzNNrzpf+g/XnQ94+GQ+ISUmEpEpIoJbwWXI2n9b7++RGQ1R1KdHn
ZMNuA1EJX6CmDb/Tjv+ZPJ8k94iZG8H1k9CdztPzS9eR
-----END CERTIFICATE-----