Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/90f62b-7ae2-49d6-a42c-899f1e1b7360/1/Djd5CtNeKvjwPjVqbyrR0hvTKD4.roa
File:                     Djd5CtNeKvjwPjVqbyrR0hvTKD4.roa (raw, json)
Hash identifier:          QJht+nnnu26q0Qm9GHgdzuV6k7bMQfZplq/eCdcVPzA=
Subject key identifier:   0E:37:79:0A:D3:5E:2A:F8:F0:3E:35:6A:6F:2A:D1:D2:1B:D3:28:3E
Certificate issuer:       /CN=59c4cfbd871c42dd55a57bd0ff567134f322b23e
Certificate serial:       018CC8DF0EBCA9A2020959F62AF005BF07DB
Authority key identifier: 59:C4:CF:BD:87:1C:42:DD:55:A5:7B:D0:FF:56:71:34:F3:22:B2:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WcTPvYccQt1VpXvQ_1ZxNPMisj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/90f62b-7ae2-49d6-a42c-899f1e1b7360/1/Djd5CtNeKvjwPjVqbyrR0hvTKD4.roa
Signing time:             Tue 02 Jan 2024 06:31:50 +0000
ROA not before:           Tue 02 Jan 2024 06:31:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210869
IP address blocks:        45.13.68.0/22 maxlen: 23
                          2a0e:df00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/90f62b-7ae2-49d6-a42c-899f1e1b7360/1/WcTPvYccQt1VpXvQ_1ZxNPMisj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/90f62b-7ae2-49d6-a42c-899f1e1b7360/1/WcTPvYccQt1VpXvQ_1ZxNPMisj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WcTPvYccQt1VpXvQ_1ZxNPMisj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:0e:bc:a9:a2:02:09:59:f6:2a:f0:05:bf:07:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59c4cfbd871c42dd55a57bd0ff567134f322b23e
        Validity
            Not Before: Jan  2 06:31:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e37790ad35e2af8f03e356a6f2ad1d21bd3283e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ea:65:d4:d1:65:2f:2d:c4:3d:14:84:9d:79:
                    c0:3f:f5:f9:ba:ff:cd:bc:aa:5f:47:18:0e:c7:51:
                    f8:08:5a:4c:f8:23:90:35:bb:fb:b5:ea:a5:8b:a0:
                    1c:7b:9d:65:7e:e0:4d:f0:0f:5e:8f:5f:63:c5:57:
                    4e:63:26:da:09:16:6e:cf:ba:5e:c5:c5:e1:e0:d9:
                    1b:3d:7d:7f:5c:c6:ee:db:5b:84:c3:e2:93:4b:2e:
                    82:8b:17:f1:a7:97:39:73:e3:ab:0d:2f:58:e8:0c:
                    ee:ff:e5:b7:73:30:a6:f7:2e:34:55:a3:a9:9d:53:
                    c2:2c:97:2d:c5:a6:8c:b8:dc:14:37:48:de:c4:dc:
                    29:04:37:dd:e5:d4:d9:31:1d:95:b3:59:04:ec:b9:
                    09:bb:69:28:a8:26:23:bf:dc:b0:f3:5d:68:8d:5b:
                    b9:ee:5a:c0:22:70:81:35:1b:6c:2a:a3:f9:6c:54:
                    a8:56:98:19:6a:d1:cd:d6:f4:0e:9a:d1:a0:84:1c:
                    2f:d4:4d:dc:a3:e8:9d:1a:48:b0:aa:00:6a:14:3f:
                    dc:59:f6:bf:bd:96:19:71:fd:8e:07:3a:17:db:3a:
                    fc:29:91:fc:12:48:ff:24:c0:ae:47:15:70:61:cd:
                    0d:ea:a5:5b:43:70:c6:33:9d:1e:35:a7:af:10:43:
                    d7:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:37:79:0A:D3:5E:2A:F8:F0:3E:35:6A:6F:2A:D1:D2:1B:D3:28:3E
            X509v3 Authority Key Identifier:
                keyid:59:C4:CF:BD:87:1C:42:DD:55:A5:7B:D0:FF:56:71:34:F3:22:B2:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WcTPvYccQt1VpXvQ_1ZxNPMisj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/90f62b-7ae2-49d6-a42c-899f1e1b7360/1/Djd5CtNeKvjwPjVqbyrR0hvTKD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/90f62b-7ae2-49d6-a42c-899f1e1b7360/1/WcTPvYccQt1VpXvQ_1ZxNPMisj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.68.0/22
                IPv6:
                  2a0e:df00::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:18:dc:d8:2b:fd:96:ab:1d:29:3e:4f:ec:da:3b:94:6f:1b:
         4b:f8:e2:bd:0e:76:19:88:c4:24:cf:66:5a:9d:19:17:a4:0d:
         af:6b:87:d3:bb:19:68:3c:90:91:b5:88:ef:77:fc:53:3a:5a:
         73:64:72:e1:41:bc:bb:dc:92:fe:ad:fe:0a:42:9f:94:22:a3:
         ab:1e:7f:f9:fa:d9:84:fc:be:0b:4a:f8:b0:a7:3c:6c:ce:91:
         40:b5:a7:00:6f:b1:48:f9:ca:96:6c:3b:33:f8:2b:bb:bf:38:
         92:de:27:79:35:73:36:0d:82:53:12:65:1b:9c:5a:13:07:95:
         6d:7a:78:df:97:0a:4e:8f:46:35:1f:4b:15:47:af:88:34:83:
         fe:a0:b6:f4:1d:1a:a7:07:b0:8d:2d:42:a3:c3:51:1a:26:e6:
         58:a2:26:9e:bb:0b:7a:63:c3:e4:f8:47:d3:c0:0f:22:cc:36:
         e2:04:e6:26:62:54:93:58:97:74:8a:5d:ee:db:38:9b:29:ba:
         fe:6f:55:bb:5e:0b:b9:68:62:d5:0b:33:86:6d:ea:38:49:ee:
         28:be:33:ce:d1:50:6a:78:89:02:aa:03:67:b3:d3:fd:29:68:
         fd:a8:b5:85:83:02:ae:21:7e:1d:cf:1d:54:54:e0:99:17:b9:
         2a:60:41:8d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3w68qaICCVn2KvAFvwfbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5YzRjZmJkODcxYzQyZGQ1NWE1N2JkMGZmNTY3MTM0ZjMy
MmIyM2UwHhcNMjQwMTAyMDYzMTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTM3NzkwYWQzNWUyYWY4ZjAzZTM1NmE2ZjJhZDFkMjFiZDMyODNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+pl1NFlLy3EPRSEnXnAP/X5uv/N
vKpfRxgOx1H4CFpM+COQNbv7teqli6Ace51lfuBN8A9ej19jxVdOYybaCRZuz7pe
xcXh4NkbPX1/XMbu21uEw+KTSy6Cixfxp5c5c+OrDS9Y6Azu/+W3czCm9y40VaOp
nVPCLJctxaaMuNwUN0jexNwpBDfd5dTZMR2Vs1kE7LkJu2koqCYjv9yw811ojVu5
7lrAInCBNRtsKqP5bFSoVpgZatHN1vQOmtGghBwv1E3co+idGkiwqgBqFD/cWfa/
vZYZcf2OBzoX2zr8KZH8Ekj/JMCuRxVwYc0N6qVbQ3DGM50eNaevEEPX7QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA43eQrTXir48D41am8q0dIb0yg+MB8GA1UdIwQY
MBaAFFnEz72HHELdVaV70P9WcTTzIrI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2NUUHZZY2NRdDFWcFh2UV8xWnhOUE1pc2o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy85MGY2MmItN2FlMi00OWQ2LWE0MmMt
ODk5ZjFlMWI3MzYwLzEvRGpkNUN0TmVLdmp3UGpWcWJ5clIwaHZUS0Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy85MGY2MmItN2FlMi00OWQ2LWE0MmMtODk5ZjFlMWI3MzYw
LzEvV2NUUHZZY2NRdDFWcFh2UV8xWnhOUE1pc2o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLQ1EMA0E
AgACMAcDBQAqDt8AMA0GCSqGSIb3DQEBCwUAA4IBAQAGGNzYK/2Wqx0pPk/s2juU
bxtL+OK9DnYZiMQkz2ZanRkXpA2va4fTuxloPJCRtYjvd/xTOlpzZHLhQby73JL+
rf4KQp+UIqOrHn/5+tmE/L4LSviwpzxszpFAtacAb7FI+cqWbDsz+Cu7vziS3id5
NXM2DYJTEmUbnFoTB5VtenjflwpOj0Y1H0sVR6+INIP+oLb0HRqnB7CNLUKjw1Ea
JuZYoiaeuwt6Y8Pk+EfTwA8izDbiBOYmYlSTWJd0il3u2zibKbr+b1W7Xgu5aGLV
CzOGbeo4Se4ovjPO0VBqeIkCqgNns9P9KWj9qLWFgwKuIX4dzx1UVOCZF7kqYEGN
-----END CERTIFICATE-----