Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/c3e329-15ef-423a-bb12-3a6063cfea95/1/w_KvEa7XylE82teW2iB5i7YNjIc.roa
File:                     w_KvEa7XylE82teW2iB5i7YNjIc.roa (raw, json)
Hash identifier:          3bkgBV/xgdqw/5UhLaaeprxgmAsi48MnHhlYKkM0Jh4=
Subject key identifier:   C3:F2:AF:11:AE:D7:CA:51:3C:DA:D7:96:DA:20:79:8B:B6:0D:8C:87
Certificate issuer:       /CN=bee0a94997672a920a290ccbfd049126f7075c99
Certificate serial:       018CC2DAD2C2556D5B221C937B0C572F6E0D
Authority key identifier: BE:E0:A9:49:97:67:2A:92:0A:29:0C:CB:FD:04:91:26:F7:07:5C:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vuCpSZdnKpIKKQzL_QSRJvcHXJk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/c3e329-15ef-423a-bb12-3a6063cfea95/1/w_KvEa7XylE82teW2iB5i7YNjIc.roa
Signing time:             Mon 01 Jan 2024 02:29:29 +0000
ROA not before:           Mon 01 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51876
IP address blocks:        45.136.132.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/c3e329-15ef-423a-bb12-3a6063cfea95/1/vuCpSZdnKpIKKQzL_QSRJvcHXJk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/c3e329-15ef-423a-bb12-3a6063cfea95/1/vuCpSZdnKpIKKQzL_QSRJvcHXJk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vuCpSZdnKpIKKQzL_QSRJvcHXJk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d2:c2:55:6d:5b:22:1c:93:7b:0c:57:2f:6e:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bee0a94997672a920a290ccbfd049126f7075c99
        Validity
            Not Before: Jan  1 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3f2af11aed7ca513cdad796da20798bb60d8c87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:64:70:db:30:00:7d:04:b6:37:ab:52:0f:de:
                    bc:e6:7b:f5:e6:fb:87:41:9e:6e:e2:5b:87:63:b1:
                    68:d4:bd:d8:ea:53:a3:3c:8e:5b:0e:4e:7e:ee:c4:
                    6e:eb:5f:84:c7:15:97:35:58:12:f1:62:d9:18:69:
                    b2:b9:20:a1:0d:ff:ee:08:85:65:48:f1:2c:29:69:
                    4a:44:31:aa:26:82:bd:54:1b:1d:d0:a3:3f:36:3f:
                    1a:2c:5f:5b:6e:3c:a5:c5:18:6e:fb:3a:fb:e7:9d:
                    e7:90:95:77:01:e0:fe:e6:68:e5:08:72:94:61:6f:
                    b5:a3:1e:85:1a:ed:b2:7f:30:18:8c:1a:2f:7e:2a:
                    9c:c6:e4:b1:3c:bb:8a:27:a4:23:e5:73:6b:ff:02:
                    66:64:41:95:a4:05:e6:b3:23:9f:f9:19:cc:f7:e6:
                    95:38:5a:cf:e4:c0:3e:91:f3:a7:5c:d3:4f:52:82:
                    4c:fc:71:54:77:03:bd:24:92:bb:17:d3:a1:7a:b1:
                    6d:62:e9:f6:79:d9:6f:29:ad:8b:ac:ad:79:5c:42:
                    4d:3a:6b:3d:25:c9:02:d0:ea:b0:44:10:ac:fa:9e:
                    8e:47:df:2d:2b:c6:cb:de:ff:20:1a:f2:98:1c:db:
                    c2:35:d5:43:0d:f7:eb:dc:fa:60:88:f9:ae:a4:00:
                    01:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:F2:AF:11:AE:D7:CA:51:3C:DA:D7:96:DA:20:79:8B:B6:0D:8C:87
            X509v3 Authority Key Identifier:
                keyid:BE:E0:A9:49:97:67:2A:92:0A:29:0C:CB:FD:04:91:26:F7:07:5C:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vuCpSZdnKpIKKQzL_QSRJvcHXJk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/c3e329-15ef-423a-bb12-3a6063cfea95/1/w_KvEa7XylE82teW2iB5i7YNjIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/c3e329-15ef-423a-bb12-3a6063cfea95/1/vuCpSZdnKpIKKQzL_QSRJvcHXJk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:df:fa:df:f6:1e:e7:fa:0e:bf:b8:bc:b6:2d:60:21:3d:1b:
         61:49:e0:36:bb:f4:59:d0:63:13:f6:a8:69:90:2b:19:98:e1:
         ab:5c:e0:a7:8f:b4:8b:a0:b5:3b:1d:7e:65:55:eb:d3:b7:08:
         33:ee:af:74:3d:6e:bf:36:97:11:2d:e6:4e:45:f6:c4:6c:8b:
         0b:e5:f9:68:75:65:9c:50:73:3e:3d:fd:0f:54:6a:95:a5:6f:
         0c:51:4e:a7:18:ba:4b:a3:cd:cc:90:11:7c:0c:51:0e:ff:6b:
         ed:7f:c1:a3:c9:79:de:5e:4b:13:4f:e1:29:c0:96:db:91:1d:
         05:76:39:8f:8c:53:39:47:a0:13:2f:bb:4b:47:c5:64:b4:fb:
         71:f1:ff:9e:19:4f:76:6b:31:e4:97:55:0f:e2:cf:e0:3e:1e:
         ea:8e:25:a2:28:77:98:3e:64:fb:af:2f:09:2b:16:df:ff:db:
         ed:25:d7:63:ff:0c:0b:57:84:0a:f0:99:ff:ac:d0:06:9c:93:
         89:db:48:02:24:b2:54:0e:d8:dc:00:d4:0b:15:62:9b:67:c6:
         22:98:dd:be:e0:70:fe:0d:e0:e4:ec:f3:b9:2a:5e:25:9f:9c:
         39:ba:17:c7:36:a5:f5:c1:d1:07:02:d6:db:df:72:80:ff:13:
         33:08:56:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tLCVW1bIhyTewxXL24NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlZTBhOTQ5OTc2NzJhOTIwYTI5MGNjYmZkMDQ5MTI2Zjcw
NzVjOTkwHhcNMjQwMTAxMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2YyYWYxMWFlZDdjYTUxM2NkYWQ3OTZkYTIwNzk4YmI2MGQ4Yzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3GRw2zAAfQS2N6tSD9685nv15vuH
QZ5u4luHY7Fo1L3Y6lOjPI5bDk5+7sRu61+ExxWXNVgS8WLZGGmyuSChDf/uCIVl
SPEsKWlKRDGqJoK9VBsd0KM/Nj8aLF9bbjylxRhu+zr7553nkJV3AeD+5mjlCHKU
YW+1ox6FGu2yfzAYjBovfiqcxuSxPLuKJ6Qj5XNr/wJmZEGVpAXmsyOf+RnM9+aV
OFrP5MA+kfOnXNNPUoJM/HFUdwO9JJK7F9OherFtYun2edlvKa2LrK15XEJNOms9
JckC0OqwRBCs+p6OR98tK8bL3v8gGvKYHNvCNdVDDffr3PpgiPmupAABqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPyrxGu18pRPNrXltogeYu2DYyHMB8GA1UdIwQY
MBaAFL7gqUmXZyqSCikMy/0EkSb3B1yZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnVDcFNaZG5LcElLS1F6TF9RU1JKdmNIWEprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9jM2UzMjktMTVlZi00MjNhLWJiMTIt
M2E2MDYzY2ZlYTk1LzEvd19LdkVhN1h5bEU4MnRlVzJpQjVpN1lOakljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9jM2UzMjktMTVlZi00MjNhLWJiMTItM2E2MDYzY2ZlYTk1
LzEvdnVDcFNaZG5LcElLS1F6TF9RU1JKdmNIWEprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYiEMA0G
CSqGSIb3DQEBCwUAA4IBAQBB3/rf9h7n+g6/uLy2LWAhPRthSeA2u/RZ0GMT9qhp
kCsZmOGrXOCnj7SLoLU7HX5lVevTtwgz7q90PW6/NpcRLeZORfbEbIsL5flodWWc
UHM+Pf0PVGqVpW8MUU6nGLpLo83MkBF8DFEO/2vtf8GjyXneXksTT+EpwJbbkR0F
djmPjFM5R6ATL7tLR8VktPtx8f+eGU92azHkl1UP4s/gPh7qjiWiKHeYPmT7ry8J
Kxbf/9vtJddj/wwLV4QK8Jn/rNAGnJOJ20gCJLJUDtjcANQLFWKbZ8YimN2+4HD+
DeDk7PO5Kl4ln5w5uhfHNqX1wdEHAtbb33KA/xMzCFa2
-----END CERTIFICATE-----