Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/LAp-CPHHHOcSOA4snUb_Eh4S4x4.roa
File:                     LAp-CPHHHOcSOA4snUb_Eh4S4x4.roa (raw, json)
Hash identifier:          xA6hYL9pB3s93k5OW6mJVCO3xscntbaRGIdJh/41s4Q=
Subject key identifier:   2C:0A:7E:08:F1:C7:1C:E7:12:38:0E:2C:9D:46:FF:12:1E:12:E3:1E
Certificate issuer:       /CN=333361fba8409174fb3c482b8ca26f235ebd22c2
Certificate serial:       018CCA2B43B3039DE055BFF39B8BBD488663
Authority key identifier: 33:33:61:FB:A8:40:91:74:FB:3C:48:2B:8C:A2:6F:23:5E:BD:22:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/LAp-CPHHHOcSOA4snUb_Eh4S4x4.roa
Signing time:             Tue 02 Jan 2024 12:34:42 +0000
ROA not before:           Tue 02 Jan 2024 12:34:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133861
IP address blocks:        45.152.64.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 15 May 2024 07:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:43:b3:03:9d:e0:55:bf:f3:9b:8b:bd:48:86:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=333361fba8409174fb3c482b8ca26f235ebd22c2
        Validity
            Not Before: Jan  2 12:34:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c0a7e08f1c71ce712380e2c9d46ff121e12e31e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:68:1d:9c:ce:a9:3c:fe:46:bb:bb:0e:d1:71:
                    ce:e1:3f:85:a0:2a:5a:c8:48:6b:62:7a:2d:4a:e7:
                    3b:76:d2:61:9d:84:eb:20:08:1d:51:c7:fe:e0:99:
                    50:dd:9e:a0:db:1f:ed:dd:8e:7a:4e:73:52:91:b7:
                    1a:0e:32:3e:30:36:48:20:1a:17:19:48:dd:6b:fb:
                    6b:0f:28:fc:dc:be:47:53:23:56:f1:9a:b4:9f:13:
                    e4:2d:4f:e9:e1:9f:f8:69:88:e7:87:ea:88:5e:d8:
                    70:76:bf:3c:f1:f5:fd:18:df:1a:dc:e8:aa:f4:38:
                    13:05:18:c9:a1:af:16:72:41:94:61:6d:87:f9:91:
                    78:e2:4c:9d:f7:ef:10:e5:94:f5:3f:4f:47:7f:3d:
                    0b:9a:bc:a4:f3:4c:15:d9:51:1e:f7:f4:2a:65:53:
                    f8:48:65:ec:2b:8e:c6:8b:aa:4d:5c:82:c8:ed:3b:
                    e8:bc:c4:7b:05:47:96:28:be:f8:f6:a8:a6:26:f3:
                    d4:77:b4:fb:29:7c:b4:b6:86:79:7f:5a:5e:63:5b:
                    21:0d:a5:c4:63:2b:68:54:95:fe:12:0a:1a:c0:f2:
                    72:5a:3b:18:4b:97:e4:b4:ad:e7:64:67:3a:d8:4b:
                    20:d2:6e:98:f7:1b:55:da:cf:da:12:3a:91:12:0b:
                    4c:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:0A:7E:08:F1:C7:1C:E7:12:38:0E:2C:9D:46:FF:12:1E:12:E3:1E
            X509v3 Authority Key Identifier:
