Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/R9wUUxEZgePPXyn-IKAc1bT4zJM.roa
File:                     R9wUUxEZgePPXyn-IKAc1bT4zJM.roa (raw, json)
Hash identifier:          CUrtNPNgAmNOcvGU4t5zsr/pgzNA3mLtv1PoCmEyWc4=
Subject key identifier:   47:DC:14:53:11:19:81:E3:CF:5F:29:FE:20:A0:1C:D5:B4:F8:CC:93
Certificate issuer:       /CN=333361fba8409174fb3c482b8ca26f235ebd22c2
Certificate serial:       018CCA2B4408801543589425A451F4299612
Authority key identifier: 33:33:61:FB:A8:40:91:74:FB:3C:48:2B:8C:A2:6F:23:5E:BD:22:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/R9wUUxEZgePPXyn-IKAc1bT4zJM.roa
Signing time:             Tue 02 Jan 2024 12:34:42 +0000
ROA not before:           Tue 02 Jan 2024 12:34:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136933
IP address blocks:        45.145.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:02:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:44:08:80:15:43:58:94:25:a4:51:f4:29:96:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=333361fba8409174fb3c482b8ca26f235ebd22c2
        Validity
            Not Before: Jan  2 12:34:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47dc1453111981e3cf5f29fe20a01cd5b4f8cc93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:75:cd:f9:2b:a3:71:20:fb:0b:14:19:1c:c9:
                    f1:9a:3c:38:bd:ad:85:28:93:ef:71:44:dc:bb:40:
                    4b:3c:1d:db:54:7b:64:f4:f9:3a:47:cd:96:59:95:
                    e4:2d:c2:23:33:ab:f9:89:76:de:60:70:cc:14:c6:
                    b7:c1:a1:88:9c:39:e7:36:7f:cd:eb:a4:65:16:69:
                    5d:c4:c8:93:90:6d:b1:15:63:a7:0e:67:1d:18:b0:
                    93:1b:4f:63:25:63:ac:43:0a:b8:a6:de:e6:9b:33:
                    37:74:ae:5a:c1:c0:a8:8b:b5:f5:af:80:d2:9d:02:
                    ea:7f:82:0d:1e:3c:37:ae:72:3c:c4:a5:6e:8c:77:
                    7d:6a:08:1d:e3:6f:b7:30:96:67:59:fb:13:33:6c:
                    25:f1:bb:48:31:8c:bc:9d:34:dd:c2:f3:a1:f3:eb:
                    0a:f7:09:9f:b0:c0:52:d3:09:62:3d:69:ad:1d:69:
                    16:e6:23:9b:d2:c9:42:f5:9a:0d:fa:cf:60:57:5d:
                    49:70:61:75:75:f8:5a:36:10:d1:22:10:96:08:b1:
                    0e:4d:22:52:e7:44:46:a2:66:d6:be:46:41:df:12:
                    95:9a:03:06:67:86:eb:dc:27:43:e6:04:fc:96:72:
                    11:de:2f:66:b8:9b:7a:0a:3f:de:0f:4f:89:84:cf:
                    6e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:DC:14:53:11:19:81:E3:CF:5F:29:FE:20:A0:1C:D5:B4:F8:CC:93
            X509v3 Authority Key Identifier:
