Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/9d5feb-beda-4147-9d83-c9ad37f94cd7/1/krN-pEy9EgLrK_vRvuytLJcocZ8.roa
File:                     krN-pEy9EgLrK_vRvuytLJcocZ8.roa (raw, json)
Hash identifier:          a2zXII3OYoJ601Av1FgC/xdYhOrH2hqb+n3vaPqPCc8=
Subject key identifier:   92:B3:7E:A4:4C:BD:12:02:EB:2B:FB:D1:BE:EC:AD:2C:97:28:71:9F
Certificate issuer:       /CN=00e2c33731adca57dcc33b2fb8233fc038b095e9
Certificate serial:       018CC3B6AFF775E1459C311365E96DB86146
Authority key identifier: 00:E2:C3:37:31:AD:CA:57:DC:C3:3B:2F:B8:23:3F:C0:38:B0:95:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AOLDNzGtylfcwzsvuCM_wDiwlek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/9d5feb-beda-4147-9d83-c9ad37f94cd7/1/krN-pEy9EgLrK_vRvuytLJcocZ8.roa
Signing time:             Mon 01 Jan 2024 06:29:38 +0000
ROA not before:           Mon 01 Jan 2024 06:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23528
IP address blocks:        45.156.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/9d5feb-beda-4147-9d83-c9ad37f94cd7/1/AOLDNzGtylfcwzsvuCM_wDiwlek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/9d5feb-beda-4147-9d83-c9ad37f94cd7/1/AOLDNzGtylfcwzsvuCM_wDiwlek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AOLDNzGtylfcwzsvuCM_wDiwlek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 06:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:af:f7:75:e1:45:9c:31:13:65:e9:6d:b8:61:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00e2c33731adca57dcc33b2fb8233fc038b095e9
        Validity
            Not Before: Jan  1 06:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92b37ea44cbd1202eb2bfbd1beecad2c9728719f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:1f:34:e7:5d:4e:dd:f3:b4:5e:93:cf:21:c6:
                    62:88:1c:60:31:98:42:f4:65:f6:fa:5d:b8:b3:9a:
                    86:88:72:44:0c:cf:ee:04:58:3b:6c:32:78:f3:3e:
                    c7:99:04:eb:92:9f:40:ad:da:7f:53:4b:6e:40:bd:
                    52:5c:4a:00:70:c6:2d:23:07:bc:f1:0d:bf:16:df:
                    46:1e:43:c4:ad:79:80:dc:45:b7:a1:6b:22:1d:6f:
                    43:7f:de:07:17:43:a4:b3:fc:2e:6a:07:c7:0b:e6:
                    98:8e:04:74:1c:6f:97:1c:e3:de:98:10:4b:57:e4:
                    aa:0f:fc:60:e9:17:9b:bd:99:7c:3b:40:52:f0:65:
                    37:bd:7f:eb:f1:6b:79:ec:02:fd:f9:0f:d2:f4:9e:
                    d4:9e:6a:c8:64:2b:6c:26:58:6a:d3:38:ab:07:fc:
                    83:58:bb:a3:01:41:9d:bf:21:ce:51:b8:82:45:00:
                    87:cf:5d:e4:8d:1e:ee:c4:12:29:ee:34:23:ef:8e:
                    ae:16:35:31:ae:2e:f8:9c:d8:fc:22:fa:11:5a:ea:
                    86:9b:cc:79:2a:ba:06:54:5e:e2:00:a0:d9:7a:3c:
                    f0:8c:09:69:c1:04:fb:3f:2b:4c:d3:24:91:1a:1e:
                    4f:a9:8a:42:d8:97:4f:e3:b5:b0:9d:d6:ec:a6:07:
                    d5:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:B3:7E:A4:4C:BD:12:02:EB:2B:FB:D1:BE:EC:AD:2C:97:28:71:9F
            X509v3 Authority Key Identifier:
                keyid:00:E2:C3:37:31:AD:CA:57:DC:C3:3B:2F:B8:23:3F:C0:38:B0:95:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AOLDNzGtylfcwzsvuCM_wDiwlek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/9d5feb-beda-4147-9d83-c9ad37f94cd7/1/krN-pEy9EgLrK_vRvuytLJcocZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/9d5feb-beda-4147-9d83-c9ad37f94cd7/1/AOLDNzGtylfcwzsvuCM_wDiwlek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:50:f7:6e:70:a3:0a:a4:65:d4:08:cd:2e:a3:45:d1:69:0e:
         bf:d6:55:a2:20:e8:5a:a6:fc:81:d4:f3:58:71:d1:82:61:60:
         78:85:13:fb:e7:f1:28:b0:2d:8f:f9:ba:29:fa:40:ac:5a:af:
         d2:5e:9b:63:e5:12:d2:00:51:78:6a:ce:3a:63:61:b4:41:8b:
         5d:3d:00:12:9e:05:7f:8d:2c:6a:09:4b:cd:3b:85:6f:d1:c3:
         4d:5d:b4:49:b1:58:46:85:b4:7e:28:10:f4:5f:f0:b5:43:f6:
         64:54:9c:57:5c:8a:a9:d9:e0:45:2b:d0:4a:3c:54:ff:93:b2:
         c2:b2:32:8e:72:a5:69:04:89:42:60:13:c3:04:77:9e:39:53:
         27:d2:55:bc:5a:58:85:2c:76:92:c5:d8:55:c5:4f:cf:69:f7:
         68:17:7a:34:8d:e2:f9:79:10:22:f9:18:98:8d:fb:61:d4:8d:
         57:25:6c:1a:24:9c:a7:8d:4a:c6:4c:86:93:06:4f:e1:55:f4:
         aa:2a:88:74:4a:31:75:67:07:01:54:68:41:29:f3:7c:e0:d2:
         c8:0f:93:5e:d7:da:b2:82:2b:45:62:62:48:f2:4a:df:43:40:
         6e:bb:3f:d1:51:2a:4a:04:94:be:e8:93:00:2d:38:35:47:8f:
         4f:b3:c2:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtq/3deFFnDETZeltuGFGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZTJjMzM3MzFhZGNhNTdkY2MzM2IyZmI4MjMzZmMwMzhi
MDk1ZTkwHhcNMjQwMTAxMDYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmIzN2VhNDRjYmQxMjAyZWIyYmZiZDFiZWVjYWQyYzk3Mjg3MTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjR80511O3fO0XpPPIcZiiBxgMZhC
9GX2+l24s5qGiHJEDM/uBFg7bDJ48z7HmQTrkp9Ardp/U0tuQL1SXEoAcMYtIwe8
8Q2/Ft9GHkPErXmA3EW3oWsiHW9Df94HF0Oks/wuagfHC+aYjgR0HG+XHOPemBBL
V+SqD/xg6RebvZl8O0BS8GU3vX/r8Wt57AL9+Q/S9J7UnmrIZCtsJlhq0zirB/yD
WLujAUGdvyHOUbiCRQCHz13kjR7uxBIp7jQj746uFjUxri74nNj8IvoRWuqGm8x5
KroGVF7iAKDZejzwjAlpwQT7PytM0ySRGh5PqYpC2JdP47WwndbspgfVWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKzfqRMvRIC6yv70b7srSyXKHGfMB8GA1UdIwQY
MBaAFADiwzcxrcpX3MM7L7gjP8A4sJXpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU9MRE56R3R5bGZjd3pzdnVDTV93RGl3bGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS85ZDVmZWItYmVkYS00MTQ3LTlkODMt
YzlhZDM3Zjk0Y2Q3LzEva3JOLXBFeTlFZ0xyS192UnZ1eXRMSmNvY1o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS85ZDVmZWItYmVkYS00MTQ3LTlkODMtYzlhZDM3Zjk0Y2Q3
LzEvQU9MRE56R3R5bGZjd3pzdnVDTV93RGl3bGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZyhMA0G
CSqGSIb3DQEBCwUAA4IBAQANUPducKMKpGXUCM0uo0XRaQ6/1lWiIOhapvyB1PNY
cdGCYWB4hRP75/EosC2P+bop+kCsWq/SXptj5RLSAFF4as46Y2G0QYtdPQASngV/
jSxqCUvNO4Vv0cNNXbRJsVhGhbR+KBD0X/C1Q/ZkVJxXXIqp2eBFK9BKPFT/k7LC
sjKOcqVpBIlCYBPDBHeeOVMn0lW8WliFLHaSxdhVxU/PafdoF3o0jeL5eRAi+RiY
jfth1I1XJWwaJJynjUrGTIaTBk/hVfSqKoh0SjF1ZwcBVGhBKfN84NLID5Ne19qy
gitFYmJI8krfQ0Buuz/RUSpKBJS+6JMALTg1R49Ps8Ke
-----END CERTIFICATE-----