                keyid:33:33:61:FB:A8:40:91:74:FB:3C:48:2B:8C:A2:6F:23:5E:BD:22:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/LAp-CPHHHOcSOA4snUb_Eh4S4x4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c9:42:ae:a4:7d:7b:75:70:ad:c8:63:cd:ae:ce:67:50:80:37:
         1a:cb:ca:6f:2e:ac:13:19:95:e2:8a:3f:4a:ca:03:25:01:e4:
         48:cc:6a:8c:a3:bc:49:a6:a3:7b:4b:5b:4a:ea:de:49:b7:3e:
         e0:10:5e:de:b3:83:40:8d:7b:7f:d6:b1:f0:6f:73:77:fe:08:
         06:31:99:a7:21:64:2d:72:40:cc:05:e1:f7:c2:86:24:40:eb:
         e8:30:14:cd:0e:2a:82:91:13:35:7d:36:2e:e6:e2:c5:37:f1:
         c7:7a:ef:50:91:14:48:53:24:79:42:01:2d:96:b2:dc:08:90:
         c7:35:34:5b:ec:4c:2b:21:c9:e9:98:57:11:1a:50:9a:dc:40:
         59:1e:e0:6a:a4:f3:8c:9e:a3:c0:92:c1:cf:71:2f:c6:b5:9c:
         28:2d:09:81:28:0c:02:d2:f7:55:ee:d6:40:df:9a:c4:eb:55:
         1a:da:c5:a9:66:9c:f8:96:7d:4a:37:21:93:2f:b8:90:3a:7a:
         56:b2:83:0a:bd:88:50:bf:eb:7c:fc:a8:71:a0:1e:55:24:50:
         16:c8:0c:ce:72:82:ef:32:c9:d1:44:d4:dc:5e:5b:bd:b6:d6:
         64:bf:63:8d:e4:c9:45:cd:8d:b3:7b:93:af:2b:ff:42:01:db:
         e1:c6:d5:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK0OzA53gVb/zm4u9SIZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMzM2MWZiYTg0MDkxNzRmYjNjNDgyYjhjYTI2ZjIzNWVi
ZDIyYzIwHhcNMjQwMTAyMTIzNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzBhN2UwOGYxYzcxY2U3MTIzODBlMmM5ZDQ2ZmYxMjFlMTJlMzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmgdnM6pPP5Gu7sO0XHO4T+FoCpa
yEhrYnotSuc7dtJhnYTrIAgdUcf+4JlQ3Z6g2x/t3Y56TnNSkbcaDjI+MDZIIBoX
GUjda/trDyj83L5HUyNW8Zq0nxPkLU/p4Z/4aYjnh+qIXthwdr888fX9GN8a3Oiq
9DgTBRjJoa8WckGUYW2H+ZF44kyd9+8Q5ZT1P09Hfz0Lmryk80wV2VEe9/QqZVP4
SGXsK47Gi6pNXILI7TvovMR7BUeWKL749qimJvPUd7T7KXy0toZ5f1peY1shDaXE
YytoVJX+EgoawPJyWjsYS5fktK3nZGc62Esg0m6Y9xtV2s/aEjqREgtMlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCwKfgjxxxznEjgOLJ1G/xIeEuMeMB8GA1UdIwQY
MBaAFDMzYfuoQJF0+zxIK4yibyNevSLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXpOaC02aEFrWFQ3UEVncmpLSnZJMTY5SXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8xMWUxM2YtNGNlYS00NGFmLTgxZjkt
YjJjY2NmMGVhZGFiLzEvTEFwLUNQSEhIT2NTT0E0c25VYl9FaDRTNHg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8xMWUxM2YtNGNlYS00NGFmLTgxZjktYjJjY2NmMGVhZGFi
LzEvTXpOaC02aEFrWFQ3UEVncmpLSnZJMTY5SXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZhAMA0G
CSqGSIb3DQEBCwUAA4IBAQDJQq6kfXt1cK3IY82uzmdQgDcay8pvLqwTGZXiij9K
ygMlAeRIzGqMo7xJpqN7S1tK6t5Jtz7gEF7es4NAjXt/1rHwb3N3/ggGMZmnIWQt
ckDMBeH3woYkQOvoMBTNDiqCkRM1fTYu5uLFN/HHeu9QkRRIUyR5QgEtlrLcCJDH
NTRb7EwrIcnpmFcRGlCa3EBZHuBqpPOMnqPAksHPcS/GtZwoLQmBKAwC0vdV7tZA
35rE61Ua2sWpZpz4ln1KNyGTL7iQOnpWsoMKvYhQv+t8/KhxoB5VJFAWyAzOcoLv
MsnRRNTcXlu9ttZkv2ON5MlFzY2ze5OvK/9CAdvhxtXl
-----END CERTIFICATE-----