Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/ltDakS8w_PS6tT-6x2Esmlj46pA.roa
File:                     ltDakS8w_PS6tT-6x2Esmlj46pA.roa (raw, json)
Hash identifier:          X8Au7QSJmspd4mX7lWrMdsOwgfsTly3Qclvj8KUq3nM=
Subject key identifier:   96:D0:DA:91:2F:30:FC:F4:BA:B5:3F:BA:C7:61:2C:9A:58:F8:EA:90
Certificate issuer:       /CN=333361fba8409174fb3c482b8ca26f235ebd22c2
Certificate serial:       018CCA2B412B3A079562C4EB6F5F0AAD5FF7
Authority key identifier: 33:33:61:FB:A8:40:91:74:FB:3C:48:2B:8C:A2:6F:23:5E:BD:22:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/ltDakS8w_PS6tT-6x2Esmlj46pA.roa
Signing time:             Tue 02 Jan 2024 12:34:41 +0000
ROA not before:           Tue 02 Jan 2024 12:34:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6134
IP address blocks:        45.134.83.0/24 maxlen: 24
                          45.134.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:41:2b:3a:07:95:62:c4:eb:6f:5f:0a:ad:5f:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=333361fba8409174fb3c482b8ca26f235ebd22c2
        Validity
            Not Before: Jan  2 12:34:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96d0da912f30fcf4bab53fbac7612c9a58f8ea90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:03:d1:8e:9a:f8:83:a8:a4:65:f2:8e:98:e6:
                    10:c5:f4:e8:b8:68:38:27:d5:56:3e:58:4c:fe:37:
                    88:94:1c:8f:26:2d:16:af:fa:e0:20:f8:80:ff:11:
                    33:1c:4d:a8:b0:6a:82:ca:dc:56:48:61:97:a2:aa:
                    6f:f2:60:64:b8:51:05:f5:a0:35:e2:2a:02:0e:2c:
                    e7:9b:4f:e7:c3:fe:93:2b:96:3a:90:a0:75:b1:de:
                    dd:3a:ab:36:a6:5c:44:b2:14:68:cf:3c:e4:bb:ac:
                    72:a2:2c:ff:73:cd:79:00:97:3d:a8:0b:5d:a2:3a:
                    e4:32:30:63:a1:b8:21:3b:0e:a9:c3:ab:dd:89:98:
                    ce:0a:ea:b9:1c:43:01:8e:a4:4a:0b:4d:b3:8c:18:
                    dc:e9:35:b3:80:b5:04:45:3f:66:a9:d1:d6:52:54:
                    ce:21:08:97:94:eb:39:5e:a7:6b:c5:53:8c:45:f2:
                    a8:d5:c7:84:92:ce:4b:41:7e:93:f8:53:55:52:97:
                    57:a8:d0:49:dd:c2:64:ff:85:46:d9:55:1b:7c:e7:
                    d4:82:54:97:f1:2b:84:bc:4a:59:fb:ac:47:77:f9:
                    90:f0:56:e8:69:76:a2:a5:48:85:a2:3b:f7:7b:45:
                    5d:3e:35:57:34:ac:32:f7:d7:fb:ee:b3:ee:1a:a3:
                    d9:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:D0:DA:91:2F:30:FC:F4:BA:B5:3F:BA:C7:61:2C:9A:58:F8:EA:90
            X509v3 Authority Key Identifier:
                keyid:33:33:61:FB:A8:40:91:74:FB:3C:48:2B:8C:A2:6F:23:5E:BD:22:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/ltDakS8w_PS6tT-6x2Esmlj46pA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:1c:e6:b3:83:b9:32:7f:4f:d7:a3:32:f5:1d:f3:e6:ae:7a:
         9d:d5:54:3c:32:7f:31:be:a0:25:40:27:0d:80:e1:e0:b9:9c:
         ab:0b:7f:d8:43:f7:71:d9:c6:11:5f:ff:c0:0e:9a:3a:1d:6b:
         ed:31:b3:a9:05:80:93:56:d4:dd:7f:6d:67:f3:12:7b:e4:25:
         56:de:81:fa:d6:f2:ce:93:c1:5f:8d:db:02:5d:2f:37:8f:08:
         06:d7:d1:6f:44:b2:b8:9a:1b:a6:fd:ef:32:70:7d:49:a0:59:
         cc:28:c6:da:0c:8c:54:28:4e:7c:bc:67:99:0e:9d:6b:a8:8c:
         6e:3f:9a:7c:8c:55:07:06:52:71:d2:81:c9:02:71:60:3d:56:
         89:dd:31:2b:af:d7:f9:bc:c9:02:12:f7:ba:93:c9:ec:6e:4b:
         94:88:bc:80:c7:08:f6:f2:e6:55:b1:c1:ea:ed:02:ba:56:3c:
         41:b2:0f:4a:02:78:39:87:a2:55:a6:52:99:da:d0:19:f7:10:
         aa:9c:4b:80:b6:1d:43:15:cf:6b:cd:d6:98:ff:87:78:40:d8:
         32:10:c0:b7:33:6a:f1:17:e4:95:a9:ea:22:64:4b:39:75:7c:
         1d:f4:8e:a7:cd:55:dc:52:45:04:c3:44:e7:86:39:f2:74:19:
         5e:3c:a4:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK0ErOgeVYsTrb18KrV/3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMzM2MWZiYTg0MDkxNzRmYjNjNDgyYjhjYTI2ZjIzNWVi
ZDIyYzIwHhcNMjQwMTAyMTIzNDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmQwZGE5MTJmMzBmY2Y0YmFiNTNmYmFjNzYxMmM5YTU4ZjhlYTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggPRjpr4g6ikZfKOmOYQxfTouGg4
J9VWPlhM/jeIlByPJi0Wr/rgIPiA/xEzHE2osGqCytxWSGGXoqpv8mBkuFEF9aA1
4ioCDiznm0/nw/6TK5Y6kKB1sd7dOqs2plxEshRozzzku6xyoiz/c815AJc9qAtd
ojrkMjBjobghOw6pw6vdiZjOCuq5HEMBjqRKC02zjBjc6TWzgLUERT9mqdHWUlTO
IQiXlOs5XqdrxVOMRfKo1ceEks5LQX6T+FNVUpdXqNBJ3cJk/4VG2VUbfOfUglSX
8SuEvEpZ+6xHd/mQ8FboaXaipUiFojv3e0VdPjVXNKwy99f77rPuGqPZ1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJbQ2pEvMPz0urU/usdhLJpY+OqQMB8GA1UdIwQY
MBaAFDMzYfuoQJF0+zxIK4yibyNevSLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXpOaC02aEFrWFQ3UEVncmpLSnZJMTY5SXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8xMWUxM2YtNGNlYS00NGFmLTgxZjkt
YjJjY2NmMGVhZGFiLzEvbHREYWtTOHdfUFM2dFQtNngyRXNtbGo0NnBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8xMWUxM2YtNGNlYS00NGFmLTgxZjktYjJjY2NmMGVhZGFi
LzEvTXpOaC02aEFrWFQ3UEVncmpLSnZJMTY5SXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYZSMA0G
CSqGSIb3DQEBCwUAA4IBAQADHOazg7kyf0/XozL1HfPmrnqd1VQ8Mn8xvqAlQCcN
gOHguZyrC3/YQ/dx2cYRX//ADpo6HWvtMbOpBYCTVtTdf21n8xJ75CVW3oH61vLO
k8FfjdsCXS83jwgG19FvRLK4mhum/e8ycH1JoFnMKMbaDIxUKE58vGeZDp1rqIxu
P5p8jFUHBlJx0oHJAnFgPVaJ3TErr9f5vMkCEve6k8nsbkuUiLyAxwj28uZVscHq
7QK6VjxBsg9KAng5h6JVplKZ2tAZ9xCqnEuAth1DFc9rzdaY/4d4QNgyEMC3M2rx
F+SVqeoiZEs5dXwd9I6nzVXcUkUEw0TnhjnydBlePKTM
-----END CERTIFICATE-----