Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/9d5feb-beda-4147-9d83-c9ad37f94cd7/1/_d87b2Kx9QRZpKd6wjqfBNxG98o.roa
File:                     _d87b2Kx9QRZpKd6wjqfBNxG98o.roa (raw, json)
Hash identifier:          CPLlvF/UPYrHFakqpUknxAbghqReilZMeu4TDCYBVGw=
Subject key identifier:   FD:DF:3B:6F:62:B1:F5:04:59:A4:A7:7A:C2:3A:9F:04:DC:46:F7:CA
Certificate issuer:       /CN=00e2c33731adca57dcc33b2fb8233fc038b095e9
Certificate serial:       018CC3B6B078A64E89E985E6D9E0DADB8355
Authority key identifier: 00:E2:C3:37:31:AD:CA:57:DC:C3:3B:2F:B8:23:3F:C0:38:B0:95:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AOLDNzGtylfcwzsvuCM_wDiwlek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/9d5feb-beda-4147-9d83-c9ad37f94cd7/1/_d87b2Kx9QRZpKd6wjqfBNxG98o.roa
Signing time:             Mon 01 Jan 2024 06:29:38 +0000
ROA not before:           Mon 01 Jan 2024 06:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57648
IP address blocks:        45.156.162.0/24 maxlen: 24
                          45.156.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/9d5feb-beda-4147-9d83-c9ad37f94cd7/1/AOLDNzGtylfcwzsvuCM_wDiwlek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/9d5feb-beda-4147-9d83-c9ad37f94cd7/1/AOLDNzGtylfcwzsvuCM_wDiwlek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AOLDNzGtylfcwzsvuCM_wDiwlek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b0:78:a6:4e:89:e9:85:e6:d9:e0:da:db:83:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00e2c33731adca57dcc33b2fb8233fc038b095e9
        Validity
            Not Before: Jan  1 06:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fddf3b6f62b1f50459a4a77ac23a9f04dc46f7ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f2:39:e3:9b:20:e3:72:47:4c:ec:36:52:46:
                    cf:20:cb:62:a5:73:8a:e3:11:c0:27:c1:8e:3b:b7:
                    8b:11:d0:cc:75:57:b9:31:90:f9:f1:da:ff:30:7c:
                    c3:30:65:ed:ca:76:d9:06:e1:ba:01:b1:b9:38:51:
                    d0:4f:d3:0c:1b:b8:5d:0e:25:6d:90:00:16:43:9e:
                    da:26:6c:79:f7:c6:04:f2:8a:f3:76:5e:cc:45:00:
                    be:07:f5:5e:82:23:02:29:f3:01:05:58:39:26:8f:
                    eb:f0:3e:a2:98:f3:ea:f0:12:b9:e7:d3:50:96:ba:
                    9e:d5:5b:62:b6:a4:e3:7a:47:0a:f2:6c:77:e9:f1:
                    ed:01:cb:48:ba:26:9e:86:48:e1:ca:63:10:4d:a3:
                    94:a9:e8:91:cf:4c:49:d8:1d:07:13:d1:6e:5f:ac:
                    69:cd:da:23:4c:d1:86:dc:7f:92:94:24:dd:49:1e:
                    82:cf:ee:50:98:27:37:73:02:1a:9b:b3:be:c8:27:
                    be:00:16:48:1e:b9:9b:c8:67:ff:3a:2b:18:2b:a3:
                    49:d1:96:bc:ad:8c:6e:fe:31:bf:a3:15:9d:7c:9e:
                    18:78:0f:2e:69:42:65:b2:cd:d0:65:38:44:7f:26:
                    95:a0:2e:87:60:ac:04:46:a6:72:29:80:68:c2:b0:
                    2c:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:DF:3B:6F:62:B1:F5:04:59:A4:A7:7A:C2:3A:9F:04:DC:46:F7:CA
            X509v3 Authority Key Identifier:
                keyid:00:E2:C3:37:31:AD:CA:57:DC:C3:3B:2F:B8:23:3F:C0:38:B0:95:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AOLDNzGtylfcwzsvuCM_wDiwlek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/9d5feb-beda-4147-9d83-c9ad37f94cd7/1/_d87b2Kx9QRZpKd6wjqfBNxG98o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/9d5feb-beda-4147-9d83-c9ad37f94cd7/1/AOLDNzGtylfcwzsvuCM_wDiwlek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.160.0/24
                  45.156.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:1b:ca:fc:7a:ff:82:07:cc:13:ed:99:f8:1e:b0:3b:5d:e6:
         a7:76:30:8d:0f:47:5a:7d:8a:af:f2:86:12:6d:bc:7a:d5:d7:
         68:d0:33:8b:88:32:f9:39:c5:03:43:fb:35:5e:14:af:60:79:
         dc:85:0b:ff:67:7b:4d:6d:d6:e0:fe:29:b2:0c:de:9b:99:ec:
         78:13:01:03:b1:aa:60:58:d1:73:be:e9:7c:2d:b7:79:a1:3c:
         31:8c:dc:7d:e5:0c:9a:70:51:56:b0:13:25:49:c7:d3:0e:a4:
         b7:b5:e7:c2:19:4e:f9:80:1a:fc:5b:77:e1:2b:a5:c1:c5:9e:
         fd:b6:8a:5a:f2:8b:95:6f:ed:54:e7:29:06:79:c1:5d:16:b6:
         be:28:1d:78:16:58:6f:34:a2:78:9a:fb:0f:b0:42:d5:69:1a:
         fa:bb:3a:c4:55:bc:71:27:c3:07:0f:5e:a1:ae:50:be:ae:f4:
         8b:f2:0f:3b:9c:66:15:ef:05:d4:87:cf:da:6a:2e:45:d6:83:
         56:64:d4:76:64:d4:95:a4:69:9d:e0:f3:12:b5:8a:9a:6f:c2:
         0b:29:9a:76:1c:63:d3:a9:6d:8c:1a:e0:b8:05:e2:04:3c:cb:
         b8:fa:53:1f:64:4a:6e:79:5f:27:40:9e:55:19:f4:e8:a0:4b:
         91:c0:71:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtrB4pk6J6YXm2eDa24NVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZTJjMzM3MzFhZGNhNTdkY2MzM2IyZmI4MjMzZmMwMzhi
MDk1ZTkwHhcNMjQwMTAxMDYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGRmM2I2ZjYyYjFmNTA0NTlhNGE3N2FjMjNhOWYwNGRjNDZmN2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/I545sg43JHTOw2UkbPIMtipXOK
4xHAJ8GOO7eLEdDMdVe5MZD58dr/MHzDMGXtynbZBuG6AbG5OFHQT9MMG7hdDiVt
kAAWQ57aJmx598YE8orzdl7MRQC+B/VegiMCKfMBBVg5Jo/r8D6imPPq8BK559NQ
lrqe1VtitqTjekcK8mx36fHtActIuiaehkjhymMQTaOUqeiRz0xJ2B0HE9FuX6xp
zdojTNGG3H+SlCTdSR6Cz+5QmCc3cwIam7O+yCe+ABZIHrmbyGf/OisYK6NJ0Za8
rYxu/jG/oxWdfJ4YeA8uaUJlss3QZThEfyaVoC6HYKwERqZyKYBowrAs+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP3fO29isfUEWaSnesI6nwTcRvfKMB8GA1UdIwQY
MBaAFADiwzcxrcpX3MM7L7gjP8A4sJXpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU9MRE56R3R5bGZjd3pzdnVDTV93RGl3bGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS85ZDVmZWItYmVkYS00MTQ3LTlkODMt
YzlhZDM3Zjk0Y2Q3LzEvX2Q4N2IyS3g5UVJacEtkNndqcWZCTnhHOThvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS85ZDVmZWItYmVkYS00MTQ3LTlkODMtYzlhZDM3Zjk0Y2Q3
LzEvQU9MRE56R3R5bGZjd3pzdnVDTV93RGl3bGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZygAwQA
LZyiMA0GCSqGSIb3DQEBCwUAA4IBAQA1G8r8ev+CB8wT7Zn4HrA7XeandjCND0da
fYqv8oYSbbx61ddo0DOLiDL5OcUDQ/s1XhSvYHnchQv/Z3tNbdbg/imyDN6bmex4
EwEDsapgWNFzvul8Lbd5oTwxjNx95QyacFFWsBMlScfTDqS3tefCGU75gBr8W3fh
K6XBxZ79topa8ouVb+1U5ykGecFdFra+KB14FlhvNKJ4mvsPsELVaRr6uzrEVbxx
J8MHD16hrlC+rvSL8g87nGYV7wXUh8/aai5F1oNWZNR2ZNSVpGmd4PMStYqab8IL
KZp2HGPTqW2MGuC4BeIEPMu4+lMfZEpueV8nQJ5VGfTooEuRwHH6
-----END CERTIFICATE-----