Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/681e1e-7f3f-4ea8-af30-522690be548d/1/01AyMExIlYL6q19fPwzkpm_Ot3k.roa
File:                     01AyMExIlYL6q19fPwzkpm_Ot3k.roa (raw, json)
Hash identifier:          o0c7hxeR/sAzUbV6apyLfWUwsYXCAwiJyuDTyYpLehA=
Subject key identifier:   D3:50:32:30:4C:48:95:82:FA:AB:5F:5F:3F:0C:E4:A6:6F:CE:B7:79
Certificate issuer:       /CN=89703a9823512b18d176e362ea023ca824784d22
Certificate serial:       018CC86F9362D30363347B9EBA155009B9CB
Authority key identifier: 89:70:3A:98:23:51:2B:18:D1:76:E3:62:EA:02:3C:A8:24:78:4D:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iXA6mCNRKxjRduNi6gI8qCR4TSI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/681e1e-7f3f-4ea8-af30-522690be548d/1/01AyMExIlYL6q19fPwzkpm_Ot3k.roa
Signing time:             Tue 02 Jan 2024 04:30:04 +0000
ROA not before:           Tue 02 Jan 2024 04:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197415
IP address blocks:        45.146.96.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/681e1e-7f3f-4ea8-af30-522690be548d/1/iXA6mCNRKxjRduNi6gI8qCR4TSI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/681e1e-7f3f-4ea8-af30-522690be548d/1/iXA6mCNRKxjRduNi6gI8qCR4TSI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iXA6mCNRKxjRduNi6gI8qCR4TSI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:93:62:d3:03:63:34:7b:9e:ba:15:50:09:b9:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89703a9823512b18d176e362ea023ca824784d22
        Validity
            Not Before: Jan  2 04:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d35032304c489582faab5f5f3f0ce4a66fceb779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:78:dc:00:5b:db:ba:a9:04:92:80:49:6e:6b:
                    ef:a3:5c:c2:bf:30:ca:58:e5:58:47:f7:e6:ff:d4:
                    02:04:38:78:73:2f:24:ff:dc:21:d8:8a:bb:62:d4:
                    e4:ae:c1:2a:e1:2f:a9:d7:a7:ec:fa:8a:06:a4:0b:
                    53:a3:a0:dc:5d:45:38:7e:df:63:ee:e8:a7:16:c7:
                    28:1d:57:c1:1e:93:8a:fb:88:a4:da:35:70:2c:f6:
                    84:8b:b9:55:0a:4b:06:51:87:43:02:c7:52:55:60:
                    3b:c9:d8:de:05:b2:f5:29:26:c7:dc:3c:26:fe:85:
                    e3:d3:cf:b8:42:06:c8:fb:1d:9e:24:9a:2f:56:cf:
                    ec:56:74:bf:29:7d:b0:ad:51:80:90:60:3c:31:45:
                    82:af:b8:ac:37:d8:58:2b:a5:ca:5e:5a:36:d5:4b:
                    67:24:0c:24:ac:1c:e9:88:10:e9:3f:21:d6:18:82:
                    09:7a:c1:bc:e0:e3:31:a8:41:d7:46:0a:0a:c1:8a:
                    26:6c:a1:1f:32:d5:21:5f:2d:e8:63:a0:74:b2:80:
                    5c:4b:89:60:c2:6b:08:95:d1:e0:bf:1b:e8:8d:6a:
                    cd:64:d9:1f:71:65:29:d5:97:21:1d:44:87:44:0a:
                    ca:5b:31:6c:6f:04:6e:89:25:6f:52:23:62:49:5d:
                    2c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:50:32:30:4C:48:95:82:FA:AB:5F:5F:3F:0C:E4:A6:6F:CE:B7:79
            X509v3 Authority Key Identifier:
                keyid:89:70:3A:98:23:51:2B:18:D1:76:E3:62:EA:02:3C:A8:24:78:4D:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iXA6mCNRKxjRduNi6gI8qCR4TSI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/681e1e-7f3f-4ea8-af30-522690be548d/1/01AyMExIlYL6q19fPwzkpm_Ot3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/681e1e-7f3f-4ea8-af30-522690be548d/1/iXA6mCNRKxjRduNi6gI8qCR4TSI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:78:3b:98:29:3f:21:b0:0a:8b:4f:ef:28:6d:46:db:7e:45:
         bf:3e:50:86:8d:8a:d9:cb:4d:62:b0:4a:fa:55:a9:7c:82:a9:
         d2:d9:8b:7a:da:2e:13:30:44:36:3f:16:02:73:21:f3:21:5c:
         47:12:ee:6a:ff:ea:23:34:8f:01:f0:e2:ab:33:f2:d2:d5:9b:
         cc:ca:07:75:53:1f:98:b0:1c:e3:c7:cc:1b:0f:25:1e:41:2c:
         2d:96:4a:63:33:84:70:9d:64:10:cf:ab:79:ea:4f:19:d3:f0:
         6b:87:92:4f:34:3e:fc:a9:61:0d:1f:d2:ad:4d:09:6f:46:63:
         7a:5d:84:2f:5f:ae:25:5a:4e:16:dc:81:f8:85:69:0e:ae:68:
         c8:eb:64:59:f0:e4:d6:c0:d2:9c:33:34:0f:dc:ce:82:2d:0b:
         fc:e4:cc:4b:56:78:b2:eb:16:aa:56:8c:5d:f2:7d:37:04:34:
         87:c9:f8:de:06:3a:40:40:95:fc:5e:4b:1d:64:03:fd:94:f4:
         d7:0c:5f:ac:90:5c:dc:a8:ae:9c:a7:c4:8e:23:d9:4c:66:94:
         29:20:20:da:76:0d:ed:64:76:50:f1:b7:bf:e5:d1:5a:3b:28:
         af:c2:dc:c6:57:c6:0b:68:f0:2a:72:05:fe:3d:2d:93:46:89:
         50:c0:19:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb5Ni0wNjNHueuhVQCbnLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NzAzYTk4MjM1MTJiMThkMTc2ZTM2MmVhMDIzY2E4MjQ3
ODRkMjIwHhcNMjQwMTAyMDQzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzUwMzIzMDRjNDg5NTgyZmFhYjVmNWYzZjBjZTRhNjZmY2ViNzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3jcAFvbuqkEkoBJbmvvo1zCvzDK
WOVYR/fm/9QCBDh4cy8k/9wh2Iq7YtTkrsEq4S+p16fs+ooGpAtTo6DcXUU4ft9j
7uinFscoHVfBHpOK+4ik2jVwLPaEi7lVCksGUYdDAsdSVWA7ydjeBbL1KSbH3Dwm
/oXj08+4QgbI+x2eJJovVs/sVnS/KX2wrVGAkGA8MUWCr7isN9hYK6XKXlo21Utn
JAwkrBzpiBDpPyHWGIIJesG84OMxqEHXRgoKwYombKEfMtUhXy3oY6B0soBcS4lg
wmsIldHgvxvojWrNZNkfcWUp1ZchHUSHRArKWzFsbwRuiSVvUiNiSV0sBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNQMjBMSJWC+qtfXz8M5KZvzrd5MB8GA1UdIwQY
MBaAFIlwOpgjUSsY0XbjYuoCPKgkeE0iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVhBNm1DTlJLeGpSZHVOaTZnSThxQ1I0VFNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC82ODFlMWUtN2YzZi00ZWE4LWFmMzAt
NTIyNjkwYmU1NDhkLzEvMDFBeU1FeElsWUw2cTE5ZlB3emtwbV9PdDNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC82ODFlMWUtN2YzZi00ZWE4LWFmMzAtNTIyNjkwYmU1NDhk
LzEvaVhBNm1DTlJLeGpSZHVOaTZnSThxQ1I0VFNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZJgMA0G
CSqGSIb3DQEBCwUAA4IBAQBjeDuYKT8hsAqLT+8obUbbfkW/PlCGjYrZy01isEr6
Val8gqnS2Yt62i4TMEQ2PxYCcyHzIVxHEu5q/+ojNI8B8OKrM/LS1ZvMygd1Ux+Y
sBzjx8wbDyUeQSwtlkpjM4RwnWQQz6t56k8Z0/Brh5JPND78qWENH9KtTQlvRmN6
XYQvX64lWk4W3IH4hWkOrmjI62RZ8OTWwNKcMzQP3M6CLQv85MxLVniy6xaqVoxd
8n03BDSHyfjeBjpAQJX8XksdZAP9lPTXDF+skFzcqK6cp8SOI9lMZpQpICDadg3t
ZHZQ8be/5dFaOyivwtzGV8YLaPAqcgX+PS2TRolQwBno
-----END CERTIFICATE-----