Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/DghzU9EqeAAWzl6UGv-xjojUyks.roa
File:                     DghzU9EqeAAWzl6UGv-xjojUyks.roa (raw, json)
Hash identifier:          FBV3wZzgirYgZDPNiA44b1JZZitCNVmi/BifVXADE3U=
Subject key identifier:   0E:08:73:53:D1:2A:78:00:16:CE:5E:94:1A:FF:B1:8E:88:D4:CA:4B
Certificate issuer:       /CN=e4be8efec1fb03d8af979af1cba13a0845a7b0ba
Certificate serial:       018DD60FADA2BE91112DDF29806141139F8B
Authority key identifier: E4:BE:8E:FE:C1:FB:03:D8:AF:97:9A:F1:CB:A1:3A:08:45:A7:B0:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5L6O_sH7A9ivl5rxy6E6CEWnsLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/DghzU9EqeAAWzl6UGv-xjojUyks.roa
Signing time:             Fri 23 Feb 2024 13:02:48 +0000
ROA not before:           Fri 23 Feb 2024 13:02:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215432
IP address blocks:        45.151.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/5L6O_sH7A9ivl5rxy6E6CEWnsLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/5L6O_sH7A9ivl5rxy6E6CEWnsLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5L6O_sH7A9ivl5rxy6E6CEWnsLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d6:0f:ad:a2:be:91:11:2d:df:29:80:61:41:13:9f:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4be8efec1fb03d8af979af1cba13a0845a7b0ba
        Validity
            Not Before: Feb 23 13:02:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e087353d12a780016ce5e941affb18e88d4ca4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:1d:37:e9:6b:0a:13:0c:67:8f:ad:a0:80:7c:
                    74:8a:a3:e2:e0:9b:43:a0:ec:0a:65:28:07:1c:12:
                    d5:30:34:1a:cb:13:8c:ea:02:7b:ca:da:13:40:b0:
                    4e:b1:65:44:bd:d6:e4:57:b0:da:34:81:70:af:05:
                    31:89:a5:60:1a:14:bf:03:28:3f:96:d0:41:68:a4:
                    38:ae:61:5f:57:01:8b:fc:44:3b:d9:4c:11:c7:78:
                    6a:52:c5:60:af:42:55:ce:0b:8b:d4:44:8e:98:20:
                    0e:5c:45:a6:23:f9:cf:98:83:29:51:6a:f8:60:4f:
                    ec:a3:e7:7f:7d:ac:98:32:a7:ad:47:22:f8:bd:78:
                    fe:be:4d:94:f2:c8:c0:49:1c:f2:60:58:63:8f:2d:
                    01:39:22:53:ba:23:44:cf:f9:c3:f6:d4:0b:6d:e8:
                    ab:11:38:ea:30:02:e5:c4:ee:71:83:73:e9:2b:e3:
                    bf:b9:dc:94:f0:05:e7:59:58:f1:5c:dc:e6:54:55:
                    1d:16:47:11:12:37:2c:2f:31:f0:48:ef:1f:82:92:
                    51:c6:20:d0:6e:da:13:84:9f:dd:d0:1f:ab:da:27:
                    52:e6:96:1a:1e:c0:37:2e:24:e2:0b:3a:40:0c:65:
                    b3:db:14:64:38:4d:c6:ba:5d:2b:46:e3:7e:86:c0:
                    92:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:08:73:53:D1:2A:78:00:16:CE:5E:94:1A:FF:B1:8E:88:D4:CA:4B
            X509v3 Authority Key Identifier:
                keyid:E4:BE:8E:FE:C1:FB:03:D8:AF:97:9A:F1:CB:A1:3A:08:45:A7:B0:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5L6O_sH7A9ivl5rxy6E6CEWnsLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/DghzU9EqeAAWzl6UGv-xjojUyks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/5L6O_sH7A9ivl5rxy6E6CEWnsLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:d5:b9:af:0c:fa:2e:5a:04:4a:0f:1d:da:96:ab:7e:e8:8c:
         8b:9e:44:60:02:ad:e9:20:8f:6a:7e:2b:40:4f:f4:f3:71:71:
         1c:d0:64:88:22:d2:f5:2c:84:8f:06:04:74:10:00:e8:9b:9b:
         38:92:bf:4f:20:13:29:e2:ca:d5:a9:ab:51:6e:b1:61:fc:72:
         6c:d4:cc:8e:91:0c:13:93:77:6d:fa:ac:29:7e:96:b6:e7:80:
         c3:6e:29:7a:bc:8f:d2:0b:45:f2:99:09:fe:4f:59:ee:c7:96:
         6b:65:b2:9e:1e:75:a1:65:4e:67:34:7b:58:05:77:17:76:55:
         cb:88:74:dc:b3:5b:cc:50:a1:34:78:38:24:30:65:9e:ad:42:
         8b:1c:d2:eb:07:bd:bb:7d:fe:c5:48:5c:05:7a:c1:7f:77:ca:
         b8:68:92:68:d2:2c:0a:f6:65:71:1f:eb:f1:dc:45:b8:f5:8c:
         dc:d1:f6:77:90:0f:e7:ad:95:f2:24:a5:97:2c:7e:16:9d:7a:
         d8:6f:20:35:11:df:9a:08:47:61:85:a5:10:48:d1:31:13:61:
         8d:f4:c4:ae:4b:b1:d4:da:71:5a:2b:cd:ee:3e:0b:a9:3b:e2:
         e2:e6:8e:d9:60:4a:63:29:56:19:8d:6d:1b:6f:b5:3f:0f:dd:
         57:53:99:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3WD62ivpERLd8pgGFBE5+LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YmU4ZWZlYzFmYjAzZDhhZjk3OWFmMWNiYTEzYTA4NDVh
N2IwYmEwHhcNMjQwMjIzMTMwMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTA4NzM1M2QxMmE3ODAwMTZjZTVlOTQxYWZmYjE4ZTg4ZDRjYTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApR036WsKEwxnj62ggHx0iqPi4JtD
oOwKZSgHHBLVMDQayxOM6gJ7ytoTQLBOsWVEvdbkV7DaNIFwrwUxiaVgGhS/Ayg/
ltBBaKQ4rmFfVwGL/EQ72UwRx3hqUsVgr0JVzguL1ESOmCAOXEWmI/nPmIMpUWr4
YE/so+d/fayYMqetRyL4vXj+vk2U8sjASRzyYFhjjy0BOSJTuiNEz/nD9tQLbeir
ETjqMALlxO5xg3PpK+O/udyU8AXnWVjxXNzmVFUdFkcREjcsLzHwSO8fgpJRxiDQ
btoThJ/d0B+r2idS5pYaHsA3LiTiCzpADGWz2xRkOE3Gul0rRuN+hsCSmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4Ic1PRKngAFs5elBr/sY6I1MpLMB8GA1UdIwQY
MBaAFOS+jv7B+wPYr5ea8cuhOghFp7C6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUw2T19zSDdBOWl2bDVyeHk2RTZDRVduc0xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wZjlmMDItYzJhZC00ZWM4LWI0ZDUt
ZGZiZmEzZmNmMDIxLzEvRGdoelU5RXFlQUFXemw2VUd2LXhqb2pVeWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wZjlmMDItYzJhZC00ZWM4LWI0ZDUtZGZiZmEzZmNmMDIx
LzEvNUw2T19zSDdBOWl2bDVyeHk2RTZDRVduc0xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZd8MA0G
CSqGSIb3DQEBCwUAA4IBAQAd1bmvDPouWgRKDx3alqt+6IyLnkRgAq3pII9qfitA
T/TzcXEc0GSIItL1LISPBgR0EADom5s4kr9PIBMp4srVqatRbrFh/HJs1MyOkQwT
k3dt+qwpfpa254DDbil6vI/SC0XymQn+T1nux5ZrZbKeHnWhZU5nNHtYBXcXdlXL
iHTcs1vMUKE0eDgkMGWerUKLHNLrB727ff7FSFwFesF/d8q4aJJo0iwK9mVxH+vx
3EW49Yzc0fZ3kA/nrZXyJKWXLH4WnXrYbyA1Ed+aCEdhhaUQSNExE2GN9MSuS7HU
2nFaK83uPgupO+Li5o7ZYEpjKVYZjW0bb7U/D91XU5l0
-----END CERTIFICATE-----