Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/D5maXNQusX0-0l7RjDUKbtJEJBo.roa
File:                     D5maXNQusX0-0l7RjDUKbtJEJBo.roa (raw, json)
Hash identifier:          veA6h2ECktBO1GXrF8VhhgTUGv0Z92l/dw1pJ3t23Fw=
Subject key identifier:   0F:99:9A:5C:D4:2E:B1:7D:3E:D2:5E:D1:8C:35:0A:6E:D2:44:24:1A
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       018CC86F2BBB7A8FC358082116FB5AA4FF85
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/D5maXNQusX0-0l7RjDUKbtJEJBo.roa
Signing time:             Tue 02 Jan 2024 04:29:38 +0000
ROA not before:           Tue 02 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        45.155.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:2b:bb:7a:8f:c3:58:08:21:16:fb:5a:a4:ff:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Jan  2 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f999a5cd42eb17d3ed25ed18c350a6ed244241a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:83:ef:0d:32:eb:bf:c6:79:a1:e0:e4:cd:ef:
                    83:68:35:f2:83:a9:4d:68:e4:2b:ae:01:74:57:23:
                    75:90:1d:56:5d:55:7e:14:de:80:98:91:ef:9d:07:
                    98:2b:2a:4c:4f:c6:18:e1:16:89:49:5a:f9:fa:30:
                    7f:9e:eb:58:75:a9:40:ba:bf:8b:87:9b:cf:72:c5:
                    6d:de:e0:6b:9e:4e:47:54:46:c5:f4:7a:44:55:73:
                    5b:da:9f:35:d8:e5:88:db:1d:d4:e8:40:ea:5a:2c:
                    12:c4:08:33:44:fd:bf:3f:6b:7b:53:5d:3f:c2:10:
                    47:88:df:06:14:7c:6d:ed:ab:90:9c:00:41:90:ca:
                    ef:d5:86:27:51:95:56:60:0b:f5:ad:62:86:78:43:
                    75:01:c8:6b:5d:4c:ba:c5:ce:14:2a:da:cc:bd:18:
                    49:a6:7e:48:06:b6:98:0b:7e:04:96:37:33:ae:e1:
                    c3:b9:40:8f:d9:1e:52:7b:10:00:b7:e5:b7:3b:5a:
                    9f:36:91:b8:02:2c:68:79:0d:53:1a:a8:2c:cf:5e:
                    e8:c6:83:f1:41:27:01:5a:78:ef:8e:c8:80:60:4d:
                    a7:9b:bd:5f:8e:e0:72:dc:fd:8e:45:df:2e:24:15:
                    8e:c9:b7:32:e3:50:6a:51:a8:5a:e8:78:c0:12:e9:
                    86:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:99:9A:5C:D4:2E:B1:7D:3E:D2:5E:D1:8C:35:0A:6E:D2:44:24:1A
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/D5maXNQusX0-0l7RjDUKbtJEJBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:25:35:d2:2f:04:0f:52:87:cf:96:9b:79:fa:c8:39:19:c8:
         81:02:0c:52:b6:f0:19:fa:44:dd:da:bd:47:2b:aa:86:af:4e:
         bc:4a:98:09:1d:24:cb:a3:73:e1:74:12:ff:4a:de:e3:58:3c:
         dd:87:59:b7:0d:12:fc:67:1a:2b:b5:1f:3c:f6:4c:1d:61:45:
         f6:a0:78:74:92:0c:dd:75:13:1a:fe:2c:bc:18:ed:aa:76:79:
         2e:f0:63:0a:b6:5d:5d:48:ac:00:4a:e8:4d:9e:34:e3:cd:5c:
         74:13:8d:b0:46:e8:7b:6b:fa:2d:23:fe:a4:d8:55:8f:d7:40:
         b5:be:e6:27:1d:98:79:2e:3c:a3:22:11:23:f6:bd:54:5a:27:
         3e:72:f7:bb:e2:8b:60:80:33:e3:72:2d:ce:4c:ea:3c:e9:7a:
         e8:f8:25:ae:c2:0b:7f:66:0e:85:d0:6b:9b:09:a5:f7:4d:af:
         ec:0f:ad:cc:ef:85:9c:d0:88:6a:f5:b4:8a:b9:58:7e:97:d2:
         65:05:7b:54:c2:31:20:9a:ed:a1:84:21:21:05:62:35:7c:78:
         35:f5:5b:3c:bc:02:b4:8a:f8:17:5d:de:82:14:b1:19:be:44:
         72:23:22:11:1e:6a:fc:3e:eb:cf:3b:f2:4b:57:c9:c3:02:b2:
         4d:2c:41:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyu7eo/DWAghFvtapP+FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjQwMTAyMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjk5OWE1Y2Q0MmViMTdkM2VkMjVlZDE4YzM1MGE2ZWQyNDQyNDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIPvDTLrv8Z5oeDkze+DaDXyg6lN
aOQrrgF0VyN1kB1WXVV+FN6AmJHvnQeYKypMT8YY4RaJSVr5+jB/nutYdalAur+L
h5vPcsVt3uBrnk5HVEbF9HpEVXNb2p812OWI2x3U6EDqWiwSxAgzRP2/P2t7U10/
whBHiN8GFHxt7auQnABBkMrv1YYnUZVWYAv1rWKGeEN1AchrXUy6xc4UKtrMvRhJ
pn5IBraYC34EljczruHDuUCP2R5SexAAt+W3O1qfNpG4AixoeQ1TGqgsz17oxoPx
QScBWnjvjsiAYE2nm71fjuBy3P2ORd8uJBWOybcy41BqUaha6HjAEumGQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+ZmlzULrF9PtJe0Yw1Cm7SRCQaMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvRDVtYVhOUXVzWDAtMGw3UmpEVUtidEpFSkJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZvzMA0G
CSqGSIb3DQEBCwUAA4IBAQAuJTXSLwQPUofPlpt5+sg5GciBAgxStvAZ+kTd2r1H
K6qGr068SpgJHSTLo3PhdBL/St7jWDzdh1m3DRL8ZxortR889kwdYUX2oHh0kgzd
dRMa/iy8GO2qdnku8GMKtl1dSKwASuhNnjTjzVx0E42wRuh7a/otI/6k2FWP10C1
vuYnHZh5LjyjIhEj9r1UWic+cve74otggDPjci3OTOo86Xro+CWuwgt/Zg6F0Gub
CaX3Ta/sD63M74Wc0Ihq9bSKuVh+l9JlBXtUwjEgmu2hhCEhBWI1fHg19Vs8vAK0
ivgXXd6CFLEZvkRyIyIRHmr8PuvPO/JLV8nDArJNLEG2
-----END CERTIFICATE-----