Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/eNwIFdF3H_dMpRNYi_q2Nl6rlok.roa
File:                     eNwIFdF3H_dMpRNYi_q2Nl6rlok.roa (raw, json)
Hash identifier:          ZuOICR7vYPDdrqA0N9zZfyHROTBU81YOP4pc9HMXIE8=
Subject key identifier:   78:DC:08:15:D1:77:1F:F7:4C:A5:13:58:8B:FA:B6:36:5E:AB:96:89
Certificate issuer:       /CN=e15808f3f921bc8c3eea87c7584c584c1000b051
Certificate serial:       018CC80133B2206F6D9EDF24981B9D481122
Authority key identifier: E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/eNwIFdF3H_dMpRNYi_q2Nl6rlok.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        45.83.136.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 21:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:33:b2:20:6f:6d:9e:df:24:98:1b:9d:48:11:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e15808f3f921bc8c3eea87c7584c584c1000b051
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78dc0815d1771ff74ca513588bfab6365eab9689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e5:34:e0:33:1b:b5:7e:ef:8e:c2:5a:4b:de:
                    b1:15:84:73:9e:32:ca:95:b3:50:4f:14:4d:aa:7a:
                    8b:a3:f1:9b:ab:d8:dd:e9:dc:f3:fd:d5:e3:69:be:
                    0e:43:9c:1f:0a:2e:fd:ab:de:a4:72:e8:be:e5:1b:
                    6a:4b:61:2e:35:1f:a8:10:22:63:f7:7d:cc:e2:c2:
                    29:3b:51:35:af:fc:54:0c:76:8d:4d:7a:1f:15:3a:
                    3b:0d:6a:4c:a3:0f:43:96:0c:8a:6f:50:2d:31:47:
                    e5:f3:db:80:27:c0:6c:d4:f1:27:6d:25:ef:17:f1:
                    be:e9:09:ff:8e:61:fd:48:05:b5:cd:3d:f5:c9:59:
                    8e:bf:50:90:78:a1:1f:04:d8:a9:0a:c5:14:f5:23:
                    ca:c4:63:7c:8b:b7:fe:b0:ba:f9:ab:57:fb:9b:be:
                    bd:07:9c:eb:78:0a:1f:5c:59:17:45:60:07:77:54:
                    e9:73:da:b1:23:f3:17:0b:61:3b:08:0d:c7:9e:a0:
                    c4:51:b6:93:f5:5e:7b:c8:9e:e8:32:15:c1:11:a4:
                    9d:a5:c8:a7:58:d8:b8:ce:7a:f1:e1:29:a5:a8:5d:
                    bb:e6:f9:68:13:0f:44:a5:ec:de:c2:93:d9:c5:0a:
                    d3:ae:d8:02:07:17:ed:d0:7b:d9:0b:4c:cc:93:63:
                    45:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:DC:08:15:D1:77:1F:F7:4C:A5:13:58:8B:FA:B6:36:5E:AB:96:89
            X509v3 Authority Key Identifier:
                keyid:E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/eNwIFdF3H_dMpRNYi_q2Nl6rlok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:0a:a4:9b:81:9a:f5:63:11:6c:5f:15:c5:42:3c:52:f0:bf:
         f4:aa:1a:a0:c5:ca:52:51:ea:87:9c:0e:fc:4c:06:ef:1a:5d:
         18:ae:fb:7e:5c:8a:2f:bb:6a:fd:83:77:0c:82:88:c0:f9:23:
         4c:51:42:7c:61:e0:a8:85:8d:13:87:3c:52:ee:b6:9b:72:c0:
         3c:05:ea:43:9e:5c:cf:b3:8e:f2:31:2c:dc:eb:b5:0c:ae:a7:
         4f:b7:bf:bc:24:0c:23:f0:67:04:3f:a3:b0:05:16:14:d1:3b:
         35:dd:2a:88:c7:a2:fa:f0:f5:a4:c3:cc:aa:f4:17:5c:8d:ec:
         49:60:be:2a:ff:a1:cb:2a:78:9b:4e:a8:92:40:2a:29:d3:cd:
         f9:9d:24:44:dd:09:cd:c2:f9:51:99:21:15:df:dc:61:f3:1e:
         b9:9d:92:ab:11:e3:18:54:d6:a2:b9:81:9b:64:ef:31:d8:d9:
         83:ef:e2:ca:2c:bb:fe:60:04:e7:9e:07:8c:a1:17:5f:86:63:
         9f:7c:6c:2e:cf:ec:aa:4e:d7:e5:94:99:91:06:e6:07:1b:bb:
         b0:8e:c9:25:5d:3f:c1:28:2e:48:45:44:37:c1:86:5f:c7:9f:
         d9:a7:36:54:37:2c:f5:54:6c:d2:8e:48:76:64:b2:cc:fd:25:
         74:51:29:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATOyIG9tnt8kmBudSBEiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTgwOGYzZjkyMWJjOGMzZWVhODdjNzU4NGM1ODRjMTAw
MGIwNTEwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGRjMDgxNWQxNzcxZmY3NGNhNTEzNTg4YmZhYjYzNjVlYWI5Njg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuU04DMbtX7vjsJaS96xFYRznjLK
lbNQTxRNqnqLo/Gbq9jd6dzz/dXjab4OQ5wfCi79q96kcui+5RtqS2EuNR+oECJj
933M4sIpO1E1r/xUDHaNTXofFTo7DWpMow9DlgyKb1AtMUfl89uAJ8Bs1PEnbSXv
F/G+6Qn/jmH9SAW1zT31yVmOv1CQeKEfBNipCsUU9SPKxGN8i7f+sLr5q1f7m769
B5zreAofXFkXRWAHd1Tpc9qxI/MXC2E7CA3HnqDEUbaT9V57yJ7oMhXBEaSdpcin
WNi4znrx4SmlqF275vloEw9EpezewpPZxQrTrtgCBxft0HvZC0zMk2NFZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHjcCBXRdx/3TKUTWIv6tjZeq5aJMB8GA1UdIwQY
MBaAFOFYCPP5IbyMPuqHx1hMWEwQALBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAt
YWIxOWZjYjBjZTY0LzEvZU53SUZkRjNIX2RNcFJOWWlfcTJObDZybG9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAtYWIxOWZjYjBjZTY0
LzEvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVOIMA0G
CSqGSIb3DQEBCwUAA4IBAQAnCqSbgZr1YxFsXxXFQjxS8L/0qhqgxcpSUeqHnA78
TAbvGl0Yrvt+XIovu2r9g3cMgojA+SNMUUJ8YeCohY0ThzxS7rabcsA8BepDnlzP
s47yMSzc67UMrqdPt7+8JAwj8GcEP6OwBRYU0Ts13SqIx6L68PWkw8yq9BdcjexJ
YL4q/6HLKnibTqiSQCop0835nSRE3QnNwvlRmSEV39xh8x65nZKrEeMYVNaiuYGb
ZO8x2NmD7+LKLLv+YATnngeMoRdfhmOffGwuz+yqTtfllJmRBuYHG7uwjsklXT/B
KC5IRUQ3wYZfx5/ZpzZUNyz1VGzSjkh2ZLLM/SV0USnL
-----END CERTIFICATE-----