Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/DI44sVDvO7RuAU8dwuLDCHlnU-Y.roa
File:                     DI44sVDvO7RuAU8dwuLDCHlnU-Y.roa (raw, json)
Hash identifier:          PNwnNJOq5te0xdiJ9tiO5PK7hyVQ4Z2sa8Ycr/PBEYU=
Subject key identifier:   0C:8E:38:B1:50:EF:3B:B4:6E:01:4F:1D:C2:E2:C3:08:79:67:53:E6
Certificate issuer:       /CN=5b2dd9fe628b6bc10141de0241766a1b7a63193f
Certificate serial:       018CC8015ADC6A90EF07EC2839C1364C4EF5
Authority key identifier: 5B:2D:D9:FE:62:8B:6B:C1:01:41:DE:02:41:76:6A:1B:7A:63:19:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/DI44sVDvO7RuAU8dwuLDCHlnU-Y.roa
Signing time:             Tue 02 Jan 2024 02:29:41 +0000
ROA not before:           Tue 02 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200017
IP address blocks:        45.152.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 04:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5a:dc:6a:90:ef:07:ec:28:39:c1:36:4c:4e:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b2dd9fe628b6bc10141de0241766a1b7a63193f
        Validity
            Not Before: Jan  2 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c8e38b150ef3bb46e014f1dc2e2c308796753e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:5d:8b:05:84:de:71:a4:5c:85:cb:ab:45:18:
                    6e:15:1c:45:0d:e6:f9:a3:60:02:88:7e:26:6f:b3:
                    c5:10:9b:78:6b:81:09:00:7e:80:c4:ed:ac:bd:c4:
                    7e:8f:88:7d:c9:82:ce:10:a0:13:26:40:e2:e2:03:
                    68:f9:3b:16:78:cc:6d:f0:86:fe:43:c3:69:1f:51:
                    2f:11:c9:91:1f:6e:77:ea:c8:2f:24:52:5e:3a:d4:
                    18:bf:c9:98:14:d0:34:70:65:92:57:e1:7e:d0:ce:
                    13:0c:51:1f:73:e4:90:57:76:11:ad:00:cb:00:1e:
                    5c:21:3c:71:d8:94:ab:90:15:8f:41:88:2f:1d:f1:
                    d1:0b:17:cf:9c:21:62:49:e0:fe:de:a2:8b:23:d9:
                    07:3c:6f:9a:f6:7c:19:ac:a8:33:bb:f3:45:d9:43:
                    01:fd:40:a4:e1:a8:30:94:f3:04:12:23:45:05:a7:
                    41:30:c3:f5:7a:84:55:7e:b7:dc:48:32:ae:b3:74:
                    28:a9:32:2e:89:1f:72:20:64:f4:35:14:41:2f:43:
                    76:90:7f:24:15:ff:a7:99:61:89:b6:73:f5:be:cc:
                    be:ec:81:fe:c6:9c:f3:bf:32:73:d0:0a:af:84:6d:
                    b0:13:4c:d3:c5:8a:3f:51:61:39:40:c9:dc:da:c8:
                    53:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:8E:38:B1:50:EF:3B:B4:6E:01:4F:1D:C2:E2:C3:08:79:67:53:E6
            X509v3 Authority Key Identifier:
                keyid:5B:2D:D9:FE:62:8B:6B:C1:01:41:DE:02:41:76:6A:1B:7A:63:19:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/DI44sVDvO7RuAU8dwuLDCHlnU-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:96:7a:9b:8d:d8:f0:e5:28:09:36:de:0d:92:00:91:bd:11:
         6f:8e:6e:16:f8:63:7b:4e:f4:50:8e:20:0d:60:3e:a1:2f:fc:
         2c:08:95:24:1b:46:0a:e9:37:82:58:8b:2a:79:e1:03:85:6a:
         17:d4:3f:38:68:38:8b:ef:49:f2:e2:6e:8a:d9:1d:d1:45:dd:
         e3:52:bc:a2:68:26:19:57:07:ed:5f:43:da:b2:a4:0a:09:0d:
         75:d8:30:32:62:d7:3f:1d:ea:e3:06:4b:b0:28:ff:ca:89:a1:
         84:a4:ba:3a:12:2d:43:95:71:2d:2a:37:2d:7e:17:93:06:81:
         8c:5a:9d:0e:e5:55:e1:fb:9c:58:c6:ff:70:87:fb:6c:80:2d:
         6d:38:d7:d2:bf:19:64:a1:14:0a:cb:ee:39:e5:5c:b5:b0:24:
         85:8c:76:ef:56:5e:74:29:6e:60:6b:69:f6:77:21:59:55:8b:
         ed:45:3c:66:75:25:cd:12:c7:f6:b0:e3:78:6b:1b:1a:c8:6f:
         6e:5a:5d:2d:c8:9c:e4:40:1d:f3:52:93:6c:a9:03:05:4a:9c:
         e0:a4:d6:17:f3:3e:b4:2d:ba:7c:81:b0:b1:c8:18:8f:b3:0d:
         6a:84:61:da:97:f6:3f:93:ca:7d:15:15:8b:85:9c:76:e2:e4:
         8b:6f:c2:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVrcapDvB+woOcE2TE71MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViMmRkOWZlNjI4YjZiYzEwMTQxZGUwMjQxNzY2YTFiN2E2
MzE5M2YwHhcNMjQwMTAyMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzhlMzhiMTUwZWYzYmI0NmUwMTRmMWRjMmUyYzMwODc5Njc1M2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm12LBYTecaRchcurRRhuFRxFDeb5
o2ACiH4mb7PFEJt4a4EJAH6AxO2svcR+j4h9yYLOEKATJkDi4gNo+TsWeMxt8Ib+
Q8NpH1EvEcmRH2536sgvJFJeOtQYv8mYFNA0cGWSV+F+0M4TDFEfc+SQV3YRrQDL
AB5cITxx2JSrkBWPQYgvHfHRCxfPnCFiSeD+3qKLI9kHPG+a9nwZrKgzu/NF2UMB
/UCk4agwlPMEEiNFBadBMMP1eoRVfrfcSDKus3QoqTIuiR9yIGT0NRRBL0N2kH8k
Ff+nmWGJtnP1vsy+7IH+xpzzvzJz0AqvhG2wE0zTxYo/UWE5QMnc2shTUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAyOOLFQ7zu0bgFPHcLiwwh5Z1PmMB8GA1UdIwQY
MBaAFFst2f5ii2vBAUHeAkF2aht6Yxk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3kzWl9tS0xhOEVCUWQ0Q1FYWnFHM3BqR1Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi80ZGU4ODktZGM5ZC00MWU1LWIzYWEt
MGQ3YjU1MWY4MjhjLzEvREk0NHNWRHZPN1J1QVU4ZHd1TERDSGxuVS1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi80ZGU4ODktZGM5ZC00MWU1LWIzYWEtMGQ3YjU1MWY4Mjhj
LzEvV3kzWl9tS0xhOEVCUWQ0Q1FYWnFHM3BqR1Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZiwMA0G
CSqGSIb3DQEBCwUAA4IBAQBzlnqbjdjw5SgJNt4NkgCRvRFvjm4W+GN7TvRQjiAN
YD6hL/wsCJUkG0YK6TeCWIsqeeEDhWoX1D84aDiL70ny4m6K2R3RRd3jUryiaCYZ
VwftX0PasqQKCQ112DAyYtc/HerjBkuwKP/KiaGEpLo6Ei1DlXEtKjctfheTBoGM
Wp0O5VXh+5xYxv9wh/tsgC1tONfSvxlkoRQKy+455Vy1sCSFjHbvVl50KW5ga2n2
dyFZVYvtRTxmdSXNEsf2sON4axsayG9uWl0tyJzkQB3zUpNsqQMFSpzgpNYX8z60
Lbp8gbCxyBiPsw1qhGHal/Y/k8p9FRWLhZx24uSLb8I8
-----END CERTIFICATE-----