                keyid:33:33:61:FB:A8:40:91:74:FB:3C:48:2B:8C:A2:6F:23:5E:BD:22:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/R9wUUxEZgePPXyn-IKAc1bT4zJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:8f:e6:df:54:7c:e2:2b:c0:fa:05:1a:95:f9:8b:2e:02:d8:
         c5:1c:27:aa:73:bc:dd:84:5e:6f:f1:00:7b:93:13:8e:89:53:
         7a:75:52:45:4c:f1:de:e8:dd:50:ad:c8:af:c4:01:1a:5d:0a:
         ae:cd:1a:87:90:2f:06:f4:a9:e8:d7:25:05:17:3e:7a:3e:62:
         e5:11:b0:51:58:8d:e8:01:61:ea:fa:09:de:c0:fe:2e:40:9e:
         29:de:99:ee:99:d2:41:7f:b0:f4:e9:f0:58:9c:78:15:34:5d:
         91:a5:4c:5d:8c:de:20:7c:d5:ea:34:8c:29:3c:fd:32:6c:08:
         3e:cf:78:0a:93:4b:1b:80:ab:37:ed:19:8e:c1:64:a8:a4:a9:
         64:e1:78:5d:a2:b0:48:3d:a2:e4:f1:3c:fb:61:bd:70:23:52:
         90:e5:b5:d3:b9:ab:f3:de:d6:a9:2c:2b:0b:42:be:ec:ee:9c:
         4a:fd:a5:ed:4d:3f:9f:67:19:2a:f3:20:6b:89:30:5d:84:5d:
         a5:5b:19:d9:53:4a:fa:28:8b:ca:01:79:a3:5f:34:72:0e:8c:
         cd:40:b3:02:0d:2d:a9:4a:dd:d8:34:c5:da:af:1c:97:27:c6:
         07:85:3d:a4:a0:88:0c:bd:0b:72:06:7e:41:a2:23:44:34:39:
         ad:0c:70:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK0QIgBVDWJQlpFH0KZYSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMzM2MWZiYTg0MDkxNzRmYjNjNDgyYjhjYTI2ZjIzNWVi
ZDIyYzIwHhcNMjQwMTAyMTIzNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2RjMTQ1MzExMTk4MWUzY2Y1ZjI5ZmUyMGEwMWNkNWI0ZjhjYzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXXN+SujcSD7CxQZHMnxmjw4va2F
KJPvcUTcu0BLPB3bVHtk9Pk6R82WWZXkLcIjM6v5iXbeYHDMFMa3waGInDnnNn/N
66RlFmldxMiTkG2xFWOnDmcdGLCTG09jJWOsQwq4pt7mmzM3dK5awcCoi7X1r4DS
nQLqf4INHjw3rnI8xKVujHd9aggd42+3MJZnWfsTM2wl8btIMYy8nTTdwvOh8+sK
9wmfsMBS0wliPWmtHWkW5iOb0slC9ZoN+s9gV11JcGF1dfhaNhDRIhCWCLEOTSJS
50RGombWvkZB3xKVmgMGZ4br3CdD5gT8lnIR3i9muJt6Cj/eD0+JhM9uTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfcFFMRGYHjz18p/iCgHNW0+MyTMB8GA1UdIwQY
MBaAFDMzYfuoQJF0+zxIK4yibyNevSLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXpOaC02aEFrWFQ3UEVncmpLSnZJMTY5SXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8xMWUxM2YtNGNlYS00NGFmLTgxZjkt
YjJjY2NmMGVhZGFiLzEvUjl3VVV4RVpnZVBQWHluLUlLQWMxYlQ0ekpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8xMWUxM2YtNGNlYS00NGFmLTgxZjktYjJjY2NmMGVhZGFi
LzEvTXpOaC02aEFrWFQ3UEVncmpLSnZJMTY5SXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZHkMA0G
CSqGSIb3DQEBCwUAA4IBAQA2j+bfVHziK8D6BRqV+YsuAtjFHCeqc7zdhF5v8QB7
kxOOiVN6dVJFTPHe6N1QrcivxAEaXQquzRqHkC8G9Kno1yUFFz56PmLlEbBRWI3o
AWHq+gnewP4uQJ4p3pnumdJBf7D06fBYnHgVNF2RpUxdjN4gfNXqNIwpPP0ybAg+
z3gKk0sbgKs37RmOwWSopKlk4XhdorBIPaLk8Tz7Yb1wI1KQ5bXTuavz3tapLCsL
Qr7s7pxK/aXtTT+fZxkq8yBriTBdhF2lWxnZU0r6KIvKAXmjXzRyDozNQLMCDS2p
St3YNMXarxyXJ8YHhT2koIgMvQtyBn5BoiNENDmtDHCI
-----END CERTIFICATE-----